81b35fc5f7d06f952568db1e86688f46bc0c01fe53e61e9948c85ae5905e344c

Analysis

max time kernel
599s
max time network
583s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 22:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SV_eRKkYZ8OH6YFnDg.html
Size

14KB
MD5

c9fe836b8d1e71c17a851339045f80da
SHA1

a48b0194ccea107d0798886bb80f7583956fe8d9
SHA256

81b35fc5f7d06f952568db1e86688f46bc0c01fe53e61e9948c85ae5905e344c
SHA512

31a7e7aabe258a4f87870e3d4e00da683b639db73b9b2cae34e77e8e964ebdad8e2beb317e22fd3899d0a1b1b103504004ed65e574dddeb0b3ca41ac2916add7
SSDEEP

192:VSYTSh9C967hW/XxbFeVyaqzBN05O1EMkEdNoRHchxfQznbdlLsnlptDYvOREgqy:VSYTSh9C967hGeX2eCtQznbfHGRECx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506965782013537"	chrome.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
2740	chrome.exe
2740	chrome.exe
3756	msedge.exe
3756	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4644	identity_helper.exe
4644	identity_helper.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 4404	2920	chrome.exe	53
PID 2920 wrote to memory of 4404	2920	chrome.exe	53
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 2276	2920	chrome.exe	88
PID 2920 wrote to memory of 4472	2920	chrome.exe	89
PID 2920 wrote to memory of 4472	2920	chrome.exe	89
PID 2920 wrote to memory of 4932	2920	chrome.exe	90
PID 2920 wrote to memory of 4932	2920	chrome.exe	90
PID 2920 wrote to memory of 4932	2920	chrome.exe	90
PID 2920 wrote to memory of 4932	2920	chrome.exe	90
PID 2920 wrote to memory of 4932	2920	chrome.exe	90
PID 2920 wrote to memory of 4932	2920	chrome.exe	90
PID 2920 wrote to memory of 4932	2920	chrome.exe	90
PID 2920 wrote to memory of 4932	2920	chrome.exe	90
PID 2920 wrote to memory of 4932	2920	chrome.exe	90
PID 2920 wrote to memory of 4932	2920	chrome.exe	90
PID 2920 wrote to memory of 4932	2920	chrome.exe	90
PID 2920 wrote to memory of 4932	2920	chrome.exe	90
PID 2920 wrote to memory of 4932	2920	chrome.exe	90
PID 2920 wrote to memory of 4932	2920	chrome.exe	90
PID 2920 wrote to memory of 4932	2920	chrome.exe	90
PID 2920 wrote to memory of 4932	2920	chrome.exe	90
PID 2920 wrote to memory of 4932	2920	chrome.exe	90
PID 2920 wrote to memory of 4932	2920	chrome.exe	90
PID 2920 wrote to memory of 4932	2920	chrome.exe	90
PID 2920 wrote to memory of 4932	2920	chrome.exe	90
PID 2920 wrote to memory of 4932	2920	chrome.exe	90
PID 2920 wrote to memory of 4932	2920	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\SV_eRKkYZ8OH6YFnDg.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd92e19758,0x7ffd92e19768,0x7ffd92e19778
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1884,i,9254177996331237664,2950472368951568750,131072 /prefetch:2
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1884,i,9254177996331237664,2950472368951568750,131072 /prefetch:8
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1884,i,9254177996331237664,2950472368951568750,131072 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1884,i,9254177996331237664,2950472368951568750,131072 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1884,i,9254177996331237664,2950472368951568750,131072 /prefetch:1
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1884,i,9254177996331237664,2950472368951568750,131072 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1884,i,9254177996331237664,2950472368951568750,131072 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 --field-trial-handle=1884,i,9254177996331237664,2950472368951568750,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3032 --field-trial-handle=1884,i,9254177996331237664,2950472368951568750,131072 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1556 --field-trial-handle=1884,i,9254177996331237664,2950472368951568750,131072 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 --field-trial-handle=1884,i,9254177996331237664,2950472368951568750,131072 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1884,i,9254177996331237664,2950472368951568750,131072 /prefetch:8
  2⤵
  PID:1612

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ffd929146f8,0x7ffd92914708,0x7ffd92914718
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,16303091642320548096,320108400658302468,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,16303091642320548096,320108400658302468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,16303091642320548096,320108400658302468,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16303091642320548096,320108400658302468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16303091642320548096,320108400658302468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16303091642320548096,320108400658302468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16303091642320548096,320108400658302468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,16303091642320548096,320108400658302468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3604 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,16303091642320548096,320108400658302468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16303091642320548096,320108400658302468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16303091642320548096,320108400658302468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16303091642320548096,320108400658302468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,16303091642320548096,320108400658302468,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3024 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
906B

MD5
36a13f716d653d3b00e43f53655c0359

SHA1
e2a7a05c4832c9926ce1c7a8836369557b981790

SHA256
9471e21744c75e71ac1d257da4397cb39b186ff9537c61cfc584a291b584a15f

SHA512
d614eb195b494453d87fbd60c0342472dc09205660e9637425f4d1ceebdc2e1389fa1b9839ce4e51ad8efdcd19c8d46c10c223e2eb3cca8e01742739c4438d48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
28e3326ebf60ceac340fbfcdea513368

SHA1
9954577adfbd24170069bec9371251e5c302abe1

SHA256
4787d20c194f4174bf83e56325da76c0f08b5037fbcfcf5c3ae3ac752ea1e29c

SHA512
7eca4cb3bdc202ff53434d25802ce5f0ee8b9a0c3b3d65882df94b74f761cb69f084f9bb7910ce2554324a7ab31bd8943cdcfbca7460b23c7d09420e7b9cea04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
825a7b779f361fd9cea1fddbeb654ce0

SHA1
7b7477f28ac25fe4f495f97c303d99dcc4c2d7b6

SHA256
f174b1bac491940aa24adf0a8ac0cad92eef7cd79292e82caa77f2558bd1fd31

SHA512
7d9c956acfab5af61711f5c45c4a2035f210cebefcfe99220d62364b79fe1e536ea14893c81f96ef0c24142abb9101260e1d7dd392069dad47a5fb2952c37916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
149778f3900175d07e64782522b4880e

SHA1
454752c5e12a439081ed0ea2f7b3094b43b52ec3

SHA256
ddca658303410d2efd2fef178c8538ec90563bc5640ff850d2ccc659deda9a1f

SHA512
9ca7f10124d049fe9b46f6c8397ea18670d76259c1390c9337e5b5ca299501437ec9914bd617c17f93f6267695b09a91bcc85feae422653c0012c16db2b58836

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d555e7456389898a5271c51d52d1da2b

SHA1
388d2381ee551024b9523edcff2da9fdf4715fab

SHA256
34ccbf6e0615aea7e110891e7105aff8947c12e4f4ec630a6206452c958d0622

SHA512
263d78e86f7f78bce103e9a7be8c316fc943b957e66eb984d9ec8450331dc0cf9813abbcd9851db6496ccee1c533d68003273fae999b5cb34828856972a1863e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cd6c3faf344d0b26cb2779978626c1c9

SHA1
7ce02b57e12c28f5b24cd9c4bedd16c9ad313a9f

SHA256
6d9d5f4c91ab705a76a8ce62040600cf2bc188e963ded9cb5270a80f2af0e0b5

SHA512
cf751eae6148fb8acda8133f27a69470251577cbd93e84bc9770c87d4596690a19718573a398b503c3464a0c659f08767f6e71ef67718545d8c023a95e4faf86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
606c03a569e904e3063e14a777700db4

SHA1
53903843c8a6fee955ebb9e3398ef693f8b97afb

SHA256
1b12ce25ad8a4a340e99f6e886a4f175e1a50a825cd9e523001d275df33433b9

SHA512
64695875065b06467fc5aad53db7c39ca76c97c76cc877301633472056c2ca983c2c5a7acad72ef90f12bf235413a7564d13a5be5250d1356caa58736759205c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ce3bf8bc256b354208f9ea0f5174f92b

SHA1
f260dcd7e0ded5085111bdc39214723c33a20ff2

SHA256
48a5eb65b35ae25d3dba2771061408933ab1043a5889b4ac87f885d12e21ab6c

SHA512
af6d9df68c4603033a1fc981157d95da4a95841ad73a674aaa4413decd1003f485d5d7ddfd51bcbae059a0e345eb39d3485bc64391c659139b733a8891b3c93b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
f08d3a7dd8c88eee692a7fce02fd7ed4

SHA1
1a67a3a47ef900ee4e7d627519f268bd77c5d234

SHA256
edb255faa2c8fc356c6606df74cbb011ff1758d9c52c0d6a1a8e3598e29a5d94

SHA512
6e84594cd4c73f9a168c50a070f5b647edb5ef560009eb337e577f7acc32f4cf98081057f4a02db44a3440ebac48322fb7c0e07d8a579cef1f303341757cc644

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
84f58c490ee5f6ec2801bb1181bffd0f

SHA1
23435319ea725c089e029b30d6e72bbb4429a2e1

SHA256
cbf923285c2d05858fb629e151ec06db4b36462e89d92568af4b83de066eb23b

SHA512
ef7c07271c17d656bacd20f330228c31568cfb02dd58c8fd69d12ae156c4270b89b6214dba4a4033ffd26901450856cb90d51a8355cff836f88936ac72cf2638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e71d66ce903fcba6050e4b99b624fa7

SHA1
139d274762405b422eab698da8cc85f405922de5

SHA256
53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3

SHA512
17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d6671d827cee4dd6236e247c2f9beaa3

SHA1
87267c44e986d736d8f14d220ce83bd4092eedf3

SHA256
0dbd68f3876f7e4617d6a0b482f6f19a0605060e9b57ce64d727f72267c96dff

SHA512
3956a9ddae758bc28067bd57c00a87fd1ce1f18ae7b7b8cc0486f86088f294d3470004c25e763c6566e9f78cc8082677280872ae2c2ef91a2e1a3addd4b701af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c1b8c4d381c6aa8b003fce38ac4863c6

SHA1
5ed5147017dda93938c126188e4505282b008c2d

SHA256
1f9799b9df55885fc5d850d933218c405e85ee969cd0120fbcf25586b6f4da13

SHA512
a01ba8fdebf2b96ce0f827a92f556e42d97462513e40694d8c09b0c6cb06f12c27253175346b2cb00e2565fef58e7103ddb6a2d620a4356afae3f75ae230c271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
420d9c6104b8e008c1f2d9ef5d8b4d04

SHA1
91413179fd7e05df429186d692a1c5e68b715948

SHA256
58cefab70200da1cf4b70cd52885a8358a569491f2bc033c4439760d70cbba16

SHA512
0f41b5402941a17dd0ea98107ccce7568be01b11064db5fb8a267756069d4d0c696206049173f6468428f7e3c1f5631e1b1c5065b4240e570082bf4f2c419431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1b1b142e24215f033793d1311e24f6e6

SHA1
74e23cffbf03f3f0c430e6f4481e740c55a48587

SHA256
3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1

SHA512
a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d71bed79-c0e0-4ab7-b91b-d892fd44e091.tmp

Filesize
5KB

MD5
323e764cd18bf3d3953e847656dc227a

SHA1
ce92753a6c5158b3580bf1e9f6a1902dced7ab20

SHA256
7219f7b7ed8022dcc390bf8c2b62085e62b81009d2a1764be04aec6b3c354405

SHA512
4124952a06f91a34c7cac6513fefea2833ca1928fc09702549ead39dc06107d5668ae0fb1f5ec4ea2ee26f770ed3c866973663cadac77d646dc9ece801b260ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7125430ce041ad34196a93234628df26

SHA1
f76a6de91b75c4edbcba469989a7cf29532db9ed

SHA256
d2e3901a46c5116c57e527cca09b0615374b99bc0dd170603ec213247a70da64

SHA512
af2d2a7cf4c62ee7fda3fbe232ba6e49f3b04874258c1a1c12a49ebf439548765fe4b205de24d4104bc330006d3967241f6af3f12a6fa771506741146328cbcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fbdd7e2a66073cd318413a162ae321e5

SHA1
d0fb9674173f12e0b7c730dccb77c5281818bde7

SHA256
e9e73532b9ecaa4f60ea349a5f361a514cb5c6b31ffd806f91d5c15967119218

SHA512
7dc09b6efe4648fc10dbcfd9c3644cdc78b16c6b3cb6d4ac7b56ffa29cdeee0c6918ba2eb2f46fdee9f3f5615e14b8ca9a24c9036d8207ac5297eec51f0881b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7159bb777ab332b00a5b23b704316e0f

SHA1
681c1548167270cbc70337541ca6fdb94a910190

SHA256
7528f0001204bb2931acf35c23aacc21b7d102c982b0634d45e8812d060315dc

SHA512
3b5ac240ad83b30b5faf8203b4963c3fe800445947200c8d6805aa6d7008f051c53fa0110313fe58043b243bb26601f7753fe35180b2a70b771b051ad775a7c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
33d34f2b2c1f2c98925a981020c6c6b0

SHA1
87318214f9bbb865f1ee7c13c3fc74e6494e5df8

SHA256
5d3f4d2ed96e037f2200db35cf50d001bb84fb5023731127ac35be9961ccc09a

SHA512
c2d31d3fe1c9e473a70ed9dfe9e2f767cf2cfd001e12c2f7fe94cb95529857f5b8e8cc07f8cf69498b76d69c6d42d783d41cd914ff1480ff12cd20cee953072b

Download Submit