a19ee9140839bdcd4d8c5325b99477ec09d8c44f0cddfdfbc3c8dc003162fddc

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 11:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

watch.html
Size

814KB
MD5

785c03be8e063fbbcd0b7f201097d86b
SHA1

83142821312e8e36b545b43dba46970894c238af
SHA256

a19ee9140839bdcd4d8c5325b99477ec09d8c44f0cddfdfbc3c8dc003162fddc
SHA512

f244cd536cf2873b4ffafe62bc7e1c7fed872e1fae1f06e312be76dc55c8195faba204b2804fc0bfda0ec0fa680bc4ff199ab39ae137d2484bfa79fd8b695f36
SSDEEP

12288:lf8b8V8e8V8s8A828H8z8kPcUYI3tEtnz:lQ4I3tER

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
156	discord.com
170	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133702704044672961"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2644	msedge.exe
2644	msedge.exe
652	msedge.exe
652	msedge.exe
4548	chrome.exe
4548	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
652	msedge.exe
652	msedge.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 652 wrote to memory of 2224	652	msedge.exe	83
PID 652 wrote to memory of 2224	652	msedge.exe	83
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 1540	652	msedge.exe	84
PID 652 wrote to memory of 2644	652	msedge.exe	85
PID 652 wrote to memory of 2644	652	msedge.exe	85
PID 652 wrote to memory of 2900	652	msedge.exe	86
PID 652 wrote to memory of 2900	652	msedge.exe	86
PID 652 wrote to memory of 2900	652	msedge.exe	86
PID 652 wrote to memory of 2900	652	msedge.exe	86
PID 652 wrote to memory of 2900	652	msedge.exe	86
PID 652 wrote to memory of 2900	652	msedge.exe	86
PID 652 wrote to memory of 2900	652	msedge.exe	86
PID 652 wrote to memory of 2900	652	msedge.exe	86
PID 652 wrote to memory of 2900	652	msedge.exe	86
PID 652 wrote to memory of 2900	652	msedge.exe	86
PID 652 wrote to memory of 2900	652	msedge.exe	86
PID 652 wrote to memory of 2900	652	msedge.exe	86
PID 652 wrote to memory of 2900	652	msedge.exe	86
PID 652 wrote to memory of 2900	652	msedge.exe	86
PID 652 wrote to memory of 2900	652	msedge.exe	86
PID 652 wrote to memory of 2900	652	msedge.exe	86
PID 652 wrote to memory of 2900	652	msedge.exe	86
PID 652 wrote to memory of 2900	652	msedge.exe	86
PID 652 wrote to memory of 2900	652	msedge.exe	86
PID 652 wrote to memory of 2900	652	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\watch.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8996946f8,0x7ff899694708,0x7ff899694718
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,13541969372832623792,13250629734571443695,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,13541969372832623792,13250629734571443695,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,13541969372832623792,13250629734571443695,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13541969372832623792,13250629734571443695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13541969372832623792,13250629734571443695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff88940cc40,0x7ff88940cc4c,0x7ff88940cc58
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,13147950956043146442,12637578912601629693,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2084,i,13147950956043146442,12637578912601629693,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,13147950956043146442,12637578912601629693,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2272 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,13147950956043146442,12637578912601629693,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3304,i,13147950956043146442,12637578912601629693,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4060,i,13147950956043146442,12637578912601629693,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,13147950956043146442,12637578912601629693,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4048,i,13147950956043146442,12637578912601629693,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4064,i,13147950956043146442,12637578912601629693,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3408 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=1160,i,13147950956043146442,12637578912601629693,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=860 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4600,i,13147950956043146442,12637578912601629693,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  PID:4484

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1732

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4280

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2d4 0x3fc
1⤵
PID:2228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8d3aa7a96896668508f55ebde230999e

SHA1
9a736ae64a7a5d23e4facad4035a3de62d995f19

SHA256
518dda886cd35fd966ee69282ea801903833b7cc101916b2db88da6757720d8a

SHA512
02a3cb595a96867f7f7e9f0cf44c3346025fc928282f6b7033531ec07e468458d4275ef8a82073db9b13174167825394b7af2289e2c48ebcf8f0efabcd19e983

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c22e720e2d3d8d46946579cd8b0dca71

SHA1
276b01f8d9a6466adeb6cde35a4948e6d1dc3817

SHA256
db0fb4e41891fa0e4af5d8b148cd987a9ef0dbd0dc76e8ff4a572f09c8e20e59

SHA512
a03e881243f0ef9957f85d38ffa3839980e255b56b7cf36f39c93163deebf1ff45753d8745a6b4e0ff91410087922eba1802f91f1f4e8e9bd24cf59ac4104c98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
552c24c7dab1209926f93ba2d73be577

SHA1
f3fdf0a63eaf7b10240005cc1f6b3710216d885a

SHA256
d78b111554383f02264d30615689d594e53d9c34ef061f49892516a95f71fe8b

SHA512
0b1b0bdf3f3982cdde3274a9a438a37de3e586f7f5072884c6772578766107d941236e6c10225038083ebe4d64e376988f1eb7880c806e1f8f118ac9c23962f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
674a9b804f63612c539ba0b9221890e4

SHA1
eee961691ef55caa63419e6f496988fc307b64cd

SHA256
dacfe5e9bc4ff4dcfc0ed713d91279cbdd7165f117bd17e8ae488a102f71dffc

SHA512
f40f9bfc9379ce79379e17d8d15a26de4652e5b2b9bb4fd7a56ca0daf3d019a411d208acec0a4dca5d1e988dc3110e6d9ac92836e3e1d2cb54fbe219583eb8bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
66667d3ee1a78e7dfb5d9912d28d338e

SHA1
a28238147f6f0639c732c1298fee3fa9269766ef

SHA256
a2a51b5c094ecd97997e73a6fc35f3b5f9867423004949984a0db380e8ffc525

SHA512
41f6c9619931c12524e0b801ed03b6bf93bec86b6fa156fc8be8b7e3daafde0a3bc444c748842c22a165601584d47d6866b040f9fcd969c12bbb4ad69faff8d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
b37698f994ab36c254a83f5e4a916788

SHA1
cb93532d2ff126e4b4481ba2de980c229d18bd45

SHA256
070d9c67fd83a31ffe58a786301c1b9b555a14499542eeb8e62388c1d8684a2c

SHA512
6981e07a1813145f41e4f38ce43977fe2608da13ed37885b1a0541575a280469468118a06c7c76dbd6e70f2d2cd34bc5ad560aba6ab3a3555ba9e5d9fa510923

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6dc24a5fb39d213a48769200d656df64

SHA1
f3fd4e5870cd5b0cc36bd02c57fab05658d21c39

SHA256
6ab1e3c911cffde55dec1ede89a0d6abd73208cb37831f20206725bc961689c8

SHA512
d16661ee34f5f0b0cc47a4cab130bcbba472253229df150f1c268699c28aff1c4370ba46018b2d8e9667537f821176f0890b7bbec9ae6831c7549fe27ae038cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
269df7e1579e46017754785405328d07

SHA1
c63f7a192756959f7fdb22125e75828d283c187a

SHA256
10f808693aa804a6e7ff0c4f7987ace835ccfc79449cd220ab91fc3d5d620668

SHA512
5736576258f91ba1a32bc5637b5a53bafb22f84d6bddad3889d20b09e9fd29d8bc205393acff6395f001bad847f940342aa1bd2a8818bb8acb79b833d72a9d1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
afa0cce0e7651547f7b843dc4bac7201

SHA1
6c536b2fed9c5ea77269041c5e7e506f75eb7c27

SHA256
29bd9f34fd015c75cf7be0d738d74464233695cae2c47846b2c055c4c708579e

SHA512
dd6f608294640a1a9043ec26d1072d04d13d97c142a20066635a22b1ab80ea6eab98736ecf32a53f9026e93c7cdb0c35fbd8f9c7fd8fe0653a62a52914673125

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6f421598b920eca3d70c8327c672b8d6

SHA1
5b826f7c17c44cfe0396f811e1565f82b09342ea

SHA256
6043730948f92eae0a87be6e20cc39550f42114ff0d0c1086afddfdf6d531b9b

SHA512
10b99bbc806307b3161abe887dc3d8d78177a4d27861518285470c94dc4b18588170d559cd9f5d158b8d06ad602e06f5d32b92ae59420c3fc09e89c7e5b3aaf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aab35438925fcd5508ff0708bb5f7dfb

SHA1
5e81d7d90e15d4e2512dab973b302e5cdd0523c2

SHA256
0c779fc30d18b8d2759d43929a911ef0c6685c6c915a69ce7ec00940d173111d

SHA512
a919401aa223021e427af9684b6e2c218c72a33b654a7574125d23cafdd905fb38483dad3a032b3e102d43601bf298bbfba442ac6458fdb2e6f7ce58d64c8b7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
19aa5e487ff079c164aba4d592d0c103

SHA1
7e8b18c2936c265ed8a42c2e86f23dbe3f082f82

SHA256
fc49de45386362ea2526586ffca01db838d81fc29a58c1c113b7a86d996d3354

SHA512
c8fb7353cb3c5c83f7dd6c1b5c253a1987fa8bffd3649c24994bf91990941abcd3f6f2547c56e6907383fe332cb4a18d8c9dbdbed2dce96a37f9d43846f17c67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
82cb56753d3ce23a02a0735916054fd8

SHA1
8de268767763980088992b00a97d9c987efea8fa

SHA256
3952a15a48842216b639bdd869b4c57aa4509778a39d45f797f39427ae99b14d

SHA512
4b13f252c0c3fb18aa28d3cffe9401537df30f0b78e5fb8e9f0e2cca9a74e1bea79004084bc4c09de8290b2da29b4fdc7b22445826faad214e07f32dff4a2b7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
55bd0449f34074e551ce2897210359bd

SHA1
c1b4f406cfa64c42dbfc1a018c2f3ba9be2b04d7

SHA256
6fc45349b4a64609e7531fadfa8eb9f58b0d6d019bc70d6abf5cf83f0dfed28d

SHA512
4d66e6e55b7d14aaacea3090fca5ed5e5629b8fae908540807dfb51edfdc5fdbe244234c48aea9dbc312dee2ed54b61ca8a0f8674245d168be0c2e94b557fb35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
671faac5caede4ab35ea57a191de73cf

SHA1
f9c17e0e3be5df7966bd629ed5809a50c8a5adc4

SHA256
346fafdc7392e90b21545f586386d0015fbe3665cdb0d8a0a34988dacdf5c8fe

SHA512
40171fec336cb7dc3151f0475298258473f2acd7503f77343d606b87f4a7fda2ec3994d7022e046e232fca784d3715755af17c5cda1cd7ed9ba4af4b7536e0db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e9921cde5ed7407f9f72204d46628c52

SHA1
bf57903a8f66b3707876cc5a7137c6be48541a41

SHA256
087cfbc2ef23cb63fdebf8f1ee01dc34f794952db77052d94b68dabe70130624

SHA512
25917d55ba6d2cbcc19eee0c203e2466894dacb833bafe4c07e1c53f0abb3b8d015db7a4e9743f470a38efc2cb7dd9ca95d646ecea762000245dbcfe6a5bb3e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
c40915ec43f7633b148cd038030c4e66

SHA1
8da5344924f03feded29d94b1bded91067298186

SHA256
8b8f89b13d4fc7777242cd68aab993054298be516cf26fc509709cc6f05a6097

SHA512
b159480794ff3750bb6eb6255a183053e378cf426d192bc095ae407d85527df12a9fad3c885d3bd56842927e1380684904034399ab05a2e574db9e948fe45338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
87efdbbdeb2c367ecae8237d54232fb7

SHA1
6d1c222479f1f45b8cee90fec0bf10a5c3e7bd80

SHA256
622c0107e948cb07db13cd4acff91d7484784d74750a2542ec6d40c43b2d22eb

SHA512
95067c36f624f46349c4a2960238abc8695d48e855c85d626e03773acf97213747c12269aa01ba13d58e25ed65bdfee8b9c95ba6d5a3b90303e378ddafc294ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
584B

MD5
7c21780e7fa94b3f3e32995a110dc91f

SHA1
dcfc2e9ac236e398f9c887a77f43e47d9cbfa344

SHA256
2371bf84f7a6b2de2d4a4990724e359f1e8121e11e9a5b3ccfe48b36dca4625f

SHA512
4bceec5d8c5908cf931281795040c121a1db074385ef47ef95dd230ef523ded9780a8e6674492fb8f9f29bd090d594f81cb66dd2a660786151bc42f4833d8e31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e3bfe761e7c657ec8dddd07e42b880a2

SHA1
01af8f6f3b307ce2181d0ed6e55499524b8049aa

SHA256
f4bc74a5ba948ac6a66d78ca804d5b6022f6d4ee52ab8eb13fec7182677f84fd

SHA512
1887d72cd59a5d6130aa3f1fdf4b35e6761e1eff95bdb385a97bfc23430cd76ab3194afb9229b1633ceccccb9e1f734f6f6e0d529e932e9d92b9b10053143db8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f66d603b9c433b2d2ce71418c8a81ea

SHA1
1a49de4651ba7c7b2b51ee45c6725e73415dfeaa

SHA256
f224ccb14509b80409ef9aa138b09a753532c99df791d1641dfd6c55264e6f1a

SHA512
866e2a77035515118f9fa69354c54189cc2c365b0092822755486f1a45b9422145c8f5df58fa33ae915252ee088a5eaaf3dd938626ae0006408a2c5cc3b97584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9475b80ed9eeac1fd78c632b85683594

SHA1
b26448dac552cccb9046c638236284664775c5a7

SHA256
3c052872be5d3ae5f0ac68f109caa23a6b38b814ff1bc112dc613b35ac613134

SHA512
570536774988d3022e424c049b98e0855deade5264023e56ad6bd024d2aa1e6cd6187d77184adddd56ef9530e7c2206d27dd014d080b25ff7f6fb801d96c453e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
71ea7dcd8be4ca6c61f262d6ec143289

SHA1
73561cd5518f3b12cdbb4d1f0c053c26b73d7650

SHA256
c6a17bcdce63f652682146abb83cab3889f9bfe5c85b3ceea918d056d021c107

SHA512
142087148ed3483512f4cc8e8eb73a2c91344b6c0c10233941b251bfabb251090cc37b24bb0ea955e52d37d613f839bf36fdb5f44d07e24e9bfcef514f6384f3

Download Submit