f643ea8ce006c759324f5f0026d609b87c9ec1401ef0d80154355f7540857f1b

Resubmissions

08-08-2023 12:12

230808-pdagsacd43 1

Analysis

max time kernel
300s
max time network
278s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
08-08-2023 12:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

en_US.html
Size

63B
MD5

f5c93018126076f18010bd6c8304e916
SHA1

a82f2d7c62a212cf613ecffc869ff37826bad98e
SHA256

f643ea8ce006c759324f5f0026d609b87c9ec1401ef0d80154355f7540857f1b
SHA512

95ff1d2316139ef1a6c95cac7f9c392b6ddb3c723fce458c4445fbcd448db824b71410e9391eac6c430d4b7479ce4d07cf0aebe3f7adbf2b7b5016567f9ccd46

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133359703567912052"	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4136	chrome.exe
4136	chrome.exe
3392	msedge.exe
3392	msedge.exe
1832	msedge.exe
1832	msedge.exe
5592	identity_helper.exe
5592	identity_helper.exe
5788	chrome.exe
5788	chrome.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 2180	4136	chrome.exe	65
PID 4136 wrote to memory of 2180	4136	chrome.exe	65
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4948	4136	chrome.exe	85
PID 4136 wrote to memory of 4676	4136	chrome.exe	84
PID 4136 wrote to memory of 4676	4136	chrome.exe	84
PID 4136 wrote to memory of 1484	4136	chrome.exe	86
PID 4136 wrote to memory of 1484	4136	chrome.exe	86
PID 4136 wrote to memory of 1484	4136	chrome.exe	86
PID 4136 wrote to memory of 1484	4136	chrome.exe	86
PID 4136 wrote to memory of 1484	4136	chrome.exe	86
PID 4136 wrote to memory of 1484	4136	chrome.exe	86
PID 4136 wrote to memory of 1484	4136	chrome.exe	86
PID 4136 wrote to memory of 1484	4136	chrome.exe	86
PID 4136 wrote to memory of 1484	4136	chrome.exe	86
PID 4136 wrote to memory of 1484	4136	chrome.exe	86
PID 4136 wrote to memory of 1484	4136	chrome.exe	86
PID 4136 wrote to memory of 1484	4136	chrome.exe	86
PID 4136 wrote to memory of 1484	4136	chrome.exe	86
PID 4136 wrote to memory of 1484	4136	chrome.exe	86
PID 4136 wrote to memory of 1484	4136	chrome.exe	86
PID 4136 wrote to memory of 1484	4136	chrome.exe	86
PID 4136 wrote to memory of 1484	4136	chrome.exe	86
PID 4136 wrote to memory of 1484	4136	chrome.exe	86
PID 4136 wrote to memory of 1484	4136	chrome.exe	86
PID 4136 wrote to memory of 1484	4136	chrome.exe	86
PID 4136 wrote to memory of 1484	4136	chrome.exe	86
PID 4136 wrote to memory of 1484	4136	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\en_US.html
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d6899758,0x7ff8d6899768,0x7ff8d6899778
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1876,i,2221064107198727833,4399058316764879029,131072 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1876,i,2221064107198727833,4399058316764879029,131072 /prefetch:2
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1876,i,2221064107198727833,4399058316764879029,131072 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1876,i,2221064107198727833,4399058316764879029,131072 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1876,i,2221064107198727833,4399058316764879029,131072 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 --field-trial-handle=1876,i,2221064107198727833,4399058316764879029,131072 /prefetch:8
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 --field-trial-handle=1876,i,2221064107198727833,4399058316764879029,131072 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4576 --field-trial-handle=1876,i,2221064107198727833,4399058316764879029,131072 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5124 --field-trial-handle=1876,i,2221064107198727833,4399058316764879029,131072 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5304 --field-trial-handle=1876,i,2221064107198727833,4399058316764879029,131072 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5460 --field-trial-handle=1876,i,2221064107198727833,4399058316764879029,131072 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3988 --field-trial-handle=1876,i,2221064107198727833,4399058316764879029,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5788

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\en_US.html
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8c3b246f8,0x7ff8c3b24708,0x7ff8c3b24718
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,4581891391794613097,1291627816642045536,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,4581891391794613097,1291627816642045536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,4581891391794613097,1291627816642045536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4581891391794613097,1291627816642045536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4581891391794613097,1291627816642045536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,4581891391794613097,1291627816642045536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,4581891391794613097,1291627816642045536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4581891391794613097,1291627816642045536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4581891391794613097,1291627816642045536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4581891391794613097,1291627816642045536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4581891391794613097,1291627816642045536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,4581891391794613097,1291627816642045536,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4692 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
287fa292bf0c4785d51bd8404056773c

SHA1
f75c5ea7377084d1dfbec3446c0deb5841ca8990

SHA256
95e127a7af2f6d0cba22aa67451fcacea7c6993e9cf99c518d3d866a7e08190d

SHA512
1c6579993f1fcab3cd3979e926990b5bc1bbb404623af2167bf331c7e3ce8266d4803be405c050bebfe71b758e1ca902c202d089162214d5c66dcc5ecc679902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1013B

MD5
d38ccc506061e7810ad536349a11505e

SHA1
ff583f7c9885e11e9bbea0ee38cd817d54598b50

SHA256
403b14537206db99ec4cb5abaf979a701ff4fd34009d8012f9397fa0a0adc499

SHA512
0685d20b05dc2a16eb40c5f3d8bb00f3f3010a40c96ba85f8d03f22f1f1760210a7b30e4d886072e02e73a92b202268a0c3453e9d5a70868e48dbe90df60ab3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
59ae74ba4e7d5e92f1cc8c2635530744

SHA1
fe3c8bfbd50fce9f6013a1866dd588d4bdac98c4

SHA256
6c76ee5e6b71025cff07a3ba79e38e9f4a89107e16db6a33a4443ce75ba2b1b8

SHA512
d5847b3fdd0cba00af852e5b6a869d7dafad1427cff8ab5617d4fb7f17a4db74a6a649fb597a216f2e860c316a0a33cd50e6fdfdf4ee00030794e36b681e4330

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
87070ca90ad44000f3fb0c66607b8303

SHA1
d8c94c055ef67d3308e4bcbbe787a1c23af74986

SHA256
810f208bfff7d25b0f7aa2e64ca138e22217dd6df3c0cefb81170e877c520261

SHA512
13ec7b5c7a0d64445c98d2b7f85fc40498b02c13596686d16d51def9d9814c6e84b3d064fe258c8f987d4a04d0c1ee6319b2154b59ba39442d6a7a274dbd1aa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d06ae87c1f4974f6e690dae06b86671e

SHA1
5eb15c1617e4ba9beec418c5bedd467c40ce6b0f

SHA256
dd3a105698a4c00e8eaa3a0c1b1951be2dfaa254c31752cd8dfb099c705f8b58

SHA512
6068adf7b982b419742c18b8ac76551a722a30167d5c4fdbcebbdd34f3944162c2acc750800cf4a1d197c6c06298c69e33d8a0978a103eace6b80de7a2188fae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b86c9fe095cd916b25f14f00b465616a

SHA1
974cdf5970d29b5a03176bf4bd844ecd3b5d4009

SHA256
269e7c9eec5204b9c612695e1fb9ace126f6a88c054d96aa8155c2f104d6fb89

SHA512
c2261bea8521e13a4115961a737b58798bc9c9d529a7bddfba4490299e2ba3fe3db897be3f6853c19d75d7a044e59ba3c7eb0818e476a6dd384d31f5a7b4fa51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
1790c27f6d3d8b37258b21e0dd173954

SHA1
810d25b5fdcb93584a653ab934077dd77975ddf4

SHA256
6cc37885ff521aaf50090878131ebff89de95d3d1eb2dc7dc36f5c2cdb380c25

SHA512
94e6d38d7bd50640a681761f5a43335adff7803a9335954020a600b23100a5fe3ebc3db10c4c5af91a49449397cf818aca0f75efb4a98ddccbaed60f90276b58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d702a1ee6b7d55f1c60db37090cd97ba

SHA1
397c6a273d1d75df18471f778ea4145823ead89f

SHA256
6ae5e0771b5c1bc2eaca992b81c45c7c9590da6ae13b15d54cb3842e03ac07b5

SHA512
b4633d77bf9cb128a8c93a1369571be70e7884880d77b25768d0b4bada24e84245656e691e15f08e3f1ef7393e2411ad8e30c37e62d1473ef38f5aacf041c893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e922acb6b3e8f48a70d12ac81d4ee3df

SHA1
4594c1f3a0017edf47ea1ae10d77f04f1dbd36f6

SHA256
ac122b27d3edea3825cf20f98c506480e25d07e7ecec0305fd16d8129b7d6f81

SHA512
7351026ee2bfafe94695cf1670a87e7e6ddd253051b92bf72b53affe6ee5ba1d944a2dbcb0fa64eaab92020303d6ce5ac997608e171705002d35ee5cd433d7ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ca36933e6dea7aa507a272121b34fdbb

SHA1
3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

SHA256
fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

SHA512
5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
16eb2a0cf7e6c0b5f6c79e8d54160e71

SHA1
ecdb204650506dee0f8deff2b9c877fb3430442d

SHA256
e64ff7b5154e20d267439265b09efddca84e247db39f01533d6871fbe32e6f0c

SHA512
36c3d441e5c9f6cccab99d5e1af89f62a3787e73abdbf3eca036f00a4deff0ebe4ad024e33a79710ff381e950fa167090eab78b529a88e12c222cd5b966999b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9e96e712b6e43ccb9a59254efc74c1a0

SHA1
df8e0924d1570da25d2c72b604e5054aeb0ad6f0

SHA256
251143eabd765dfd8e5850a5b0b2f723b637fd68482045b6bd26af79950db37e

SHA512
643d049aeb15e8e6d38e34370fb8a533d3342c2592860b43eb0dc9af67fdb9be1029bbb1bb8e92ed1c2c8b6bfc9835e7ed0ecefb533f18feabd582055904f091

Download Submit