c75a948992412911993d06b77c9b8bc8bdbe985f44ca85a96965cc9d4f38b1f9

Analysis

max time kernel
61s
max time network
66s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-08-2024 10:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Antek.html
Size

3KB
MD5

86ef6b821e28957f5f308dd16816eed4
SHA1

1a0128b55030930083f5daf1844ed66d6f33cfad
SHA256

c75a948992412911993d06b77c9b8bc8bdbe985f44ca85a96965cc9d4f38b1f9
SHA512

5101d9c585a71526a9e73197a2fb523b6595fa41e7481f785374f17c38926f875aee96d99d0ca577638a076b36948c2d522113dce30bbed9a56ee821e4573cf4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133678473168293762"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2008	msedge.exe
2008	msedge.exe
4684	msedge.exe
4684	msedge.exe
1760	identity_helper.exe
1760	identity_helper.exe
5964	chrome.exe
5964	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
5964	chrome.exe
5964	chrome.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5964	chrome.exe
Token: SeCreatePagefilePrivilege	5964	chrome.exe
Token: SeShutdownPrivilege	5964	chrome.exe
Token: SeCreatePagefilePrivilege	5964	chrome.exe
Token: SeShutdownPrivilege	5964	chrome.exe
Token: SeCreatePagefilePrivilege	5964	chrome.exe
Token: SeShutdownPrivilege	5964	chrome.exe
Token: SeCreatePagefilePrivilege	5964	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4684 wrote to memory of 1948	4684	msedge.exe	84
PID 4684 wrote to memory of 1948	4684	msedge.exe	84
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 3544	4684	msedge.exe	85
PID 4684 wrote to memory of 2008	4684	msedge.exe	86
PID 4684 wrote to memory of 2008	4684	msedge.exe	86
PID 4684 wrote to memory of 3160	4684	msedge.exe	87
PID 4684 wrote to memory of 3160	4684	msedge.exe	87
PID 4684 wrote to memory of 3160	4684	msedge.exe	87
PID 4684 wrote to memory of 3160	4684	msedge.exe	87
PID 4684 wrote to memory of 3160	4684	msedge.exe	87
PID 4684 wrote to memory of 3160	4684	msedge.exe	87
PID 4684 wrote to memory of 3160	4684	msedge.exe	87
PID 4684 wrote to memory of 3160	4684	msedge.exe	87
PID 4684 wrote to memory of 3160	4684	msedge.exe	87
PID 4684 wrote to memory of 3160	4684	msedge.exe	87
PID 4684 wrote to memory of 3160	4684	msedge.exe	87
PID 4684 wrote to memory of 3160	4684	msedge.exe	87
PID 4684 wrote to memory of 3160	4684	msedge.exe	87
PID 4684 wrote to memory of 3160	4684	msedge.exe	87
PID 4684 wrote to memory of 3160	4684	msedge.exe	87
PID 4684 wrote to memory of 3160	4684	msedge.exe	87
PID 4684 wrote to memory of 3160	4684	msedge.exe	87
PID 4684 wrote to memory of 3160	4684	msedge.exe	87
PID 4684 wrote to memory of 3160	4684	msedge.exe	87
PID 4684 wrote to memory of 3160	4684	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Antek.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca93446f8,0x7ffca9344708,0x7ffca9344718
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5286145785228523404,11294491376624496994,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,5286145785228523404,11294491376624496994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,5286145785228523404,11294491376624496994,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5286145785228523404,11294491376624496994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5286145785228523404,11294491376624496994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,5286145785228523404,11294491376624496994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,5286145785228523404,11294491376624496994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,5286145785228523404,11294491376624496994,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5286145785228523404,11294491376624496994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5286145785228523404,11294491376624496994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5286145785228523404,11294491376624496994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5286145785228523404,11294491376624496994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5286145785228523404,11294491376624496994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:5404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Antek.html
1⤵
PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffca93446f8,0x7ffca9344708,0x7ffca9344718
  2⤵
  PID:5352

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Antek.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc963fcc40,0x7ffc963fcc4c,0x7ffc963fcc58
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2072,i,9153213610733139853,282283013534040062,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1988,i,9153213610733139853,282283013534040062,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2320,i,9153213610733139853,282283013534040062,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2300 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,9153213610733139853,282283013534040062,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,9153213610733139853,282283013534040062,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4696,i,9153213610733139853,282283013534040062,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:5612

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1912

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
53a09520c3f63e1ab31c7c7658418541

SHA1
dc7b971eb842e1a70c43ed713aeea7570d5bfc9a

SHA256
d184ba4aa2a6c3c91b59ab424fda1dbaee5f0b1314c1ae0d2798760f5e03b7cf

SHA512
8c863c951eba33d132e259f8018cb0412f1f3487cde12326b54fa23cd4383bb504bfbd56ab4ea467c4a013a1ec725438aa8af51cefc58030544b6808167b6a3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
36e4150f0c48aed41bd80714b3d7f648

SHA1
6319a756459c8adff335195b678572a0d3d3d352

SHA256
128c8ce24f85b08c33fddd7f1da3cead73d2c442843e8646a5378e790dff776d

SHA512
0fd3bf6fa9e68e6e109f2c692dce5c949b279708a8304d4a3fbbef4e499b87b8d45a7ee17b065926379ac4bee3e26290fe9d37f65338537018381eb375718ef4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\faae09a2-d72b-45d4-aa3c-29b752bde6a3.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e234fc1078a7c1f5459178e26b2b13ed

SHA1
341c969cf1df1c0409f4b8ee350be0aa4a148d38

SHA256
59fcb02981f5f90315caf185e8666833cf054067e23ca79b28805ab32247224c

SHA512
33784201b2c472e64d15ad34306cc47ded339647ea98f5fcfcfee1ee8d9a4c6865d33c8d666c767928c88dd73ace8c8b89e200d45dbd98526df1ede1c55cf79b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
3096eb4f9f4ffced194b8af73ac2dfbd

SHA1
01f599fac5afdbad69f4214faa71a516e9cd565b

SHA256
d44db0af67102493eede61d96e4b037aef60cd99686aa8de001cae3fd1a728d6

SHA512
ab89b5a7dfb91a04830dc6118c0775222e1b69b6df92c8ebf0936e7db6f3e7fd41acaac9623e2cc5a928d0a674ed5f94789ef02d40586fe891dcd7f05cdace5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea1d417f0b19ac4afd6665f1f5b6a50f

SHA1
a1d1dcb3213a39530b95477a4ccf7d92b2f134b6

SHA256
f8ee2fe7f0f72bc6305958ea58ae6e700a817159971ebd98ae0bbb5931404e85

SHA512
b13925058eb8f934cca879bd3bef19714e7c2cadcbe41d982ac4baeac94ec55676262bfaeb5b08c2e1bcc9593e1b8953093d71a754d53ebdcb5c2f11065d6cc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df400a9f3d2e3161880f578273f016c7

SHA1
5d75197c4538762d37c29b0731a120b90a756a9f

SHA256
5f1253de06abf387e533c42671ed5afbc5f9df77e21d09b15570c465aa4fcfdd

SHA512
6d5917d70c73096b6b8dcba7805756a8e548aa496905fc42da4b55fc50eb8aee7d40adee9d98e8c62ab910442b7a49a447ec517139e3914ecf1ac918e52999a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
333e725d910725426bd859e0e83180e6

SHA1
97bef47ca52312c2aabd86b38bf8a7268e76fe8a

SHA256
74ffba7bc69ce68a3db3c8f363604bfa3dbb2893908ee24f946e13a9ed33c386

SHA512
1667db3c3776bed05f34e24e630af30ed190cf5be5b631a4970b3c41d63bfe4e2d992b16bf9ab43546a235bdfccb63283b958540255ad01148739e1d4ea2d716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
d8c9cfffb759e982973f446b479e9a33

SHA1
0c32d4f619aa560764540fbba37021e8a3fe66ac

SHA256
5004e5d3e8fdd3084da61466b828f0fb2ff425fd5d7d69523018992a0b91bc2e

SHA512
d2361a1a26491a265484e9c7b1ffe2f37e74e90157473799a966e835a6616e4a308bcd9aaf22160ff9dc1ebed4881b7b5c77a05ff684dfe9df766b7c9025dfda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
2b38005a30b40f6d5ec72d675190fdec

SHA1
1753014fc3a199bab5055239041f54652686addb

SHA256
b007559a6b2ae3607c9523d783418f4d19b52d0c558e0a0ad32cb1d9030cbfb0

SHA512
2ce72939eaaf08e8c1bc8fcfd96aee9e34b3eb8e87919f9dc51b8ec2c400844e2d8a8c1649df3ef8ad1fc103ddf8e0af12a77cab258c70b1e158e4bd418bd715

Download Submit