hxxp://youareanidiot[.]cc

Analysis

max time kernel
51s
max time network
56s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youareanidiot.cc

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133706533787809437"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{91AFDF53-C1EF-4581-944D-A09404F538DB}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4580	chrome.exe
4580	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe

Suspicious use of AdjustPrivilegeToken 56 IoCs

description	pid	Process
Token: 33	1524	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1524	AUDIODG.EXE
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 440 wrote to memory of 1440	440	msedge.exe	109
PID 440 wrote to memory of 1440	440	msedge.exe	109
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3756	440	msedge.exe	110
PID 440 wrote to memory of 3956	440	msedge.exe	111
PID 440 wrote to memory of 3956	440	msedge.exe	111
PID 440 wrote to memory of 3232	440	msedge.exe	112
PID 440 wrote to memory of 3232	440	msedge.exe	112
PID 440 wrote to memory of 3232	440	msedge.exe	112
PID 440 wrote to memory of 3232	440	msedge.exe	112
PID 440 wrote to memory of 3232	440	msedge.exe	112
PID 440 wrote to memory of 3232	440	msedge.exe	112
PID 440 wrote to memory of 3232	440	msedge.exe	112
PID 440 wrote to memory of 3232	440	msedge.exe	112
PID 440 wrote to memory of 3232	440	msedge.exe	112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youareanidiot.cc
1⤵
PID:3940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4124,i,6510295916244954942,10164894160290787457,262144 --variations-seed-version --mojo-platform-channel-handle=3856 /prefetch:1
1⤵
PID:3400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4696,i,6510295916244954942,10164894160290787457,262144 --variations-seed-version --mojo-platform-channel-handle=4756 /prefetch:1
1⤵
PID:3416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5376,i,6510295916244954942,10164894160290787457,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:8
1⤵
PID:4512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5396,i,6510295916244954942,10164894160290787457,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:8
1⤵
PID:3132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=5836,i,6510295916244954942,10164894160290787457,262144 --variations-seed-version --mojo-platform-channel-handle=5872 /prefetch:1
1⤵
PID:4432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5764,i,6510295916244954942,10164894160290787457,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:8
1⤵
PID:2012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=6076,i,6510295916244954942,10164894160290787457,262144 --variations-seed-version --mojo-platform-channel-handle=3676 /prefetch:8
1⤵
PID:2188

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x2ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x294,0x7ff9c6fbd198,0x7ff9c6fbd1a4,0x7ff9c6fbd1b0
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2308,i,17186730628499300945,13146072675532717030,262144 --variations-seed-version --mojo-platform-channel-handle=2304 /prefetch:2
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1976,i,17186730628499300945,13146072675532717030,262144 --variations-seed-version --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2252,i,17186730628499300945,13146072675532717030,262144 --variations-seed-version --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4412,i,17186730628499300945,13146072675532717030,262144 --variations-seed-version --mojo-platform-channel-handle=4480 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4412,i,17186730628499300945,13146072675532717030,262144 --variations-seed-version --mojo-platform-channel-handle=4480 /prefetch:8
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4552,i,17186730628499300945,13146072675532717030,262144 --variations-seed-version --mojo-platform-channel-handle=4540 /prefetch:8
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4548,i,17186730628499300945,13146072675532717030,262144 --variations-seed-version --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=3368,i,17186730628499300945,13146072675532717030,262144 --variations-seed-version --mojo-platform-channel-handle=3372 /prefetch:8
  2⤵
  PID:6100

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
1⤵
PID:4932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9ce92cc40,0x7ff9ce92cc4c,0x7ff9ce92cc58
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1984,i,7041255069992937334,8542513128957858239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1952,i,7041255069992937334,8542513128957858239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2016 /prefetch:3
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,7041255069992937334,8542513128957858239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2452 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,7041255069992937334,8542513128957858239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,7041255069992937334,8542513128957858239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3688,i,7041255069992937334,8542513128957858239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4884,i,7041255069992937334,8542513128957858239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4936,i,7041255069992937334,8542513128957858239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4964,i,7041255069992937334,8542513128957858239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3408,i,7041255069992937334,8542513128957858239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3396 /prefetch:8
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3196,i,7041255069992937334,8542513128957858239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:5916

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4288

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4fd2e1e0ee89ab2efcf64b13813dfb57

SHA1
f1469469ac1884f002fbe3cba1d8be88cfdf39af

SHA256
b94064c9e6abef05638da45947d0760325acfec963626406aa73bdeb3f3e77a6

SHA512
f28e540f5e356191f33a7e5cb091d9e6fcafac73a94e87d6b96823ff9cd8d914ed319cb3ad1ea76a5e788b7637826b6b5fa6b3a6c96f24353c0c44f9ce0b00cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
298829fc40326d677a0e49db7e2eb3b8

SHA1
b73b4b483becd51ae19202b26be886daa9bea7d4

SHA256
1629bcb128aec1c4b9428af1daa06d25b5c95e5da01e688a589b3867f974397c

SHA512
58824dc7f2250bfafb5fe4992501df0fec565449d5ce7641aceaf7543eaef33acc47af2819b11d36d89ae24d13d9826d0c8aaa7e06970a53789377bb72dc86ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b581d473f08a3389a3c171ae2d2d16ee

SHA1
46e0f557876aff700a0bc8dc65bebfc02213599b

SHA256
4a35153b995270dcd3f0bb79c5fce7c2f2071cccf89f7a48850df93b4e9e6d6a

SHA512
d112b2e2984d008211ec050430e140fbb424c22b98ec2041f3c7754c0c3e685967cb434272dc6c6ff42281282c00956448e23a924a2c0f1edc868c5f86080e91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ed4aca05ef0a8746f712707913908e03

SHA1
38d039963d4d28844acb4929015c4760d44d9f5d

SHA256
6d431b30acb3f1142e9a6d5451cfb35c19aa3c0397aab3317d9b3ed19237adf9

SHA512
62d83ebaa786a662b92a63bdd62d1dc3a4ac61bd408a4a072c5359f1f2c3e20d6a8f636b7030c0688849dcf4a055075b598b099fde36fe430125eebebc237d72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
96018f4c2fb0e1ae048bbe6d248375bc

SHA1
b0781f5c66ccdaa87d8a70b6b6061563a7d33649

SHA256
068e440d974eb81013337061b069a08dac1432a98d7c95147abd949bc0f3bb42

SHA512
04ec577b08ac67e275d8635389a3bc0ab7862d48814e2b0db159e3ee2f852124a035eff9bb346421f0e3332ec631281e23f7ee4d0774443838fa172678b57b2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
17e68caecfb88674fa1aeebb07227974

SHA1
f15cdda309c196d70dd71df169d5c675afc3f73b

SHA256
378fa258562ab0cb86b24bf59097557382aadf5329f16e112bc188d7ee5cc53d

SHA512
297f7bbd70cbd84cfc4c252ea47cc750f7dd16e17f4ea8768e7706b80a01e0eb71a2d1761099dc6d2afc68039d9eb4243303842066b83ee6c4cf6188f5121e68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c60cdb15-ab0e-46a1-839e-8d5ce6277ed6.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
5e314299c01a70af8312118b8a78953d

SHA1
5a079bcab048ccc74d48ba20b44eba36b7f21e7e

SHA256
e01c8c5a1f997977bd4dcaa66615117252cf723706e6306f6fbce57f387972a1

SHA512
b351ad3d08e12e7433fbaf8c2d388f099d9832c38a3b6cdaf344103f82864cfea8dad4598cc0cc72dd5c0fc4405733ee848dbffaaf7a327446848c3a09741c1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
854f88e7513e912a0a4e8d6d5b0e43e6

SHA1
fd90fd8dcd1ea4936ebe2d080036f57601fa52f6

SHA256
fa40fd6b3ac8e9e2ce1b0221fec79f6ac77ed60cd91a435f233fe0af31fa3bc7

SHA512
452083c444f6c22aefe333baff303a07c24b29b9bbbabeb0e237c5168eac2f30203d611d765785aa75a26b7fa494b421058a0deb6bb4d1db2039300c3d72be25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a5e725e4d715fe9cde7e44362c6a131d

SHA1
607f52522814bcd54011ca0e7ea957c64e5638c4

SHA256
02ec415d501402ee6ab7165ebb680d2ba11c2c906c45548df10299e2008bb023

SHA512
5e7a22fe7db3400e8ed4224bdf82023bc5449574ff52f19c518e67175a7e5962a36f6ad7b5fecb16c620f0e5989201fe2a0a31d8290eb7893038275ca15abcb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
ff0c70a2a19993b326e1412d1d5ee2ea

SHA1
e971e9d0fede618554f0d2d02251171dce468ba9

SHA256
9579bca96f7786e33330197152dbfebd70d22ea618a74bfa572ca91ccd81ae09

SHA512
f3d8a217c9865721e8f243ffc3fc733e24b7d9292e9242628b1274be98756be4737ec25af41a55f0fc3ccb86c87da0aa36e2ab53f9cddb7def9620241a15a183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
b54a6c4567220afe5aca3777166ac44b

SHA1
448180e9cc1f4521f7e240a95e573bde5e6318d5

SHA256
5288774c40ca519492ece90d1fd2ee6b06a9008e9514ce5aeef526ad0df211a9

SHA512
ba96f824b83a0fcfb9793daa14912a5e4626979c8e32c4b5f3b80929872cfa8f75fac6d24d4c500f6bed1ee1212a613a9218bb7b6bc77f493c315f43ec9196f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
53KB

MD5
c0e12cd09f57150797a9d35d81842f4e

SHA1
5b45563e292fe67771236a359b2a49cda0ea32ce

SHA256
e0239abf7174c8b34429af2b7a3085e5d6a71480b9d9a924a244f152c5fb4b4d

SHA512
728078d0b4aea82e78b5d625a53e5378e3c6322e3f93f63de4b3ef5944b50c02c38d6c30635c91c17a59532d89490c0226c04c1ccda813d254efe2bd3baefdeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
53KB

MD5
8385f36e93abd767395a03ecd7e102a4

SHA1
075f9af8edf845d5dda63af251435429fc9041c2

SHA256
d20f5b347e70e61e36bab914703d256328a9b1f4711dc7dd21b82fc075d477d5

SHA512
5542c1c2a8d3a4d28d937795763b881090b33eb73d673c1ebc81437404261790f1350f5ec716316c0acfcd8199d6ad036b0ff2314edce9771e7bed4183822423

Download Submit