discordrat | f83bc993b1c463a1d994cad9285d14b702c85bc18c27aceac3db80207912edc0

Analysis

max time kernel
155s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 20:13

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

085a0c1daba783798359d0372f045fc9
SHA1

fb5d4ee0b50f76cf0ad0248fcfd3d86099c0181d
SHA256

f83bc993b1c463a1d994cad9285d14b702c85bc18c27aceac3db80207912edc0
SHA512

14236c9a717eb11e58ad341ff5939217cf50e72a89425a0e1b16266b675d98ca9f0cab89bad97f05bd27dfbe3b83f026a3aa25e54e453675e4a4d13383d39231
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+QPIC:5Zv5PDwbjNrmAE+UIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxMTA5OTM2NzcyMTc5NTYzNA.GV4QAD.x4iiYZVpZ63ZQJ0du41OTV9HZmswMs6D3_pEoA
server_id
1234555349349040179

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 14 IoCs

Web Service

T1102

Processes:

flow	ioc
35	discord.com
11	discord.com
24	discord.com
91	discord.com
42	discord.com
239	discord.com
48	discord.com
63	discord.com
68	discord.com
92	discord.com
240	discord.com
12	discord.com
34	discord.com
44	discord.com

Drops file in Windows directory 1 IoCs

Processes:

mspaint.exe

description ioc process

File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133614008587285562"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exechrome.exemspaint.exechrome.exe

pid	process
5016	msedge.exe
5016	msedge.exe
3284	msedge.exe
3284	msedge.exe
4608	identity_helper.exe
4608	identity_helper.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
4920	mspaint.exe
4920	mspaint.exe
4340	chrome.exe
4340	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

msedge.exechrome.exechrome.exe

pid	process
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
4340	chrome.exe
4340	chrome.exe
4340	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Client-built.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	3644	Client-built.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exechrome.exefirefox.exechrome.exe

pid	process
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3704	firefox.exe
3704	firefox.exe
3704	firefox.exe
3704	firefox.exe
4340	chrome.exe
4340	chrome.exe
4340	chrome.exe
4340	chrome.exe
4340	chrome.exe
4340	chrome.exe
4340	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exechrome.exefirefox.exechrome.exe

pid	process
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3704	firefox.exe
3704	firefox.exe
3704	firefox.exe
4340	chrome.exe
4340	chrome.exe
4340	chrome.exe
4340	chrome.exe
4340	chrome.exe
4340	chrome.exe
4340	chrome.exe
4340	chrome.exe
4340	chrome.exe
4340	chrome.exe
4340	chrome.exe
4340	chrome.exe
4340	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

mspaint.exefirefox.exe

pid process

4920 mspaint.exe
4920 mspaint.exe
4920 mspaint.exe
4920 mspaint.exe
3704 firefox.exe

pid	process
4920	mspaint.exe
4920	mspaint.exe
4920	mspaint.exe
4920	mspaint.exe
3704	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Client-built.exemsedge.exe

description	pid	process	target process
PID 3644 wrote to memory of 3284	3644	Client-built.exe	msedge.exe
PID 3644 wrote to memory of 3284	3644	Client-built.exe	msedge.exe
PID 3284 wrote to memory of 2348	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 2348	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 3200	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 5016	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 5016	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1596	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1596	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1596	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1596	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1596	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1596	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1596	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1596	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1596	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1596	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1596	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1596	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1596	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1596	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1596	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1596	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1596	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1596	3284	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.xxx.com/
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5d0846f8,0x7ffd5d084708,0x7ffd5d084718
3⤵
PID:2348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,10610929544154253459,16452297801160428491,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
3⤵
PID:3200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,10610929544154253459,16452297801160428491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,10610929544154253459,16452297801160428491,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
3⤵
PID:1596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10610929544154253459,16452297801160428491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
3⤵
PID:3960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10610929544154253459,16452297801160428491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
3⤵
PID:4340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10610929544154253459,16452297801160428491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
3⤵
PID:3088

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,10610929544154253459,16452297801160428491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
3⤵
PID:3648

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,10610929544154253459,16452297801160428491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10610929544154253459,16452297801160428491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
3⤵
PID:2932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ffd5a8fab58,0x7ffd5a8fab68,0x7ffd5a8fab78
2⤵
PID:3364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=2020,i,14710529131420844772,18157034404376810352,131072 /prefetch:2
2⤵
PID:4512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=2020,i,14710529131420844772,18157034404376810352,131072 /prefetch:8
2⤵
PID:1144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2296 --field-trial-handle=2020,i,14710529131420844772,18157034404376810352,131072 /prefetch:8
2⤵
PID:4604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=2020,i,14710529131420844772,18157034404376810352,131072 /prefetch:1
2⤵
PID:3196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=2020,i,14710529131420844772,18157034404376810352,131072 /prefetch:1
2⤵
PID:1904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4372 --field-trial-handle=2020,i,14710529131420844772,18157034404376810352,131072 /prefetch:1
2⤵
PID:4300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4528 --field-trial-handle=2020,i,14710529131420844772,18157034404376810352,131072 /prefetch:8
2⤵
PID:4356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4548 --field-trial-handle=2020,i,14710529131420844772,18157034404376810352,131072 /prefetch:8
2⤵
PID:3304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=2020,i,14710529131420844772,18157034404376810352,131072 /prefetch:8
2⤵
PID:3844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4876 --field-trial-handle=2020,i,14710529131420844772,18157034404376810352,131072 /prefetch:8
2⤵
PID:4612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=2020,i,14710529131420844772,18157034404376810352,131072 /prefetch:8
2⤵
PID:1520

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:3344

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x258,0x25c,0x260,0x218,0x264,0x7ff65e6fae48,0x7ff65e6fae58,0x7ff65e6fae68
3⤵
PID:4832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1604 --field-trial-handle=2020,i,14710529131420844772,18157034404376810352,131072 /prefetch:1
2⤵
PID:3688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4992 --field-trial-handle=2020,i,14710529131420844772,18157034404376810352,131072 /prefetch:1
2⤵
PID:684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4832 --field-trial-handle=2020,i,14710529131420844772,18157034404376810352,131072 /prefetch:1
2⤵
PID:5004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3304 --field-trial-handle=2020,i,14710529131420844772,18157034404376810352,131072 /prefetch:8
2⤵
PID:4616

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5068

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\SwitchLock.rle"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4920

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:3236

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1600

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3704

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.0.2000984142\2109606186" -parentBuildID 20230214051806 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50ce8b01-5651-40e1-9ac0-7878f181f231} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 1868 2237fbb0b58 gpu
3⤵
PID:2596

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.1.1715835019\1336871400" -parentBuildID 20230214051806 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2faf5e6-c13a-48e5-a966-ffcc97f9edc0} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 2436 2230097be58 socket
3⤵
- Checks processor information in registry
PID:2236

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.2.542602082\1050589603" -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bca98eca-9ad3-4ec3-8473-71d27f4d5a1e} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 2984 22302df9558 tab
3⤵
PID:3484

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.3.1350769470\436196818" -childID 2 -isForBrowser -prefsHandle 3860 -prefMapHandle 3856 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc4f6782-7f1a-403f-9fc5-3c570762dee7} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 3872 22373673258 tab
3⤵
PID:4896

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.4.736208759\854985905" -childID 3 -isForBrowser -prefsHandle 4940 -prefMapHandle 5076 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54633613-18dc-4551-88aa-3ee5f565e744} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 4432 223079c8758 tab
3⤵
PID:4436

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.5.1074331932\74246442" -childID 4 -isForBrowser -prefsHandle 5232 -prefMapHandle 5236 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d96aac1-df01-43c3-85e7-f8f23e2df1d0} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 5220 223079ca258 tab
3⤵
PID:4604

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.6.448494737\1821256139" -childID 5 -isForBrowser -prefsHandle 5420 -prefMapHandle 5424 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8581edf9-b117-43c6-81da-0dcf31df81af} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 5408 223079c9358 tab
3⤵
PID:4616

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.7.1510200972\730624331" -childID 6 -isForBrowser -prefsHandle 5740 -prefMapHandle 5736 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fb06c65-39e5-4f4a-be5a-f82a670ff45e} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 5940 22309533e58 tab
3⤵
PID:932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffd5a8fab58,0x7ffd5a8fab68,0x7ffd5a8fab78
2⤵
PID:4572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1900,i,5244446576672602123,10444733056131379473,131072 /prefetch:2
2⤵
PID:1136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1900,i,5244446576672602123,10444733056131379473,131072 /prefetch:8
2⤵
PID:684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2288 --field-trial-handle=1900,i,5244446576672602123,10444733056131379473,131072 /prefetch:8
2⤵
PID:4284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1900,i,5244446576672602123,10444733056131379473,131072 /prefetch:1
2⤵
PID:4244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1900,i,5244446576672602123,10444733056131379473,131072 /prefetch:1
2⤵
PID:5116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3916 --field-trial-handle=1900,i,5244446576672602123,10444733056131379473,131072 /prefetch:1
2⤵
PID:3224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1900,i,5244446576672602123,10444733056131379473,131072 /prefetch:8
2⤵
PID:2536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1900,i,5244446576672602123,10444733056131379473,131072 /prefetch:8
2⤵
PID:3392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1900,i,5244446576672602123,10444733056131379473,131072 /prefetch:8
2⤵
PID:988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1900,i,5244446576672602123,10444733056131379473,131072 /prefetch:8
2⤵
PID:4884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1900,i,5244446576672602123,10444733056131379473,131072 /prefetch:8
2⤵
PID:3004

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1600

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
90b8e3c077c7289cf4b7078243e26f76

SHA1
c8e3387c59c20fcff770b846e972a52f7f93591c

SHA256
001c51870a28710313d50d9037f261881517a384d3e502d9112b04ea2e8538a1

SHA512
4461003ce00d03608509d7ab645b933ec95c398623a1d8c6440c8a5b069d32e73aff391a1d3954511dfca7da698c0820970017b66629e3647800e5cc3920f1cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2f25cef3-4533-4abd-a92b-e52793a55194.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
Filesize
44KB

MD5
8cd8cafe8be04db3fdff73b3ea4c96e3

SHA1
efca9ab43d1f719608ca32f32aad9d05fc307a43

SHA256
a7953e977e3a938a42d1c70eb658d443dad6d8763fbe45f03b4f7fb92b705dc3

SHA512
d9f8df516562515707fd366249f494ae484df4d429290675d81309bbb7cb246948dda15514678950b3cc6dcf9253cf3ac0c6a4f52be0324d1c86060b060359fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
Filesize
264KB

MD5
8bedea137b4b757080bd8211f979b038

SHA1
d52df2b2865da2e7b78521169c43477912ba7e83

SHA256
0dc1d2f2a5060e9b53fedb4e19378f2523748a0e2268461f93dbc68d6d722a20

SHA512
a85130bc3ea9b13b75a18ecabf0fa269690514ce6c95e0370b5ce74a4aaa9fb3269a9d8de47c411276332879b6aa82ef140509edcb3568f59ae4258883ee5c51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2
Filesize
1.0MB

MD5
08c3d8cd3aba7d695b39376cad520262

SHA1
aab5c0dcf72998931810f64fb9f79fb4df42a1da

SHA256
75288aca8ea34beeec6678274b38e3036b0304dd3ff64c191e62b8c9f45ecd0b

SHA512
60560fdd80c596f15aafad06559f993447bd2df46c128ee066dd72e64e332d2acd7331d7be68c5a07e3a8fa0e528fbb040217676d889ecf340f392ec24ebe743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
Filesize
4.0MB

MD5
5aab1b9bc68a002bb7776a653e170547

SHA1
1243b751213736d41a0521eb6a74941e167692ea

SHA256
17c708d6d2655fb444102ed3d4815a4cf100ad4749a32b48b78b5c8e91484fdb

SHA512
bd3a9af51424c5c5f4dad11698407ef425d869c3f1a5c410ae935276c78b9bab6dc0aa1175956d98cec01b2d92abc1fb6a9fa43443fc7a40cef430a32b08ad15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
Filesize
34KB

MD5
51471689c34622d5b58a0bf12d3c5681

SHA1
1862708022e8a39d607d1773b0f38b34bd902b3b

SHA256
4ba0859d99205e0171695a921ed14365416c2e22df101e330cf79b006d27c604

SHA512
9ea9bd78fdd275ec4cf479c6f45f229c3f67ffbab7d66ee6aa313642012da6d35e80666ad57ce79717300789365ae4f81695ecc46446a0681740addaf8f300e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
59KB

MD5
33d2dcc9ccf87d6ed728ab0c46235369

SHA1
249e080a07601d8537b242546067229f49a4aca1

SHA256
a455f1cebb519dc1861af1646224fb2cff08843469c0f346d93efb6745615c4c

SHA512
754e230d5ed0a578559702f43312b2cb2b282676a95218ec3213efb566fed6ca02034bc6dc7ba124afee6f9b766a0680a8e51ea377b998eb2a10d0b7de67f7cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
Filesize
27KB

MD5
75f1d5724eddb6c481e2e87727c0a19d

SHA1
3cfe079018e25b2646f23e0744bc5af2114ee256

SHA256
751f9ea75e28033193df30031bf3d33e0553e1644ccbaecb26fe7d3bda21b78c

SHA512
a52fade9a438e7896f12afb5b8cccf05ab2cdd71dcc8683ba80001e74800d0c6a6d446d162e75eff573ccfc7106c1beb6f91bdd41753b81a6f5b7510c7c36b4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
64KB

MD5
0ce210c8ef4b81e8104839ec631df800

SHA1
b8cc6ca9c57b30998db26dcf4be313e9fd11514d

SHA256
87f3ccf54cb2be0afe8f756b26f2b1781ee716fc8890135d76b86b9faed87c7b

SHA512
4b06eae54636a30f1e804d8ea28c95633503b7912307921352c484f5d2a523cfdff2cef16ad1acdbc0b8c4d7766b35fcea8b5c45656b01f639d525dc60ae88c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
Filesize
31KB

MD5
7f8a4f124f314e0f1a6d26a2ad2606f9

SHA1
b10bfb19db2d40eb4ac17735c385493e7dd04c48

SHA256
7bb5dd5ba2a9a34556880c1a064625644803bc44e86914e0185ba6004e917676

SHA512
217479bdba2eff0c329faba1f3c90cb287a716d50c1270617231efd40fc554ff9867875582222dbe0120d0f0325730fa4e43ba76683faea1cb8868e10e0f13f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
Filesize
27KB

MD5
c5f3e3eb6f23b67b0edada18156c487f

SHA1
a63aa98f3396b08eea066ebd9bf102cf2253602b

SHA256
0519e8dfe9cd403182050c3d30d063ce0deeee7135fcd3911bd7a3a39a78468a

SHA512
b161c18061a5f374c169e7c84ba2b3b9139ab693274e4cc780df36789220a4dac9e27b1f415a137bd59ac97538e72ddb37f66ab766aaf71c4cce033255244fb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
118KB

MD5
dd2a84ad14c574923f14dd716d34010d

SHA1
43ad67090a2a0b3b1fb9584115c40568ee30e018

SHA256
f9c1a0f6d7995543d799f6feef4922e09c610f29dd96ca7820153d1bcbd8b566

SHA512
851dbf6751e63cd163410602a9d9cb5ebcf83a4e9c879cc6dc9791100ff3a78bbaf51bf898b0a110170bb41ac7abfa446f4ea3323f98fa10e5397be8201fcd9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
29KB

MD5
cf776b128a74f76a26e70ddd68b46b61

SHA1
24c15fb603cd4028483a5efb1aecb5a78b004a97

SHA256
346cbe6774bf3bf9f3a5aacf287f859103045b0dcd4a32839b00be9f391259fc

SHA512
20751f34d1a3a63e580581d36902928c7780dde70fafa75b87e406965f2dde501b9821cd45c824584d1ece21566eb5fa501d1effdfafff0b2e27ec806bce8f32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
Filesize
28KB

MD5
b428010d1e63888d7dc91920c2135e24

SHA1
7d88aa246f53abf5ad5bb1cbdf940c5bf2daac50

SHA256
7abd2b3f2ce7c0eea015a4168b6818ad555db2202abb0514d5fa082d713e9080

SHA512
cbdfdf274b143d8569aabdd8b190e5d484781f282afca5f4342faee3172b741324ad7cce992be0297430e3be1062fa6f9a8a156a2452f5881db52a8e49e443f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
Filesize
78KB

MD5
466a39caa0442f46a32ef9f777c5869c

SHA1
e7c1ddbc6bf8bd5e274edacbe96c7ea5a26b195a

SHA256
e68cf623d3fcad7d8393b36403bc4be41f3f8feff00c467d7ae052ca02b5487d

SHA512
3615becd22ed16a4c2199752aa98ddf4cc1c5dbc8eee72c9f9155c35091d5d3c4ac8d3df250ebe14fb0fd988ecc3411aeed6597e0a85174288ee3a41b67a8c54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
Filesize
16KB

MD5
f748a060e6159dcdf0b47966f35564db

SHA1
fab899e91514b7795542da670d5523021af3e006

SHA256
2b9d6fe95016bc6143149d9b9e06a021f75dcc195c491f06edb0fd5d54a8f191

SHA512
d46984b8c5fd20949ed1f543d78b23452ea35ae3a24ecd69d8a88893fc68d2a76dc590d709640951b3acd2ccf9e7ee600e8944921c88c7d0597effd9b75f6605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
Filesize
18KB

MD5
1b570422b44393224b47afe0315bf643

SHA1
38cd5d8e592a3b41197ef126724972eb6c0d3651

SHA256
83532a4a0e662e557ef112399300ed7fe8b9a91e1275ff1567d1373dcc3bf64c

SHA512
ce8f2158bb1ba13930bc95553a61a0eb4544db5aac74aee0cff7ff66b4b008ea573994b2b0fd994fe0dd4758e4542d8b635cac45ee71ea121da8ce590dbdc90a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
Filesize
18KB

MD5
a4159ee738530dc3a6d4759cd809e1d7

SHA1
f47fee5a1eb016c2850f857840f606be76abb93d

SHA256
3160ff5b0dd54a898b490f2e230051e5ac5b1a09e905608857879583b8d8bf8f

SHA512
8cfb1014b51f6bf4bd47fb92919d68b7e517df377e7876d24bb361c70c02b026a0e2b2ca983dc0289dae183962e1435f91aa9f6ca77e875abb33ed8861c3b438

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
Filesize
19KB

MD5
ca175eaa546a945824c84d7b0b4b5e06

SHA1
cd89b26d5e34510c4774127d8a60fdac5a4c3e60

SHA256
87e4211e690efa0f820d821785f0f8268d4499f492c3671f51f3101bade9652e

SHA512
ee49a48ea3904ab1ab07cb8f0ac636e4f01985544acc402a9dd92687c2e4fb6e5d2d0d93bb672b858a45666d147f56801a0d138af58dffc74794dc5a54fdb614

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
Filesize
16KB

MD5
c5e2160f81f66675292ff9a49f472e4f

SHA1
05f833a6af82243b455b4166ad79d6d1457f6b61

SHA256
f4cd300a1dac00766fbe913c4fdc86eabb9e3474552537ae6f6c26cf4f2a037b

SHA512
57914036ccd8f6a12db24f8bba7be1f9aa7bf3cdef9b70439ff2f23d722b7d299b2e8fe5795e4a16d0dc7135daf6f1587c2129ac2e7d2e702357f06f17fe0244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
Filesize
16KB

MD5
17985a75e7d54c6293105ea2a95c9c0f

SHA1
0eb27856219cfcfd79adc50648f90e635480b19c

SHA256
ad8267f0663d7999430ce746e79170aaf9af00684bc33fbbe830007818565997

SHA512
a34d9f6078ac1ba82faa943ca9604c7d9fd35eeb689c73c3a0e0a5b9618cd2623c2e19321559bf33efd780878f4eb70f18bda1c6484941a263ea65c13240af7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
Filesize
21KB

MD5
334491198c7695b1bbef2c622582f666

SHA1
c4f838f8dc99f8e63de3c3c0d8be93111324b227

SHA256
01cca2f47e52683d04bb28bb1823d186d31df07938dba0880f624055ea4b46c1

SHA512
ff82c4f72c8c8d74b161747dbdf86dcf74127b1aab2dec81d23bf1a34fdb14c06d6715c75174b545280dad497abffa8b7a83153ab6ff9471dd33dee83d2f1453

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
Filesize
17KB

MD5
892aa627a196fe1423f8b02edb5508ca

SHA1
1d45fdfd6eb0a6ddf4e8bbb9dfa28f17b4a46207

SHA256
b9d7a5e575810180531375bf65e99aac7a7a2607cb05ddd616b83b019fdd10d9

SHA512
977afc81aaf601b252dd97a46e65775719cb99925b067600e121315ec7eb32fcc7705bee4f3e6cae6e7468611bb00389b208a0ecaab8bec61b5aae09d7b7b9de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017
Filesize
17KB

MD5
34e63b042a858269391fa6bb35849d7e

SHA1
fef9e9200c5ac1ad4536543d4d06fe161073f3a5

SHA256
39b413df370d290d069931686b1a5c15a004322c4b0e6e339ca5b1dece95c780

SHA512
98d221240b6abf91a65c899cb39d083c6a9ceda8297a2a980680914c682cb3c484eecdfbed8a3769d143f1a2be7dd6794cb67b3c62249d352d706e132e7cb85a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
Filesize
18KB

MD5
fdca3a0204ef9926886c8885211cca29

SHA1
269b99f3ca8f8411d255c01cbb68ff4946b8c74e

SHA256
396d6ff76943706d33cb1675d2af52bd6cb6c29c149a1c4361c6fbda6537bfb0

SHA512
2acd9c106611b4f15d0fb1f71c4c2cc5d72d85cca9005a60adb34d393a85a259fdc02c00db907c4902430aa14254a83697e1b649d47371a57316a82b1f3e4e80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
Filesize
19KB

MD5
9c649725f5a1d62311e6dae8794f1d8d

SHA1
8a903bfc168b56d90355d682c8041e68ffbae1d7

SHA256
75cfb7fa9c75483350000b4050fbcfc72677748b4832265352b5f03d54afcff8

SHA512
04e4252f434d9302422a3b532144bdb2ff3fbd416a4964bb79d57b5bde3de8ab2d12b6b9b079e13e8c60c380cbfee3856aeff7fc6f7ebf123e737c12003ffedc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
Filesize
18KB

MD5
5c00b50987a62a576da7012d6eb1b019

SHA1
beebeb7726452d830b56a8837dd9479ce51257f8

SHA256
dd849e1785c1c07e455c7dbf47668068f51d6c63b9f60692832fb66991b946d2

SHA512
5fcd692ed0c68054b6e16c529def3de75bf71cd5ae11ea092ac16705809f82405b781080b312561676dc589a9ed4af2e4b5256949cfecce007b070e3381b5348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
Filesize
29KB

MD5
ea92e7da8a9c7040b86436827fbd8b5c

SHA1
2ab95a5e59e3e87c18b1f4106e1ec0d9207ce1ed

SHA256
018f64ba2c197e128f9da589a1941fe2fcefcbaab15ea3f278bb83a9e2f01372

SHA512
42c069420c3087d302f263ae6a6ca366e7e8f350d0daec9c860c028cdf43a6ce17b69e245bc07b3df0f3ca5e0922111ef80016b45be96e8d431d8f33fe8122ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
Filesize
95KB

MD5
5bb7cb2c2de6b75b9c27ec1d329a44db

SHA1
567c10b1bf33b64ea83c027941f230cc3aec51b6

SHA256
cee7844c0c4b73b20cc497b181c89ff8438045f617dad780c5d4c9ba9b993b64

SHA512
e70e77b2c5ec959ea634e286050dd98bf43d128dfaea80c5dbad98cecc1154fde2ac84b1b5828194b7ab4bc12cfeda2d652a0a7f5df3faf50546b7f5d13612ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e
Filesize
291KB

MD5
cc7371bdd52e9419ceca16e201569a74

SHA1
a80a6cf32cec87ca783c2af0fd59cba6b38a9903

SHA256
bc61769b1a3434654fb17607b1f7e51c5e5f42589161b841c8517edda7286987

SHA512
f3eb76094085bb7ba08459ea3ca8a393d9c08dfe5ebc6ec0dbd978a53a5c020f548d0f86bd86bf6a80130f16ae683bc86764b35278ee7f205cc4c09aa219177f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f
Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
Filesize
60KB

MD5
5d061b791a1d025de117a04d1a88f391

SHA1
22bf0eac711cb8a1748a6f68b30e0b9e50ea3d69

SHA256
4b285731dab9dd9e7e3b0c694653a6a74bccc16fe34c96d0516bf8960b5689bc

SHA512
1ff46597d3f01cd28aa8539f2bc2871746485de11f5d7995c90014e0b0ad647fb402a54f835db9a90f29c3446171a6870c24f44fb8bbb1f85b88e3ade9e0360e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
24a58caa7bb4df83f58399a6f8c95110

SHA1
2747d7b596f587bc2b5015d9eaac64a1eb681bc8

SHA256
395145339d4226418ee5be135479188708fe5883444be831a55b0cea5de0443e

SHA512
b5ad4e30ebf927d606ec66954e43529dde998e81e44abbb4020bc817c74c0f9b7a3020921ce2652d8ff22e0f13b7cd17af6ff9601db15d55842032dbaf9c9f1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
d21075e3c6ebb2df5c1b98e985c87f8a

SHA1
da92cece1581636dff95ecf40666879dc63c0c44

SHA256
3a9ffc096a8fc884c9c71286c3aee746d58f3013c4e1a75245cf18447536ba02

SHA512
91e7ecd01968144462bf389d0652a52d6472cf8655da2077bcd481cea9cb6ba819573d0b9705c15bed58b040bf2f6ca5534a29ed3adc02d1c79a427d3a275e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
fa7bf133009b6c2c01e7312b46fa98e6

SHA1
70240d15e5783c827d130e422b9649b66c27e411

SHA256
1eba0988d2d84948ccc302bf4524e48d87e7511ad2e710ad4210ab1e2e93be80

SHA512
cf95767cda061f013b062f00aaac4055122bb3195f23e45ee1abfcdda2ad0730d6cce2b5aaa267fcaf5012560e57e22f1c0d002a93d7bb9fe6608c2d086acfa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
354B

MD5
489e4ea28be22056b2282f6ae82445b5

SHA1
97e56484cb8148d7254608b60d1fb6716eddc331

SHA256
b41603fda0576343539ed2689c225b9b913d4b551dd72c9a616da85a8d0494f8

SHA512
064134e11c26091e2c9b6fe6a97dda0037223a74fb8fdf5a5fdb177214741ea6f6f94592cae37fde7f69dbc1bf51d60a42288e726ad266bae18f45f25cf30ab3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
283684b866975c61bee474fefd6af1e5

SHA1
97364632b4b1da6e8be0964728dcf6ce877330d8

SHA256
99d947a6922506bbd79217472d6cdb69bbad6319b660745bf429913e6c1cba31

SHA512
fb9a69595199e291f5db33ab3177698c8b4b12bd2ef228222b933598b9054cecece28f1de30916c339667c456bfe8fe7a10df791cd7f6c04f76f3812cb1cfe42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ee0ef56c61ea9900bf64973d8023a0dd

SHA1
8d562adb469f3574ab123f6a9e98cb4ac93c3bb7

SHA256
72b22c6530504501fc23033c61ce982c5b1ab675e13a3b2b5e2e850d8a5b9f4f

SHA512
ec61dd66832d7097f08d9420f90c62f9e600df1563a4e214f44553dcb3dfa98220c7d695b7cbf96b383143cfc19e80cecc60b2df2803388ca986d72826423bc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
be042c6642a4068fe09980017e85f393

SHA1
be60c2203fe6b28ed61b62c003cdc9dca761d145

SHA256
527cefe786f26444a26c8e5e071500dd8ff0e4dd890304898b419e9a750866fc

SHA512
cad284d8c336dbe59e407496ffc460f46c4af6e8e464e1dae11311d7449f7e31d4b3a7d661f2c2ae1a67dd15db3854370b7650cdd12971a9ff818451d2c76248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
7848b80d311c356ab1e5d87e9fbbdc62

SHA1
2d245309270720ec0126b6570dac4ccaa9f543cf

SHA256
7a2d5c1ac61aee99cf954ac84766bd17bd322e8bb8ea336958527a3188c5da70

SHA512
77b11bf3371a0f35126eedd43b5bea13596794ebab655d960c059146c0a81a4c2296cb0f5e722d779eedd4e8c5305b443c0973a3477a24362e162cc09ce4308f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a13626f3cdc10b9d3acbdf414f3fb8c7

SHA1
c5ad5bdafe550828618e9f8eb70bafb59da702fb

SHA256
8fa594f16872ac717f09ada3be9555f1914ad3b15b844cd75d4a399da875717d

SHA512
81a6dea02e65c9aadba29520e6127b2f230dcb95b38fcb14b35c32608dd828eed613d4dabf8e97fa54cc0b9e98fb634734aca3fa8d113fd769eb1717876d7b79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
c0dc2f59ddb83694f43f55fa7f8239e6

