hxxps://goo[.]su/1sDvE

Resubmissions

02-03-2024 22:43

240302-2nm7vaaa9z 10

02-03-2024 22:40

240302-2ljrmsae47 1

Analysis

max time kernel
157s
max time network
171s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
02-03-2024 22:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://goo.su/1sDvE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exechrome.exemsedge.exe

pid	process
2608	msedge.exe
2608	msedge.exe
4208	msedge.exe
4208	msedge.exe
6064	identity_helper.exe
6064	identity_helper.exe
2852	msedge.exe
2852	msedge.exe
4700	chrome.exe
4700	chrome.exe
5652	msedge.exe
5652	msedge.exe
5652	msedge.exe
5652	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

4208 msedge.exe
4208 msedge.exe
4208 msedge.exe
4208 msedge.exe
4208 msedge.exe
4208 msedge.exe
4208 msedge.exe
4208 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4208 wrote to memory of 332	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 332	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 420	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 2608	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 2608	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 4184	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 4184	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 4184	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 4184	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 4184	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 4184	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 4184	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 4184	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 4184	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 4184	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 4184	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 4184	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 4184	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 4184	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 4184	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 4184	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 4184	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 4184	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 4184	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 4184	4208	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://goo.su/1sDvE
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff941773cb8,0x7ff941773cc8,0x7ff941773cd8
2⤵
PID:332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8917395265290396071,11896641106856162220,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2208 /prefetch:2
2⤵
PID:420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,8917395265290396071,11896641106856162220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,8917395265290396071,11896641106856162220,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 /prefetch:8
2⤵
PID:4184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8917395265290396071,11896641106856162220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:1076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8917395265290396071,11896641106856162220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
2⤵
PID:1588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8917395265290396071,11896641106856162220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
2⤵
PID:5368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8917395265290396071,11896641106856162220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
2⤵
PID:5416

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,8917395265290396071,11896641106856162220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2040,8917395265290396071,11896641106856162220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8917395265290396071,11896641106856162220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
2⤵
PID:5264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8917395265290396071,11896641106856162220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:5280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8917395265290396071,11896641106856162220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
2⤵
PID:2316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8917395265290396071,11896641106856162220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
2⤵
PID:4848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8917395265290396071,11896641106856162220,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5512 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1500 --field-trial-handle=1828,i,17365072674278715680,12315098366563138513,131072 /prefetch:2
1⤵
PID:4768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1828,i,17365072674278715680,12315098366563138513,131072 /prefetch:8
1⤵
PID:3972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1828,i,17365072674278715680,12315098366563138513,131072 /prefetch:8
1⤵
PID:2844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3176 --field-trial-handle=1828,i,17365072674278715680,12315098366563138513,131072 /prefetch:1
1⤵
PID:1792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1828,i,17365072674278715680,12315098366563138513,131072 /prefetch:1
1⤵
PID:2784

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=4488 --field-trial-handle=1828,i,17365072674278715680,12315098366563138513,131072 /prefetch:1
1⤵
PID:5004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4984 --field-trial-handle=1828,i,17365072674278715680,12315098366563138513,131072 /prefetch:8
1⤵
PID:4844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1828,i,17365072674278715680,12315098366563138513,131072 /prefetch:8
1⤵
PID:1304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1828,i,17365072674278715680,12315098366563138513,131072 /prefetch:8
1⤵
PID:748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=5496 --field-trial-handle=1828,i,17365072674278715680,12315098366563138513,131072 /prefetch:1
1⤵
PID:5664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3320 --field-trial-handle=1828,i,17365072674278715680,12315098366563138513,131072 /prefetch:8
1⤵
PID:5776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=3728 --field-trial-handle=1828,i,17365072674278715680,12315098366563138513,131072 /prefetch:1
1⤵
PID:1364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=5068 --field-trial-handle=1828,i,17365072674278715680,12315098366563138513,131072 /prefetch:1
1⤵
PID:6040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5440 --field-trial-handle=1828,i,17365072674278715680,12315098366563138513,131072 /prefetch:2
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Filesize
252B

MD5
56799116229141f6d8627ea40d28e7d2

SHA1
3f1b7682ab0c35bc3a6c954598eb60a1c130e87b

SHA256
099f0185e7084ea797cefeddadcc024f1250f06944058a3f36e77cccca20746d

SHA512
5ef954054cc4b65954129b716d9a7963f57607faf917fc774b10b14be02973eb80e39e466200ee5626552a93bb4b72f9486ebd3a9b262714edc6a1d5914aea51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
4d8260d7de1ebe927a3dc9dbe6ad3083

SHA1
bb751cc169075109c04b9676c3f9cf67ecec4a04

SHA256
36d7be7686dedc34be5c2095204772122a750cdcbbf46dd33d378208eb4c1844

SHA512
29bd56e94f6fc64853cb09fb4e9d1b1da6051e593b5b99a24278ae9eba5c220fcf31476067e17ffd78300da38672ebc464ce75329fdfa9684c9b5b7a20648bff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
49c16ed4a32ffb3f54aae18839b620ae

SHA1
f41449e39f9603427773ad8bf90148888d22eca7

SHA256
a7dea72c3687560cb5eb58fce8e0bd17c0be4501083b88830b095112403ac1f0

SHA512
9a98ef2ac85046ea3a8c05d6003cc1d0ae39f1453380d6450574448d513021185d8244f4e2481ff2797f73c352c64959746f6fa719b16ed00e1d13d3f9e19187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
3c017a4e88ca30f7bdbda94dfc33958b

SHA1
b3b1663035670463a25b6d1ab5cc214349718316

SHA256
1c33a7c01b060345289da1a6bce7931163016d084f6884e42ec1f1125e91b7cb

SHA512
2308e5cc25a090559064be0c526f39e08347cdb9ed34dcd26acf35255d576ced4c24d488f55a686ad1b63741ad2df6140f5d22457c50bb0c8d3b28aa0aa6c5c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
d8087e2afff69f25f2ba4ee441e248ed

SHA1
b802958ef7d22600c2a904a0577e1c9912e56658

SHA256
d83252125831eaa24de382c815a4efed73fe6cdc5ca7ae6a99b886cc7da62108

SHA512
857c07bbc3afc43600f481ad635675fd6c22d6dbccf03548d998dfe40b44550d02f64282448b38f9e92166f60c330da97709df7d789e480ec46c6782c806d166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
12b71c4e45a845b5f29a54abb695e302

SHA1
8699ca2c717839c385f13fb26d111e57a9e61d6f

SHA256
c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0

SHA512
09f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ce319bd3ed3c89069337a6292042bbe0

SHA1
7e058bce90e1940293044abffe993adf67d8d888

SHA256
34070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3

SHA512
d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
768B

MD5
c9585b18210bbd4231175979a8c663a5

SHA1
d3610c911075c559af1bb9fd30f319af9c134326

SHA256
96b7111300e173acdb5157cdd4148b1facf59fffcb2028f0e6a3755cef7346e9

SHA512
4d6d71ad7b09bea1b9b265ce3a9d1bf021c6fc45a5b269ea4e871b625ee5dae10f6a54e715eea73fec0e25d418e7a901defafd8f09b306f45de0b36054ef6dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
bcd64ad12703cafbbae5159acaa18db1

SHA1
0a82b1a11e73cfbaffabe3dc467019aaf724e27f

SHA256
d18cba58de8364e0ecf49757260828fb0ed74744054eaeb74b9cd7aafadd5680

SHA512
c00edd403b7db67ad80660e0c52c08cda1cf674a0b420beec005dcc441bd24d72632431f6008c75a78839cf3ac2cd9d1623eb7a385d816ad3a65381395ba75d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
a8f556c5d856b9e4149a32e0b741552b

SHA1
80d8e7ec1aed8c9273e5285c1b57cd28689fde8a

SHA256
5bbfedf08fdf2e907830a5ddc1ac4a226be1f3071b4276fdadcab9f218c90cb6

SHA512
f3c8d5679378e4a37b8ceb87476f83ecc5d7a8a54752022d47e57c9719aa53bd2b91e8997c086e4c062a4c9388b327049d939a12af69d08abe93c03191f89ab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
aa2634e5982e410d4fad7a1e72cb05ae

SHA1
29974e4403f2f12f05c554dc52daf1615f0f55ee

SHA256
587f21e559038c283b7bc4030325c35f8553fe6dd622469ce172e8445dda8fc2

SHA512
967f8059e9e46334fb99da95c287fde9e0381dde1f390fd28871bd5384d416b467189743aaed341c27994f193ea05123c4b985fd920f909757c798b2c94c7190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8a4fbedd1555424575429c7e7d4b0596

SHA1
6321a516269dc183cbb4657a669715572bbdf704

SHA256
6c73df040eff1d6213dcffbc4aea4acbc203c9b8cb4c7da1b93cb29358e67548

SHA512
72d2040f66974f62efa875b2b43153d8045d6756df174739d93fbee9b7306734fca9d10623293cc5a87dbbcf5c60911e0241b67b5a96bc9ad83144d68d5343dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
9b573214e89a1a8ced8dce2e7fc7ab74

SHA1
1c90fa4806889bef837031f8cd1358ec9ff1d571

SHA256
70c2bc536754104132f31fabb6c9d364340563b9e63b5c07e3ffeae8a1203f27

SHA512
4c5f9f8955ed34289fe5b14761c42d177763b036e80cea3d6fafcd1f9c12b0a5eedac8312626b4d9b96a16a7dc65aa28080dda96c0a651c75cb5beb215d0fbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581102.TMP
Filesize
1KB

MD5
281024774e4b6dbf1476dde644e9c5b5

SHA1
4da27887eadbe9a60538d75965bf2cce1f0f8687

SHA256
62a60bd3dd1c746729638c1d13a037c848c853c59a01ed5a811ec6fcf6a2efae

SHA512
5400c56690c9d1158018e273b3fc70a9447f7d076d4ab03728e83bb458178c70abed875445aa17020d183f710a6d966e73e282d14c277c8735d2dddbe855ccdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
126ba2e8853c325060bb91d7876bacec

SHA1
852ae609946148354fbaa1e0566cf4ed4d16436c

SHA256
836bdcbef99cc7141f32401a6ff68b41a04944f13f158d5e4b20469e92f95bab

SHA512
b31ebe33d2c5e28e325a27868c1318f82b653bf21f5d9f1e4d4675bca51a18e1e9fa06e8a05767c712a82fbfad208fbdfdc77dd168d99c9eb168b55299d3b76c

Download Submit
\??\pipe\LOCAL\crashpad_4208_YJDHGLKOAKIVVSQJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit