5f120765ecc80b6e65c276515f332e7564ccc22acd162ccaef4ee13f06289a21

max time kernel
56s
max time network
56s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
28-04-2024 11:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Challenger_Template_Top.png
Size

1.0MB
MD5

ab09f1f47da2fa0985db425337d9ad40
SHA1

8b517050bca34bb74cf609edefad52ba6f7234c8
SHA256

5f120765ecc80b6e65c276515f332e7564ccc22acd162ccaef4ee13f06289a21
SHA512

2c3b505512718225a1cd276ecab3fa968dd3efc7889679cdff33caefbd84ef5d14a81cccad3b794fdd40b9fc1baaeb895dceb8d95fe04de0f7ba5c6f70af95cd
SSDEEP

24576:uuITarDwiGGs3zWBZ9wcqyOIiAC8WfBqcGBXST:HITiwiGGs3zQZ9wcJ71WfDGBX2

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587767746630748"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exechrome.exe

pid process

3732 msedge.exe
3732 msedge.exe
5168 msedge.exe
5168 msedge.exe
4120 chrome.exe
4120 chrome.exe
Suspicious behavior: LoadsDriver 10 IoCs

Processes:

pid

4
4
4
4
4
652
4
4
4
4

pid	process
3732	msedge.exe
3732	msedge.exe
5168	msedge.exe
5168	msedge.exe
4120	chrome.exe
4120	chrome.exe

pid
4
4
4
4
4
652
4
4
4
4

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

msedge.exechrome.exe

pid	process
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

Processes:

msedge.exechrome.exe

pid	process
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exechrome.exe

pid	process
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 5168 wrote to memory of 2632	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 2632	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3460	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3732	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3732	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 2520	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 2520	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 2520	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 2520	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 2520	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 2520	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 2520	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 2520	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 2520	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 2520	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 2520	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 2520	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 2520	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 2520	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 2520	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 2520	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 2520	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 2520	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 2520	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 2520	5168	msedge.exe	msedge.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Challenger_Template_Top.png
1⤵
PID:2836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb630046f8,0x7ffb63004708,0x7ffb63004718
2⤵
PID:2632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7662518382675089597,16456827083776565347,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
2⤵
PID:3460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,7662518382675089597,16456827083776565347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,7662518382675089597,16456827083776565347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
2⤵
PID:2520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7662518382675089597,16456827083776565347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
2⤵
PID:4292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7662518382675089597,16456827083776565347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
2⤵
PID:1608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7662518382675089597,16456827083776565347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1
2⤵
PID:1712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7662518382675089597,16456827083776565347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:1
2⤵
PID:6108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb60e8cc40,0x7ffb60e8cc4c,0x7ffb60e8cc58
2⤵
PID:4100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,5867460780511998849,3564301726370855553,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1812 /prefetch:2
2⤵
PID:1816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,5867460780511998849,3564301726370855553,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2168 /prefetch:3
2⤵
PID:3912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,5867460780511998849,3564301726370855553,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2444 /prefetch:8
2⤵
PID:4776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,5867460780511998849,3564301726370855553,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3140 /prefetch:1
2⤵
PID:3292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,5867460780511998849,3564301726370855553,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3184 /prefetch:1
2⤵
PID:692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4552,i,5867460780511998849,3564301726370855553,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3672 /prefetch:1
2⤵
PID:916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,5867460780511998849,3564301726370855553,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4816 /prefetch:8
2⤵
PID:5668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4680,i,5867460780511998849,3564301726370855553,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5024 /prefetch:1
2⤵
PID:2988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4656,i,5867460780511998849,3564301726370855553,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4644 /prefetch:1
2⤵
PID:3908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5112,i,5867460780511998849,3564301726370855553,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5312 /prefetch:1
2⤵
PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3400,i,5867460780511998849,3564301726370855553,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3440 /prefetch:1
2⤵
PID:5256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5300,i,5867460780511998849,3564301726370855553,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5308 /prefetch:1
2⤵
PID:1596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3988,i,5867460780511998849,3564301726370855553,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5084 /prefetch:1
2⤵
PID:428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3504,i,5867460780511998849,3564301726370855553,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5340 /prefetch:1
2⤵
PID:1504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3436,i,5867460780511998849,3564301726370855553,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3148 /prefetch:1
2⤵
PID:3724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4352,i,5867460780511998849,3564301726370855553,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5080 /prefetch:1
2⤵
PID:692

