c2c00c72096b6cecce7052928bdbee37dd8ff3431be23dcbbbae6ba331a4e362

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

redirect.html
Size

6KB
MD5

c59dbfeab7e5da14fe1e630d675b12c1
SHA1

e2f2b1c572c737c40a8f87809e68febd751aa782
SHA256

c2c00c72096b6cecce7052928bdbee37dd8ff3431be23dcbbbae6ba331a4e362
SHA512

f1291df4d6ac3bd0393bc719be5b435d58ef911e39ab156a0c01c068326840ae64e5d2250943081571e46b9f84479a50e10452c704259ddd2efc6e7d3d3bf242
SSDEEP

192:dQHLxX7777/77QF7Jyrq0Lod4BYCIk0OWXPS:dQr5HY50+CIk0OWXK

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133765158195481034"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2684	msedge.exe
2684	msedge.exe
924	msedge.exe
924	msedge.exe
3952	identity_helper.exe
3952	identity_helper.exe
748	chrome.exe
748	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe
Token: SeShutdownPrivilege	748	chrome.exe
Token: SeCreatePagefilePrivilege	748	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe
748	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 924 wrote to memory of 1376	924	msedge.exe	83
PID 924 wrote to memory of 1376	924	msedge.exe	83
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 5084	924	msedge.exe	84
PID 924 wrote to memory of 2684	924	msedge.exe	85
PID 924 wrote to memory of 2684	924	msedge.exe	85
PID 924 wrote to memory of 1488	924	msedge.exe	86
PID 924 wrote to memory of 1488	924	msedge.exe	86
PID 924 wrote to memory of 1488	924	msedge.exe	86
PID 924 wrote to memory of 1488	924	msedge.exe	86
PID 924 wrote to memory of 1488	924	msedge.exe	86
PID 924 wrote to memory of 1488	924	msedge.exe	86
PID 924 wrote to memory of 1488	924	msedge.exe	86
PID 924 wrote to memory of 1488	924	msedge.exe	86
PID 924 wrote to memory of 1488	924	msedge.exe	86
PID 924 wrote to memory of 1488	924	msedge.exe	86
PID 924 wrote to memory of 1488	924	msedge.exe	86
PID 924 wrote to memory of 1488	924	msedge.exe	86
PID 924 wrote to memory of 1488	924	msedge.exe	86
PID 924 wrote to memory of 1488	924	msedge.exe	86
PID 924 wrote to memory of 1488	924	msedge.exe	86
PID 924 wrote to memory of 1488	924	msedge.exe	86
PID 924 wrote to memory of 1488	924	msedge.exe	86
PID 924 wrote to memory of 1488	924	msedge.exe	86
PID 924 wrote to memory of 1488	924	msedge.exe	86
PID 924 wrote to memory of 1488	924	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\redirect.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce38246f8,0x7ffce3824708,0x7ffce3824718
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14706581458170594567,150029477250992476,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,14706581458170594567,150029477250992476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,14706581458170594567,150029477250992476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14706581458170594567,150029477250992476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14706581458170594567,150029477250992476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14706581458170594567,150029477250992476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14706581458170594567,150029477250992476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14706581458170594567,150029477250992476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14706581458170594567,150029477250992476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14706581458170594567,150029477250992476,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14706581458170594567,150029477250992476,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:2808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcd4becc40,0x7ffcd4becc4c,0x7ffcd4becc58
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2064,i,13625755148459186867,5016022677713345172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1880,i,13625755148459186867,5016022677713345172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,13625755148459186867,5016022677713345172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2584 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,13625755148459186867,5016022677713345172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,13625755148459186867,5016022677713345172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4524,i,13625755148459186867,5016022677713345172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3708,i,13625755148459186867,5016022677713345172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4932,i,13625755148459186867,5016022677713345172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4972,i,13625755148459186867,5016022677713345172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:4100

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2628

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7b00857f-4a3e-4f16-a882-58e5564ea572.tmp

Filesize
9KB

MD5
c372aa2cbef78ff280b7e4dfda1b8dcb

SHA1
caf5d4dd2c795964a14fcac47268b1c6fd8e6ce5

SHA256
31e0c2eb6bf3126238c1230d3e27a34b8e99f9e20c3aba75bb48c76701d32552

SHA512
0ae893b36c9542067671197f75940a6b9d242677b546f55997b659ee551095ee131d2436e1a119d7ae8187f8adefb7a88d1bbd289733683094019ae9f26c106f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
77b6f3984fbdc7b070455b61bd1b76f2

SHA1
e6f33380cc3b5c1c42a8138cae7c64ae9d8aff49

SHA256
2b479230cb6fd4d3adc1d70b24c3382ff5ec92aa6992af7d61f268a416c89e42

SHA512
a171e4708e78efea31ad369d5a5e6193352bc17aed266a87988d3cdb6bdfe6349ef500d6589fb672f35d6c103b44fbe448bbf6c3ca27fc348d91a98e4d07f7a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d72be2f3e3a97b9765b5ed79922382c6

SHA1
0be99ed057034a26a65d1b8f98145e91f487e3ed

SHA256
e3fc65ead53ce37e9381751b717db2e7b304833aedb8d039cd2184e0312a142b

SHA512
34dcc01528714445b23d99ebd0d188d472e956c856dc8ddd295a57ad0bfcb8d30024b5de46aa20634c55ae2d0b31bb5251aa82d39306c6922824898a97a9be3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
7065f52c7bad0c0b3a57c3d2ae7251d4

SHA1
3a5ac512c63122e3fbe52bc032e1e99cbb986bc1

SHA256
8cd40c1bcc84869c48167e6b8fe85a84500977435390cb0c518c982bc9c48325

SHA512
d7e82b8cd48c32c369d9afe5f17f234b7fcb266945966ee3a1e6300702c78775b66fd63e48323b2af37732d05a5b9bd7f493df42d321fb7fbd763b3facb86f24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
77b9b1002ca8d2501af41e7471cd0091

SHA1
d478048fa75ccd54049af567560511d814aaee42

SHA256
0c2a44b6881de82ffe97d3f1605e42421a35bdd1348bdfcfabcbd166acc70d46

SHA512
566db4c64bb615cbe845362591c93f575d4859e6e881896cc64025fe73452793726775829bf3938e5b9aaa3f9b1764687c1bbb61ceea3bd7b37de1d76f366b26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fda2b1d5c10a29de6a79766d888c60c4

SHA1
1e7aa827de1ad4dd3a5ff16811919e19180e248c

SHA256
199a2942a1631dbc18ccc1e6bab0584f4ebb3358302cb9ee855eb054ac4d5bba

SHA512
252b9ed12c4176e2c7841a9fa84d7921f06c4cae868583576856dd59912d0ba69b5b0edffa7533e1e4bc0a63f3413c8a22a3c62cafded57916f1d93e87f261b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
44cb6a156fdfd2e0a9109f35d779abe3

SHA1
c60c31b1a1134ead742bc99666c1ae073f9a96f2

SHA256
f239db6e7ff6b62d627948dc7f9535c2984c6a66699ff68240df4d585c318c87

SHA512
245df18f7ac87476e89a11cd1b2912eb04dfa1295bf5b4835dcf241dbfdd0b046c4b8cbe408377ccef5c987a2327a933d509b8b283286a9479453d5809b91e5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
722bbcab2e968f2aa179e113fd1286af

SHA1
870d630f604ce55c44de310778f495cfe6e5076d

SHA256
e6b2cc3af866e045d242b1f54b2bb20f38230a737f6031300745dd14ea3d9f5f

SHA512
36509bf528e97149dbd4277f199a69d86f5cbd43c04f6350e7078bce73927d0a054e854d28abbdf319ed48283dc56ef4f65f5f388125eae389c740bc89022b58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
827731ae5c42989642bb60cf8b20aa4c

SHA1
5c0e86ea9ad0561bff656b4de1b5bf067ef7e521

SHA256
eb2376ec742bbf474049efcff9844f52aad2f7f65c9ba5f50b6a46e315c634dc

SHA512
77df39b6724c76f678d0d3fc261b0678fe244de8523052c15755074881dbe64c068d55143731a1de86061cc3404d62b949410485e75c5235a2d640ebdb5e9ef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e79395ea245a46416ef062bb59fd0bd2

SHA1
e16162729f03f87c21d73b73ba1c0fbf8db0795b

SHA256
f09c45fc4f225bb59dadc1aa9e146311242feb9e8fc891095be7ea79b8b19ea8

SHA512
0b70f8916ecd5dfddf79073265cc89ac056733a7d06ed8918fc5ce5a733c3392923899b682673915650998de58c5e2863487e54a5aa96e68dc7aa2da3829e0cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3fdad6f306a83656c7c4277c3929a8f8

SHA1
282339a38c8b4c204dc2a8e2ecffd2917738ef8b

SHA256
f8d73d72a840ba7d90cfc3d16a90224278fcbd024db2e21facf6b47961877963

SHA512
cefc6c498b21265b6431c358a8f1fe66c6e84cbbd487445a76968ed4e883c81447d219fd37efd324dfb422af69eed860e6145e1b5bccae9d7ceddd2f312c52ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4e38fc6e79d7cbf9400db4ca25900f43

SHA1
c4c656297ce48391208d23a6254007cf2e2ca467

SHA256
7753936bf74a3d198853e744a08075c01953f157f5ce6e359b8664bc975cc505

SHA512
43c0bc49aabb0f8e3ce8cb79fa43cf5defbefb2691146bd278cdf9b6b9b96874e2c5aae7b93b459e6f8ffdd0f5e582362aa55fd7c99ace05eee1e7631e2d7b99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
996e6a363a6529f253001a6328a78eef

SHA1
a5aa3c03424561e4c20ed1d074b3bfc3ee35d370

SHA256
b174f9af99994c4da10339cfcaf98c45c6f7f5acc28221fd6ea9942e594646e8

SHA512
9795324d952e2859aa3bccdee5c53d547b533267bc022379a84d3a5cebd851a4b1e8505a89f77da21ce6a5cb89fa8dd32e2891ad6c47921000498d4ecfd28274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
a33b258d82e31c0e18cd978e4b06f16d

SHA1
e3118cbbe1f939e073d21f31a46c9f44c10a31ff

SHA256
0d22606b8febe5469320999bb2c5fe3917b06c22f25fc63d23d5ae53e580839e

SHA512
af3e634f4a66787410638cb1a95b63b5258801efc3b142e82f48ee45d76acc3d3e8a350f2b1c3ed5c8ddeab32684b66fe8a4ff2333c78307d8d9bcb8ed66c1d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
d0da0a30abcc040b62f2774152d7d274

SHA1
b6fa181ff4d0d8db70199914bf8de7ce3298766c

SHA256
ce5aee7ce2e314622c90a2fbd3d4e2d992293c808d40a9e4c929f94964833e0c

SHA512
920973d3221e638cbd7f1a41d6a47305561a83b4ea8f750a719d21945c698af98790e9b5c625f51fdefac875509a102aed6edcc29c482237b682369eb64b2695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
1ba807dff113f64ceb3a4b8eb06b430b

SHA1
d3b5191e37fb2662eca40cd87f4e9caeb3893993

SHA256
5c758fedd51f8e100571438f0d21511c95488aa8bc5ac4b751ed5f349f86e047

SHA512
dcdaa5e579874521d82820fe236fd25c8916738534335f7fba02a426199a756e1b2b9e5274af7809ce48adc3f86793544bf9ef8e175270274c884823404d1f23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af551201c6eacc7e5a709406b3b56c97

SHA1
0d36ce76fff1d89daecb4e34583d211471f5d2c6

SHA256
aafdbe98e048ad62f5e5c10a0b082c2ae0a3c63742dcec9f990497f5b8c2d1b4

SHA512
d8c9e836706f4e900acc3353af95ffd167c64ce8cbeca2655c6578d3239aed2587a6b44c12bacd23b90f14268591f559f8a4c076fc3a29023baa0aad3c3baa8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3e01f7e09d06f56f6e8fda76f8f2c5b6

SHA1
9a67fa8078b04158e84b657768a5faf467c05242

SHA256
4807f4fca3c93262614d86ae86f785ced0f4458c3aee2949487078e42de02a9b

SHA512
f899a9b8bf130d34067ee3154e81b115829fb2f6080a909c1a81a3ae3a3cf9bb58ac405819d1f9b6d0b6f54147928ceb48f4854b3fcf2b53d37b441abad168f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6af2e26a2010a953286b5a9504f3242b

SHA1
dacdfef0a61da2a984b48d420ca1cb5809a49cb6

SHA256
7506850b9fe2d76b2e7573364505571b3656a475568394017ff8cb208bf9ee7d

SHA512
8a4eb36b022b19169592929b292d1ddde0e0e2a425352eba340ed8cc34b62db2a5af0c16ac90fc84a0afec602b5de8b8c6f69c18a5b117adc3a3ba1bce0bf1ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c2af505aa3bdeaf0b576a51083fed958

SHA1
8dd2176afb7a7f466504dd0db6d56c3cae27202f

SHA256
25638ec1481fd8d94ec08cd55f987402774c93353234bc151cb9e03779ed60cd

SHA512
a2ba685ab382c08c1b403c2bdd078213f138ad246dd79face526b6395f8099464f2f59d804422ff8fb907fa3f64e4727b3959433a4a3c827fcec9ae0555b1921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
596c69a8ca0734191700efd8877efc17

SHA1
3e95f18d2c296be9293d8a32d39072bc585afdb2

SHA256
beadd66f6b791596e182130c04631224dd1e92564ed6ddf5cfd9f563d32c50a2

SHA512
6c90cdd7102fe411bea8cfae596bb6d4305f0da94310fc489d45b0683577beaed4a6c2beca72df3cf824fed027f296456b9bef94ae07e0d7eca7ecdc8233844f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
fe947e0b7664ce2051537e355630c0a5

SHA1
a9b3b9928257af7dc5ca62d339e179f8fc72cb11

SHA256
78b6dd062bb013f4da0be0ca6a61970d58fdce34d73d195b2fff6295108e01f9

SHA512
aaaa9ad8c1ccdb6239781fc0c496c6d25f22f6e7c5f8ae669bfacf123ef33441272ee6b631caa0e969a8e957a0344c0b0c34784ac3b7c24b7c7580c817e0cfe8

Download Submit