hxxps://9jaflaver[.]com/video-of-drake-masturbating-trends-online-as-it-leaks-on-social-media-18-video/

Analysis

max time kernel
62s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 15:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://9jaflaver.com/video-of-drake-masturbating-trends-online-as-it-leaks-on-social-media-18-video/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133725277924941298"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
3440	msedge.exe
3440	msedge.exe
1116	chrome.exe
1116	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3440 wrote to memory of 2976	3440	msedge.exe	84
PID 3440 wrote to memory of 2976	3440	msedge.exe	84
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 864	3440	msedge.exe	85
PID 3440 wrote to memory of 2776	3440	msedge.exe	86
PID 3440 wrote to memory of 2776	3440	msedge.exe	86
PID 3440 wrote to memory of 1104	3440	msedge.exe	87
PID 3440 wrote to memory of 1104	3440	msedge.exe	87
PID 3440 wrote to memory of 1104	3440	msedge.exe	87
PID 3440 wrote to memory of 1104	3440	msedge.exe	87
PID 3440 wrote to memory of 1104	3440	msedge.exe	87
PID 3440 wrote to memory of 1104	3440	msedge.exe	87
PID 3440 wrote to memory of 1104	3440	msedge.exe	87
PID 3440 wrote to memory of 1104	3440	msedge.exe	87
PID 3440 wrote to memory of 1104	3440	msedge.exe	87
PID 3440 wrote to memory of 1104	3440	msedge.exe	87
PID 3440 wrote to memory of 1104	3440	msedge.exe	87
PID 3440 wrote to memory of 1104	3440	msedge.exe	87
PID 3440 wrote to memory of 1104	3440	msedge.exe	87
PID 3440 wrote to memory of 1104	3440	msedge.exe	87
PID 3440 wrote to memory of 1104	3440	msedge.exe	87
PID 3440 wrote to memory of 1104	3440	msedge.exe	87
PID 3440 wrote to memory of 1104	3440	msedge.exe	87
PID 3440 wrote to memory of 1104	3440	msedge.exe	87
PID 3440 wrote to memory of 1104	3440	msedge.exe	87
PID 3440 wrote to memory of 1104	3440	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://9jaflaver.com/video-of-drake-masturbating-trends-online-as-it-leaks-on-social-media-18-video/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ff9657b46f8,0x7ff9657b4708,0x7ff9657b4718
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,3218915486773666659,14940612874172042618,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,3218915486773666659,14940612874172042618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,3218915486773666659,14940612874172042618,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3218915486773666659,14940612874172042618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3218915486773666659,14940612874172042618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3218915486773666659,14940612874172042618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3218915486773666659,14940612874172042618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:1252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff953eccc40,0x7ff953eccc4c,0x7ff953eccc58
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1652,i,7147788274877153728,12063167583549836028,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1720 /prefetch:2
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1904,i,7147788274877153728,12063167583549836028,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,7147788274877153728,12063167583549836028,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2256 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,7147788274877153728,12063167583549836028,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,7147788274877153728,12063167583549836028,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3140,i,7147788274877153728,12063167583549836028,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4356,i,7147788274877153728,12063167583549836028,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4652 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4744,i,7147788274877153728,12063167583549836028,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4400,i,7147788274877153728,12063167583549836028,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4404 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4384,i,7147788274877153728,12063167583549836028,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4784,i,7147788274877153728,12063167583549836028,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4460,i,7147788274877153728,12063167583549836028,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5356,i,7147788274877153728,12063167583549836028,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3528,i,7147788274877153728,12063167583549836028,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3364 /prefetch:8
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4020,i,7147788274877153728,12063167583549836028,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:6044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5064,i,7147788274877153728,12063167583549836028,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:5244

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3468

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7c21a95a0e50eb0a9b36fe8cb7e8be6e

SHA1
934cf4f16e32530efa7ab67ed2c92caf3a958c0d

SHA256
3d38f65149bf11c05a2ffdab9363f2397594c999a76241aab83153e6ae5f04b2

SHA512
04f9f40a68a80b4448ce99cb3899549be69a9b4216bf81a21394af343a32e7adc685f4da055dd57e352c5271be3e88b3a7916bac148e021a80035f7e4dbd7c9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
118fa5b12b0449ac4e7ee136c9a3348b

SHA1
ebe664992ea4bc0eda445500c25bf9d0e007b60f

SHA256
143c457d5c0dbfb7f6f987de0dc4cb8be4e599ac477acafd6f4861d3e9e30422

SHA512
910c5993f80d160bdbc309971df69c729e7019b4db331524fc4b372b001d931db35d02198137aebdbb0225e353a01b31be47922b9083c681ad35baeae89fe88e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
c80f58337da03c4baec3664e314cbf86

SHA1
a002fa795bbfa1edafa6d805c0d18b2830c7c22f

SHA256
9fd0a513f4f27c18952c2b0a036bd9e0bc263af6e869d85f0e79a2a6ed484a31

SHA512
01db9ca61f77fab7b5659431e05cbbc7bcd979d83cef138073faf8f5d857aaa60ef89a515db284938965ec1914dfe5c36844d2256913e02dd2d1bcfe8e0df3de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
ea15ce81b4dbf7a3ba385b3fedab7486

SHA1
cc2815066d59ea309be6e70c983707a8d13d3f4b

SHA256
ef66b76ef9063f1e9f4df3d4236c8698335bbcbc76e64f3bbffb2e146cd7d949

SHA512
4052b3180fd1689e0a8ad6629d4d04a7b41d912cf4ecd0b40d211ad289d44d256cbe1211558fe3a03659073382b8a32c81ae6d17a5b70a40480f595dc23978ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b28576c295893aeeb586cc8c4e7b685e

SHA1
43402c1758160963d748c73c182b5c1079baa34d

SHA256
447705addf4654dc2944c9e99a1ef1cf651fed1de4b017ec67f14482d639000a

SHA512
5a17752eb0fda0b643d21008cc9940bc4e8924801c9abea733ebb5fb9a33dcce7eb82c64c1d72e67f92611c19d5143bb4be3d4147f11ed8abde3805b52b63005

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f34200d92faf25c1f928c0e8d9aa1ab0

SHA1
6ab0e1fa68b53afaccdb55037f64c333625f6286

SHA256
816ab727cc7b0b9a0a93376e21a12edf748498038b372db03e8a8d3d25e28b9e

SHA512
21c7311ae9983d07524be586796e9fabc69d25a154c38da8179465436ade655e37a2f04a14246764028649f0e079568d1190bc6e20fc83ae5cd5f48594e83ba1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9a4f380f630c801f9d7c7a778122216e

SHA1
37b4e0fbf84e6d5bfc8e76c4e2d62c6aca4b0143

SHA256
89b26f5ca8563fb2f75a236d0876bc314d76a4f8bea4a96d3e9f9980463129dd

SHA512
7eca0b80d21de5942d39fd1934750674c4af1763eef94997b94c3ec8c66965c09b730bb3e14f10c828f4495143db2da18428cd9a35d466f091ddb5e78e0239dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0aa809eedf884425eab8a0bbb60e1e65

SHA1
b768356d5f231ca47c0f3769e2bbfc19170f7c9a

SHA256
cd46a18302bed3d2485d6a947a6ee76863e23f94bedd5b68a2fd78b7b41e4af7

SHA512
59d590e93f185e21e1f2a2d957098ee146b79b04a4540749f6211d62a09a7255a9e60b9f0e54ea0c8741118ff8a4c9be53270d48e217ef232fdb5157cc27a5fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
cbb69531b9072bdfea08415bd04424c3

SHA1
2fcb0c3f359a6ec4749a7f49523b7024459c3fa2

SHA256
1f366dab087714a8983312d608e66becdaae47c909577863f42c20f7bb617385

SHA512
f712c889d240716a3d2e1d3c898526f511d4e59f4b1132d30a9314065f71c016bbb8baa11a9f18020fa8bcdcfc13eeed1dfe212a15744946b45860d64f38b05b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
efd449511565769b92f08d611ec197fd

SHA1
4629f9980b87575cd585cff81b9c918fea5d1a0b

SHA256
3269ceeb9560d3e0fde7f44afcf72bb006122ffaaf34f8f24ef9b44190eb6e58

SHA512
2907a3cde37a559e58a49a15b7971cb741df3a4286b0712eada2de61e827eff538ed0bfb1afc01632881db6c8fe40dbfb66ac2ea7c2427fd5fd3d42e2b4344cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
372KB

MD5
3ba564fc68a5fc46d96c5e6e98e04049

SHA1
724ac511dfbacc844a3b041241288659b0d7d516

SHA256
026c6b1ec8f884dd9551f822b88f24e3fbbbbbd081ccaec86e1fce2d8b3aeac0

SHA512
9bf0209007c60f86766c77e2ff662f00b393909b10f15522c0b13a0ff1cf89b92cf109d4253fb4ab0b349154d91ed7bf178a6b3fe306b3c8f528af0d5ffd16d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
e9c23de55a5e78a38ce149fdc10f3dde

SHA1
67394b0d4b9e809ac1232473020ccfa2800edf6b

SHA256
fea7134d64e537e68cc08f565f99673ea3c64b535fbc9b47a8767ac28a7d63ba

SHA512
f1b2030e48e1f01255bfe381bde72f9987d575e3e88873fc072a8f873efa8e29fb98885adce023e2f3fdd9e2e323bb3df9f8731f044ea305b8b8bdcda30ec4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
04bfa6c89b3eed2071a0d09598e25481

SHA1
d9558cc3c780ba4ad939d8d83a993e22285115fc

SHA256
bdc4d36ee299ad6ba77766083ef965a17c480f0ddfae2ed787729a7ff406822d

SHA512
9912a93a3c15d9376d0927995606b39c04b0fdf61f6e30e88fe53ae901ddae3bdd06969e197e40ca58d3aa89510421b8569e722075da6be15da56a520fbb12c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
46d8d564c33fef4ec67069e229dd251a

SHA1
0e224f7125f4d20f6c5899b3cb3b7f0b75148c22

SHA256
3b732cd7985428e202e58629d4ed2df5574c0a3cd2f9298e5df01369c4e1ac55

SHA512
c00d1ea6e0244eeafa054a3f99a6e99071dc30c39b52914e116231e0f10eb5f79afd54014aa6dfc65de6a51effcae92a19abddd91255c3fa66404f871e1e5f4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
01f9d7146c06004c8e0dc68101362b9c

SHA1
9b9b0a99327d365c9b9279a58cded46c5b88298e

SHA256
26d33e80fdb7eb55c810d03a93afa717f287762ed93efc8e27cf25d2d87cdfe9

SHA512
50c3a23c54bc0c595ca6e91db3f7ff45145c48942983377ec76ca375bbec1d5ad7878eba51be8b4c38935eef74b0b055a73e19779eafaa940f364594a01e177a

Download Submit