acd438a361ae16020e4d8df2077cd865f5e9d2bbda695ad074001740bfeac7aa

Analysis

max time kernel
144s
max time network
138s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
27/04/2024, 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MalwareDatabase
Size

287KB
MD5

929f3fd9d5348dfd4fd06bde7edcd666
SHA1

bcdff3ca6cf8fbbad3d48332ad32cb9e43ac429c
SHA256

acd438a361ae16020e4d8df2077cd865f5e9d2bbda695ad074001740bfeac7aa
SHA512

1af98fd4f4ead971afcbdf1de8d4b8dee12b55fc3d60688d568857dd03422e2fdfd65d45c2b01e1dfd39301532ddea4d626c8f248dfa6f8aded0a0f3bab7d8ea
SSDEEP

6144:wXQhr2n9ddKM2vkm0aWyRv379zvZJT3CqbMrhryfQNRPaCieMjAkvCJv1Vi0ZBtQ:gQhr2n9ddKM2vkm0aWyRv379zvZJT3CY

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587261465689511"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4624	chrome.exe
4624	chrome.exe
4876	msedge.exe
4876	msedge.exe
2500	msedge.exe
2500	msedge.exe
5208	msedge.exe
5208	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4624	chrome.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4624	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1672	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4624 wrote to memory of 2488	4624	chrome.exe	84
PID 4624 wrote to memory of 2488	4624	chrome.exe	84
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 992	4624	chrome.exe	85
PID 4624 wrote to memory of 4960	4624	chrome.exe	86
PID 4624 wrote to memory of 4960	4624	chrome.exe	86
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87
PID 4624 wrote to memory of 4616	4624	chrome.exe	87

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\MalwareDatabase
1⤵
PID:4152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc875cc40,0x7ffcc875cc4c,0x7ffcc875cc58
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1652,i,7409915379205608003,6339766670051753372,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1648 /prefetch:2
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,7409915379205608003,6339766670051753372,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,7409915379205608003,6339766670051753372,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2140 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,7409915379205608003,6339766670051753372,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,7409915379205608003,6339766670051753372,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4348,i,7409915379205608003,6339766670051753372,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4384 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4536,i,7409915379205608003,6339766670051753372,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4764,i,7409915379205608003,6339766670051753372,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4248 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4548,i,7409915379205608003,6339766670051753372,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4948,i,7409915379205608003,6339766670051753372,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3912,i,7409915379205608003,6339766670051753372,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4448,i,7409915379205608003,6339766670051753372,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4472,i,7409915379205608003,6339766670051753372,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5228,i,7409915379205608003,6339766670051753372,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3084,i,7409915379205608003,6339766670051753372,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:5352

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2968

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3364

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffcb5203cb8,0x7ffcb5203cc8,0x7ffcb5203cd8
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,1336920452027578655,10354986608201294300,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,1336920452027578655,10354986608201294300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,1336920452027578655,10354986608201294300,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1336920452027578655,10354986608201294300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1336920452027578655,10354986608201294300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1336920452027578655,10354986608201294300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1336920452027578655,10354986608201294300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1
  2⤵
  PID:576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2008,1336920452027578655,10354986608201294300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1336920452027578655,10354986608201294300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1336920452027578655,10354986608201294300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1336920452027578655,10354986608201294300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:5632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1056

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:1672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\508e37ba-4489-4777-b6a4-52cb0d2c53b0.tmp

Filesize
9KB

MD5
8ba3774f10bfa0a281e1f77cdb70e062

SHA1
1ad5bad239f0d8ee7dce44e953fb2d1482cd5c4f

SHA256
380eb637603c2fc16639302255bc37a54318554dcb5b098611331370b7bfab01

SHA512
fab9c225fc7aa7bc4ecb09cafb5fe08875b701a8b84e0da18342fec185b2d4ff75cd44d8fdc210f7844280375f2a536d29420e55eb9a2693905bd7b4f5a6a91e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c41ebae90b1c52dbdc4c9e55214d0eea

SHA1
c4527d7b3bba67288732660510d2b27acd2c7697

SHA256
c194b1db4dd7ecd9e5909c14a950fa2a9af9686d9e2e201657bb3473adf2c3b6

SHA512
5d4d6d499e13a6548a82debea71a85b64078407a553cb0c43ae92f030ee604aaf8b45aeca5b6356a5080f1c046618006b0bcd4ec6139354d64bc0439acdef38e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
833419d84d19940dc16120f0ece853fd

SHA1
c19d6ee7de926226a81db2fba65ecd9c91f9eebf

SHA256
de2890af2490dc9c459c73a406d6c987f3b4a547f83142363ee89ca8ee237a20

SHA512
83de27b6a1ffebc929430732e6712d32e0255d87c2603a1368281361d4ccf28bf40c1594ba129aa69629f0bba298bb4da0d447f6ffb536ad6d2f1f3c84582836

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7b7407349748ece3f6086d3a49326488

SHA1
cc3f97667a22109269e7e006aa365b4b76d579e2

SHA256
c09bfc3dafa166f6082e1640da09dfdb0bd5b656516ca999df1c4c3383c34347

SHA512
d738abe052c2c602cf8e9515e471b9e4f9e47e8db24737c69b519751274c789add0a096c3636cb77ace614ba3e7707700fe05a0d6221953b35bc03138b54eb1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
101d6e8204a7b534dff5a201039242bf

SHA1
4f1faa6fb98ce122449744f1e751c6687cf763cf

SHA256
0667d89656ef35c7b0a0cd6779546c1c25f2b77720900a02a513776ffb7bb332

SHA512
22e9418f3889084201676df48ce91b433ededf3dcd39dce5b152107bfec3b02bfee6346fb27b4b9d0fbb4bfe534b2ba573002eae07a699a778bca6f506f8e4b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b7125f5580abe455b34398d8d7d0890a

SHA1
dd2062125561a3f39f32381e1e22d6d9532013a1

SHA256
45392acb85c9b37977523082fdd5b4d908dc0cf447e8ce4d1fedf90b050c611c

SHA512
3d9281ff2630081f1868fcbd63bce2a819fe3161cc82beb3beaf969da8b28c9b72adc7602f4e1de1932f38b5d19bf54e9a2f3a35c59c110470dbb1eea148188e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4dcbd77765c8ef90a8e6e29f2adcd711

SHA1
84aa9c98d1274d2baa663b9306103ed1bffb551b

SHA256
5dde4cbaa5f3ddc8147a379abcd2b114c38f2c33bf839e7378d8d2e0693422c9

SHA512
4a695365d5ff31986ec387a557c88cfbac2a6ab0fca7845e2bf17c5266002e8fd6b5f18ccaa3815c224aa8dc7a5519734e5680e302a5aca752901494cb63feba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a2acb9aa5842467220e9d7041d18f616

SHA1
aa972cac9507b926ec53cdccdd627c448343dfba

SHA256
566ce4b9740c69c0b6b11752397b268d2689efe7fe0b19d590f61fd77abbbe23

SHA512
82541b0951f39c8e10ab5b37954e3f65aac7e89d54e75984f41302690939aaf0d9bd0d9e6ff5cafa7ab74db7d06b69ca67c712ce047a64c1ac5adc554b4be5d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8d2f70da9f756a47ff806b06e25792bb

SHA1
a4b7c93f846f14b3bbcda2540a9629d254c5da26

SHA256
a12a39fc3c97e5f3ab8d68b962146311ae1c2cb3150599403fd5434e9af75662

SHA512
85cee04c17b401e380384f218840252a8254911f2b2263317aa3137f3da2306093580990787e8c10bba515f87abd7f195dc29b71b315fd6dbbba01a1ab81e2fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b51238bcb95405d5e75dedced10012ec

SHA1
71c64430d0d4853d47e91049572d4903e49b061b

SHA256
37130aeb257003b96bca3302cf5ed3d29c570e268d4ad2cae80e96e843bacdad

SHA512
761ae53bf62833eab3e1e9fad15b8870372aed161548f539d0d1eade29c92c3caf8c3d34625cb73ebfb84e4bbb4d48f9608d9c851256243edf3e2665315d6940

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
c628235ffa04457b78dbda42b6688031

SHA1
d450b562a54e84ebc9bcd29bf22724a537e813dd

SHA256
e7d3978aabe15c34cca7290a08d6abf61e3c3b032671b884a344cfbfff0d83fb

SHA512
d6050a0aa7f84d18c87488830a458f47136a54ff6977571e6c910704d5d9ae9490ad90ce9ca1a33e807d1fbdf7845c9672e8e54c23ac60e44e403159f186cae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
c205104c7b955ea754827cf13554cf77

SHA1
f18933925f1de64142ae35639d1add277d7ef6b5

SHA256
2436586df65a5970c59cd8242a46f4a224884ee132da0a21adf345fa0af7e4ee

SHA512
ae3554188147332c4cba843e58b67f3218db9b11902b414e7d24823f4ad361a86311ade2b853fe2dc0336e3dabfe11266f9261121dab255a6da7bbf72d1e89b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
10d83cd1f14358640abb461b081fa908

SHA1
a2dce4d1c49ccbe277a4315664b7d277a2104fb2

SHA256
2d73959a436db14fccbea3a8907b6893df1e28222238a547f70149ae101ac281

SHA512
eedf4cfdaa6456ab5570cc7f9dd0e6ac7423b50e820481f72b4cc60fac338af9eb9358beadcadf12f6294055aad537a0a4dfb31fdf0dc9e0bf05928d37d716cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bdf3e009c72d4fe1aa9a062e409d68f6

SHA1
7c7cc29a19adb5aa0a44782bb644575340914474

SHA256
8728752ef08d5b17d7eb77ed69cfdd1fc73b9d6e27200844b0953aeece7a7fdc

SHA512
75b85a025733914163d90846af462124db41a40f1ce97e1e0736a05e4f09fe9e78d72316753317dabea28d50906631f634431a39384a332d66fa87352ff497f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c16971be0e6f1e01725260be0e299cd

SHA1
e7dc1882a0fc68087a2d146b3a639ee7392ac5ed

SHA256
b1fa098c668cdf8092aa096c83328b93e4014df102614aaaf6ab8dc12844bdc0

SHA512
dc76816e756d27eedc2fe7035101f35d90d54ec7d7c724ad6a330b5dd2b1e6d108f3ae44cedb14a02110157be8ddac7d454efae1becebf0efc9931fdc06e953c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
be42d471fa9195a02e56a1e1bbeaaece

SHA1
36f0e865b39b10ba81c3eb2e2847b2df5338f0b6

SHA256
f5cd7590298254d4b96e78d88096668c1814bb5db889c58a77bb94cbf7bd53b8

SHA512
d521abfcc05687083d2447a76ef7447cf72eff9f4054379fe4d0221e3f589623246602159f3210ed36a786504c276812f79095412885a1bfc209d0db788d9847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b5d16de793d0bc6b61ce79465be7cf96

SHA1
6e4a6c642aa4d26ac631c2a3a3f5a3e86ffffa93

SHA256
10df6737511638ef97d3bc9a376850a012d06683cb0f27d92dedff1eae5c208a

SHA512
07f0cd6eb66fc9cc36a5ddac205386a0bc6952ec9fb9f434282e3ba46df51a03e5acdacd7483f30a59a735ad5d6daa2615d638a0823320ddf776457e9a3b2fb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
15fcb298233d42e998b15343d5bde47d

SHA1
c66bd6f39be2dc172d6f29af0feca7c1352b136d

SHA256
5ce5ec546b31671f6f75f693cf9797baff7fa312a195308dede82dc6c11b3a0c

SHA512
ee0ac0ac647a5ef5ebba975d2dfecec8d6bb8e2b1433b879881091c651b24ec4449d343cc9f1a755e3bd18613ec1b48f8eabb216712d6d07dccb6bfaaf29f494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
7a60d2041f732db280c7e09fb63e16eb

SHA1
57cd5bd3574b6d6cc2688144af594de219b5b72c

SHA256
1ae20b43d8751d894b887ccce685a9de1246398e332d3e2e4082fe7975e728ae

SHA512
df8486059b0b053450db0037630eee3cc4f536d557bff1f0ea9d147a43606e24bbb42bfb76e477f846464d95486815da3642da9e184a99bf855edea731ebee3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit