hxxps://ppt[.]cc/fbqEUx

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/08/2024, 20:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://ppt.cc/fbqEUx

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673641509031717"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4072	msedge.exe
4072	msedge.exe
4360	msedge.exe
4360	msedge.exe
2004	identity_helper.exe
2004	identity_helper.exe
4308	chrome.exe
4308	chrome.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4360 wrote to memory of 2576	4360	msedge.exe	83
PID 4360 wrote to memory of 2576	4360	msedge.exe	83
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 3948	4360	msedge.exe	85
PID 4360 wrote to memory of 4072	4360	msedge.exe	86
PID 4360 wrote to memory of 4072	4360	msedge.exe	86
PID 4360 wrote to memory of 4288	4360	msedge.exe	87
PID 4360 wrote to memory of 4288	4360	msedge.exe	87
PID 4360 wrote to memory of 4288	4360	msedge.exe	87
PID 4360 wrote to memory of 4288	4360	msedge.exe	87
PID 4360 wrote to memory of 4288	4360	msedge.exe	87
PID 4360 wrote to memory of 4288	4360	msedge.exe	87
PID 4360 wrote to memory of 4288	4360	msedge.exe	87
PID 4360 wrote to memory of 4288	4360	msedge.exe	87
PID 4360 wrote to memory of 4288	4360	msedge.exe	87
PID 4360 wrote to memory of 4288	4360	msedge.exe	87
PID 4360 wrote to memory of 4288	4360	msedge.exe	87
PID 4360 wrote to memory of 4288	4360	msedge.exe	87
PID 4360 wrote to memory of 4288	4360	msedge.exe	87
PID 4360 wrote to memory of 4288	4360	msedge.exe	87
PID 4360 wrote to memory of 4288	4360	msedge.exe	87
PID 4360 wrote to memory of 4288	4360	msedge.exe	87
PID 4360 wrote to memory of 4288	4360	msedge.exe	87
PID 4360 wrote to memory of 4288	4360	msedge.exe	87
PID 4360 wrote to memory of 4288	4360	msedge.exe	87
PID 4360 wrote to memory of 4288	4360	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ppt.cc/fbqEUx
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffe460046f8,0x7ffe46004708,0x7ffe46004718
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7832819274222969656,13328275786080181773,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,7832819274222969656,13328275786080181773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,7832819274222969656,13328275786080181773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7832819274222969656,13328275786080181773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7832819274222969656,13328275786080181773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7832819274222969656,13328275786080181773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7832819274222969656,13328275786080181773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7832819274222969656,13328275786080181773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7832819274222969656,13328275786080181773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7832819274222969656,13328275786080181773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7832819274222969656,13328275786080181773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,7832819274222969656,13328275786080181773,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7832819274222969656,13328275786080181773,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe42e4cc40,0x7ffe42e4cc4c,0x7ffe42e4cc58
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,8839394525309468186,11772124655732531501,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,8839394525309468186,11772124655732531501,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,8839394525309468186,11772124655732531501,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2296 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,8839394525309468186,11772124655732531501,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3352,i,8839394525309468186,11772124655732531501,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3824,i,8839394525309468186,11772124655732531501,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4764,i,8839394525309468186,11772124655732531501,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,8839394525309468186,11772124655732531501,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5132,i,8839394525309468186,11772124655732531501,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:5560

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1852

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
cedf14f69520cf54de46e645e3b9d926

SHA1
e225067f82414e19f062ff9263f88708537a0aa6

SHA256
ec6c954c88d4697c8cf9f1b2a050c57c27d044122ca8be4692aef08d4cf34c94

SHA512
7345773e2d5bc8848c793e83d0f26ba51bd6701cf7d9838e4dcd1d27d86a43a50124bce145d5ad1056e188b3959ef851f09aaedf5ccf3013044afe5c3c6357df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
26bb5e29fa1936da8c05611d18ceb6ee

SHA1
83121ed7b852b8b40d6f69b2f935d2ac258fabda

SHA256
a76952c913be3668fe086db1082b46935a22e4451914c80dade231673d793290

SHA512
e19272ac48c259f51ea8609caf5e82e2034a6741a33239b24265ffdf02021318ebafe750834c4de90f25a701e92d6e8e910a700a89e5d35d2c9aa1ac5507b4ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8c4c641c57520918480dde1863fe0e20

SHA1
445e9064919893fcd916fd605623c31267644d5a

SHA256
c881841a82ecf285317b08d2658e2fe586e8e77caa43cc8af985eee84ceb1323

SHA512
5ffe1cd44936fe22b3d80c72ba145ffaeb8ef33f4a8b0fc6aaf7f8a5b7b79bbb5cc9eb1af658d8526b658d6753ae6416d2d1fd77baf1603e0a7bd3698a6e74cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
872806bc4e31676c1ef79cda15fc4949

SHA1
bcab8040694bafe55be7ea987d5ed4dfd888cf0d

SHA256
51d29594de7d006f4a9cca38921e46fd9cdf5ee8edcd2dfe8e053f85394edade

SHA512
af48db85ab85dc6b81bab0095e63c748559211c6c0504d9df46c3ba7899ef5fce187c1ce372f035ea491efb5e8d81ac586e41f26757bca001f22300df2fae58d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2ef63e1c4cd150193e2ec65c3d299e85

SHA1
3a2a67d74588cc26e4adc63d918fe557aef3f8f9

SHA256
6c71ae0dd15048badee1751f9b8e9ec76f8d8003df28cda7aa87285e075d8c38

SHA512
5920e28955b4429fe7587c25e5d9816e9c8b93826758649a3cca6b85b30a7bf7f9bd1f178925fc47cc21e7c863d813c2293d35a37524bdc7e9f80de7bee65f8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
60f75eb6d987bef37a7f217a59cd535a

SHA1
410c626803f6195985392c2920e8ab77bcb951ca

SHA256
ce92e5dc1897655f87bb45fece590c4b650a81be876da444ccefb39dbd4da5eb

SHA512
975434b2c5417ed96501d973c8ba79ad0fdddff0db1c8603ede165d6d3515d42fd64d999f14335e7fed604af95d16b6a5660179d14776747cfcfce0b73e02a56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a0377c424b47a73ca1abfe9a51561d09

SHA1
5f32f0798e2ba85556298b3bbb03c6891627066f

SHA256
0de64eb27d177e78f88eab057e62088884e804674a7d272dba73e9e0d07a0460

SHA512
e7072bd84f06aab016db97be56597ef8d5166b20c72f396a114f343fdaaa45c0b0a771fe16d9689c0bee5e44dd7424188984c8b9944f16b37751f6f7d987125a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
64ad107f57399543f4d431c05bc2b37f

SHA1
60f5345c2d127161019b3eac67f2771ba6edeaad

SHA256
8c27b5388c2de56a65c43f06b7a1e8ab12c57fb88630461df621da173d496ef1

SHA512
a12bf3d00df96791e3a36d4c518835983d9abab18d51ca5c5009237f9a9819fabecea36becb077d2ebc3bc15c765e5d1f918f1a72bee9b3a3c6679cac13e4754

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f03ade39b1f1ecb79d75deb53b36091b

SHA1
fd917c20e3632d35207580a3d26803f3da625280

SHA256
e4124baad18eb6955295ab21532236da71c1d4bab5753e7cbad6c1d7561413e2

SHA512
7ca80a2e26f32a9ab79a059970cc794c1f5489acafb194e1856d8117878ff23eb40703a0449a44472252f1443cad7fef007c0f5020d0aee219f4b4d0759d5325

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4114f1d524eacb9d3891b298ec22eedf

SHA1
1f0efaadd0570b2943b9147770c01040695c62bf

SHA256
12c7e1f3aa5faf14296f5a7ac2e2ada48dab80d61c6cd7cc2bc407f39f6a145c

SHA512
8497c2729cdbe5af925ba5c5c84eb77f893a3c73fda9a92afffff2d41d4d1ba65c06b70e702a2f1b367e25c67f252652e075a11a82120c886c39e186d3abf794

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb77e6db61303d94d483e6829bd8133c

SHA1
88a3be77e60d9b7b46453d51915a8abe06e5f8ab

SHA256
a10b3773661ecd681fffcc309153f6ae75866ab69949b58c6f6d50fbe38cf62a

SHA512
c551e5a90c0b632ad2c639fd73012d65a50dd467ecc11ff17cf5ac3cdd64f86e354d34695fd0804fc3f3cf4674a7b5deec2aaf6fc482d8225638ef01e1319246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b7e702edb988fbf9a4141beee966d173

SHA1
eae25d55c474dcb8902c6bdbe40fb06acf6c7acc

SHA256
42bc9a5f568afedcc727f15c5dc32d4d271801967f34901261fccb5f29f82ce9

SHA512
7bf51e64722640807e70994e2f0f8f60788d3e08d276d2fb80a17ca598c26c7216498db668b0886d3f275bcd4cfbf89d9944fbb8671933159d8350ca4a2c6c0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4dec079043053776c3038a861637446b

SHA1
3daf6915c399196f28d607aff327981f2a4474d1

SHA256
72a553900f7a2d96b650c833db0edbfdb3f0063c556139bde8954798308d479b

SHA512
a886ae49b6833cd1541b94a521df294c17e870d8f2cfef03551d55f9e32d0df92f5f2c5ec01e357889e335b824cdf6665737b034fb00046e898a2268958432f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9d8e24586bd63c898b1a22810194d3d5