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4700

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
Filesize
649B

MD5
a2dc01c230bb0a8fe9fca40eb6caa2f3

SHA1
c4d7080a40e1bd4125038407468189e23b7373d0

SHA256
3311880f45b2874dc30efbef67848f16b2da7acc304247d56e6d4f473e0fe5f3

SHA512
ac72e9f7f1c2ae66994532ccbe3876f6017aadb9d38dc630db00b4ab2bd1846e5d630747e03f97f31bc53777720525e62e633a84e455b57d3df7f8b784bb3247

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\85ee8ae5-7359-40f3-9a84-62456948904e.tmp
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
dea7568f4e32203349200b2fbb89afb7

SHA1
f9907e096ea8cbb87d8b8f275bfc10b368fee768

SHA256
5a9c7d1731ae4009750c86dd15dd5a44af8554a80fc16c67855df82c4aa5d825

SHA512
7f5289599f757e9db269095fd9e3e0cdde3dddf14e0c73c8972131cefbde456893d3911204f47a14ad93c25d540d9b942e464d6ddad778b4a9e428f683387ef1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
7e46d806524c37f96132eb01b25c285f

SHA1
ea5de673701ec1f2a61e9f8d0525fe29c4ef3fb3

SHA256
598b112b4ebb9f832802e28565f95d27da46ee39126754a77a01ecb99f7bfe01

SHA512
b906a153e34e0705d85848bc6e02e73b9275c8d360acac03e284b5382bd76e30a114fe729fe9187fde22dd2692d120137d1b1310b8ead873507f28c397527890

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
4e369b0f47377f529ccb98bef37b703a

SHA1
222305abeed55124f52c278872a87fce2044f1e4

SHA256
d8d4dff03e1c69747fa9c35d19869219422d1b11e5ca1710be96ac7015722100

SHA512
b419f42c8a23914a12c06091c705461e4e4353fb2787a2580a2328ca62509e4721a9f94fb04891fd44d71213e1a7cf9e735ea8ef9f154b8638c634ca50f74784

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
77KB

MD5
520200e405f697e45042935e2d864344

SHA1
5cb16cb08fa88b49e60f2b96cce11d3c389741f8

SHA256
f8f5d967b1e74d92447c05429bebc493f22280eb328796a4599b86ff26453cbd

SHA512
e48d607362c7e01bb0df16fd94dc913f292cce1f73cd2a3bc3a10aad834b66fc2ef92ba9b1e9b949a6ae5cbed8f7ac659278cfbfa2d6653d509032e5a1e5ebf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
77KB

MD5
a51557bc12b505c750506c7fb19e9083

SHA1
44c787bd3cf5894260a75033e7af7defc3bc0fa0

SHA256
e4ce033b2d4e0a52df3aa8acb2f2ef77ec13dca42319a0bf1975022d47ed2530

SHA512
57b05d8243276886149a145af57bfdb985a3fd6bf884805ea01e39752cfe76bf78add8e996a49dedb06b0dc5d37a61525db64c9359d53e11b74f8189c2961298

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e7ac704e53ad703f28c4fbb453bb282c

SHA1
a3855394d2f3ecc9a84f2fbf8fe7d7c653b3716c

SHA256
cca216e7a915a4e6859d9d77314fece1880f8ad0e48510ed4e9a6d1145aa9a7d

SHA512
7ec6643c3a9f0b36ad781886b9e5dafb554398169c9b5c750aa15e72e133825641b75b8c62f077dc8e3fe313d3b060102559db46cdb3fb7870b748dff45b38ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
9a9bb5765ebc781f29352b1775bdbd33

SHA1
aa47f1a11d54fd17148f0806b9aac853afa58624

SHA256
e5ca2ec1a24ece89b77dcfbfe1e7631fb52aaabc2fe552496f9483c0221a0266

SHA512
8528ef8d17cec8a0c421c42977c19f1f4fdfa9595ee40bba120187fcc509939d2cdb2a02d4ece72cf923d41bab193120e831aa7bcf10c5e76622d92a328c51b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
168dd16d5f9565fc13dea3a4f231404b

SHA1
13087d23cac1b3942fd9daf36aa9185fe9f3ba5d

SHA256
e418e409f06afa6a528ceaba565c960092f2b4f7932f36e7ea90b7c5cbf4aac7

SHA512
228a9d26e30fcc1fdfea8bf4df86248034ececaba39bf74f6463f474431e0cf5493691ab7735a89d214fe3ca2a21f78a3a4706d2411452e222d4afa77dabf58d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
\??\pipe\LOCAL\crashpad_5168_ETQWHDDJPKOEWCLF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit