hxxps://linkvertise[.]com/1208172/solara-bootstrapper?o=sharing

Resubmissions

12-08-2024 08:03

240812-jx4bbawgmh 6

12-08-2024 07:59

240812-jvxezssbpl 6

Analysis

max time kernel
25s
max time network
27s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12-08-2024 08:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://linkvertise.com/1208172/solara-bootstrapper?o=sharing

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
151	api.ipify.org
161	api.ipify.org
216	api.ipify.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2392887640-1187051047-2909758433-1000\{6F9D9D46-A8F7-48B1-8B39-447236C9BBD4}	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2392887640-1187051047-2909758433-1000\{B2AAB17C-84E3-425E-883C-3FE125097008}	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3260	msedge.exe
3260	msedge.exe
4180	msedge.exe
4180	msedge.exe
116	chrome.exe
116	chrome.exe
5188	msedge.exe
5188	msedge.exe
6112	identity_helper.exe
6112	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4180	msedge.exe
4180	msedge.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
4180	msedge.exe
116	chrome.exe
4180	msedge.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
4180	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4180 wrote to memory of 64	4180	msedge.exe	87
PID 4180 wrote to memory of 64	4180	msedge.exe	87
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3468	4180	msedge.exe	88
PID 4180 wrote to memory of 3260	4180	msedge.exe	89
PID 4180 wrote to memory of 3260	4180	msedge.exe	89
PID 4180 wrote to memory of 4644	4180	msedge.exe	90
PID 4180 wrote to memory of 4644	4180	msedge.exe	90
PID 4180 wrote to memory of 4644	4180	msedge.exe	90
PID 4180 wrote to memory of 4644	4180	msedge.exe	90
PID 4180 wrote to memory of 4644	4180	msedge.exe	90
PID 4180 wrote to memory of 4644	4180	msedge.exe	90
PID 4180 wrote to memory of 4644	4180	msedge.exe	90
PID 4180 wrote to memory of 4644	4180	msedge.exe	90
PID 4180 wrote to memory of 4644	4180	msedge.exe	90
PID 4180 wrote to memory of 4644	4180	msedge.exe	90
PID 4180 wrote to memory of 4644	4180	msedge.exe	90
PID 4180 wrote to memory of 4644	4180	msedge.exe	90
PID 4180 wrote to memory of 4644	4180	msedge.exe	90
PID 4180 wrote to memory of 4644	4180	msedge.exe	90
PID 4180 wrote to memory of 4644	4180	msedge.exe	90
PID 4180 wrote to memory of 4644	4180	msedge.exe	90
PID 4180 wrote to memory of 4644	4180	msedge.exe	90
PID 4180 wrote to memory of 4644	4180	msedge.exe	90
PID 4180 wrote to memory of 4644	4180	msedge.exe	90
PID 4180 wrote to memory of 4644	4180	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://linkvertise.com/1208172/solara-bootstrapper?o=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1c1646f8,0x7ffe1c164708,0x7ffe1c164718
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14810113793309231811,13149446185801847234,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14810113793309231811,13149446185801847234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,14810113793309231811,13149446185801847234,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14810113793309231811,13149446185801847234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14810113793309231811,13149446185801847234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,14810113793309231811,13149446185801847234,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14810113793309231811,13149446185801847234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,14810113793309231811,13149446185801847234,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,14810113793309231811,13149446185801847234,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14810113793309231811,13149446185801847234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14810113793309231811,13149446185801847234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6492 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14810113793309231811,13149446185801847234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe09cfcc40,0x7ffe09cfcc4c,0x7ffe09cfcc58
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,16507638819361444022,16939753413196659274,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1848,i,16507638819361444022,16939753413196659274,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,16507638819361444022,16939753413196659274,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2468 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,16507638819361444022,16939753413196659274,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,16507638819361444022,16939753413196659274,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4596,i,16507638819361444022,16939753413196659274,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4412,i,16507638819361444022,16939753413196659274,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3448,i,16507638819361444022,16939753413196659274,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3184,i,16507638819361444022,16939753413196659274,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3284 /prefetch:8
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3268,i,16507638819361444022,16939753413196659274,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  - Modifies registry class
  PID:6072

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
25KB

MD5
6c9f24607a85011c8fa145f30be632ad

SHA1
8f130cec0d0a6579fe8d398bc7e62451e7badda0

SHA256
7d5a1d5cc0ff324a2faa264a6d1a40115aa945a8d7c71808108da456125dc784

SHA512
79ef710010892897b208f4b4c61c043523454ae3bc9a765057ddf0b8e9f702d4a6ee1c13317b1fdf95caeda2b9d9fd182140614eb409b5fc72cbffc6c723b48b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
16KB

MD5
61e4576e6aa91cd435fe92f085fb0a3c

SHA1
fa21a6bad3a461c8f0e27b75913c8f1cbe0b2b62

SHA256
78d8aca4e50e6ba58890b68f8c3d6e562ff0b16516a0c3df56be18b69dca6aa9

SHA512
b250c2940f7ca24b763bfcd4d39d0022d6441bad54c415b9848ef949f8871f219289f044301de03313bf8cfa53bb2797c5590acc1b32889b0641f7a13b710bfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
28KB

MD5
47e6388c74d6757226cf2e147da6ac44

SHA1
4c959c08b8acf11acb8db3e904a17db7c6e1b9b2

SHA256
961aed544b7bc2ba27cebe26bc3663bba84d5177901607dc71fdb49e91f1872c

SHA512
7b3f314a6140f5ef297308a96a0428f622b937b44e1aa6a483c5c30d9bf76ace134b107ada2d27b275c8f06d4a5fc09cc9857f19f38fa0f08135995700f88779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
50KB

MD5
cd2f3074326840d55a3c3ea1e99e83fe

SHA1
3a2e1d1a93506526ae3ed2b44d584af7771ff8d0

SHA256
9ec9f50ac6a5dfdf7ace0a047ab4e86a7f8ff297030f93f9b8b4e27c57fdaa51

SHA512
0685f7e50451e87f8d7d47f3373d653f7d6163ffa8ccd143a85b179d2c5c51cf494e8b5f7e561436c35bfb8ffb9304f0c49962a8bf7065830f0cc95281f4ae6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
fd38d571b47d6e3a391795ade6a40c12

SHA1
a50c8ba49de570f6834b6b256a9789fd8a00fdbf

SHA256
a637ba2e1c919a11c104c21b087a8070cb005925651bcae45c42287816293fe2

SHA512
8a325cf7bf57225df829c979d5929d263ce3337a6de299bc53a1ad3d9089be1c34d35bf224663e5c2c7c98b7884f4332f09f6d73c8f2c810e30501adb677dca5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
74d1ca5b5ebfd34bbe7d31181ef96dfb

SHA1
dbb8a2d606f9aed8fe08277af99af280c3688167

SHA256
7cca9695b565ede86e10e3f8b33fa1ed88cc5eefe0aa32dc930863ec45a1ff76

SHA512
307debb26c92f5fab01d99de71dd5ead6a44f4614b302d1d677e5386f9ea0e21f02788d21e8035263f40fe4e3b50c39c9b1df8471ccc3866bdbf17d5eac68a80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c8f7eab1ba1c706ea551d21166da40de

SHA1
61f8d3de03d388ce357726716994eeb66e813c15

SHA256
27ec6546128f9a440b6a719af0f48ff9d24181d2797e14784323eb88f3bfbd94

SHA512
18bf3ed4c52d79abf671788a664e86b46b7649268544faddc7a2def952b745c34304460d010d92c6379ca40038be39ee99478b3cc8a40a2fbb08e85110adb4f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
23270f7887e97cb212ff21f46a2a6170

SHA1
ae55b6a3e909ace8aad44ad1a9ca33c55d482681

SHA256
6f85ce1a28426c5b842d49ab47c584fa1acd55aaefdd0cdf6aa3b418a3ae1c30

SHA512
c157589c89f3b76d0c42661a11fa8f171afbb802b4073ddb87049c4850fdcad3e13028eac064023b3188412cf38040025e083d95b80003b4487a089155e7fe6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
29cd4d9bb893b5807f826a1c1757db6c

SHA1
0bbb8f058c0c5b1037182c5e417043a59a7a0947

SHA256
de9aed656ca2f8a109c89c8a6a510c38b57740d97381b19580474f85d45ef49d

SHA512
4ff383e12ac2b2a739063c977d1f49d29bae952d7bc168245415d969f52b4d75ddf1e55f8ef1f7fe4eee31f3d0c371a0b6112a3d3a0d6f65521eda2fc0c79cda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
142KB

MD5
a391a6c42fec42adb1fcb6440c7ff56c

SHA1
3338e65ffd7f7635828e9857ba2b308ff79ccf0d

SHA256
d1bffa12f0fd258cf528dd1b53741a61d4b0cb8876a2e33d26a515f70f3c87e1

SHA512
3be24c5c4f8359ba4e5279d316a6f2199d427d57e65ccbb8fe7eb42c5128ac3f98b7c78b03e65be732491d3560ddff3e5732cb8950ae8919e254e8dbcbf46e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
25KB

MD5
b7acbc2406a7f663f4fbe535b112d734

SHA1
602ffdcae76ca3911638870f244d16ee4522a11c

SHA256
5d3df9af4acbf8773676af0ea887e966bb0f8dcccc6f4f9040d9b6884d3ba51f

SHA512
6b20ee9771a2b9234bcb4ced194b1fe58fae7ae75a3815b740b0b72a9b2a58be77b1ed20b919ea8a9675eb8f708a1b4df37ed8c013549bb85e44118f1362350e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
5c065f697d1e6b7b558f8b4392f9bc56

SHA1
58019c9c1f9eb0bf7437e7837fa6c4c19eb17369

SHA256
56411dfbfb438ce3714767f652465d3c1094b5085a903d15dc96905e02012f59

SHA512
4d2f7b07761e2173b166ae18a80a205ac7b889f35e451e92e513dff33de3c4f82205330c3472a2a0a9a9254076a95a44c99cf162df3b683c0339a40b6e5733cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6ef7d3d6ff6b3b1ea5758614077478f6

SHA1
f56621c8b2be78f294a855a490de82238cc49615

SHA256
f5e9dd1f4498ba4809e6b3d047c72259bd884811b724929befb6496becb6bde9

SHA512
332fcf7347c83855187d275a2c0cb45c5ff6117847e5abfca112a453b190a76e8b91cb5428675dccd940fb03c9e25d5a76e78c51ee0340c19975c16b5b5ef43e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cf1f9c3256b330f68f768262d2018f02

SHA1
ae3ab8af8d3b6f79439df4e094ef0edc697d2f5e

SHA256
a22a33e69abfa942f1d7026c9723a05bc32ab5c307bf7e7aa173549beec8bc9a

SHA512
12e1051fa139a3abc9fed256d13334b7101e066cb6523e6682444edf196665adee435f9499002cd6aa118acf230a99c3515365165f4c7b2c106552bb1a868ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa6e341ec54fd86e52f614039c6f425a

SHA1
e406a90af4eaa5108307043d759690034ffa97d5

SHA256
758b43ae8976dcafbd437fdeac8670b7f72e0f7bd3c076ba67aca55483e2b9b5

SHA512
18016f9e46fe867a5ca7239c4ba9cc514ea31635df9342f6240787b8da1aa9ae12b216b60bb9d4f9a70e6c881d7815892638ee8e78ca95434ec376b5c0eafad8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a19d347b0e94fb679e3676aee4efe0d1

SHA1
2142627940037b004ead646c644e7f6a4dda8da9

SHA256
fc08fbbd4330d1f0519ad94032d3c5d7cf66965daffe3423d0733bbbefc3ea15

SHA512
79710ff2d82ff3d22084b72beb524659d60eef6c76aef0f9c8b8905c3a532c7e249dabfc667c7d4b6457abbbcd7cf1092d8763348268e8bb35b98192e6b84ee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
03924b408bebcc922bd07651134cbcdd

SHA1
d8a0080025b44e1b2c35ccf487b0a69cf2059259

SHA256
a5818912dae609ee91b25ffb9a859393b01647f084437e8c0e5d38aa69456d8f

SHA512
36d053cccb1c45c3ac6d81e1330c3d8907cfb2420635c255d22e6688678776084b7e3fc3044c12bcf30e6476001c88ab3a72ee2ac2e44a3567330221a2dafde4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9a7a9758c3c99c58624a1a7c027bc292

SHA1
7fd0c51cd5c62ee34bdf02a2bc63ad2e806730e0

SHA256
54995494178fa3d201c5af9f5cb0cb08de2a88d5f1261be5802535e8cc231662

SHA512
5d40c6fbb36a6503c09b1e43be0c6bcfddc9f650d5d7a7f7bab440199a342ac2cfeab54df57fd58bcdeb5e73dc06f14e15d43a94a628c2a29823e3cb37f560b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dbf8.TMP

Filesize
1KB

MD5
cff866d1156da411bf3a461e34d16732

SHA1
5b30c6f048ddb892f0b4339fd614806571a47189

SHA256
8ade9186820a898c5462c5326c428fab742c1f472a25dbbdfea6c13fb1b30228

SHA512
5b3a5a05d2364e5bdf6ab2ef542fc14dc89f6725521c54b90cbb5da4cd33bff4a8230110b294c6d7b8ce2f6402b8e2d73e336472d0c07ad77ee3194286cee6c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c598af0d9eabc785fe12b5cb61468cf4

SHA1
995aa4004bc65dfafd8e5a7e305c9dd7da937a21

SHA256
d7ceda60ce129b5a7a735ec0b4a8a69ced8e316a50e76074ac1401257a75ecd3

SHA512
8272bfefe75ab64d96e7e4a812382bdb078c8936104b2e22c853e83ef4325b252d63806837a2846b1eaf28ae6610837d78f998b2b151cfdd4289481c03b69111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5ab5bc0b70298bbcf75198d280fda5af

SHA1
89264dbf3f7e718b6464689eaa422236b482e8f7

SHA256
5f958bafd36b17b0ca8e0892d22942e3dfe9114c64063d9e75fdddb84cc24de7

SHA512
0d45357e1c98cbbcba59849d4117138c1a1ffe9241acfa9487a0744db1bf550f156c0a06572887987dac82360a64b8225875170f5290f71d1e28ff13aaa1efd3

Download Submit