SHA1
ca1a20906c24063430130cf45600a4578ca1310c

SHA256
764d5fd278f53d0a37dd44604a1eec94c29dcae57f5c1b3ce60afcd3a7516eff

SHA512
b470850c940bee76845ed19c65919f21dfa2542ce7d796792b55a0bcfcb2aa9fba0006c3416782fcad18186cc535cc2d0bb7215454e7ea9c30ac5e8df5bfb218

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
b4f9cdcba6973407fdba0bf5bf5556ed

SHA1
a505ef4b80fcc8050b0764053fd6d6c327487738

SHA256
70ea81cc66e766cecff916f852a3b57c3b3884d625ad8961eb155d5f3b5077c7

SHA512
004fb53ca5b1062ceb0d3b242b29dfe44a40c9508ce872c35979bb1154480ed3c58ebf8339ec117707356b5d63ae7ca9e495933482ee6ca95e6abd296e75db9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
120B

MD5
a7456faf363c527941012ccb6f863490

SHA1
9b266794502f8f2ed33ad64144dd2d5479d11d79

SHA256
37c188e49ad2f2107972ebd6a0e19969b629a99e46fdec66ef2ba0142147ba6e

SHA512
4d2d287b343686b99e134b9e05428ced0e7be87bc7121c3827a53c0fcd35c888a59cbb4b4b360c85c3ade57fea717b336cfba91827abffc9d66adac2ed01d14a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
342af1c48c8cac04c87c469c91f73f2e

SHA1
3960e6fc01178bb8fff002b5788b1f6e3a12e2eb

SHA256
a91578f25d2a3c51f34c17ce4f316387105b559a5607503004f366e4c03f6c8d

SHA512
bcd36f53b6c2c217b7afd612f91fbb32f4a7cfbb28cf4e5e5da36618720536c46f27a980ef987e60ca61291d2150277a8fd52b815741a6abc5f3732c8f1b6e84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
28c3d43765a2d71b4ad92a409a65fc53

SHA1
52dbacb492c63acbd298f42b24e89763a83ba341

SHA256
b37cb89120fe00dce885906fe336355661508dda0024ff5c5022120e34c0a466

SHA512
19aaf95432ba41b51765cacd29edd02e14d4232686f1e5b7ef66878d138ec410096f90891ea2d65a5e69eb4a83f9bdac05293ecb439dc598b8f7ed6581eac81e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
134KB

MD5
abee6b1e7e8cc3992e4942c00b67b68c

SHA1
1750a888710727eb9167ee0940143263f223f5f8

SHA256
c62096e41b85e55e95afecc4fa8d47708b2946e65b6333287e945f6bf7cb3461

SHA512
89bf03e8e40deb125d4fc7507f2569899ea6d8a882ce14b7731f7d4986c54a53ac424e28dbf5e233998dc12a8cbd31bd21d15bf14cdceccf6f0b3ead88d0c978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
cc37157b50d0c989ed81ddc653cade84

SHA1
3fadea0ab55c44732632cfc37367f62dafa2d675

SHA256
897ea56a7a48d1a4bc7ec36f04ca81ffcaa9b2193290a179388fd702ee412961

SHA512
4eb0620996300b5bb00fb59e82346cc33674ff335ef1a06ea86760e56f232bb862cb691655cd666c40d50406b1a6f98820d6492e39a95cdfb9635e4f5332d180

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
be137044731bf368b3670444797a6e7f

SHA1
dc07fc5353f8dea93457d57b22a23613d9970f82

SHA256
e2a12dae4374acfa472c38e4fa4d0b46134eaf2cd79163e5ed69b8422e8654e3

SHA512
861e7562ef4b58193557f2ffa9c87588016f899574d5d62615d9472943605454450df778093211577f89dfd93afbe5134993cbeb0d0074803d8f6aa551574cda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
472B

MD5
536d06d0c60c14cbfc907c6ba715faa7

SHA1
8a5489ee36042efbea3c4040aa96e9795a4eafbb

SHA256
1b04f8d930f491e125df3bb9b75c1fd2198c5d7443e8a59dc843016a88c8c1ea

SHA512
8ebef394dac8badb3d2d9681499233f743b1b5845e236622c811bec6630709df02a0c64c4d5af5e0f0ce1a9be30e626e7949757c761f34af20493ac9c59563f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
7ac851914378017d06f0d19c16fbd7fb

SHA1
32548ba23c3cbbc0aebf479d251894b5b8033930

SHA256
89dbb07dbed0a493484a47d6ae5a5847541b6a26c7a3a506c2eb45b91f0f34cb

SHA512
7dc2d43e958f9061cc4896fc74331aaae1fc563d643f178ea9dbf3d9249556be404f085c16cd6832b883ea42d0a6c4fb58d3e497a471d7374461fc258e82e25b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b6b80263ed85f5e4db9232afcc8dbbf1

SHA1
cfa686d9b29cbcfe9b73f22fbcec28ccbafc618b

SHA256
b039b4914e1778e71f0fab2b2acd2ce41c969e452a8e521a53937dfd168358d9

SHA512
2b513766f7005e1a403507a65807d5fe31a35fdb6aabc616b5c1fa3f42fdeea5bd11193e7c0991fe2d46c5f599165c76ecf2aaef088c0195cfacda093f1f43ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
36da1cd4298c5cafcaffaf6eb1195e9a

SHA1
23941baca7c7d9eb77e42a09ecaa16745209337e

SHA256
d692c11dba1c55494a5e5ed73928b930194d19798269fe4da74e2871d3e637d8

SHA512
ead7acc38477b8f41131116c44fb10b48ce62f41e0cd1a252482a3f33d9cc786d1865213441770a940f0b8c786f4f6322d098dd1e18fbb9fd86cb47085d67e8d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\activity-stream.discovery_stream.json.tmp
Filesize
24KB

MD5
1419bdf03fa8879d605418058dbd4367

SHA1
464000244b7ef0bd8bb79bee7d3cdca4bd09ae06

SHA256
7b23fba86668ffd2023a77346738fd96abf9563448eac2c2aa94a016a1c18b1a

SHA512
d8a7aac934df0831ce1595cf019e2b86552eea595b2918f05620c8f763d22eeb6329a1bd23614b039df6a11586090dac52ad19163cc82e48463fbd81b43cdce4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs-1.js
Filesize
6KB

MD5
80eca42cee13d16ea423d3bb8549ad3d

SHA1
0c18eee30994eb4dd72166918c048735d9bb2a92

SHA256
8d07aa763a5a43da9ba3418ffe21c8c6ddabf10b203431432e2a5b7f2e020271

SHA512
6af89740580a78a78d5138b820b04e12be159f17000bd12f5471af66026f089c1a55dfbb5852280d5a4db9d2a00f25195444467ceaa0aec05ffed22762623788

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs.js
Filesize
6KB

MD5
3f01c1d1db5c2569ee51601725efdfde

SHA1
97229797885e969d210c5a9e21cdc5dcc86fed51

SHA256
0c53375a436d00dbc6368afbf1c43d786d88603ab7b5d3f0096fe2a8f3e30568

SHA512
9fb9f831a1258fbd96297bb76b7e9557652c89d30d2af23dc55eb348280e14c67283f48fabdb7940c584c9d79f3fdf1e036363ea08049bc9dae5eacc30a805e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionCheckpoints.json
Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
de6cf3b221319266c83eb3d7af736168

SHA1
7fc4f628cd54e2f9fb35ba559302cccaba198b79

SHA256
f5e7f7d6a67e2a48b00f28105f74f0d095ca7201ae3757c18352ac7632682538

SHA512
0d3597fe27e3db011ec2d2815968c99e0adc06daca51b2ce8dc0774efff419ef5c576e72754210188f52422a38c0775ebcf9576f3943c5e5e6936a4d065d018c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
689a67be0145041ebeb02bb0ff8fc919

SHA1
8546378dacfb0c76e70592a48b6177492bf12cee

SHA256
f344c9d172b92dc4aaa43d29b81c48960c8742e7101cffa982237e099583bb94

SHA512
ab1196d1ec892746895efe633f45935d2b1cafcbb1fba3e88aabcb6401857975a2db5d54c2de2ba24ac089c3e809b46b2b78e31bb1d6e32707340970b27ca191

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore.jsonlz4
Filesize
4KB

MD5
60563b391f07dc7083f22f5594db9326

SHA1
5a0e678feb9d2f69bae04283237601bdb7c5cfa6

SHA256
c750c626e0410ec06851a670ab3f84e9f0f888a8e88d6f3d994c53faa1f8a640

SHA512
32e8964cb23c504d2c1b241bacf8f1daf3cef35bb602e77359c04d48e1912a3b0f75ed39989ac96104d53ac075e5ccada2cc3d19c6f7e64f6c173738f0e0be9c

Download Submit
\??\pipe\LOCAL\crashpad_3284_UVAHOXZQPVAFVKWJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3644-3-0x00007FFD609D0000-0x00007FFD61491000-memory.dmp

Filesize
10.8MB

Download
memory/3644-2-0x0000023B7BE00000-0x0000023B7BFC2000-memory.dmp

Filesize
1.8MB

Download
memory/3644-0-0x0000023B796C0000-0x0000023B796D8000-memory.dmp

Filesize
96KB

Download
memory/3644-4-0x0000023B7C500000-0x0000023B7CA28000-memory.dmp

Filesize
5.2MB

Download
memory/3644-5-0x00007FFD609D3000-0x00007FFD609D5000-memory.dmp

Filesize
8KB

Download
memory/3644-6-0x00007FFD609D0000-0x00007FFD61491000-memory.dmp

Filesize
10.8MB

Download
memory/3644-1-0x00007FFD609D3000-0x00007FFD609D5000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads