Analysis
-
max time kernel
184s -
max time network
189s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
16/08/2024, 10:46
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win10v2004-20240802-en
General
-
Target
http://google.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 3 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133682788161907742" msedge.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{E0F65FEA-1061-4D65-AB4E-481212D6B63F} msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4508 chrome.exe 4508 chrome.exe 2028 msedge.exe 2028 msedge.exe 1332 msedge.exe 1332 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe -
Suspicious use of AdjustPrivilegeToken 30 IoCs
description pid Process Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2028 wrote to memory of 4620 2028 msedge.exe 101 PID 2028 wrote to memory of 4620 2028 msedge.exe 101 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 5824 2028 msedge.exe 102 PID 2028 wrote to memory of 876 2028 msedge.exe 103 PID 2028 wrote to memory of 876 2028 msedge.exe 103 PID 2028 wrote to memory of 5752 2028 msedge.exe 104 PID 2028 wrote to memory of 5752 2028 msedge.exe 104 PID 2028 wrote to memory of 5752 2028 msedge.exe 104 PID 2028 wrote to memory of 5752 2028 msedge.exe 104 PID 2028 wrote to memory of 5752 2028 msedge.exe 104 PID 2028 wrote to memory of 5752 2028 msedge.exe 104 PID 2028 wrote to memory of 5752 2028 msedge.exe 104 PID 2028 wrote to memory of 5752 2028 msedge.exe 104 PID 2028 wrote to memory of 5752 2028 msedge.exe 104
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com1⤵PID:5488
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4392,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=4400 /prefetch:11⤵PID:6084
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4644,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=4368 /prefetch:11⤵PID:1228
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5432,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=5444 /prefetch:81⤵PID:1348
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5468,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=5508 /prefetch:81⤵PID:5356
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=5844,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=5872 /prefetch:11⤵PID:2576
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2028 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x264,0x7ff9c6eed198,0x7ff9c6eed1a4,0x7ff9c6eed1b02⤵PID:4620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2184,i,8720808838451893558,7014363340223714487,262144 --variations-seed-version --mojo-platform-channel-handle=2180 /prefetch:22⤵PID:5824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1868,i,8720808838451893558,7014363340223714487,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:32⤵PID:876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2452,i,8720808838451893558,7014363340223714487,262144 --variations-seed-version --mojo-platform-channel-handle=2464 /prefetch:82⤵PID:5752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4512,i,8720808838451893558,7014363340223714487,262144 --variations-seed-version --mojo-platform-channel-handle=4540 /prefetch:82⤵PID:5380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4512,i,8720808838451893558,7014363340223714487,262144 --variations-seed-version --mojo-platform-channel-handle=4540 /prefetch:82⤵PID:5724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=560,i,8720808838451893558,7014363340223714487,262144 --variations-seed-version --mojo-platform-channel-handle=3924 /prefetch:82⤵PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4624,i,8720808838451893558,7014363340223714487,262144 --variations-seed-version --mojo-platform-channel-handle=3928 /prefetch:82⤵PID:5772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=3440,i,8720808838451893558,7014363340223714487,262144 --variations-seed-version --mojo-platform-channel-handle=3464 /prefetch:82⤵PID:924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4424,i,8720808838451893558,7014363340223714487,262144 --variations-seed-version --mojo-platform-channel-handle=4372 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=4740,i,8720808838451893558,7014363340223714487,262144 --variations-seed-version --mojo-platform-channel-handle=3848 /prefetch:82⤵PID:1036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"1⤵PID:3156
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4508 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9ca8acc40,0x7ff9ca8acc4c,0x7ff9ca8acc582⤵PID:6108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,18400447610116160611,11728427872743804441,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1884 /prefetch:22⤵PID:1368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2196,i,18400447610116160611,11728427872743804441,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2232 /prefetch:32⤵PID:4364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,18400447610116160611,11728427872743804441,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2272 /prefetch:82⤵PID:1468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,18400447610116160611,11728427872743804441,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:12⤵PID:5036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3436,i,18400447610116160611,11728427872743804441,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:2360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4564,i,18400447610116160611,11728427872743804441,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4540 /prefetch:12⤵PID:2056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4848,i,18400447610116160611,11728427872743804441,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4856 /prefetch:82⤵PID:4584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5016,i,18400447610116160611,11728427872743804441,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4876 /prefetch:82⤵PID:3816
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:5812
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:796
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5573a3de6c6fcee10f543ec9bdf919dfd
SHA10451dae7a5ac1d3383e7c4806d812896f7c66d2e
SHA2560cee98f6aef6e25945e2b6db116f29541180786b27588682f93cac4b144cbe4c
SHA512fc5766e2853619c2c16e8ea036530ab4bfb2d118b60d4750e49394732bad2681892104569335f7688135ef34cb459b2605cf3819719f9e08a0010ba70c64e876
-
Filesize
1KB
MD51913eec7410bff10d205d8fcc8c5f8f2
SHA112b47dbab57df4e20bbda8bbc1badfdd6f7c4d2e
SHA2563a0e6f5e2e93fb748126d178158a296780279337d1786a61db75ddd697236e78
SHA51293b12b7d26d773bd9ab3271392442deb1eacac3317742f589f8d05fadfc20eefbaacabae62652ce08cc49de550fd64ee0f515c449219b1e1ddaab957108501ae
-
Filesize
356B
MD5620a2fa3eb7f8f258544f605bc98e5c2
SHA174afae621bb14a5fcb600a847eb8802ed6be6088
SHA256b63e341237d34701e158d6abbe9957de13d4e7e37377c7b42b8ce3b1b1b05d17
SHA512f5253bfbeeb8e2554c9117dc6e21968f8d7c360412199540d3297eb4d101bc45d6ffa6bc390428d02d05c55fd46ff0c3a5ff36b10f22392f18b2a9f38acc0c79
-
Filesize
9KB
MD549d70641f87aa5d7fbf5fce50dc46647
SHA1deff86b6a0e6fe7786d32bbc7f0cc3980ab75f77
SHA256f4da11275e75b2b3c9ed3e04c1237f8fe18f96aaeaf5d00c44a1cbb219fd3825
SHA512df9b19dfafe6af808d1c238757e285a224d3f595ba42a1efa6fb0d8487a48e56fe30869d670f6a0f45eae38feb0e056292569d7b486ab434070dfb6726097514
-
Filesize
9KB
MD5c38f26c07c252080e181816181bb4f36
SHA1963ebebc655a83e4daf348f13704bdc7ed27087a
SHA25688ec3b7029a7fe22ef58be1c2150c7362aa1a32415fec7bbeb361e2500a06145
SHA5125d71e9896a2b163c89bd414c6eb4f8abf43232f27d7d72a4e97771d47e85a675bdda2a98be903273498a37c89b8906871a7b73ae01fa6de9310e644ea6857ed4
-
Filesize
15KB
MD5cf8fc715a9764b7645d3dd7477b653d3
SHA16a817fbaf33910545be9564edff73231126a3af2
SHA25604283d5c78e76c6dd7d092ebf8e1fdec4cae9a210b827c7a87c508347c0180fb
SHA512cdfd708b2db286ffa9bdd083ed47b327d387d312f5c801e7e173b9a23a470950853d05be46c71e509915c30a20399e6af6cbd1ee97966c885d617713e47a4ad3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d683ddf7-56cf-4f1b-b0b9-122b4e183f17.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
196KB
MD5c4384106dc3a4e7da207ff49ee661723
SHA19138f32e176ee9dd50000c528f339c35eae3939a
SHA25627e66d3da9b3e5a5dbbc0bfcf2a979300c86a7b9d9f5f32d62407fc18df57fcb
SHA5129ce82eca410a806c9fabaf471413feae17ef101d5f82153dff714a97eb5d3fe1fba9b1531d1afde7d7578396c920e694eea2d01ba5afd3bfe8aeffa0e2638543
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
196KB
MD50b687c2e95c1447d6274764ee85ff03a
SHA182bcf6290f34f6ffdcc0943b1eeef0eca9e273f9
SHA2565c59d49156c6d90bcb2822ea624bac5305588466376b673d5af6096273bcbfa3
SHA512e628ea116554c9415a55daadb4b94507f7ae48acdc2e50d5ea6297f21ac37ba62c2f61c82badeded46f4bbbc5a7deb93130584b1202974a8927ca603aa854717
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
2KB
MD5cd9f183c02198a93372fe74ca7e9dcbb
SHA137172e72a746277da86d7dcbd3aabd06abfe7eb6
SHA256ce6a0a58338f0b3c116df5da348f2cf497050c2fb99223981f87ed3d0a9cd5ae
SHA512fe31c943d2a26fb36c1a3fcfdd00324af526681b6c6603f0a684626db37d1a1bc43f59253d3a82456d5abcb6d4be66c8f107b68ac21eb28064bc67e8d8d404f9
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
11KB
MD5711299b0b3fc14f351b790145b08cab0
SHA100f3c190301b6bcf9c38fd644517cf036fcf876c
SHA2561678afdf90b9700b686e046219ac451371ecc43d0780a3ae4be6f0be70601fc5
SHA512643a5e8c9cdcb18ef38bd4ce0e4e70d18c8179aaaf50623b8e9b7756a82929ed05f1957e2cd23a591eb81d788fcfa0b6a6484bb49d15a1e0bbb6c88c1e7e0a1a
-
Filesize
30KB
MD50699bbe7237963ed1941e554f1ad35dd
SHA11fd8ef4bae44298a8ba67baf280209582fb8778d
SHA256fe4a48454b13c22af0aff0d24b15afeba076e3dc3dd809a354cbb950f09ea1b2
SHA5128cf4c57d844f02e32bc3e175a78f8046abac11bce5a49902ad223dcb7b0e9ba7ed456a866a00ef012e9376be84e825ea07fc3de8be58252414330a2328a7103e
-
Filesize
38KB
MD596e2d02e2c3c5ca505b675bef3ab812d
SHA1911b460afa18ec160fe88d0ec30479963b1bc08b
SHA25699f4da620b32c9fc2816772798c195f3184a83bbd71a5b83095fbf13916627c4
SHA5125879bda1166613a5d863dc209c5a53d73fb89e706cd59a8a43d97c55d11c2e78ed601598673cd50d80570f5ef76c812dab38493f367d7adbbcb03c2d64ea3a99
-
Filesize
46KB
MD5583baadbb4808962d865b0d02ded9351
SHA14fd107fafa80d0e998ac6aca6a43d74a66a86518
SHA256b49e89e907a534a1f2a0238801525966d0d35aed4c8949c271da051d8cd5bc0d
SHA51297f1ea8854805ec51839075a396aa0ea72b1f0fd8776a9dea4e9bc46d17db4c3f5f40de64972998006dc527d3050d650ce2e30a6796071168888a528581e1d16