hxxp://abbotpredicateemma[.]com

Analysis

max time kernel
184s
max time network
202s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2024, 00:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://abbotpredicateemma.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531233734343875"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1196	chrome.exe
1196	chrome.exe
1924	chrome.exe
1924	chrome.exe
2396	msedge.exe
2396	msedge.exe
4816	msedge.exe
4816	msedge.exe
972	identity_helper.exe
972	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 1216	1196	chrome.exe	73
PID 1196 wrote to memory of 1216	1196	chrome.exe	73
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 388	1196	chrome.exe	88
PID 1196 wrote to memory of 5004	1196	chrome.exe	89
PID 1196 wrote to memory of 5004	1196	chrome.exe	89
PID 1196 wrote to memory of 1532	1196	chrome.exe	90
PID 1196 wrote to memory of 1532	1196	chrome.exe	90
PID 1196 wrote to memory of 1532	1196	chrome.exe	90
PID 1196 wrote to memory of 1532	1196	chrome.exe	90
PID 1196 wrote to memory of 1532	1196	chrome.exe	90
PID 1196 wrote to memory of 1532	1196	chrome.exe	90
PID 1196 wrote to memory of 1532	1196	chrome.exe	90
PID 1196 wrote to memory of 1532	1196	chrome.exe	90
PID 1196 wrote to memory of 1532	1196	chrome.exe	90
PID 1196 wrote to memory of 1532	1196	chrome.exe	90
PID 1196 wrote to memory of 1532	1196	chrome.exe	90
PID 1196 wrote to memory of 1532	1196	chrome.exe	90
PID 1196 wrote to memory of 1532	1196	chrome.exe	90
PID 1196 wrote to memory of 1532	1196	chrome.exe	90
PID 1196 wrote to memory of 1532	1196	chrome.exe	90
PID 1196 wrote to memory of 1532	1196	chrome.exe	90
PID 1196 wrote to memory of 1532	1196	chrome.exe	90
PID 1196 wrote to memory of 1532	1196	chrome.exe	90
PID 1196 wrote to memory of 1532	1196	chrome.exe	90
PID 1196 wrote to memory of 1532	1196	chrome.exe	90
PID 1196 wrote to memory of 1532	1196	chrome.exe	90
PID 1196 wrote to memory of 1532	1196	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://abbotpredicateemma.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff88b659758,0x7ff88b659768,0x7ff88b659778
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1872,i,14967875281961397321,14308337843061157668,131072 /prefetch:2
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1872,i,14967875281961397321,14308337843061157668,131072 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1872,i,14967875281961397321,14308337843061157668,131072 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=1872,i,14967875281961397321,14308337843061157668,131072 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1872,i,14967875281961397321,14308337843061157668,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3992 --field-trial-handle=1872,i,14967875281961397321,14308337843061157668,131072 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1872,i,14967875281961397321,14308337843061157668,131072 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1872,i,14967875281961397321,14308337843061157668,131072 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 --field-trial-handle=1872,i,14967875281961397321,14308337843061157668,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1924

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff87d7546f8,0x7ff87d754708,0x7ff87d754718
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,2754070878066508598,5795270809622675566,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,2754070878066508598,5795270809622675566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,2754070878066508598,5795270809622675566,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2754070878066508598,5795270809622675566,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2754070878066508598,5795270809622675566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2754070878066508598,5795270809622675566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2754070878066508598,5795270809622675566,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,2754070878066508598,5795270809622675566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,2754070878066508598,5795270809622675566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2754070878066508598,5795270809622675566,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2754070878066508598,5795270809622675566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2754070878066508598,5795270809622675566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2754070878066508598,5795270809622675566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2754070878066508598,5795270809622675566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:3724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
23e2595637f9b77e8a34afae13fede67

SHA1
ceb0e9cd908aa81d147b2f4e3e6800ad902fb50d

SHA256
705a6ff750c45e6a0bcd031f30489cf1e644fbe9cef32a13b7754bdc7017eda6

SHA512
9e0487cf1dcb25b8bfe12e6836586b3332b18af1a7380c1bcd4f0a0934adfbc53c0a3524a1f47a4a26996efb08f5c0000477f657e3af1719303550fc2256e165

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e76f91da8500ab04a006c4fa05b1c24f

SHA1
ba0e70426f0776017821ec053064a0298038c161

SHA256
67266f2141733fa2bc99df03695ee80228143aef3075f6ec890383da31b8903a

SHA512
9853a2e4aa9c3986a85efd90d9678901f6f9f3ed5ccafb12fed099699cb08286adfce2f8d5996975cb46975c1c2be0079ae0d61a3e099cd7a0c1946784c9dc81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3e7eb617d1258424f8747c6b9b8c5e21

SHA1
2475468a9b88836d501cb86a5e53335015664636

SHA256
de21a9198dc1823884f6df706e65ca293d6f8e69c6a6a86643db670fca8a371a

SHA512
367a25f6b89e76746d39dfba1499bf4d12cb39273d0fdb90447320b61a19f2a8404c6323d81983b4b3c324a96953069b7455b45e7a0612e8957e480597242c41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2824a8381e050d822c834ca436c1e8f2

SHA1
867bbc09379f60b545436dbcf5872e0624cb63d6

SHA256
6c9721bdc7d4f344924f3b26c85daeb98e197b48269f7468d5ea77b84ee76b48

SHA512
44b672f4f468de3f802ac0bc9495aedc16fab7f6c66b01a2ce71ab08b51be360ecc6375e817c4891f0a6b9a12f21996d5c75e9f0a14c5a4f2d9c3d43b427b271

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8c398e26b73ed98014665affba2c8065

SHA1
8653430eea5b3e225fc6f08e5e9521a065dfea01

SHA256
bd2553d87f30b7ea8574b0f60738a92a842c31cc2ed6694bb74dae1642b85ce5

SHA512
400dd021903232d71b3ce3f3cf53f00e05479c5afc144e34ba8562168d844d63b57a4365dc4dfc27376455fd984e322f04b9367932d53fb3b1c102c61e741443

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
811d45c6d780b90cf1ff31edd5db8558

SHA1
eb4cbd4db8dd53394294b8374a7f998c12206ad3

SHA256
1c3b91be77ea9c9a68111bb34aad74deccbde6aad291c3d113b359d6cdabf22e

SHA512
9ddd0a49cc35d1dc52104bf35c643b3ac24aeaa75f7dd6402f090e727e89fe3c3987ee46e3258962e39c755716b0f3b130ed0e790c582aac419328261f511370

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
30e8bcf6b486418f55b81e9109f31cb4

SHA1
0e1ab5780738ae0093b79c4193baa3caf2077e7d

SHA256
58f29abcb2d66460cbe5634e4af9a7bc9244a370dd78b1f47a730dbf8041acd3

SHA512
22b344dbb8584f55f5d07e46536600b8cc392b564391897886d371a32e59545bc60ff2936168b514994f9eaf633df28bbfbd83081ec340605cff77515473fd4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
de0d7a7f9c78b583ec7605e00a0aff94

SHA1
17d073325d841af6d0d3bc075a7a55c98c2fc527

SHA256
4cf2795aa9e993240066162fbe0c647be75e93c9ca35fb17821bfb3efc52f79d

SHA512
32966d6fe60812b11250ded50af2f64608bcff4ce3c386a13e6d86dd63cb2b667e9da9711b9f1676727366c099e4bf45945efc5b01992bb5cd14fa363c63a9c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
ef8272ceeae310449a7beef320f10268

SHA1
bf42980cc2759d46ae9568db2183ced6451ae352

SHA256
3131cf2c1c222bf25febf51e90e29c68f0a89fe7c4be8232e357cfc99fba04ca

SHA512
3234b824c59009d01076726b0b429b86483cce5be6cbab17885da08e4b7ca5bae8f79402aafc00e9eb83ebd0ce46947e1194d94db3bdf5b8a7846e2e0905393f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aa6f46176fbc19ccf3e361dc1135ece0

SHA1
cb1f8c693b88331e9513b77efe47be9e43c43b12

SHA256
2f5ba493c7c4192e9310cea3a96cfec4fd14c6285af6e3659627ab177e560819

SHA512
5d26fdffebeb1eb5adde9f7da19fe7069e364d3f68670013cb0cc3e2b40bf1fbcb9bdebbfe999747caf141c88ccd53bd4acf2074283e4bde46b8c28fbae296f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1af9fbc1d4655baf2df9e8948103d616

SHA1
c58d5c208d0d5aab5b6979b64102b0086799b0bf

SHA256
e83daa7b2af963dbb884d82919710164e2337f0f9f5e5c56ee4b7129d160c135

SHA512
714d0ff527a8a24ec5d32a0a2b74e402ee933ea86e42d3e2fb5615c8345e6c09aa1c2ddf2dea53d71c5a666483a3b494b894326fea0cc1d8a06d3b32ec9397d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
e8e18848b3594bb8cfb90df4423ce0e7

SHA1
16992c004f02208adcc0b2dcbc7ad8d4cfa27276

SHA256
ff45de74e138556504a81063fb16c902a58d8b46c3d88a80ffbc7a90176e8426

SHA512
0ac84a610c6b84bc119b6106a8a0c298042a9ddf632c00ceb38fe11a39a3c8e4a09d492867e0898974830ecf11fb3b626b62fdeb88980109d13e100e7a868c06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
52f19f74d99aec107b6d12ce2540c069

SHA1
36d4e5e4bcbae169221d5d512256d9e8f00799c4

SHA256
c39766c105925f275f1acc9e0eec509fcc6fef1b0b4f3608dd0b87008a535c93

SHA512
42071a213cbf01cac365ddca1cbeeb0570fbfb21257a11883c2dc92854eea2f204984d2e83467dd659d178c6607964ceeb5b5dda371db0283d560e3d7b874289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
37de153b28cac4f511b31c015507d5e3

SHA1
ee57568a5fb9b643142a6de7f5ba10081d705a62

SHA256
39c33ca804d6b45f06183c3be5c70d3643279efa5fb6d9e64052a9b1990905a4

SHA512
99c2de8eb47646bab62e22b5943e3cd027e69b3c7a72996de756c1ea6f800ba54a376c557dec6837721c67adc602ae02314bff57ae3b9aaa21f41215b371524f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
877df28fbe241beb8c0f7cc70a615c35

SHA1
170f4f7d1ae6abf7f78ceb0982d97a5f2f841b1f

SHA256
07906f347acfcdeae9c81ab67eb9b8443f9d197d57bed6fc77126ae3d913ca8c

SHA512
15d35ff48e3cfcd762f099586ddbfb27faf6b6432de17f99816b1a381ffc079363fec664babf63246b2e50f4dab5a325bd7cb129e0e0914916018e2b55086ba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ac3eb075de53c7a8efc0e60840ff5825

SHA1
ded75650bc5115d07b1e16c9e8585b5c09c6b44e

SHA256
b5eaf80d1dc681996ed53eec97a6ac8c8aa5f8cd737ea92a87e77db7b0ab2b35

SHA512
d18fd62a8af21a0ad36bd57bf425e2512bf0d5e139af8731cd7d9b02c24c196183de158ab759cd8e3c6e249a715edb31cfcfcb03893593cb0aa9c729f77402be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
434fb5e6a6b4da67178b73a6b6a3cd83

SHA1
3bb1bf1e0ba475be9dcb89b3861cda516ca496d8

SHA256
52af4cc72e7df06cae127583f957ec6bbf6e9c29edb16ac6fab9a441f731ab41

SHA512
74138c0f4c56ee91575a780905a7711acf81b1280afd6524eedf9876b4a87d0edeb6fcb21af528e2886fe4535b66f30524e6030cdb587c8fe2a999e15d6c055e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0bf60c7ef7869c5e81b4b0b13555324b

SHA1
c0ba9f3b0f5ea25328366f137108749cf305a49d

SHA256
dbeb2caa0f0f3504e76a131e6592fcc90063d845020babf225ce5d1a0dee7e8f

SHA512
abff428f6ef2c7001af31c31bdd8a1930fc2591d28c386c695abf9dc83b7a8160f084527cd70b1f0e92dc820e8ec345315cc092a66e2c2576202a60f257ddfdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4432af17ba9dfafb58b091912ceda67b

SHA1
c5c7c837ae518e8bbc465c50a7888eda324bf250

SHA256
c1abbca400119fb6a789a16d9452daca1c4c50414815880503f415f31f46e581

SHA512
e0efa317c8f6ba080390f2ab25586d3d1662f99f54c00b8269d68969141a7885ee6ee34f0390527509aab451532976dfd05536ec977dceee92424940a63c09fb

Download Submit