11e0d47318fb0691c589402c63ebf87b1ca73aed488f3b6cd456080bbfd6cb32

Analysis

max time kernel
131s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16-07-2024 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

127KB
MD5

66f6c133eac6d3ef77e79fac9c4c1bd1
SHA1

70a46b60559c39b457044bfa1f320136566e62ac
SHA256

11e0d47318fb0691c589402c63ebf87b1ca73aed488f3b6cd456080bbfd6cb32
SHA512

9ff917e819521fbf041d383a1ecc45f567d9353befc47ecf1835242df60c4051a977d76989407ad9b7b7170ba305a7830e9fdfcabc744284865f0ee946639801
SSDEEP

1536:hg1gnpiU8GZ/X7jtkGpc3qKquBKquBKquBKqu2kQQFMiA+hPIsdzmyWZgX4kp6lY:fpAGZ/X9kGK3XkQOfIWmyzIC6lr0

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
10	discord.com
18	discord.com

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133655708212571561"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3564	msedge.exe
3564	msedge.exe
2760	msedge.exe
2760	msedge.exe
4704	chrome.exe
4704	chrome.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	2708	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2708	AUDIODG.EXE
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 1916	2760	msedge.exe	83
PID 2760 wrote to memory of 1916	2760	msedge.exe	83
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 2140	2760	msedge.exe	84
PID 2760 wrote to memory of 3564	2760	msedge.exe	85
PID 2760 wrote to memory of 3564	2760	msedge.exe	85
PID 2760 wrote to memory of 1716	2760	msedge.exe	86
PID 2760 wrote to memory of 1716	2760	msedge.exe	86
PID 2760 wrote to memory of 1716	2760	msedge.exe	86
PID 2760 wrote to memory of 1716	2760	msedge.exe	86
PID 2760 wrote to memory of 1716	2760	msedge.exe	86
PID 2760 wrote to memory of 1716	2760	msedge.exe	86
PID 2760 wrote to memory of 1716	2760	msedge.exe	86
PID 2760 wrote to memory of 1716	2760	msedge.exe	86
PID 2760 wrote to memory of 1716	2760	msedge.exe	86
PID 2760 wrote to memory of 1716	2760	msedge.exe	86
PID 2760 wrote to memory of 1716	2760	msedge.exe	86
PID 2760 wrote to memory of 1716	2760	msedge.exe	86
PID 2760 wrote to memory of 1716	2760	msedge.exe	86
PID 2760 wrote to memory of 1716	2760	msedge.exe	86
PID 2760 wrote to memory of 1716	2760	msedge.exe	86
PID 2760 wrote to memory of 1716	2760	msedge.exe	86
PID 2760 wrote to memory of 1716	2760	msedge.exe	86
PID 2760 wrote to memory of 1716	2760	msedge.exe	86
PID 2760 wrote to memory of 1716	2760	msedge.exe	86
PID 2760 wrote to memory of 1716	2760	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7f2746f8,0x7ffb7f274708,0x7ffb7f274718
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,13736954286359909203,7037148600768927592,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,13736954286359909203,7037148600768927592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,13736954286359909203,7037148600768927592,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13736954286359909203,7037148600768927592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13736954286359909203,7037148600768927592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2000,13736954286359909203,7037148600768927592,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13736954286359909203,7037148600768927592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13736954286359909203,7037148600768927592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13736954286359909203,7037148600768927592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,13736954286359909203,7037148600768927592,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1500

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d0 0x3fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb7e99cc40,0x7ffb7e99cc4c,0x7ffb7e99cc58
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,8744778386347032258,2015398570034809200,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1956,i,8744778386347032258,2015398570034809200,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2004 /prefetch:3
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1776,i,8744778386347032258,2015398570034809200,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,8744778386347032258,2015398570034809200,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3280,i,8744778386347032258,2015398570034809200,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4608,i,8744778386347032258,2015398570034809200,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3728 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4872,i,8744778386347032258,2015398570034809200,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4996,i,8744778386347032258,2015398570034809200,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5064,i,8744778386347032258,2015398570034809200,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:3304

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3956

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
73a54eb78d5098d9d182b5cdb5d2b83f

SHA1
9783b3f6f04a3d5b08c5f5e4ff94ba4462cf73e9

SHA256
2a1fbe925c9ecda085aafae44ccd37ef37f2510ea8668395ba9138f6e0c9d485

SHA512
cf632264bb362342869df41786ba40e824670807ed5501be33cb4a540dc12d5c084efb4ea410d9f092fe323c92abe824ef3e0360cfc3f094a57b2638ab12f7c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cb60f73447a2f9d207e4ad489cd0e691

SHA1
b3897ff761af1de6ac54f3989be10b68510f9c37

SHA256
4a9c30ef365b3ca296e9e8311d856daf50b6e24ef9cec139cec47b3f4a7eb685

SHA512
fba9bd63df97923147727e420b367421260783ee342e719a492a32f04f07bc367f713726eac08fcb972f1f53289671eda2c2212718a948326814de6af334c267

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7376389456e8c1370908f34fc36ded50

SHA1
39c6bc64ffcad34b52569e17696baa2a08e1d2fa

SHA256
f743268133412285419d914dc29e07afbb187b20f6afc7ab90d1899a4a7f4403

SHA512
475055f8d5ae8d6dbdf47cdfabeb91d8040834da77b1294ae7ccb6e089418a3cbadbe8bd845e5543a1ee92c183fc31845eaf86effc88870fcf737427bcf6e8db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
87bafc57b2574ce4d70e3ec6e039dbf1

SHA1
2a33cb15fac919ac668ec145fc784f1a6238e595

SHA256
84ae77ad3235954944cbe23aa9a4f011edae2d7a8ff8a99f9db0476692bc7e53

SHA512
ab855e5cf93fab9bacdd543f2745e1f43eed9b0a31e8bd8f8ae021590b864c4faefaadd4c45ecb74db03b76891424680b5ac6d35f4345dab5f8b88a3a268bbd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9592896d5d1da40770257b8f0c5ea732

SHA1
912aac8bf8820227c3bacbbc335cfab7d97cfdaf

SHA256
7e2774cb28af1049972d5757ca2d41cc42167ebe5c3323efe7862414dff78a4d

SHA512
96f547b8de80dfc713cc883933d83a0d64cffe82473ad1ab043939f4c4f52902efa760b4bcac2b8d797c62bb2e30803ccbcb461884988904805564760270bd11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
35454d07080ac8f4e99b53db6e65128e

SHA1
07fe65412f486262ce716cff87e8ee0f228a03d2

SHA256
37226a4bc09a8b4c944e72dcc8c79dd4075d8a7f97e2844bf5831e034c1f0e16

SHA512
f2df1a1aa053dbe424e8fb98ea82fc03b008ab50dce2f27fb9679c8520e575f36cd1f9cf48db5cc18f7a9c30d0ddf3748414afab0b04b3fdddd809695200b117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7459af79f84406144898820f418ac012

SHA1
89845ef67810feba08b2f34eff6f64062653b3c1

SHA256
4e01429dea2cd691bc5e82ec2f32524f59632c7ba5bfbb121cf2e7ec55caf53a

SHA512
461e113e0f0db421826344cd60a47445ca5c8be061787b09dc193d3028cbd899f75c334953c8ddcf5e806ed44467e37853b1c8136ecca9e0be7e7d48ca5dddb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bacabb309fb650d406577aeb6cbf4f3c

SHA1
408edb2638d6fd18efafdd0095acb3b2ddad109c

SHA256
b8e9f3ccb357488be9d4a5b2dc3ee91d807e177a127664da171f4ab228cb6373

SHA512
f666d918e0b03d644d286ca935cfd9bae46154d282ec3339aca82c9ab1a862d9c54836d95b12e9231f24ef8d7b52b3ad71b9157b734937e29400b016a4496752

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5c63ddf565ee2bb7c68806af06efa875

SHA1
aa6d5b77779c7a916d9a92f1881b5f74f89dcd95

SHA256
5a3a62ff0a7895f3b6a71a433d9239292d15e962d341d9e7a2d0f2aa1f5980e9

SHA512
730e6a5bd7ec65b5183f02cea9efc5178d284fd8a2993f044b9ae1be1a28d58207f180550c723fb5a12659fd456e1542534073bc587606a78afa7fa6c52f2b2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c9575d544430c28bb6a93083cfe22066

SHA1
8e50e3ecc8d92a9821b84a2ac566829c5b4d9862

SHA256
fabbee91f1d4803d7828b7d2f9e31be0ba6dcd9123663910dc207171193cf38c

SHA512
ec05200f8f3e285111d2bd80cb2153d3c0a61ab6f9b65d92456c7551b460523269d783bcd606f757a8e07ba8b297fffac4d9e949bc29df04e269c837edcaa8a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b0d7dd9eed1be41856163021f4baadaa

SHA1
20d9ee73ade25aed7dafc333cdf0cb00008398fe

SHA256
dc7a1f798154bc814c0cf78cd043df629db090c5f554e74b7a82c000f78bb689

SHA512
4452582cf68a987599d7174587853348ec74297aeb830e8069b6a2b335db1db9b1c15ac1100cc7abd85da2f93f2caa6e74283ff26e1f72e2d4caf2a720d9b195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dbac0f80637252873ff9f79ce8a695af

SHA1
61debef6c111fb77ff9fb6dc864bd011fcfd035e

SHA256
e727f561e15442942930c5c4fde470a9323d6f752f189a9e1bfb318c3222a39a

SHA512
29c4782e35f52a2f64b43d1ba2bee3165d2bb011a5a20656edb8f0352ad36ec318dcdc38b3c827817617d6b9a54de56f869ba99b32529ec00794bee7ec77ce60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
362173459fa30e07c45e1abb9bcbe158

SHA1
7c61321ad90510b3dc05fabafb4921dd23d8fb6f

SHA256
8209800cf32f86b32813c5a7354beae2e83076dcc6d5a26c141991467f520b9a

SHA512
8a73afd9d055431c3d15eefccc1077377418e8d3cd646ac51595c71be7cf87181ee6dc3deb2c690ebfe2c16bb356446570e7578b937f00419da779d892edec17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b63f6804-c4f0-4e2c-973d-81eec0ff4a7a.tmp

Filesize
15KB

MD5
08925e5f1d25a2406d5cfd4e5cbeba60

SHA1
7a09ca5044588c7705f2039229d8e1f9df00efad

SHA256
4f045105ecb69496f1ca3937f4fb6d535ddf37ec1ec80ffdef72d1633ede64cb

SHA512
a18069696c17281ca843528dcfc490057ac53e48035ef80092330f6e93e1decd0fa8ce6b27be618a740af1eb6b1e7531c006804f22f37a1881401a74449b7ace

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
3f47671690a3a385da9137d98ea43748

SHA1
645cf91861702bfff485ed8f4baafd4b93a9cb03

SHA256
7f17bd30da234b92facc1b7368aa64e4ae17e98c8a265685a5754979375dc405

SHA512
64cf89f2d111f7e4a7257178e06866f3d0d5191a68c4b839e4b07399b007ee011b159e007d08374afb8595d03e6d610d76f658ad77dabf147ea161e187919601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
5dcee7e22355e3900577900a5ea854ed

SHA1
697456796b458c44770ce26ae1d5ddedabca61a8

SHA256
acaf39d524d83b849c4b5e7abe13d1088df2f0348a1fb3da0e59420d2e96d43f

SHA512
5a9acc8df8cf725ee5083223201bdccad33462e9feaa9a3da6e1997fbd331ffef4df8a078937e59345cc0f119743d579cde238e0e939b8cd231b18aba926c0fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
d159d69f3937e8d34a4100e63e54da72

SHA1
0d541b902694237e50d0d4a053ff2da9d9377ac8

SHA256
b4fff56f9a425d778b5fb336595b18f98ee81357d1abdab11116c0854c7aa6e4

SHA512
986fc3a25045350d65f06b9bfd21f00a512a1ff50a641a679ba1fd90972722a50c07d5337ab499645d80c27804696a9b2556c4b4bb4720dbccd6d620a588b690

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
c435ac622e2c3056ab2960081392e830

SHA1
bae51b3a484ba409be339c398b19b9f0b2f9277b

SHA256
7ffb089c208a619e8767bdb97746a5ed8120714e71914050b187eebf033bc536

SHA512
98122b1c0cbd83d10fa8b0fed9fe373136c25e23c1ad568335767ff62ac127a982972f9afcb303e66daa34853886a8e22bc2607b4b27de16114e3989bd92ed4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
786B

MD5
cfb2b205ae21b0fdbca740de07276a6a

SHA1
d6299a5464f266a607b3ffef17d6028c333d24ed

SHA256
f80be8400c65c686434c38778c45971ddc926ef174abb6bb5d47e41d0b2a4cfe

SHA512
d2d7153de3f43e939c2f541f2462cc5d68e8d980693337095166db2ef12fbda4763344ad74553d42c23bc6806879ebb56c7475f1e616d5e9754fad8363283283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6e93cc6122f66267dbab9c7dee87e22c

SHA1
dc84dcc840838b968905d3c06cd289bb8082b077

SHA256
27519adc57d427322f146e70deeb38c2ea87da812d619e1f68bfa14aab5619fd

SHA512
f7d4f54874422ca49cfe71d922b1c1c980185e95518c9276f90d7763a731a84dada24d6aaa3ee649a590d3676b29b034bcdcbab87d12652e9a7cc84ac8bb3871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
144d3e23ab0bf024856051de446576c7

SHA1
5dc094065f7e5826b6a524f8ab0892b8efedb759

SHA256
a4a3f5dfaf99581dca5d58887ed2bb4cbb2078efdf6eba49512c658418e9bc14

SHA512
9380de8f1c8ec0153d3c50fe9bff099f98f92d5d0cbabfc600c6a78f93265f5a40227055cc3f0b4d32e97839d81caaf5352f8ced4c23b758540584148001d859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4bf2b3c31d810b9a614d1dfef2a3937d

SHA1
c922b9df9f13f18bbcc3d3bb14b890c98d230087

SHA256
cfd0aa20d5e8d61178f76e10bce83d4f46eb1acb3ec9e7ca96feaaee8f41a4e7

SHA512
125905461dfe78bf2de1d78c270cfcb2d46680d726093871c776b956b7d0f823d377866c2a87087ec924d04869564566bc990fd4c44257c45b3196b3d56e1cea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ca5d92c4f1f6bf08bb40c9d41a5955fe

SHA1
cc06a7dfc8b8600cc04010c13161b17eedb5e682

SHA256
15a02ad7c17ef76bd329b3343ff947265e37f232c3c5a0e57ef32664015538af

SHA512
5435d6850b89d6ce9ffc497bf504e01f7b0938df812ab04006d81f28d1de28eab0ab023b960e2879992c210053d42bf9fb2c51ae33a4bbf208522b7201e58e7c

Download Submit