SHA1
bde0b630db40646e7577e35819f9bc9c9796f05a

SHA256
d75888c70830933f38dc58979662449f31f9f821b29f46b525a1c1634f0d9a52

SHA512
96db31a282cc519a3d90e6ab0260147d9e5970a9a85b9c7dbfa7ad4cbb35a71e1e87ab32dca831cb1647c8a9aed49aa17b48f73b11f8e3bdad8f58cba6d9530c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
b49cb81295566f41af8fcdced4ab7df4

SHA1
9ff8980490f400232d686778d5440a383fd290b2

SHA256
d3e54be5ee6dd364f49bb1189192c3f8849c00f3f10d7606c35d0e3759e97588

SHA512
33ae60ffbaf522aaf9021c54fca3a5f4bd0783ec1cd6329050d9d7e3c540a15e021454e2e16d782e3a83ce70156f78eb0bcdc6b9d565476bc302b085b98383ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
47510df1066c6d1c450700999bcc4d45

SHA1
0330c9b7bbae8177f1edcf96d591b937c3e8d785

SHA256
bfc1b10003bbdb06013cf75f1878824a848b6323e1fe4020e29ff5d50bdddadd

SHA512
3e4c0499bf622d8445d4d7d52f2a53a3b70f5805af82fd20ad377eb6f23ba0873478bd4f6c7ed729f41471913fb63d109a7fe4e160fd363d93b48f7344f5ada0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
55932d8cfcf5b4dba8611fa43051fe6a

SHA1
7f2022cf6fd86733271a897b19fc4bafd83c8276

SHA256
dc34305d7734fc6a4466bba6fc4b21795a932e9467aeb9c707e1de68ae338fd1

SHA512
90811e70ef05f14be532400a58c98556d231350c54da970e02b7358e825f41912e4b5f780d346167f19f56125d59b22167465d952f92e65cb4135fad59582b70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
320B

MD5
26afa553c9d27a7b2502cf09350c8b00

SHA1
f4f143e629caaad9fc5f84d0629e022d2dd6485e

SHA256
f39529fd11c372aa8ddc900a3d38148875061cd7d1b1a886095950cbb3609d6c

SHA512
6e50d503baec7cd7022e6c61d589269fefe3e145c23ab9c260726c30facd45c732809833340b65ec96f66a4f224ba18e29b956a97870ac07436114ef07734b99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
324ec0b80748517a363a87011152a6cd

SHA1
3a10ba07b10b85b223f5d9fb409e5ee85ee06089

SHA256
6dea7c071619280df40d21037b12305cf5d2a47dd9f33799b00eda41e921e27b

SHA512
9070bc1ff0037d594307b8fbe77542f95a2ea01620af2b34fec9fa3a322dcc654087dcfc6c6406ec6b15e8e45dc8b264a7e378a8cbc1be5804875783b0880928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3132894ace7b84e9a6617b5c66ab77a9

SHA1
9a4852dea4eb5b4610efd29c9a83910224d285b3

SHA256
089010bc27d95189cf1d98ba717dacd94e81152868d0a6a228443b977c4ae733

SHA512
8a925b11d5ebe38a9e4b7d0b8ec0beabb90b91d446e29ac1cf13723a3e1ef5b8e9f980647147ae7dcd44adbe7fda4fa50f8dc10f341c2bb1dac6164fcc0e14a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2450b6c1da72d906f051a91fe817e31

SHA1
0d9a1c735cc0afae09c020537590b34ded9bdab2

SHA256
9c6dd7d566d04acdb4b591bdcb5164a778922a0101ab29066bc09e626667f2b5

SHA512
ef808c21144a9d7c22fb641ef89ab48605034d3c5b61e9bb088141f036334191c7f3034cfeea4da9e0bdb82ef3cf570db2db1d24473db0f984b47a3d8783d14c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
99f9ad96abf1ca994ccf441eed03e255

SHA1
444589c52d81d84735ffea996d04e7c0cbc81664

SHA256
aed4916e6c8415e362666e8d25f049f2b04ff934d9bc23957d4ce137311c8ba6

SHA512
9bac62301c65efcce098240e0d570c9dc132be70ca1a80b46a02ee923fe76555ec50e46450eaa58f7aee1559383a0117fecd6ddd0ffcf8ad8f66fbf8f5ce4e55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9b497d9c47273c97c2d1275175f40ab5

SHA1
5a976fb6c2a0b88f775cc35e4e40a6dd6221cae1

SHA256
a65675bda12cefe8b3ae6a871fbe19bc164a1627d0b6c39a13490dd57567b90b

SHA512
93264adcdacb052fceb6ce94e365d2b75614c01c19f927490f4f5db1861938b26fa3350f62de10040d4dd06da276ca0d88f28da8e336c4615b135bbcfd02ed2c

Download Submit