9d1d5346149f31169406d2b23ec83fc292d561979a4f7819c26e74748d9efab0

max time kernel
2612s
max time network
2625s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
26/10/2023, 14:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2023-10-25 08.11.54.png
Size

13KB
MD5

51e504750e157c50fd5f07ae7643639a
SHA1

aac2c4a1fd69fef7bff8c7447a6d13fa8a9a7452
SHA256

9d1d5346149f31169406d2b23ec83fc292d561979a4f7819c26e74748d9efab0
SHA512

b84134b916a1b91ced634997dbb810f77baa398e0e2c485db5a245e13609398d2c2e88dc6dec8080a769739125030aad33ca526480c67f46791537132020579b
SSDEEP

384:MjreO3cNJHZf1wup3chMjNuMQBmiL4htpBKdBZ:83Kbfmup3A+tpC

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133428044340508847"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5076	chrome.exe
5076	chrome.exe
3816	msedge.exe
3816	msedge.exe
4836	msedge.exe
4836	msedge.exe
4064	identity_helper.exe
4064	identity_helper.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
672	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 3940	5076	chrome.exe	92
PID 5076 wrote to memory of 3940	5076	chrome.exe	92
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 1100	5076	chrome.exe	94
PID 5076 wrote to memory of 2668	5076	chrome.exe	95
PID 5076 wrote to memory of 2668	5076	chrome.exe	95
PID 5076 wrote to memory of 2304	5076	chrome.exe	96
PID 5076 wrote to memory of 2304	5076	chrome.exe	96
PID 5076 wrote to memory of 2304	5076	chrome.exe	96
PID 5076 wrote to memory of 2304	5076	chrome.exe	96
PID 5076 wrote to memory of 2304	5076	chrome.exe	96
PID 5076 wrote to memory of 2304	5076	chrome.exe	96
PID 5076 wrote to memory of 2304	5076	chrome.exe	96
PID 5076 wrote to memory of 2304	5076	chrome.exe	96
PID 5076 wrote to memory of 2304	5076	chrome.exe	96
PID 5076 wrote to memory of 2304	5076	chrome.exe	96
PID 5076 wrote to memory of 2304	5076	chrome.exe	96
PID 5076 wrote to memory of 2304	5076	chrome.exe	96
PID 5076 wrote to memory of 2304	5076	chrome.exe	96
PID 5076 wrote to memory of 2304	5076	chrome.exe	96
PID 5076 wrote to memory of 2304	5076	chrome.exe	96
PID 5076 wrote to memory of 2304	5076	chrome.exe	96
PID 5076 wrote to memory of 2304	5076	chrome.exe	96
PID 5076 wrote to memory of 2304	5076	chrome.exe	96
PID 5076 wrote to memory of 2304	5076	chrome.exe	96
PID 5076 wrote to memory of 2304	5076	chrome.exe	96
PID 5076 wrote to memory of 2304	5076	chrome.exe	96
PID 5076 wrote to memory of 2304	5076	chrome.exe	96

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2023-10-25 08.11.54.png"
1⤵
PID:548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9568c9758,0x7ff9568c9768,0x7ff9568c9778
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1932,i,14154824428596248793,14445762555752052543,131072 /prefetch:2
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1932,i,14154824428596248793,14445762555752052543,131072 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2292 --field-trial-handle=1932,i,14154824428596248793,14445762555752052543,131072 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1932,i,14154824428596248793,14445762555752052543,131072 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1932,i,14154824428596248793,14445762555752052543,131072 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4252 --field-trial-handle=1932,i,14154824428596248793,14445762555752052543,131072 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1932,i,14154824428596248793,14445762555752052543,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1932,i,14154824428596248793,14445762555752052543,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4832 --field-trial-handle=1932,i,14154824428596248793,14445762555752052543,131072 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4460 --field-trial-handle=1932,i,14154824428596248793,14445762555752052543,131072 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3964 --field-trial-handle=1932,i,14154824428596248793,14445762555752052543,131072 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5052 --field-trial-handle=1932,i,14154824428596248793,14445762555752052543,131072 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5040 --field-trial-handle=1932,i,14154824428596248793,14445762555752052543,131072 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4356 --field-trial-handle=1932,i,14154824428596248793,14445762555752052543,131072 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3068 --field-trial-handle=1932,i,14154824428596248793,14445762555752052543,131072 /prefetch:1
  2⤵
  PID:3292

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff9658246f8,0x7ff965824708,0x7ff965824718
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,5576317484442006708,3114373049204739865,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,5576317484442006708,3114373049204739865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,5576317484442006708,3114373049204739865,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5576317484442006708,3114373049204739865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5576317484442006708,3114373049204739865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5576317484442006708,3114373049204739865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5576317484442006708,3114373049204739865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,5576317484442006708,3114373049204739865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3324 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,5576317484442006708,3114373049204739865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5576317484442006708,3114373049204739865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5576317484442006708,3114373049204739865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5576317484442006708,3114373049204739865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5576317484442006708,3114373049204739865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5576317484442006708,3114373049204739865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5576317484442006708,3114373049204739865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5576317484442006708,3114373049204739865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5576317484442006708,3114373049204739865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5576317484442006708,3114373049204739865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,5576317484442006708,3114373049204739865,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4696 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5576317484442006708,3114373049204739865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2688 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5576317484442006708,3114373049204739865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:5764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a16f9133c3f634d97dd852ce6d85e4c4

SHA1
8f3a1f86d7c9aa1ed662df97f7c19e1ed5c59025

SHA256
d38833a450e069557a9d4f44a231873bc7e7bbeea138d1dae1e1c546e6c09f6c

SHA512
54bb8246ac58267ee24c757166b12646e2f5bda1f89eb4c9da8b3e3a22fc8048686ebd00f11d9c263e367446b8896aa512b42cfcc7df931edfd9988489606b99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
31693bc1af3700b4e1effb8b8b558105

SHA1
05e809a5355248757a7def140528465b54db5e0f

SHA256
688d846068dcebc17f180f6410c6044b575d8709353f9469a85fd8022be04544

SHA512
fc39d08433793e1ed9a4520e5968df3d739be3f89cbab32ae1fee6c93e6e7c71e6e2b5ec4cd2d228a2b208cb8cdb011d3cbbbbe2f38adad0268a694c42dc97c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
05e9045369ca730b734fe1182d3a17fb

SHA1
aa7c14f82dfc4b6d67262990a639096ec569d08b

SHA256
e741c47a95b790fbd847ac1068169ade1036ff6b22749c6b0be5c0c39a5fedf1

SHA512
b0270571d62d61a7a6239c7bc23d9ac1b72d500a892dbe83014d0d023412a82f8d1d6cb53d7bf7b4e437348745a47a7a8dc3f583730294a299cc5b575ce4112d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
f4bfa3b0a0509f487d923f45f5262866

SHA1
d8b897fb314dc15fc76367d926d8dc6e0a5bb2a8

SHA256
019805446be6c4c5bcd4971f52e05e76e7c6ebafd2560ec5cfb06a456df3b90b

SHA512
4a6f83f33794421f15f803f6a97858db203d530735c540e8418594dd659e1f706583c78caf80e3bf73ea6ef7c2af05a1492744bbb3ea1d61d005a4ec9cf92d2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
b95ba980a25282d0d638440ffb9f9d0f

SHA1
e84699c237299af6f6590b021a2c1dc352fe4379

SHA256
6d473d02fb47e576e0993ebef2afbe1d61f592e61ae5c7bd357b4b456392cf3b

SHA512
1343711dca0f786ba714e99107851a8faf1b752ce6e13595627e83f8f99e922c2ab861b180cb5e25dcd822373c719cf801123b90a8d534484761745c1a403631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
951b357467a3dd512700e39abf69ca45

SHA1
e638177d86bbf8a8d1d6fd42adfca30432af2dd9

SHA256
9a342548044b03867c3e867bce98b1b08b04e4e3f293b512e4dbdc4139bb6443

SHA512
3a3e5ff50a1f2f48d2a5def906a35fc2c4c8b49d3ddbdd48e48fdbc7dabb2d8be34ea8d4a1c905b490b628188d4ea687c90e2c44755e3358144f0866554e3189

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e4a5d3d0dd9d65eeef2474c8712e9493

SHA1
fb335a83dd06f8ad09d940179850d198b6c58131

SHA256
8ca75110afa561c095e31dc8b7cd522155eafa343be8b086df2bbcd4efdcbf31

SHA512
6d51368a54cd115ec29993397121b873ff8da2207b3db65e74dc4eec0d59955bc887419dfffa1a9a586fd521fc9e73215942cd22c7987db20b499ba70b0eb32f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
be1cbf0d56aecdee40e4738153075df6

SHA1
f48c3929972d2c7b28e5e29d5d032b120f5a78e9

SHA256
608bcf819a229deb68940466c02aba8b1618d181ddf91147e4ec0aed0b2181e2

SHA512
ed8251902d0519a0c2276000c09ba35895be1277b32c2bb5ab2910a3b9abc0def57ddf887432e120dbb89d6a1a14e7a699dee059c316355578b67987bcefbe0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
571dd9424214fec5502c443bd935203e

SHA1
69781483797528b4ac03430fe675b0e550ecc07f

SHA256
b71a0350aced5df98f28f4fe2de2368111a0c2af6382b4db3d50635a285eca8e

SHA512
0998684a0f94a3e0786eb619fab2849ae9c438ccbf01ef5252df662be59598001326ac7d9604fe60b94920f1b1a86550c3b91c0b0402e988069993828a89a8f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
6cfbee51ad1399ae868dcce37acb9fd8

SHA1
3dcf48c5e623a3717a0c780c8dc5d010a9fae44f

SHA256
66116c29b0189edf07af424e8ddea226ce0323e5e02587243a26d040c5efc46b

SHA512
51c8a729b582bc6db2555fa2f6e8adbdd7b3fffaf4cc4301b74b822dcac8fd7af80a59ee2cbde954438c38db5896484b5f2a673a75fcd33a2cd4bc87015e914c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
2712b4692ee8766a62a7d61a007fe914

SHA1
e014657b25ee0bd7e200b4deb836d23da6d7e497

SHA256
31baa0ace7c79002df110e21eef90aa9fb909b80e4c2b97607177674f59d0aae

SHA512
677ca4df52556e98b4186cc5da642d8bf358432e64d545f61ad8084de1ee71190b87b1ad0cd7072d7868b8148d892e65686ca6295ad378b63aad3d97883e1a97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
a29d419c5a174b5d2a29fa38a463e5a1

SHA1
45f7de9300558e607d9df0f8a1f45637be997d5a

SHA256
196c72c4f7146ea2efba245da1e753c5c9ab4b1d550d829d51ac7faa5a69ff0d

SHA512
befe0b83833ba855f75cb87c30a9e37303d47479a368b341159afeb707e6939d83d26cb35c0697fa970a097217c490bf04a1c3f0f0b0062f796068273da37f5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e0d2c05f-ea45-49d8-8d04-189ac4ab3c51.tmp

Filesize
4KB

MD5
5e723900e10f518b466da88c000620db

SHA1
b28f65b8a08495e2fd6664aa99e5d6e140f3509c

SHA256
0ba03c7dc5cee956aca32e59cdd1f67a7e225e927470061e1c6e874db75e3d8a

SHA512
7232facc21ddbbb46cc8f64eaee577f41a8c12350084f608ba950dae875525ce706b1f6f1a6e958388c44ad76cb0b37f86743f09bfa6530cc45f600e514b1011

Download Submit