Analysis

  • max time kernel
    1194s
  • max time network
    1202s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 22:00

General

  • Target

    https://app.freegamewallet.com/welcome?&utm_term=free%20robux&gad_source=1&gclid=Cj0KCQjwsaqzBhDdARIsAK2gqneGWGCWITryFK0rma6mbrdPXQAZJ7NfTtnUaETeiauQmNOjGawmXlsaAnWcEALw_wcBhttps://app.freegamewallet.com/welcome?&utm_term=free%20robux&gad_source=1&gclid=Cj0KCQjwsaqzBhDdARIsAK2gqneGWGCWITryFK0rma6mbrdPXQAZJ7NfTtnUaETeiauQmNOjGawmXlsaAnWcEALw_wcB

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 50 IoCs
  • Suspicious use of FindShellTrayWindow 53 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.freegamewallet.com/welcome?&utm_term=free%20robux&gad_source=1&gclid=Cj0KCQjwsaqzBhDdARIsAK2gqneGWGCWITryFK0rma6mbrdPXQAZJ7NfTtnUaETeiauQmNOjGawmXlsaAnWcEALw_wcBhttps://app.freegamewallet.com/welcome?&utm_term=free%20robux&gad_source=1&gclid=Cj0KCQjwsaqzBhDdARIsAK2gqneGWGCWITryFK0rma6mbrdPXQAZJ7NfTtnUaETeiauQmNOjGawmXlsaAnWcEALw_wcB
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1604
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb340346f8,0x7ffb34034708,0x7ffb34034718
      2⤵
        PID:3124
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
        2⤵
          PID:2032
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2996
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
          2⤵
            PID:1896
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
            2⤵
              PID:1704
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
              2⤵
                PID:2684
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 /prefetch:8
                2⤵
                  PID:2820
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2984
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
                  2⤵
                    PID:4544
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
                    2⤵
                      PID:3540
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
                      2⤵
                        PID:3744
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
                        2⤵
                          PID:692
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1
                          2⤵
                            PID:5088
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
                            2⤵
                              PID:3620
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
                              2⤵
                                PID:3492
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4336 /prefetch:1
                                2⤵
                                  PID:1496
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
                                  2⤵
                                    PID:3608
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
                                    2⤵
                                      PID:3284
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
                                      2⤵
                                        PID:5208
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
                                        2⤵
                                          PID:5936
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
                                          2⤵
                                            PID:5960
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:2524
                                          • C:\Windows\System32\CompPkgSrv.exe
                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                            1⤵
                                              PID:3596
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                              1⤵
                                              • Enumerates system info in registry
                                              • Modifies data under HKEY_USERS
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                              • Suspicious use of AdjustPrivilegeToken
                                              • Suspicious use of FindShellTrayWindow
                                              • Suspicious use of SendNotifyMessage
                                              PID:1160
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffb2472ab58,0x7ffb2472ab68,0x7ffb2472ab78
                                                2⤵
                                                  PID:772
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:2
                                                  2⤵
                                                    PID:1496
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:8
                                                    2⤵
                                                      PID:4536
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:8
                                                      2⤵
                                                        PID:1440
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:1
                                                        2⤵
                                                          PID:1280
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:1
                                                          2⤵
                                                            PID:4612
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4264 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:1
                                                            2⤵
                                                              PID:5156
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:8
                                                              2⤵
                                                                PID:5436
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:8
                                                                2⤵
                                                                  PID:5488
                                                                • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
                                                                  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
                                                                  2⤵
                                                                    PID:5564
                                                                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
                                                                      "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff72f17ae48,0x7ff72f17ae58,0x7ff72f17ae68
                                                                      3⤵
                                                                        PID:5580
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4948 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:1
                                                                      2⤵
                                                                        PID:5792
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4992 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:1
                                                                        2⤵
                                                                          PID:5800
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4796 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:1
                                                                          2⤵
                                                                            PID:5952
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4132 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:1
                                                                            2⤵
                                                                              PID:5236
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4904 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:1
                                                                              2⤵
                                                                                PID:1152
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4996 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:1
                                                                                2⤵
                                                                                  PID:4104
                                                                              • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                                                                "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                                                                1⤵
                                                                                  PID:3580

                                                                                Network

                                                                                MITRE ATT&CK Enterprise v15

                                                                                Replay Monitor

                                                                                Loading Replay Monitor...

                                                                                Downloads

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                  Filesize

                                                                                  811B

                                                                                  MD5

                                                                                  e71ee2a79849779cad4284174008291b

                                                                                  SHA1

                                                                                  2c56b112a7f5498bcfeb768607b79596f54820fe

                                                                                  SHA256

                                                                                  bb5c1d895a0f662016e2285aac308d591c4ceecf52b184f15be6c31627308dfc

                                                                                  SHA512

                                                                                  43673d5fbc74b6fa360dd6cb65e1280cad3aa02bfc6613166a6fd137c9e061a789d1aedc8f24f5a53baa443b52084810928e383ecba5e4179ede5b08d35d655b

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                  Filesize

                                                                                  2B

                                                                                  MD5

                                                                                  d751713988987e9331980363e24189ce

                                                                                  SHA1

                                                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                                                  SHA256

                                                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                  SHA512

                                                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  7KB

                                                                                  MD5

                                                                                  963f7e3026a46ce1140f486ceac6eeea

                                                                                  SHA1

                                                                                  49ba72d809b46a747c53b13ee91b2542312c7bb9

                                                                                  SHA256

                                                                                  cf79ef4b4c293336977baeffba61998281ddf786943e38a6b4fb51726140f9f1

                                                                                  SHA512

                                                                                  daab4bfd41a5cc35c2de62d54cf4ac1b5d3c4868688ef29d382ff855b67dde55e2d1d6ffbc85af381c25abfdca7a913505caffcc267fdbc486cfe85921c1ad17

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  7KB

                                                                                  MD5

                                                                                  56fca606ea038307034e3d635b40f018

                                                                                  SHA1

                                                                                  147935a2082340e2a0c94bfa6a16ebe129bd5807

                                                                                  SHA256

                                                                                  7b2a6af221cc2e230c03ae523403fff908e2200560beac76ad2c5049700b5893

                                                                                  SHA512

                                                                                  d8b6852eaf8180a5026d193e560e8c1ff61df127e310549d2d74d2abd2d404b70176788930d3513a47ce6ba03a5d5cd31117bf3672e81edb9eeb2f7ea357f5ec

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                  Filesize

                                                                                  129KB

                                                                                  MD5

                                                                                  a81277aea56608346eba9825d2050d50

                                                                                  SHA1

                                                                                  bab95a64c600215568bc291b57fdb44a94cb612d

                                                                                  SHA256

                                                                                  87381fe9530ce782bc15d89703d1ebf613ad4bd74479e543b70d87eb9a24f093

                                                                                  SHA512

                                                                                  9fe0b61ef3e5bdd26e0f4bbbfb8bc6c6366de2e7c124ae2bb5a20b5cabad852d3a5c79e933520e3a5d0f3f08a92017c874ad41d597eef04d1923c46eb5df865e

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                  Filesize

                                                                                  129KB

                                                                                  MD5

                                                                                  3067d2f2b1a2f2adad60d9537f9b7220

                                                                                  SHA1

                                                                                  c11c093d5c0543fa9be6b0d802c50412f74025d2

                                                                                  SHA256

                                                                                  babba914059cf8a7534727d5332972db1a8bfd0e69645268306ca1c7a97938ef

                                                                                  SHA512

                                                                                  f44d5204fb92635578b0a322651342f3d367fa294970654248ca363d1e49eff62a3c946e083078251c9513fbfffa5f6ae6baf99bb603a2879d6f9067a0c0e751

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                                                                  Filesize

                                                                                  264KB

                                                                                  MD5

                                                                                  f50f89a0a91564d0b8a211f8921aa7de

                                                                                  SHA1

                                                                                  112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                  SHA256

                                                                                  b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                  SHA512

                                                                                  bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                  Filesize

                                                                                  152B

                                                                                  MD5

                                                                                  f61fa5143fe872d1d8f1e9f8dc6544f9

                                                                                  SHA1

                                                                                  df44bab94d7388fb38c63085ec4db80cfc5eb009

                                                                                  SHA256

                                                                                  284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

                                                                                  SHA512

                                                                                  971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                  Filesize

                                                                                  152B

                                                                                  MD5

                                                                                  87f7abeb82600e1e640b843ad50fe0a1

                                                                                  SHA1

                                                                                  045bbada3f23fc59941bf7d0210fb160cb78ae87

                                                                                  SHA256

                                                                                  b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

                                                                                  SHA512

                                                                                  ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  5KB

                                                                                  MD5

                                                                                  f014ca158666d99ae44c31e9b25a8c24

                                                                                  SHA1

                                                                                  379becde3ec1e4ca63a3193bfa09350e78089365

                                                                                  SHA256

                                                                                  b0818e27f83b3b45954fb21a4022587adfc633627a076a32633bc02fde9d36da

                                                                                  SHA512

                                                                                  58107678bfd83d06f8cf5aae9dd3437a2c28182bb5cbdfd39bd856063f9901af99c72ce05da09dad894959b9eabbb8dcb58832e22244791dd521a71f255c5158

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  6KB

                                                                                  MD5

                                                                                  299028da35573a65b3dd47e0abbaac6f

                                                                                  SHA1

                                                                                  990cd0782167462fe243c1ce63c7dc0a62fe442e

                                                                                  SHA256

                                                                                  11e9e19c9d94a22543dc8d0b8b43640a5dfd762847fdb8a07a0388111f270ee1

                                                                                  SHA512

                                                                                  432d6ee92b5e720a212e7cc1eeb2329760e7e554fc01389c769c5e5c20ebe0413367c50ef6de25e081c17d5ccf9b53c883f3919e7aacbf760da5bb7eab8cb00a

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  6KB

                                                                                  MD5

                                                                                  bedaa6ffdd440486ca10b0a8b0cffb1d

                                                                                  SHA1

                                                                                  1e35df12d9592257c1eaacb4622d64139af24342

                                                                                  SHA256

                                                                                  8575d716a49cac4e052c511250d03e1be655a86f3c08c298ee8fda951420af76

                                                                                  SHA512

                                                                                  f97f1536f6cf340c0aca58f621c6e1d5048b319d90046a9261c8bb4246959213e041b1f6b5ec9d7a64008d23e9965f33ecb92b1a4c45de5702dff4564590016f

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  6KB

                                                                                  MD5

                                                                                  ecd554acf7fccdea7dd8e4c305554fd3

                                                                                  SHA1

                                                                                  980e2611bb09faff9c3a9e8c67cbf35e4736b665

                                                                                  SHA256

                                                                                  8ce2b6ea74ca8671834a86d411307dfd3208813bb0eecfa2462a93c6009bf0e6

                                                                                  SHA512

                                                                                  9532ec841b9df2bb9699ceefdb26947523cd4c47ddfe0288767bd03986bbfd1767e29f729a2611f6ff6c87808a3799245bb4429ebb6851189f10ace5874c7616

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                  Filesize

                                                                                  16B

                                                                                  MD5

                                                                                  206702161f94c5cd39fadd03f4014d98

                                                                                  SHA1

                                                                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                  SHA256

                                                                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                  SHA512

                                                                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                  Filesize

                                                                                  16B

                                                                                  MD5

                                                                                  46295cac801e5d4857d09837238a6394

                                                                                  SHA1

                                                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                  SHA256

                                                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                  SHA512

                                                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                  Filesize

                                                                                  8KB

                                                                                  MD5

                                                                                  4a0b513276bd1037e294f9495647b130

                                                                                  SHA1

                                                                                  64e9cc3f3961b76ff7083e7ab2313dae68d27625

                                                                                  SHA256

                                                                                  3f2cb56868e94f5cec79eda57a034263ccecb8f62468e82d68b1539a5fb55bec

                                                                                  SHA512

                                                                                  6c98f07a7fc53099dee5d92923877e17256b44fe2d40e4bb1eec723eb90f3ee6ea9310ca930110199bdd0d84adf810233f81717a76aeb2f003d2de9ef62b419d

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                  Filesize

                                                                                  9KB

                                                                                  MD5

                                                                                  32ab01be954c067aecd65d15907c6c8c

                                                                                  SHA1

                                                                                  6c286b2ea747b6f42df671b8d15ad033f0e1d832

                                                                                  SHA256

                                                                                  d4c4393d5b236684bcbe2e9ee310dc2c41236edb88b88fbdb11673558e2c35a9

                                                                                  SHA512

                                                                                  8f35a3e2df4f5534400a00aa1159cd271af2e3fada54abd57c270fc86de9ecd05364cfaa24d959db5400b1152f31f84da870077251823e9220712f71b6b1441c

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                  Filesize

                                                                                  8KB

                                                                                  MD5

                                                                                  e3599ebe7db57842e3624236d5dc16a4

                                                                                  SHA1

                                                                                  4665c02403c3d1ddcf4341b4550f5edefdc61dcf

                                                                                  SHA256

                                                                                  bf473346a1875f7d28a29c7310fe7fbbc773dad0a65a18b771c4e238f9f2060a

                                                                                  SHA512

                                                                                  01386707e878d93c81e62a68eaaa1a40c80f3d3f5de7a9fafe8f20e3d54d41ca005d967b820ca531c0401409f7b4f5b8aaeb58851a77c0166e7e345c211154d9