8ef0aa04db9fe87fe3e9d92103882dde1531a55f8c7fcbceda55f8ae4f501435

Analysis

max time kernel
111s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 14:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

gKVUBo.html
Size

1KB
MD5

0961eb13ef799b1c1f2a335965f343bd
SHA1

5d7ce0e0c0137d85da4d7ced88bff2bdba80ed20
SHA256

8ef0aa04db9fe87fe3e9d92103882dde1531a55f8c7fcbceda55f8ae4f501435
SHA512

554458650ceec6f091e6451ed3eb46141d98deba5cab9fc54c0b956b90939caf5d846edc6ae4d368d88a964c2259f5cf9fcadc8f7e610b30928ea65af9b5c777

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133681205236669868"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2124	msedge.exe
2124	msedge.exe
5116	msedge.exe
5116	msedge.exe
4368	identity_helper.exe
4368	identity_helper.exe
1988	chrome.exe
1988	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5116 wrote to memory of 3936	5116	msedge.exe	85
PID 5116 wrote to memory of 3936	5116	msedge.exe	85
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 4732	5116	msedge.exe	86
PID 5116 wrote to memory of 2124	5116	msedge.exe	87
PID 5116 wrote to memory of 2124	5116	msedge.exe	87
PID 5116 wrote to memory of 1128	5116	msedge.exe	88
PID 5116 wrote to memory of 1128	5116	msedge.exe	88
PID 5116 wrote to memory of 1128	5116	msedge.exe	88
PID 5116 wrote to memory of 1128	5116	msedge.exe	88
PID 5116 wrote to memory of 1128	5116	msedge.exe	88
PID 5116 wrote to memory of 1128	5116	msedge.exe	88
PID 5116 wrote to memory of 1128	5116	msedge.exe	88
PID 5116 wrote to memory of 1128	5116	msedge.exe	88
PID 5116 wrote to memory of 1128	5116	msedge.exe	88
PID 5116 wrote to memory of 1128	5116	msedge.exe	88
PID 5116 wrote to memory of 1128	5116	msedge.exe	88
PID 5116 wrote to memory of 1128	5116	msedge.exe	88
PID 5116 wrote to memory of 1128	5116	msedge.exe	88
PID 5116 wrote to memory of 1128	5116	msedge.exe	88
PID 5116 wrote to memory of 1128	5116	msedge.exe	88
PID 5116 wrote to memory of 1128	5116	msedge.exe	88
PID 5116 wrote to memory of 1128	5116	msedge.exe	88
PID 5116 wrote to memory of 1128	5116	msedge.exe	88
PID 5116 wrote to memory of 1128	5116	msedge.exe	88
PID 5116 wrote to memory of 1128	5116	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\gKVUBo.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda94d46f8,0x7ffda94d4708,0x7ffda94d4718
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10964983075044242830,15152549959297857702,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,10964983075044242830,15152549959297857702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,10964983075044242830,15152549959297857702,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10964983075044242830,15152549959297857702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10964983075044242830,15152549959297857702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10964983075044242830,15152549959297857702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10964983075044242830,15152549959297857702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10964983075044242830,15152549959297857702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10964983075044242830,15152549959297857702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10964983075044242830,15152549959297857702,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10964983075044242830,15152549959297857702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10964983075044242830,15152549959297857702,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:4892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3616

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd993acc40,0x7ffd993acc4c,0x7ffd993acc58
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2012,i,14232668439684002882,2279799057019398899,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1944,i,14232668439684002882,2279799057019398899,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,14232668439684002882,2279799057019398899,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2276 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,14232668439684002882,2279799057019398899,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,14232668439684002882,2279799057019398899,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4596,i,14232668439684002882,2279799057019398899,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4836,i,14232668439684002882,2279799057019398899,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4560 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4896,i,14232668439684002882,2279799057019398899,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5228,i,14232668439684002882,2279799057019398899,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4036,i,14232668439684002882,2279799057019398899,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:1196

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2360

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ed9321ef98dbc35e953d8c4b0817ad3b

SHA1
13d4a3790a5483f27e936746cc67a572b17a331b

SHA256
8e6ef0a6a5c713b8e9fe0f3bbd8739f94077d4a4a91e57fce2477ca5b106633c

SHA512
3ab72b7ce16277975a8d4e8a97ea790601009d692f08e7e5abd6fd133aee476bc5c9093641a09a1ad7be4205b3a744af1ff344cb65a3948822433b61a09de70a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
6d6753be2595210dc5779b83d1aa7408

SHA1
657960182dc3d716b1ab0c9a6ee7a1f7b432ae71

SHA256
f3539fe9253ec024c7c3fc6503631ad51f2127fd2ca1e9e06e236ba36946b9b2

SHA512
53e672e8d2eb6c00e8b86b7aaef38be216f062b7c99cbcd679f137076b71625880893fb54d629c2c742367dfbd02c5cebc6215bd2f8c85d057959269e904784d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
411c4ee98a03d544e45519d4448eaadb

SHA1
999c5d02089864055ac00e2e7620ee0b53fda6fd

SHA256
2ee3588db52dce2f06d371d9fd402bac863a345308cf68f545227578cca25f3a

SHA512
0023da846d392ca571bbbbed901b12f57e207441de062e6d1964c74f3233c4aec6e5899eabaabcde06a7891dc0e350e080f2c65b9f2be7c84e1de2fec9343fca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
471d1c14d41cc434016e4ec35a07adf3

SHA1
13db7d3fe7a2fbe5a3f358983adcffae59c4cac3

SHA256
d3c65585b0e4f035231bd201f648afdaa891321a30b5ee4bc64dae62bdcb5d96

SHA512
5c67a6090d937d8b1a3fecabb33e467e0c2a8c8552c4cc42f6d840099691cebc34f00f38e30c420e413698a25c065135ed7d9147089176fdab603f8cd8f65622

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2ebd5a2dee5feff18d7956b0919a42c9

SHA1
a341e096a1060f18310c5dbbe453aef1202b7b61

SHA256
a27c2be946d17bb9d1be846d3d10d56b241813e8e3c3e047b7daa8370db4e2ab

SHA512
57334390099b8913f13830cb9cbbc25e3e5fb73afdf5e6ed603a3b4cd69bbc2e7d3f48527ff018e6a56e69f78ff6ad8905feff30c8df4f7a37c43d0c2a9ea8db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7ed639ce3ec91cc3369d6f382b0dbe25

SHA1
af35377a883fb2fdc3fd7c458b40ed511e7cf523

SHA256
69ce8ccb783966591dd1f189edd8d0602f5c746c9ad90c17fd9219c2a213362c

SHA512
6ed05fe09220ce6a1c351acc4bc4dce4f2d6adb312eb2ddb46201fda4efaf7b0c211810d1375880b82fb7f652b7c19530cf4bd8e98ef3c0d4fe64c87f17ecbf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cd15aa6857fd75b1ead2c3145b4545f9

SHA1
c8bc3042da22e03e20d19091c5ec162f6801d35c

SHA256
e60f9ab1a6b7ad9a2c90637e541e8c5448d1c573e5f91ea965e541b218d39481

SHA512
1b9607895e1dc2a73b8f87895b67afc22c06f5a79ed1dec7a2a8c6d605d4ca9b734f2a38e9c55f800ad6b15f2d79d8131eb8c76e942187866743ad9748a3ab0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
841d1643d6ac4d4f924b835dd2d8a614

SHA1
1cf298a3c325cb2ff5a08731708ce161179dec2f

SHA256
d9f2f0869bb07414ed039735fbaf0957d36742929719c21250b764bc79cf5b02

SHA512
292d9511a4674da6cac9e874d28ec8c2227e8660cc1e8599fa1e82cf9714b801663ecdc7277274c4b4614b94c68fb25bcc36d08df011bf86a5f019c0dede39f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
32a508292dcb0f987e803ab01c929575

SHA1
61fb3f1d7299590ece4f0ee85931ecc9952071da

SHA256
4668bd8779e2aa3599497b11778ef09276c456a12f1362b6330aa43e838acfbf

SHA512
38d8a613b6fb475a9512711ca69b11d5ae8c78cca5a7582a0441164c77038708a101ba1eeef45199f4d8bc1bf6a65885078b02558f26ffca9ec4c3a4a5870789

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
0f0bc325d2679b3601ecd7c27cf248f6

SHA1
a28b37db1e5b3d26f9f9411c0ff0a92a474cfa3f

SHA256
230a14a09e58bd1c608a408c7aca40288c394c1c7ad82f33b81d225a78dec283

SHA512
8ec322fe2e686d8550cd8532f4567feeb3789e2b6ddf5d999d690c0c01a12c4aa9e139c56812fe7b010da233971a0d029cb5812cc5f6d0982352c694a09c4359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
d2fc11aa1ead8837f19b834890e892ee

SHA1
da8b724a92aec39d2e6d5e43a3bc2f85fad72d68

SHA256
f97f62fe9b1b203c0d0f0d3f90d667af58c7aa8bee80b4973d9a4e2bea670887

SHA512
3df6132e7223cc761ba8f6c74c65f1494664534370c8771c11628c279c28e4b048db8771e987e5ca18b1c74c5f0e80195593b513ed5655061cfe7a0622849850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
98eab7d4980a03791d056a161e6991ae

SHA1
3bfbe39514d5b01cf2701a1fb2e02b00ecc1bd59

SHA256
50b03417cbd7bc9d59c577e7de3ee6bf80b75a413d491c9afc0ee9c06b9503ff

SHA512
669152cdfd0f4384a458c89c67aa35d17850683e2688c621006ec9c1f4fff3ebd48355f0c2c1930baf520d06f592ea935b16528001db3d4e711b2c6a64fcc17f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eedee15579480d7389a51b61e8f2c95f

SHA1
a4bd27b78c8b9b9badfb42bd13a578debbb5a3f7

SHA256
d4b4e5776325a6fc9aebf4aa31f7aa77b6d9c193c5d0f63ffa3379bf3a2f5233

SHA512
5167d3d66900945caa18b66707b4da3f51a34de26bab47fcaf7a661ecfac576a7f350e8df1b2ae02b9920425a00efdf1904018748f404aaa2a5577465d36ff30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
691aaa3eef2194bb68bca8db261b9f14

SHA1
fafa9ff8c091a71d02d30ef240aa1a96ff410508

SHA256
c115b8be7bb8bb799e683254209ef3bf5aa82e47f664d69e6339b1fd08e4bbc8

SHA512
013d73261d8c842066d5aaaa659f095deec0fe5da4647f1510dbb3c959bde957994e9f5032abd548fc63ea3a6bbff2d39bce95c5260a33eb329caa53254fcfca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2730c0b76fef2a7964edd773c281721d

SHA1
e459b01cbe0feac99b00052d87b30855e4c887d0

SHA256
28f95dfc0a83728a87b182474d0db4b89a87a7055dfc29f5017b92aa37c770e2

SHA512
c3e4aeea65855e043dcae6132d45348424d5e7c9a9df85ce124af427b5c68217b21ad8cd342d4c6abd51e2f511f9b36e703a6775324496fdf14906103f25e989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
be99bab380e0e3d74bec19420009df6b

SHA1
f88c013bb1c08059570f5984f1fd12135858c2c2

SHA256
13d8abe4a47ed3c07e7fa22db4cc81ec4f6589723444531369fab3dd7951fec5

SHA512
b3c65ed8162117c5a865b15a1d12899d5a390a928cc40324a194b6bf9d03e3119f9e7639743b041e46a632fdf2de9dc16a97dcdcb2436596903b67e4de473d0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
80a4850c4871e6f82881f64cc5146b94

SHA1
ac301a565df580142565873910bdefa2221ae05f

SHA256
c8d824b5ca805107b8a75e2f016e7ccfea53cb9d025ebd7a42ed6b5afc02713b

SHA512
cbd3bed9131432f20cbf07b18540b4b21fa97ec345fd6108d68859cd69746531e5e5ee48d6de1db00ecc1003a4a6854c473b1011f62830a90ba0fb920c04d22e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
de1098e50090b0c323676b549ae5e6bf

SHA1
bd3f65383156a8ec29f583a5ae0fa2d9b613c941

SHA256
6cbb0d4c7c58ecebefe51597246368aedb32b988d012dab1d9966647f60774e5

SHA512
fc2444947e497c8db945ce0fee84588d9e24fff4a75cd7a6fc35032ff8c5173105725f9bfbf63d906a7c5d39fe20a57db8ebe9b7790fd5a76c2fe16b81d6c927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit