hxxps://tronblma4eskj[.]z13[.]web[.]core[.]windows[.]net

Analysis

max time kernel
149s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 16:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tronblma4eskj.z13.web.core.windows.net

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133765938715798198"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
624	msedge.exe
624	msedge.exe
2644	msedge.exe
2644	msedge.exe
4440	identity_helper.exe
4440	identity_helper.exe
3928	chrome.exe
3928	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 408	2644	msedge.exe	84
PID 2644 wrote to memory of 408	2644	msedge.exe	84
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 2788	2644	msedge.exe	85
PID 2644 wrote to memory of 624	2644	msedge.exe	86
PID 2644 wrote to memory of 624	2644	msedge.exe	86
PID 2644 wrote to memory of 4900	2644	msedge.exe	87
PID 2644 wrote to memory of 4900	2644	msedge.exe	87
PID 2644 wrote to memory of 4900	2644	msedge.exe	87
PID 2644 wrote to memory of 4900	2644	msedge.exe	87
PID 2644 wrote to memory of 4900	2644	msedge.exe	87
PID 2644 wrote to memory of 4900	2644	msedge.exe	87
PID 2644 wrote to memory of 4900	2644	msedge.exe	87
PID 2644 wrote to memory of 4900	2644	msedge.exe	87
PID 2644 wrote to memory of 4900	2644	msedge.exe	87
PID 2644 wrote to memory of 4900	2644	msedge.exe	87
PID 2644 wrote to memory of 4900	2644	msedge.exe	87
PID 2644 wrote to memory of 4900	2644	msedge.exe	87
PID 2644 wrote to memory of 4900	2644	msedge.exe	87
PID 2644 wrote to memory of 4900	2644	msedge.exe	87
PID 2644 wrote to memory of 4900	2644	msedge.exe	87
PID 2644 wrote to memory of 4900	2644	msedge.exe	87
PID 2644 wrote to memory of 4900	2644	msedge.exe	87
PID 2644 wrote to memory of 4900	2644	msedge.exe	87
PID 2644 wrote to memory of 4900	2644	msedge.exe	87
PID 2644 wrote to memory of 4900	2644	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://tronblma4eskj.z13.web.core.windows.net
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8b1746f8,0x7ffc8b174708,0x7ffc8b174718
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,5242975482135241110,3971875985806065501,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,5242975482135241110,3971875985806065501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,5242975482135241110,3971875985806065501,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5242975482135241110,3971875985806065501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5242975482135241110,3971875985806065501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,5242975482135241110,3971875985806065501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,5242975482135241110,3971875985806065501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5242975482135241110,3971875985806065501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5242975482135241110,3971875985806065501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5242975482135241110,3971875985806065501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5242975482135241110,3971875985806065501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:3048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc8af9cc40,0x7ffc8af9cc4c,0x7ffc8af9cc58
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,2597960404560024288,8621537206427902237,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1920,i,2597960404560024288,8621537206427902237,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1984 /prefetch:3
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,2597960404560024288,8621537206427902237,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2504 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,2597960404560024288,8621537206427902237,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3388,i,2597960404560024288,8621537206427902237,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4548,i,2597960404560024288,8621537206427902237,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4776,i,2597960404560024288,8621537206427902237,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,2597960404560024288,8621537206427902237,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:4120

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4488

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3234c5daf753e894b482a62fa1f353f5

SHA1
74c079cb92daa4f0e36476fae169209bba972502

SHA256
c99f57cf7479bde3e790abc2317aaa56b096755c088741c462eee8b4692e0fec

SHA512
1f39d385496076db368e940ad6c21ee07ca4eb00cca53a2f485a4165fcf9b39629c9618c68caf88c6dc52425e82d26c036406fd690666c3405beee46ba9a0e60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8cba633fa114cfca6675684f01c9c5b8

SHA1
94c253dac98145e6a7b6b4142735e9ba1aa304c2

SHA256
5a1a4fb1d1d5c6c8dcb72acf241a111861c73f415dc97e2f0901de72b95925e7

SHA512
f48e537225334f4302235b2744999b677bbbcbe214f459325244c6dfb276334d55c27c06fe1adb1a731ed37e15b389529a9da0070bf84553094e6fb5d553cb96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1613107925dff1b4e79b805b58e63776

SHA1
d6eb7d63c5a32d1606f47a29fe23021f1d61ee06

SHA256
c5950f065df6a8618fbec38b54d7038aa58266fc1ec7b242ee82571cf50de060

SHA512
e0801f42ef41e946888902c1200c738fba8cda41a0a3216cd6c69bb1828f15ff59a187e0191b5ea35953677d8b98d856cec15dd137afec55fdb25ed88e3110d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
79285ca804de31fb32daab097bad627c

SHA1
ab52f485ea8c3c46ebc9ea3b9b10bd727b56c5ab

SHA256
b12fd49781eb7c4bf8c42a5985d133c0d26655039bfe9654a7db427fdb1f5b6f

SHA512
e59b276403d924eae3247c5bf5767d8305528b67f67d82bbc5c72e8d2898c80e48a5654d5ae065d0140692561c3e307d474876ff3d2719dabbd038933f6261ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9bf642c3a15034f6095682cc7c06ac23

SHA1
73148475d5c69f5819930dacd662b055a69c6c64

SHA256
c65126f0389970390e1bfcab841f08974da674b52f0163fd815541e2412d1145

SHA512
79f21677dd1e105d0c0c69bc30c81b246b3c64f7d579c1d2026b473df315980700810fdde7226a338550df72264f675fd994243aefcd5e120f6f84bc02c48630

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1300a1edc042e8b546fa0a157575794a

SHA1
de8faebcdc5abb1162b1597f9094b8266d30a72f

SHA256
6284e45764c3d4b17df9e5b902daf9c686a2eb49a75d5a2a3f8cf5e1d7d89a5d

SHA512
be20337a305a60a9a4b57b6185dfa62d5b21dac239fb9896db5b44981b93960905399ab6b2d43c87c35c03d2227a3481598b44fb49222735a62242f45e7ed2d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
fa3084fef1ceffb100bd215f336d02a2

SHA1
a378249d96c4d3a9d06f071b7f23928f4c9a1a85

SHA256
db9d9c71a2d30e6bb46d6fccfa463c07f405e0f0f274dc62eed0599ee3bba9a3

SHA512
ad9aaf04b462fec1524ad4686fea6f4909c56facf3c05b9c7e5384fa1107c482357e1fe4aa21e2fea9798012305a4729dd235581f56a64f3d88a25db656f3d3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
7a55b1d2c4b5d363ad0367ea456465b6

SHA1
e37eed7a96b22ef955c46f9f239ef89ee6add050

SHA256
b536ffa31b9522e2fa1b28f687d41169d65f28959620472d6911a901bd388ba0

SHA512
026aae8460b19f2f07bbbf73b857437ccdb27cf4baf6979701affe1dab71c3fa1f74e87485c6ad849ee3431be31dac08e0c17983e0bba14ee0617137c2aa1f27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
11b2266c1ce7e30fa8e860918859fe9c

SHA1
de4ec3fe7a7bc29f53064bd41ec0688b006d6afa

SHA256
bf3397ca83124c7a02f01d65c9c53e5b4cdc423342f83843ee54ebc141633b94

SHA512
de959f3ac0a0ef822b510c23c6ac38e6ecc4fadb2ad1b63324b7522fc0dea47220bde6a13cb4ecd42fcc7b26fd0c336f3e2e26b24a50bbcb8a08c61da8e9f45f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
240B

MD5
cd56c0c44acf4d80c7bf12dd3e564cf8

SHA1
645387b3afb309ae0997f7c065f565069e659d38

SHA256
cee3aaaf1e12eb46407e7e3af455b2a1e38a95adebcfbc8fa6105b1643ae5ff7

SHA512
f6a843d9f845510a483d655360ad8234ed64d4b49ac167e6fdf7803355b4ada0656defcbd9772285cfcc7be61a20354a1a2b4a755b98f857b5e636fceb20ac74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
578B

MD5
60e60eff7e371aab978c0144cc55f460

SHA1
d1bc1e883776b510373c47641e4e98a97b47dd67

SHA256
1f83926e7fda87f07be95eb004dfa15bf680b25d32d3851f65efc1663a9b2072

SHA512
d31fd4e7eae8f7537fca027db1cd850cb983f2729ae561a72371e18dbb02075eac4761ffd4bc48710406e10211a77b0cc91a74bc40dac8c83f9d5d583e037a66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f1db9784f1a4e5754d7d1a9b809bf745

SHA1
2a233c1c695f9cc7120b3bf31481d26f3306192e

SHA256
d05b1a132ded8b425c2a46242c8eec028154983ce6cfd3b212685dc3eaafbaab

SHA512
59be7d1cbe48d0e32b525a5e55906640728a36205859e909cac5406cdea145969536eae00b16ba5219628c26985e522f4402c7ad2f62d13a7549867296ac1d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aedfd1a9bf12147572e18655c30afb33

SHA1
c8e087fd8bdb14fca21cd57a7de7fa833b3e2bc6

SHA256
7ef11564cb47fc328b3ac6c99b655007d1ca41807770e0f4718630729c4964cf

SHA512
6f3bac2e89a3c226ea3fc0c99ded482e05a1e597b8d1c793365a385710f8650af81fba48ddf47dbfde0ce4702cbe033b497e546dc4410fc97479627ebebf8feb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
80d037f7a733fdd9216ca0985aaf3c48

SHA1
28adb7ba60247d8cd00c50133336bbefb208071d

SHA256
3ce33b58e44b66bbd51c7e280be88537a31f1d23e9706710952d2fe28e4503e6

SHA512
cdfc3a3e7605cb60473b8ea567ccc5a832553342e102b534776cdfbc4406aae8c4bd1b68576c4baecb6db7e33859824ed5be261176d04ef2e539e0da2098f0ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1f3502a73fc998bbe88153562b10429b

SHA1
f8a058254973f12008f79bb57b8dc2b779eec182

SHA256
ce4d2a4d9e1d59dec61b120d87c1bed0a562ce95cc08662ce00ee61d4ca08f41

SHA512
c2043318bc177c4d6c138f70c1faff14aec110f6313c68df4228b3ed5554334cb1cdf260883dc9ab72412807aff146b834fb6687598c4187907b76aa4fd29880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c908bffc3ec8f29a47c522d2adbb3d57

SHA1
81941b1ade73dd40485efb64fede557d9966e13a

SHA256
8a558dd5e1dab29469ffdd78c0aad782d92eb24f69789909b892e9ed12b96c9f

SHA512
2648a1df8a16f9562fa03168dc0d6a74a98fd06797ea9bfafce43f9ab3907b89eb579d76b5be06869b41a227127fb2d2eaecd59d31396eab250babcb982aa5bb

Download Submit