32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17-08-2024 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WgCz4VgdqaIl7MLvrm5CAwY2t2gYk9znoMwxWkSp.html
Size

146B
MD5

9fe3cb2b7313dc79bb477bc8fde184a7
SHA1

4d7b3cb41e90618358d0ee066c45c76227a13747
SHA256

32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
SHA512

c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exechrome.exe

pid	process
4992	msedge.exe
4992	msedge.exe
1404	msedge.exe
1404	msedge.exe
4720	identity_helper.exe
4720	identity_helper.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exechrome.exe

pid process

1404 msedge.exe
1404 msedge.exe
1404 msedge.exe
1404 msedge.exe
1404 msedge.exe
1404 msedge.exe
1840 chrome.exe
1840 chrome.exe
1840 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

Processes:

msedge.exechrome.exe

pid	process
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1404	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exechrome.exe

pid	process
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1404 wrote to memory of 2992	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 2992	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 1440	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 4992	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 4992	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 392	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 392	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 392	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 392	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 392	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 392	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 392	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 392	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 392	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 392	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 392	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 392	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 392	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 392	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 392	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 392	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 392	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 392	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 392	1404	msedge.exe	msedge.exe
PID 1404 wrote to memory of 392	1404	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\WgCz4VgdqaIl7MLvrm5CAwY2t2gYk9znoMwxWkSp.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e0d346f8,0x7ff8e0d34708,0x7ff8e0d34718
2⤵
PID:2992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,1301656857101970310,9408871637733666442,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
2⤵
PID:1440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,1301656857101970310,9408871637733666442,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,1301656857101970310,9408871637733666442,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
2⤵
PID:392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1301656857101970310,9408871637733666442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:2416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1301656857101970310,9408871637733666442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:1892

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1301656857101970310,9408871637733666442,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
2⤵
PID:4480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1301656857101970310,9408871637733666442,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1301656857101970310,9408871637733666442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
2⤵
PID:1688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1301656857101970310,9408871637733666442,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
2⤵
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1301656857101970310,9408871637733666442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
2⤵
PID:3048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1301656857101970310,9408871637733666442,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
2⤵
PID:2900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8cdf1cc40,0x7ff8cdf1cc4c,0x7ff8cdf1cc58
2⤵
PID:2880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,10678827364918717213,12819580588161126900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1856 /prefetch:2
2⤵
PID:4740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2080,i,10678827364918717213,12819580588161126900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2216 /prefetch:3
2⤵
PID:376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,10678827364918717213,12819580588161126900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2432 /prefetch:8
2⤵
PID:3276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,10678827364918717213,12819580588161126900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
2⤵
PID:5240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3324,i,10678827364918717213,12819580588161126900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3340 /prefetch:1
2⤵
PID:5248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4524,i,10678827364918717213,12819580588161126900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4028 /prefetch:1
2⤵
PID:5484

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5404

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
ffa0cf4d78188f312832c25f5a6a05cb

SHA1
130cfe4451727e47b2a62785b4aff84d1412bb48

SHA256
96977c4b11e9408ee4d3227b0fb5f2642277cbd0638f07b13e1a937cebc130d9

SHA512
ebd9ceca8e52cc6c55b07f587e343a39dd0e80d90790b673ba816677d039e011eee33f43e89bac7cffbc6d75e2537b83d80102670bdfba02deeb6f328088a213

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
e6c53cfda5a764a5d67bbfd2ed2ad735

SHA1
3526f7fe91ea736e4030ce1ffd8e16f18495bea1

SHA256
bb2c32c1a405e5492d9eeebdf0cbc7a6f4561d6d3ab694c3c308edfbe9c79e10

SHA512
76e631b134548d1ac329033c1ff850b387148202b7fc4817617a46377d7254500dca70a98d31a1e0f5d6c5f9b7530f8af909b3404d1897ce2f22fc6e73e942c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
11f3ba605eb5cc9b26033c8bbc3b7f44

SHA1
b631a9360aba3b515f50e2a6d34c948079db231f

SHA256
02c3b8277725259042c34987073d4b00a80144375af529b77c154d090ad81727

SHA512
888f6f0ba5e83f5ab9d4cd34a15e15c6a88b8e8ad708250084039dfaa8325da8daf678b1aeb2452d42d5c60b480516baeae99ec06f741a40d46442bc4b2986f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
370313f6e2a54b99dd325b3de15d2f64

SHA1
68207c84c731439a3e9325ddfdfb9dbb95c9ac3b

SHA256
95e3663cf778a14f9b8a008074d818a2fa666dc43191c4fc729f9bdc71c20b0e

SHA512
e15dfda1b58742940d40c851495d3950ad7693accd233bde4533104b33a0c225d2bfd6a0ccb0cc39b33fb64b1853f56d61606315b0df8ca4ee82e09bd98df48d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
df4255ac21f9d2709fc212a05670c226

SHA1
846ba3276e95673826b3444a282b806f97ae731b

SHA256
362f01d188c5dc569dd6051e619812511c3dac7284f24894af54a52503b645a9

SHA512
b5e9f7f6fda3e66c7b86cbc4bd0dc0e52aee7c7b7a619085ae23358f0f2a329e8eddf5e8833e4880430cd7e53830032b8127a546677c05a63b65b84cc5183933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
80100774abb7eb0de0f52916f48e9c21

SHA1
3f0d26a6416cc8c9591bc42dc64d40292b3208c3

SHA256
858573c3d87796ab067ca9afbc99083df167bc8f54cd0f460e1ffeb26cf7bf79

SHA512
e0eb9b2ba2f88fe2f7a9b1371f776919808615bedafae96e5badc5a3f1c659b69342c70338a7d7463065150c38b0c161e9d6a79f61f094687c538d5485b6bbee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
319801b1e58f05f0c8fb502735a66b3e

SHA1
e1864025de469d8dedda83d16b2bd7d914de8f3d

SHA256
92461d6d602a8ce99ff292718888e4f60842e26b1764576b3131ce86533b1903

SHA512
4a8f74a8624a89f857ac81a4e7b9674b6d2db5b65bda46d4434ef6be6a78f4ac1139d3b9b358b185898c7490c95e18973d8db2ccda681434de9f1a9cefd1ce05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
dfce6ebfeb766c390b038df897e3d463

SHA1
7a8e129e06ad4365e11ba42468a84c6a8dbb2e44

SHA256
4a3081e97362d6e749207463c7e82e81e300a6114e6d4ae7c875cafbeec578e3

SHA512
4b7587375b3e7994ca9ea6bf0b57f6edd8c67ce751a68e052cf7bacac76e85f3466883b587326704f251bc0cd38bbfb74a8c7308e5f988c3bc8c7f762e3a6e85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
47f3d6b4aa61865457be0a5a64de3497

SHA1
d20b995ef7f39f59d9c4c876098275e964cdb230

SHA256
3f0a871a368df9275fb414ba2b8f38bd2d13a8d19f28df1b3fd50ed78c9fc88b

SHA512
f670c80b4ed997b24f773a1dc4b0d5649d2e2d4d89236204eea7a3386737af36a02b101ca02c719cdea60c31376d216d2e7b5f8546dcbfc4cacd9a19c8b8fdbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
197fdab8c11016845eb35b3f366d456c

SHA1
49cf91dbe6bc59cef994bb015a6a2ebfcb1728c8

SHA256
b9fa1328f9f02b0f49d58895147dff964b4f6a90fef17c9cec62f6054af23551

SHA512
f78b8a7fe16b573fc627de21ac19975e86f3c6e9b2aca3680e0c63fe59c704084302e0bfcceca184165c4d3e2c9c897d1542ae9e5f0002010f9dca9c9e0d9c88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
72656fa0c23bf418c497ed937fa87aa6

SHA1
af88ceedb0a199323a76b7f9355f8b51888ddb9b

SHA256
3c5490f2cbeaaa4ed1bf1b375c7b5eae7879812c502da77981b62859ebc27509

SHA512
8b6323a65fe59fbe6c8bd57f6420091fbaa9dcb334000c2d656adbc0431b3e245c9cd8929baa7059d36dbe73ac08ffd75e6371cbb1ef5701f36aba9c267063ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
99KB

MD5
9279a3f696bfba956ad965847de4033b

SHA1
43d68eecb96b92615b9c9d06c9b241caa5fd3a45

SHA256
c7f498df32d18ccb3a41ef2c9ea92b6f915fe57c8bcf6ce5fc99ac6062bd440c

SHA512
cd641207ac87d55165f60446eb26d48f5d44413a7f4dc8603c74b792444560fe6c14dd091ff1955caadc98a7b5f45d2931960535d0e296bebdf4ac075e13e9d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c44dfbe3-3bef-4bc8-b274-b8d502c330cf.tmp
Filesize
99KB

MD5
af899b1b585566699eec9619a1d9d49c

SHA1
86893bb03757de2820adf83211e57eb382b3b22f

SHA256
a5cd5da9a46cfc6277b5542acf4210377cf659c7e365b1ec435739a97056d307

SHA512
528bf69ad3906ba9abeb1879ce162bc40fb81404554c945583ae8e002ffd550148e81c7996654ec128e75cef3e0b4b79683044a262b1972e12ab1d0a1728c334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
def1e02717e9085461dfd89108bf7def

SHA1
0bc5d866faf8b7c7ee1b69616ae7510fccfdb30a

SHA256
1c608b95c929c93e1386de23afd515f7e5a0b8c4c7b6debaf9500d189ce8d4d7

SHA512
50c7fd9f3b288e55b29a13684cb5216e4a7d048c92047b3d7ee3f8ec4b90330c7c9146b9675dc0760cbc363fa2044686d2abfc942b350e08e09ef5b937ff0da5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
5c6cca060fa55e4b5830aa530d564819

SHA1
fba0c6d8e1570248d9ad8a8a2a97519fa840d3e6

SHA256
d5fe52c42c63315c1e0c55a180cef531c0de185937ddf2c863ff11dae47b5fa2

SHA512
bcc20b53235e7157859b10e00e2d267636a1fb96ea11287c60eec447d27e9f682d634e2f19c02c8140ec251a81e78933ce7c886b6b0d53326befedabc207709c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
21f8739db0d661081520672bf3d086c1

SHA1
3f7060ec68f498c21167190c72f8e9f9c5c1d144

SHA256
fb95324cc138cbd65ec01de6b170167ae8867b9ca4bb174342bcb14ee139f50c

SHA512
6ee8c9cfdeab0d2ac91b0f25b92daab7c8670391e1ab0c462e706b6f8366ba11133d35911fa524a81c3b0a086918d00e259f6c4f4af2b12dd663a72ebb22f06b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
d36623ac45bc5d72d5ebf01f186a388a

SHA1
cd1b1d87beafa70a363e028ab78ce9f4dd0bfe54

SHA256
f0c01f29dd9756891ee49a3e16d59599126fb6e60d16d2d1efcedc248c3d32d0

SHA512
314101e470af0d0e28657758eed5ef6dc1a1be30f88bbf7e24fa348ad484c892300109345eac0a3c640388a5ca259c891eecbd41acc1c84a64a2f6a8335c8333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
37517624be645f4a79e972a0807cd5f2

SHA1
bbe683d37af126de83c6c301deacd4e62584a893

SHA256
725ec54afd0f9e70d38e4fffb16fd95099bc44467f3ebf8129097cc43aa7b4c8

SHA512
531d42823c6599151b2892f6593d3fd1cc4e46ab889cc3ad3251afa84a078de8a81cc429e6b862faf1dfb25157868199653a53f2bc53142686877cdd60552e76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
552707cc0d1958c8d2aa7b546ea432fb

SHA1
2d688ba1757e83a76f73a37ddf3ac321d19ba108

SHA256
c7bd9718bee66e22b8977cbdebc96bd578dfb4ee2d943ddf7131e344b0557bc4

SHA512
c35df4718ea138cf42edc3eab1f492c9f78c222aee2ed6f597de455b3a84d52df22fe99e87f8a7b2edcae46abcfb2e53d41a20a2fbe64184135560a8d20a7642

Download Submit
\??\pipe\LOCAL\crashpad_1404_HLHQHHXZPKEGXYUZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit