hxxps://quezstresser[.]ru

Resubmissions

27/11/2024, 14:59

241127-scxsgayjfz 4

27/11/2024, 14:59

241127-scqddsyjfv 3

Analysis

max time kernel
55s
max time network
58s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
27/11/2024, 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://quezstresser.ru

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133771931957703461"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1428	msedge.exe
1428	msedge.exe
4736	msedge.exe
4736	msedge.exe
228	msedge.exe
228	msedge.exe
3052	identity_helper.exe
3052	identity_helper.exe
5804	chrome.exe
5804	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
5804	chrome.exe
4736	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 3000	4736	msedge.exe	77
PID 4736 wrote to memory of 3000	4736	msedge.exe	77
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 5124	4736	msedge.exe	78
PID 4736 wrote to memory of 1428	4736	msedge.exe	79
PID 4736 wrote to memory of 1428	4736	msedge.exe	79
PID 4736 wrote to memory of 5752	4736	msedge.exe	80
PID 4736 wrote to memory of 5752	4736	msedge.exe	80
PID 4736 wrote to memory of 5752	4736	msedge.exe	80
PID 4736 wrote to memory of 5752	4736	msedge.exe	80
PID 4736 wrote to memory of 5752	4736	msedge.exe	80
PID 4736 wrote to memory of 5752	4736	msedge.exe	80
PID 4736 wrote to memory of 5752	4736	msedge.exe	80
PID 4736 wrote to memory of 5752	4736	msedge.exe	80
PID 4736 wrote to memory of 5752	4736	msedge.exe	80
PID 4736 wrote to memory of 5752	4736	msedge.exe	80
PID 4736 wrote to memory of 5752	4736	msedge.exe	80
PID 4736 wrote to memory of 5752	4736	msedge.exe	80
PID 4736 wrote to memory of 5752	4736	msedge.exe	80
PID 4736 wrote to memory of 5752	4736	msedge.exe	80
PID 4736 wrote to memory of 5752	4736	msedge.exe	80
PID 4736 wrote to memory of 5752	4736	msedge.exe	80
PID 4736 wrote to memory of 5752	4736	msedge.exe	80
PID 4736 wrote to memory of 5752	4736	msedge.exe	80
PID 4736 wrote to memory of 5752	4736	msedge.exe	80
PID 4736 wrote to memory of 5752	4736	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://quezstresser.ru
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa95903cb8,0x7ffa95903cc8,0x7ffa95903cd8
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,4577350361267771214,8049715556470044018,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,4577350361267771214,8049715556470044018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,4577350361267771214,8049715556470044018,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4577350361267771214,8049715556470044018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4577350361267771214,8049715556470044018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4577350361267771214,8049715556470044018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,4577350361267771214,8049715556470044018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4577350361267771214,8049715556470044018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4577350361267771214,8049715556470044018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,4577350361267771214,8049715556470044018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4577350361267771214,8049715556470044018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4577350361267771214,8049715556470044018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4577350361267771214,8049715556470044018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4577350361267771214,8049715556470044018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffa8320cc40,0x7ffa8320cc4c,0x7ffa8320cc58
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,18286703851595746152,7811104627746484945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1912,i,18286703851595746152,7811104627746484945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2040 /prefetch:3
  2⤵
  PID:5676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,18286703851595746152,7811104627746484945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2184 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3224,i,18286703851595746152,7811104627746484945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3256,i,18286703851595746152,7811104627746484945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3536,i,18286703851595746152,7811104627746484945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,18286703851595746152,7811104627746484945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:5828
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff78a6e4698,0x7ff78a6e46a4,0x7ff78a6e46b0
    3⤵
    - Drops file in Windows directory
    PID:5844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,18286703851595746152,7811104627746484945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3752,i,18286703851595746152,7811104627746484945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:6120

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4676

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
aa3162288348a15b1fb30b98f339b79d

SHA1
19aded003a4f6979e16153f6b19568e4cf88bf42

SHA256
d515bf00dfc9797295bba8df28a4f9f5f7f98fa7ccc8d4d5829201ce9f1be06b

SHA512
80cb0223157ab1e7ecec513bff1fd3cec6be65b58ed59498fbe1875da974fcec71534c639af9310e0c2e8359adfbddf38432b1e9c488520befb59975f02fa959

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
ab61f99b1f542ae98ae12cae738a3028

SHA1
48da20d558fa59a59410ee6ac57a5f8c6655d1d0

SHA256
f7cde251437c2031c7ab368d28f2c7c90f2a450841db760a9fec04922f8d9a39

SHA512
4092a4fb61ed5ec52c633bb9b19da7ce177c6f7ad7dc069bae80f9ee98a710d45e08be6d3c885cdd28ceaa1706c9f27cec8e6542545fc35f12f2a3c96dc2d55e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
96c85dbd8b97e378f4ce99df74848030

SHA1
33185ecf786da37a870f277e814cebb40ec7ed7b

SHA256
f9ffcbe4949712dff985fafc4222c97ebe4b07382ae8958305c03b773af1d794

SHA512
82574ea437a368219674fbcdfb18d33bd09a316f210ad9324508cac003051a38628cdb836d5d7067b20efdc76379d85207d07c2e3b5cdf4cfbe4f65d85a769ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a5f67f8b4b3fa72f6f8a4b20faacbe9f

SHA1
d9b432bb158b8db07fbf9febc21995a3c3308a47

SHA256
13b941efabf3fec551803e4955b11c2351639c2261e4ff5df562efd32a7a43d2

SHA512
a8acb6b9959389dd8fdcfcc01de949370404f63f7dd6717b130006989eb1c56d2fc526fc0c69aa0399892f60bd10e4a78d4f518f95552ba2f062ebc4a097abe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9318cd18c9b173943c062f534b20df43

SHA1
580bfec00b40df920abce14c2a6c6b95dbb457af

SHA256
74e4647e582e504cbfbced84dc1fdd2a569d142850fc84cf63df524f8659623b

SHA512
f4ddaa8ad23b5ecad16d0479238dc43f37544b509e9a91c9fb1271ec5a425dcfc2e392c3e7f5219b25bdd2dd38f1044d1fe8e11b6fbae9429a4e44b4796b6255

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
25eac06ca611f5a00d2b17c340c146b8

SHA1
25f5a33a53a8c40d9176a78ec5507010b34ba350

SHA256
a9c318d57ba9b2343cde8f1f9fff762c7edfce5b2544bab2de064b55112d385d

SHA512
a784b4163a7250985408adeb6e789ec4a86a959da60d20ac26c4a7c4476c7c3690c01c9c89ad156d71f4976cd9e07f81842d053ebbf26fbc20f4d679a7635a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
adfbfb711ed35cc9bd2faadc073c6341

SHA1
20fc6646fb40b85c3b77b3e258b45e0efcdb9cbc

SHA256
4493e2ab76f427c9357b2bec51a84aaf5486d273b5837f1d4aff82c9307b1431

SHA512
7b2ce904a4110046b67e7e09002e3e442a763837f26390e1c1e82bf5f42a45c356064893d0804a1b88852d2d13ee53fdf6a545b690c9b19e6ce2f7eb1e4ad462

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
06522ee9de1fe56b304156b3ec0ed1ee

SHA1
019c3a6fa763ffb06b7006d272b905f1a6062d59

SHA256
0d46ef5621161ae79f1986d92055aba56d9afbdeafc0459a5fb9950c3ea3cf01

SHA512
8b3ea0401777324a0c12f0acf0dcff5bfad4b3beb59a0e22889ef3bd956ba3349bc38c9ca9d80b6f332143a34627f387a49d8a7318644b0b374c796e657012ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a4195f1fbe27ce08b581b318d3c576d3

SHA1
fd24e294f5af214a5acb1d7d858c1a33015ab96f

SHA256
10eff15d0712b353a497fa38cd16c9b31e0859216950336e289ec04969f97361

SHA512
caa18948a4038fa12ca2c4ab1afb44b389dfd0018994d2b9b700880e871b44daa5bb82ba26431accf792dde2c2d8a297780a30f992959687abfe9d876defcedf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2a4e931ef7104cefde53debf58df5bbc

SHA1
7460a70d04d0a17b0f85b1e82fa4d9b50be4c33e

SHA256
82f7d20d92dc44b85fc4da9c2c1c59e8e8d3cc4f900426686f1b3d6cdc131f53

SHA512
a263d7d532d612f8162c26a98bbc3e15666ac1b7b41720e565ea96f0e46f371e370397fc493e095e77d08438f972bd741226a247303968eaa876e8aeb7a7a5e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
41cffc43793b8939d5c687b4f095de37

SHA1
32992abd04e46ae8f819163ff952734b5f3783bf

SHA256
39dbd074ccd4174b9107452afcb3c81b06dc14c2493688dd93b1ca27a2a39ee7

SHA512
eea8793032bf96c68d7560b6c9b7b2142f3b74d92ccb2bd9841b3e4768c911dd753208f1e6f43fd3b0b755db780845b6cb8e74e171c0422f3a582eb3f3124dfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
9042f5219fe47e684d5dbf83413e7c39

SHA1
c192f42f9057a0de3b9d001c84159561caff46d5

SHA256
ffa9e905f5853bf1c02960829fa5b1ceb580d905de4d669f97998d1eca256502

SHA512
5aaf5ddc5374841be31a857d894dfaac6887db00b413c5a53b9a46c09b17203d07d22b9f4920afa711276e683a5015b4dfe71539775926a730467f33719913f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
82ae4f488c3dbab1664420c6fa911f99

SHA1
fcac6d98d67b275d07adb5397abec431e1cfbea6

SHA256
d68c8a5483386109e19b3c0189b5f9e55b29b71d373d38bc0f87ea948d914cf2

SHA512
20541d811415f411aa2d10bba18a14883be66934a67b82df8b917691047be36129c5f35d7fa5189f7bab8f4ac6d509e225bb5739026299f4e1df12dbb39f4da3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31000122d6296d4ad431c5c3d513b148

SHA1
b684040554b4399e1beffa113b55fca869de3972

SHA256
c7a3d7432c486df623450452d6d15802d4fe8db5a19bb0bd7edd859f7a306963

SHA512
f43c7c1c5a398c9f7c10d2d91d3bc26af62ec2e3f438c9fffe75d1a9bd51b3adbd1c45dac34ed82378d0110edea491b06355b01123c6d42eb1da1ecb6b53df0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
b5ae0dd4036867ee1352149e0bb0084d

SHA1
efd276aa0e3f75ed9331e3c428ec184909bcaa5e

SHA256
3cce8d0c39a2935628bfa7f6628afb2a41baa89bce6f453a6aae9c3cf8caea2c

SHA512
63e2f478144061853ef61e15acaa5a33362865541c3842d4e148ad12b9884f49a11bad4f5fc2313b94564b0397f330d183c0c47018a81fa382c97a021ac84d71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5863b6.TMP

Filesize
204B

MD5
83443ff1c391e591aac23fb3e0c763f5

SHA1
5db359a95562ffba4650a03e0e35a30b9aae83ee

SHA256
23db4a64394a594925b7f45f30066a41c87f12690b23456d4e6a3997c02535c9

SHA512
855bb418e606f0debe865d0b8e390a2b0fd6967d64f02752edc606ce9d97df2158476ecadca5c0cec2b3964658ce19660ac9935d68bb866106ac4802e8b7a36e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
da7f9ff39e1876daef668045d001c116

SHA1
1915b8f499a25a07b35ced0483f8c434e5961c76

SHA256
d0be74a4d708ecbe103acf563ccccc5525ac4194129ff45d697c058b7d82e204

SHA512
6a00d8ab8442574adf43bf710ea4507edc0e108187d89a1679a1d9720d51c9ecc13a97735b9bbf9a7ea22a500d1aa8b32d30f270b917bb2bcf7eea74e85e1019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
df39c9dd3112e9f53720ee915bc42501

SHA1
54731d0a3b6e0fea0965d7b1c55e582c8e8146d1

SHA256
ae554411473770fc23535689d6f87d8303dc550d462dec3fe58227373c54267a

SHA512
71eac20a60bc1bb72d1174fa1e42fbfe0368b1ea2c050e2b979e3cc2a4ba0ea2dd8d93a94af787804f3e5a27b9f028b77b3f248caa86595ab127cd4600f2677c

Download Submit