7b0ecdb708ced6115e4fc35c0f93974e0da66d7c1743ab1ebf60f65eb2dba80c

Analysis

max time kernel
211s
max time network
215s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

accept (1).png
Size

3KB
MD5

fb1ff567df37e1c7a099c2e03f58c0e9
SHA1

8533a7c39cc5390f441ce786e193f7beb70b6032
SHA256

7b0ecdb708ced6115e4fc35c0f93974e0da66d7c1743ab1ebf60f65eb2dba80c
SHA512

355eeda8c1cb219c9cf6cc760ad6e69b581439d2dc424180d88e213b332906fb8a611036f542bf7109a07caa38b436337798cf2c091bdf4523559646945e5dba

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608968077941211"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4396 chrome.exe
4396 chrome.exe
5428 chrome.exe
5428 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4396 chrome.exe
4396 chrome.exe
4396 chrome.exe
4396 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

Processes:

chrome.exe

pid	process
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exe

pid	process
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4396 wrote to memory of 3676	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3676	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 3260	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1548	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1548	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1696	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1696	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1696	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1696	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1696	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1696	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1696	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1696	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1696	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1696	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1696	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1696	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1696	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1696	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1696	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1696	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1696	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1696	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1696	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1696	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1696	4396	chrome.exe	chrome.exe
PID 4396 wrote to memory of 1696	4396	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\accept (1).png"
1⤵
PID:4416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9d6589758,0x7ff9d6589768,0x7ff9d6589778
2⤵
PID:3676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1928,i,8819503848523687292,17479858959282218629,131072 /prefetch:2
2⤵
PID:3260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1928,i,8819503848523687292,17479858959282218629,131072 /prefetch:8
2⤵
PID:1548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2332 --field-trial-handle=1928,i,8819503848523687292,17479858959282218629,131072 /prefetch:8
2⤵
PID:1696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=1928,i,8819503848523687292,17479858959282218629,131072 /prefetch:1
2⤵
PID:4828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3288 --field-trial-handle=1928,i,8819503848523687292,17479858959282218629,131072 /prefetch:1
2⤵
PID:4964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1928,i,8819503848523687292,17479858959282218629,131072 /prefetch:8
2⤵
PID:4848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5072 --field-trial-handle=1928,i,8819503848523687292,17479858959282218629,131072 /prefetch:1
2⤵
PID:4416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4884 --field-trial-handle=1928,i,8819503848523687292,17479858959282218629,131072 /prefetch:8
2⤵
PID:1356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5112 --field-trial-handle=1928,i,8819503848523687292,17479858959282218629,131072 /prefetch:8
2⤵
PID:5116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5304 --field-trial-handle=1928,i,8819503848523687292,17479858959282218629,131072 /prefetch:8
2⤵
PID:1456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 --field-trial-handle=1928,i,8819503848523687292,17479858959282218629,131072 /prefetch:8
2⤵
PID:3596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1928,i,8819503848523687292,17479858959282218629,131072 /prefetch:8
2⤵
PID:3348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5148 --field-trial-handle=1928,i,8819503848523687292,17479858959282218629,131072 /prefetch:1
2⤵
PID:5124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2768 --field-trial-handle=1928,i,8819503848523687292,17479858959282218629,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x90,0x108,0x7ff9d6589758,0x7ff9d6589768,0x7ff9d6589778
2⤵
PID:4940

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3816 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:5764

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
85cfc13b6779a099d53221876df3b9e0

SHA1
08becf601c986c2e9f979f9143bbbcb7b48540ed

SHA256
bd34434d117b9572216229cb2ab703b5e98d588f5f6dfe072188bd3d6b3022f3

SHA512
b248162930702450893a112987e96ea70569ac35e14ef5eb6973238e426428272d1c930ce30552f19dd2d8d7754dc1f7f667ecd18f2c857b165b7873f4c03a48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
e68dc92a219e660adaecf4f81a18be33

SHA1
f7d19a5d9db0436291c1e3111e324bb6c1e5a20b

SHA256
fbb579bad1bdcb85c4fe4a3dfb3b50f4732c3613d9dd599b8e60b08f802ac5a6

SHA512
1dea626d393fc871febafdc1bdf201cd753c03195c1a67d7f7d556f2c5acb43aac580f13705bf49656095cc9c536b2ec1e09e3d9fb2d61d1e267293bca3024ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
7567f77d766b7329e169cacb1bd2be3d

SHA1
76f16e1c74d5c78dfbbcca798b80bffe6b425bd2

SHA256
7c20473640a04d18ddc911b9893e0ff9a1ec8adeff9a9c298a659191e42d8f86

SHA512
04466ce6c497a59744152e58b9ff513badf46ab1f55cae33fcdc4ad82a11e107f7a59bb4c1d37d349d2400e3f2a5e877f69737199dbaa319759cd4cb844d2d9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
d69eb6e7d57587a5bd70e4e426bec79d

SHA1
c2eb4522d22e070b8d011db0251f92d8ed257559

SHA256
d8f51f9fdd463be7c6ce22693721d284614140909c0657321a2e205abb95f0d5

SHA512
207c5b179b3bfd41107eaa4f9f02ac8768ec57fd036bd4ae055a8095da1840d11237900b99ef0b7f47bfb3ccc0a51c739b333a01f887958868acbc94b85f5815

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
367B

MD5
67ef4783e828b4870b02b4b74cd51f0b

SHA1
cd6db287a351529a64304579d108db5038184f71

SHA256
714ad704857d36bfd0ec72fe90e01ba731ce4f95c69431f68ff549d73afd3a38

SHA512
e27a4d61b62e3816949c8e766f4ed53fdc575935f4cab8a04a243de440339e56ff082f5088ab5f5f11699a93046c93e01e9ff488449a923f74a974971542b0d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
b5ec807d059befa38c18e9c02647776d

SHA1
b036db471c4d044630e4900a3820b6d3facf7b69

SHA256
9b26104d002dc7ba9a1d2cdfa4ed2fe2250b9961ad6b288cefb98e4cf19a55df

SHA512
7951920ddf9b1874ddcd4d09a32f0c91db84d212f560910a365882f321e5297817e1f4a0552e34c279c3c01a5d8ecf85ae89f39df3f25039b57f6a3a9b3ea5d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
73893c9a7ee41b4ba02e02ee59a15634

SHA1
58d60f42d339b95155192c01cb0ef2f4349d7ea0

SHA256
868b3d660875c66a17557913b4a66634ad8574a922df42ada92ba3262c350804

SHA512
fdfc8ebee7e989e83578c6602df10fa03c91905cd2daa0a683ae3b6650cd0a920aaeda0962725c41367d9bc1474bd3cf7d25733db9306c5f62cbe1221c7d22f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
6ebe63ead5dd1fd83c08994e9ea9115d

SHA1
cfac76034f43acbda8f31e3e7eef53dfd84dfbde

SHA256
eb24867ff3d03c5953be7c1b777ec72eafd8abb514e49937c057209ca2b9bcaa

SHA512
9bf42f09876c1dc58b581d135e31657a94381b6bfd0b9c9035a500defe917795af09651dda46387360ff4c9906d07d001247df01877e9020c7b65115ea0b12e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
128cc20cf968c27358a0501fb4e797c9

SHA1
ecce90eb8b74b41d86e5c3d4a374b99df02d5d8d

SHA256
d8574203fc2e3f8c580dda6f33bdda9aff684c737c177995fa7c169c3e154d1e

SHA512
c443b71e9d18d536c38b6d0964f000331fed21c5e945a44f0f4e24cf2f8ed16888464f85c61df8345144770fef57ee4456d97572fbea986c176c80a6749d8878

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
269KB

MD5
c8a0116fb47cbf154e4016eb023ee1f1

SHA1
dc3f06b3cc811ff6e6e11bd2507ce0fa5f9faafc

SHA256
6b7032116ada061c496686ab595006778c1764070087ec49b043f297675d81fa

SHA512
64cbd8b4580f1adc925ef01cc610ffd9450b39bc74bbf6f22764399f5cefb87774ca314e1b82e7ec33a6afdaa2162ca3409740d811091e7fc676a580333ec246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4396_JMOHKWOFQQDKTTAY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit