hxxps://web[.]snapchat[.]com/

Resubmissions

22-05-2024 05:03

240522-fprqrsch5w 1

22-05-2024 03:39

240522-d7xcvsba5w 1

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://web.snapchat.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608228272274367"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{6EE85303-3DB0-4C38-B298-C79FE78DDF17}	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2464 chrome.exe
2464 chrome.exe
4908 chrome.exe
4908 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

2464 chrome.exe
2464 chrome.exe
2464 chrome.exe
2464 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2464 wrote to memory of 3944	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 3944	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 772	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 3120	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 3120	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4640	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4640	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4640	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4640	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4640	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4640	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4640	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4640	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4640	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4640	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4640	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4640	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4640	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4640	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4640	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4640	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4640	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4640	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4640	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4640	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4640	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4640	2464	chrome.exe	chrome.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://web.snapchat.com/
1⤵
PID:3372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5268 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1
1⤵
PID:864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5368 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1
1⤵
PID:760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5420 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:2868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3712 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1
1⤵
PID:628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=device.mojom.XRDeviceService --lang=en-US --service-sandbox-type=xr_compositing --no-appcompat-clear --mojo-platform-channel-handle=5892 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:1764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff983519758,0x7ff983519768,0x7ff983519778
2⤵
PID:3944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1872,i,5249899421528465728,665783724844703888,131072 /prefetch:2
2⤵
PID:772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1872,i,5249899421528465728,665783724844703888,131072 /prefetch:8
2⤵
PID:3120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2272 --field-trial-handle=1872,i,5249899421528465728,665783724844703888,131072 /prefetch:8
2⤵
PID:4640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3248 --field-trial-handle=1872,i,5249899421528465728,665783724844703888,131072 /prefetch:1
2⤵
PID:5204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3280 --field-trial-handle=1872,i,5249899421528465728,665783724844703888,131072 /prefetch:1
2⤵
PID:5220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4060 --field-trial-handle=1872,i,5249899421528465728,665783724844703888,131072 /prefetch:1
2⤵
PID:5612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4788 --field-trial-handle=1872,i,5249899421528465728,665783724844703888,131072 /prefetch:8
2⤵
PID:5696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4916 --field-trial-handle=1872,i,5249899421528465728,665783724844703888,131072 /prefetch:8
2⤵
PID:5712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 --field-trial-handle=1872,i,5249899421528465728,665783724844703888,131072 /prefetch:8
2⤵
PID:6132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1872,i,5249899421528465728,665783724844703888,131072 /prefetch:8
2⤵
PID:5520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1856 --field-trial-handle=1872,i,5249899421528465728,665783724844703888,131072 /prefetch:1
2⤵
PID:5940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5600 --field-trial-handle=1872,i,5249899421528465728,665783724844703888,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5972 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:4172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5696 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1
1⤵
PID:3872

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=6236 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:6000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6336 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
- Modifies registry class
PID:6008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6424 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:3420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6376 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:2060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
365e311005343c396b0c9dc6d39e8abe

SHA1
010a97f289177ddebb34ffd4c498e4058fce35af

SHA256
ee7350493af36369f686919f1f4bb143f2242548d1cb1bff5b777476cd90617e

SHA512
84a2ad59f73cb557bb6c4f08eb300c6e0aa8034e11c256d858398b714ee52439b2cf50000caeeb9d6e58ccea786dfe33d3a54b07747ad9a5530692de8f44bb72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
aa45c7b3778a5ac605906fd5a69a6751

SHA1
0b3f797bfa82b786bc0834a1e09e36a522203304

SHA256
11a18cbaf2a85a3110707ac50157e36bf16699f153a3c6af786f19e72ea30b88

SHA512
da848a8b1bfb2308864056b646fa9c3d2d23fb8a444abd8e895c4c5d844135416cf1c2c8789a1c9c7fe99ffdeba2d3b26a1cc047deb754e3ee1b89d50b2191ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
f3b6e67b02a31827829cf60094c5a800

SHA1
dd91a7d57f486124650a08214aa5d5cfdfabe328

SHA256
28b9b0a828504401204b26775a8191c41b57fa725263cf3356988bb9c5703f12

SHA512
890ffc98f63d293329c9bc384d425feae32079c6715d2b9638dd36e672b4e21a558ed4b215deadc151fb24c53d8dfcbf4ebb06f008875b2afee1e2c8db0da844

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
8915418cd889b94ff9d83429c5eb0758

SHA1
a7dae2d2157ae9ca7c531e34e1ef919c147b1dfe

SHA256
5a955d28d5024b82b7f69e82ab157333e3a9fcd9731bcafaa84e6aacdf85d216

SHA512
526c17cdffd194fb1bab46c9d191c916f25e8ef4cc04dc88e468c95fea37618b9f7c4ec589edf53e60f0e1418fa984237d96e35ced0809d5e110e81cecf966fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4cad25d1b405e4296fd8d9d1138e754f

SHA1
aef5c7d21cd0ff27081d950ab2b6c596b4bc1a20

SHA256
1be585c09f1ccf9963edeb020269f4b4426a2400971ba251fe8731d3e0023266

SHA512
fafa71db019b6eae72e8344bf8fa252ba46a7439ff5f21c81cc11b836680a4b15dcf2ec94338259dce5fd880bcb41851c5e86a865b2d62da3e758efcce6950d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
33fdc000376ed615f95a78d982d32d1e

SHA1
93d21a45e39d698dfd28fb57fce24072f5e31e0f

SHA256
0d368fea2d7e5397ea8b834e85a4ac3e0498f74ce661bce07bfd63f830031cb1

SHA512
b25b9f19a323f3beb00fae67f3bf09c155113ecd748adaf60a89e7a262cb207b9c5e5d8c48043cfa38e2f6f1bb396e3fd74f348b548ce784599ce86b256848f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
edccca84b613770905a492013e90e83b

SHA1
a8e53ebdb22a221126339b4c552b98f70c8b1d80

SHA256
9a8ac314f6b9914e59e5d3bdf8a8e8a251195179f7683e3e3f303dea109ea583

SHA512
ecdf9db60d9db7c22ef9aa37fd50baa2b2ee6165b91e72bd00b2386038e6e9ce861310ca2e1d3c7209e08ccfc87892675d9e335492cf6c391f58b6bba34133d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7c6027034f5454e48efea5a4a9fbb52a

SHA1
3f46a375a98133f4665d08d5de6de7ead627d060

SHA256
cde2e72e96c16301dd0871e069856aecc3f4df307d9190d1833fb00367795bb8

SHA512
d00aa2bfac3c22f91c3a7559987c7d61b15898f9f02beb52b86207073d6646ec0dea189ff8268fbf9d123af61bbf3022e65950bd1c8ec1c1e2a6befc6293ef50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
268KB

MD5
908fd9e13f0f52a5fa7e4570619472e6

SHA1
3144866de84daa6ebc9663960a75977f23a79ab1

SHA256
a8d08dce40220ebb77d44637de87122969931e7ff4057103a2550821edafc36f

SHA512
4832b5ac5bc0b4871aadb6326a28236594443caeac34cba2007787f7789215ba88af41d8734afdf8e99e1f5111777cc87fba1b53c1bd3664f2e8cbb15bcf5c4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2464_VWBPAZJLGXKPJXPN

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit