c537449bcd3f99ce35402b12d96002ecf17dfdafaecdb2f62618357731d99540

Resubmissions

17/08/2024, 17:40

240817-v85jasxhkf 5

17/08/2024, 17:36

240817-v6zv2a1bmp 3

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 17:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

2KB
MD5

8d6223200ba570baba4a0dff218829ca
SHA1

5911f22473eb0223758c7101d23cb6dadd2ac023
SHA256

c537449bcd3f99ce35402b12d96002ecf17dfdafaecdb2f62618357731d99540
SHA512

624c799cb7c57bfbb0295b3f9a4fbc36bd72ddcf77afa357f65d6233f8742fc63577ad7448f666e3955b50c411e28b507fcbbb3f642456d09f053ccd89326849

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133683898902439968"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2948	msedge.exe
2948	msedge.exe
4900	msedge.exe
4900	msedge.exe
4656	identity_helper.exe
4656	identity_helper.exe
1464	chrome.exe
1464	chrome.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 860	4900	msedge.exe	84
PID 4900 wrote to memory of 860	4900	msedge.exe	84
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 4152	4900	msedge.exe	85
PID 4900 wrote to memory of 2948	4900	msedge.exe	86
PID 4900 wrote to memory of 2948	4900	msedge.exe	86
PID 4900 wrote to memory of 3664	4900	msedge.exe	87
PID 4900 wrote to memory of 3664	4900	msedge.exe	87
PID 4900 wrote to memory of 3664	4900	msedge.exe	87
PID 4900 wrote to memory of 3664	4900	msedge.exe	87
PID 4900 wrote to memory of 3664	4900	msedge.exe	87
PID 4900 wrote to memory of 3664	4900	msedge.exe	87
PID 4900 wrote to memory of 3664	4900	msedge.exe	87
PID 4900 wrote to memory of 3664	4900	msedge.exe	87
PID 4900 wrote to memory of 3664	4900	msedge.exe	87
PID 4900 wrote to memory of 3664	4900	msedge.exe	87
PID 4900 wrote to memory of 3664	4900	msedge.exe	87
PID 4900 wrote to memory of 3664	4900	msedge.exe	87
PID 4900 wrote to memory of 3664	4900	msedge.exe	87
PID 4900 wrote to memory of 3664	4900	msedge.exe	87
PID 4900 wrote to memory of 3664	4900	msedge.exe	87
PID 4900 wrote to memory of 3664	4900	msedge.exe	87
PID 4900 wrote to memory of 3664	4900	msedge.exe	87
PID 4900 wrote to memory of 3664	4900	msedge.exe	87
PID 4900 wrote to memory of 3664	4900	msedge.exe	87
PID 4900 wrote to memory of 3664	4900	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7d1746f8,0x7fff7d174708,0x7fff7d174718
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,7216633127627039235,2106998164907620310,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,7216633127627039235,2106998164907620310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,7216633127627039235,2106998164907620310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7216633127627039235,2106998164907620310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7216633127627039235,2106998164907620310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,7216633127627039235,2106998164907620310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,7216633127627039235,2106998164907620310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7216633127627039235,2106998164907620310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7216633127627039235,2106998164907620310,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7216633127627039235,2106998164907620310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7216633127627039235,2106998164907620310,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,7216633127627039235,2106998164907620310,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff6c20cc40,0x7fff6c20cc4c,0x7fff6c20cc58
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1988,i,16352787545424195154,18196775960167600205,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,16352787545424195154,18196775960167600205,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2328,i,16352787545424195154,18196775960167600205,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2284 /prefetch:8
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,16352787545424195154,18196775960167600205,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3260,i,16352787545424195154,18196775960167600205,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3192,i,16352787545424195154,18196775960167600205,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3808 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4780,i,16352787545424195154,18196775960167600205,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:5808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,16352787545424195154,18196775960167600205,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:5916

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5516

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
548c578279a280e5e84178062e1df2a0

SHA1
ed8228da3d504684c8d69d8633a0ab797d40b94c

SHA256
8ece7d0192375ab4f85d0c359961708e3c0306e3548611abdfac29238f83aaf1

SHA512
9c691f4a7373f9b3522198a380eb7127ada0d4d76c156f73c389a7f29a1e969828ac8347f6795e441421047c931e0779bc78e7e441f029a882c0d2488c848e19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
39180aee0ccfb6540bae1deb170135de

SHA1
297faeb5b981d66e7e32e5964bae319156922be9

SHA256
d27e02c5bee3248a80083ed6b610749b1c31d46211b9260e6aa62f10db46f6df

SHA512
9601ff326b55e987e64eeb2df9a74e0a9a2abab42640b84cf83dc44aacaaafecd5ca1a624ea8058414e26dd6348e3f55a5a365ebe4ec0610f153b4faf1b3ecf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
fc6a0752681162aaed7fce0bb7a9c612

SHA1
10a34c7a2e73d2b7ef39327a12c8f9aa8c7ef261

SHA256
938b8a3577f042aa06f8b19bd19b6ab3391eac826d1d4ee7557448e8711cd670

SHA512
cb986315ecb025454ec5d96d60bc5cb00c908f0993ec33206e656c44a5f08f9f72a1dbd00aa238f485e5b7f2d8cb8b65a008b7b29e193d26dc50e3e93f0433b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f8cdc53181b12ee0a69a6f39051cef2b

SHA1
2e2fe53662bfd2e1f47a75ba3d16ae7b31de9877

SHA256
fb54e3bac2f7f73b0c199295fd0b12ad13abea53aaa1f578daa92ab0c4186cff

SHA512
9631a5801ca1c33798361554cfb3a39abd2f7af608155fd1ee86cb3981a9419f95ac4d94bfd338c4480d87ba72f91e376b90887c4dc7b495110c8192b02fb260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fcf94fd9a6b75513aa387fdd759d3789

SHA1
51ce106ffffd4a34a79e6e2b41e542d249f42c63

SHA256
8968039364a277624336242906c7ad3f3b0b8a209e10246e7c0ed1608a2b3c6b

SHA512
c40ba4e2a5c153c21d079fb375a933f2aa1ab9c7d066d9d5dae0a91737094c2f899437ffaad85acf25d5d68001fb0ff749ac14926330597e4833bd0c2b67a666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
42ca14d3f4c11154acccfb3b73635b7a

SHA1
0a8cfd59abd65ab9fd1a5201dbe001dfc3160874

SHA256
5383350bc364f0ae6b095625c35ed52885b4665914612c597d321aefb008b07c

SHA512
13473c5e5619ee5cdefb9ba1dc1ba6d9a02152147f421e2e53b6216d8fbb4d12cddc237af6e96e76c395969e4deda17beab68346cc465cdbb6c59e5bab0fdac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
20d9cc4d36ce998035ec2af8acdee363

SHA1
818286fa6cc1b96fd12308043e4f0b4a72141246

SHA256
7b53de57667436554188ed753016980a2aa07aa6d8c243a5b34d0bed837faca8

SHA512
ec5f9d33ec634309338d6b9caa2ec21d2c656c7d0e2e4554fa4bd933d69eced2c5aa55f97ed32d2caceca4c4ab2a982b2c778a3afe41d70d19c5f6f153225b0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
88590fae868621bbf622e5718185ff91

SHA1
211dc0aa78bab6cfc437462a7561250199473351

SHA256
9484238cd73a76f8bdf51e16aedc96e911b13f83253ec5accc31fe8a2e4d498f

SHA512
b1725d897f8f7c9e681bf188d1847fc770be44b0b06fb32efa7b526d17bd25982e869e9255e826db8488be30ddc36333fc07e4b416bbba272117b5b503faeed1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
77c95db61e8ee1e0800cfd1f1779fa52

SHA1
7288a264276cfe2b6ea346415e4a407fe9453155

SHA256
7233b20629cd456f8609ca6d69db4749251e2a2fa5aaba5632bd57674eb24a13

SHA512
b213a8e26fd05919e0ec97e39a60504c7f63a258f02393ab369eb6892da8ac69dba6357554574b823890876df91d07ac40da0a15ebe6163a69f698cfa16f6e8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2132d4015409fb3c20f3496fdbd7a344

SHA1
f938923f02fd57c48c8ac77fa1d5e0de5561f1cd

SHA256
e331987445eb42908a5430685e5d7c2c4247a3abff6c98006b42ee5ee35bcafa

SHA512
666a25a253856f8233723d187a912fc17f119daccacb10d01f48af9ac3384e60cc337c5fec89ee1faddbe589845f3416dafb1d1a4fb674e0167875af0ad7fe98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9fb6d2524a1d45298d12e6fae517e528

SHA1
3b95cc07e553cb44b3c47302a23bfb19336b9490

SHA256
46f1c04e7d68beef2ddb48d783726ae7e658f8ee773701857ea930ce6af39090

SHA512
2d7d65c82ead7edbbbf0734e566ad4dfc219cdff2609c8f7a093da63b6045dd96e0fc90575939490e1aa8e4e507b08a19cbdc55a53ccbf6a8e9612be87853b54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0cf0f50b437e97ed807a69d7c9b28313

SHA1
7074e707f0857b6bdb0faaa1df01714dd42a0cda

SHA256
e31a442cb284e7f21d7e58eca1a081d51239b7f4e2358569134a137eca2683d2

SHA512
2e5e287ef7cd8eff4df55ce8e1126e2b94eebb6d3a51ecc811c5522d1abb49b70632caf6c7737a0fdf63d5889d53373750aabddabfe6420e9a9ae1d9fc1e4a81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
77c25dc7da77d0b6e9f1c7f68150b5ca

SHA1
b7d59439a0b089b4d4618dc0da56e49e79474f19

SHA256
0ed5c9eda2480c58803af87a3c91daae95929950c705ec9952e8fd78eab1e93c

SHA512
b5ba4abfbdc2d250c60855164ab05a30d10f084ca149f2e18308c727df2ef6a7c648e4505b834a2b7224ac0e98c48d6df5a1f9ae72b5cc87c51911fa692122a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
c12856e967f100195886a97569f3f9c8

SHA1
cbfe9ed1586de87edb3092c13ade94335c4913e4

SHA256
2f11b4b125f02ce827c3762f276db1c8ab8ac612bc42c26318ac94b1bf2107eb

SHA512
f2b14959697e675faf5d8c2a8b4b479f4895a719466196d2cdfc9cf051433d426f04d84f02a3c56ce085b2fadf95fb3b0cf391d1f3715c89077460642a0925c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
26KB

MD5
69b550731f9a789a39d18eb917e43a4c

SHA1
20721285bcc8dfc47777e43b2d94a224469a0b50

SHA256
230bd4129d0d79dd196efcf6d9e8db962c5e750fa539dfb5b72ba43666485066

SHA512
0de48338b7108eb2b9206c57d382c69703f1424788f7c665f44e4ebf8fbc92da8f11d10416c03f37d62c0d72cf760b902ef52f8e41caeb89ec221f0fac76702b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
26KB

MD5
f88b7516d48931c6c5e1eb106552a722

SHA1
2e4216515a3ee4e1e655beb78ab5ae6bc3004d6b

SHA256
f2077ee3064c809a510b1ab40c9df0bb97701c6c65c3574f6aae641735577d60

SHA512
4833298d268708de38f9b748fe0db0befcda7d94eb28183ce782a604fceb97fa5d60da71c07bb5d4951d695f14327962f8cec2e8e4e58395668b7cf77bd53811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
383B

MD5
62f7b48bc156505046e6ad773efe49cd

SHA1
25ff6e1f98213d39f2470ddd41f4caef24f98bb6

SHA256
1547de79347991a308938c192df935cf96b5735d55a8f3d42fefc693ebaeef33

SHA512
9b47a3e74a1180f7b5a91771e69fffbc5c5d026a472fa942d4a09b6da4f65d2057527b4fc4af269171ced1e889f4c5a929bc7bb9cb003cc23970d5cb17f9e525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
82200be423ab31a96770e0670315ab96

SHA1
8028556a1d53e2065e5f545a1fded555fb6e82d4

SHA256
88452a3cd369602bc61f5abfe81cd95f743ee7efaf376e09b58cff41eb5867fb

SHA512
5425cb1b0cf741d632485024b6d5ea1ebdedb08c435cadebc3c7082d304b8990b974122ca2c166399adb8671e8ce8a097a44b40021a0b3cc399b1e0f6799da77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c996c53bbb55a91ccda0f2e5c43b0f8c

SHA1
adac6248cb2e6c41af4b120b001df36b604381a3

SHA256
a06c967888563a5988675452496da876f9d173236216c5ff8835524fbb71de19

SHA512
6ff64e08688d115fcf0f5a5db7dc0ff29d6461580803a6efec8f513c4106e84cfbd93a27971c95347356316750259e8a8d15b10f430dac328df0c243a23e022f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
11284ad34cdd75af3cea9a617619322a

SHA1
0964ca7b5a5dd2d12f4863acb6698c6b31c60c18

SHA256
4b5839a2b9e16fd7fdf5ddaa4c3ff45bc375062e8cf6e9c4082f443628b0717e

SHA512
5556c8ae8bb0c221b689b7efdb6c6c3f2dbed59fe395694be76aec5b209d6253386e6d254315c6c3e19d7dfdc61ad493fbfdbb608e1dc52e1743f12af4caa379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
964a0d4c6845c625a261d8a3a85679b7

SHA1
656902105ef9264602513d20e5e0871ab94b2031

SHA256
2b0b0eb68a03d75dbe45d4f9037dfb3762c468233c4ec9f51b002270a7c267df

SHA512
8d07e8e8e6d33a46205faa37af0675b950baf1828a82ce509d94c959a2ac309eef9d427a8164a451bbdc85c4a0274d0108196d594217d76964fe808e004f0070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
84fe21320a91f3108c2e77dbf19f191e

SHA1
dda6f7f38754a9f293fc9404bd36ad1adfaacce3

SHA256
d97a2c37d76f92f35b3449cf707b9979cda64c14987f94650233f5ac70627482

SHA512
9680711c206de708cc6d2e29ae2d3784214262c3cc5c044fda5cca0e2e6f1a4d08e63f8c39d767473f373ea6b9de15b9703eed8d7520a4da215ec56c85ed4813

Download Submit