hxxps://surl[.]pk/vuyuJ

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
04-05-2024 07:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://surl.pk/vuyuJ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133592820629064119"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exechrome.exechrome.exe

pid process

1132 msedge.exe
1132 msedge.exe
3140 msedge.exe
3140 msedge.exe
1660 chrome.exe
1660 chrome.exe
2180 chrome.exe
2180 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exechrome.exe

pid process

3140 msedge.exe
3140 msedge.exe
3140 msedge.exe
1660 chrome.exe
1660 chrome.exe
1660 chrome.exe
1660 chrome.exe
1660 chrome.exe

pid	process
1132	msedge.exe
1132	msedge.exe
3140	msedge.exe
3140	msedge.exe
1660	chrome.exe
1660	chrome.exe
2180	chrome.exe
2180	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

Processes:

msedge.exechrome.exe

pid	process
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exechrome.exe

pid	process
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3140 wrote to memory of 2044	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 2044	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 4424	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 1132	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 1132	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 1380	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 1380	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 1380	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 1380	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 1380	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 1380	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 1380	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 1380	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 1380	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 1380	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 1380	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 1380	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 1380	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 1380	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 1380	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 1380	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 1380	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 1380	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 1380	3140	msedge.exe	msedge.exe
PID 3140 wrote to memory of 1380	3140	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://surl.pk/vuyuJ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f56546f8,0x7ff8f5654708,0x7ff8f5654718
2⤵
PID:2044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,11040548206231610117,14833297779430376212,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
2⤵
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,11040548206231610117,14833297779430376212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,11040548206231610117,14833297779430376212,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
2⤵
PID:1380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11040548206231610117,14833297779430376212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:2660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11040548206231610117,14833297779430376212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
2⤵
PID:4512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11040548206231610117,14833297779430376212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:1
2⤵
PID:3172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e602ab58,0x7ff8e602ab68,0x7ff8e602ab78
2⤵
PID:2060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1896,i,8813563080280367836,17184173319728341764,131072 /prefetch:2
2⤵
PID:2656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1896,i,8813563080280367836,17184173319728341764,131072 /prefetch:8
2⤵
PID:1832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1896,i,8813563080280367836,17184173319728341764,131072 /prefetch:8
2⤵
PID:1872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1896,i,8813563080280367836,17184173319728341764,131072 /prefetch:1
2⤵
PID:3772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1896,i,8813563080280367836,17184173319728341764,131072 /prefetch:1
2⤵
PID:3184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4308 --field-trial-handle=1896,i,8813563080280367836,17184173319728341764,131072 /prefetch:1
2⤵
PID:4256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3592 --field-trial-handle=1896,i,8813563080280367836,17184173319728341764,131072 /prefetch:8
2⤵
PID:4396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4616 --field-trial-handle=1896,i,8813563080280367836,17184173319728341764,131072 /prefetch:8
2⤵
PID:1584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1896,i,8813563080280367836,17184173319728341764,131072 /prefetch:8
2⤵
PID:4788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1896,i,8813563080280367836,17184173319728341764,131072 /prefetch:8
2⤵
PID:5004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1896,i,8813563080280367836,17184173319728341764,131072 /prefetch:8
2⤵
PID:2592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4568 --field-trial-handle=1896,i,8813563080280367836,17184173319728341764,131072 /prefetch:1
2⤵
PID:2744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3956 --field-trial-handle=1896,i,8813563080280367836,17184173319728341764,131072 /prefetch:1
2⤵
PID:764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4476 --field-trial-handle=1896,i,8813563080280367836,17184173319728341764,131072 /prefetch:8
2⤵
PID:1100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2708 --field-trial-handle=1896,i,8813563080280367836,17184173319728341764,131072 /prefetch:8
2⤵
PID:2196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1064 --field-trial-handle=1896,i,8813563080280367836,17184173319728341764,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2180

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5004

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x510
1⤵
PID:3444

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
Filesize
43KB

MD5
db2a509594a5a1893b68ab6751b4821b

SHA1
de248758ad71bb86150de155daa2fae0ef82186b

SHA256
7205ea02f7af5c57824a95597af310a9a7f1cddb053abb3b4b82af8f09fb6f51

SHA512
37a82855bfdcd0f93c097883437c22362b8cd79530885f981c6e03fd6f2f80a8177a979a005feec10b61aa2b84b49faf0a05e548d472655eb50ff4df5b159e73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
888B

MD5
81d3415825f11c6170c26e931cd204f6

SHA1
2b7f16c075d235dc178d5f6d7b849def9aae940d

SHA256
9c8f0372acd1ffe53a61ffd91a2df67e74eb7d46e7b3569bd7dff046ca605145

SHA512
5d3ff5f20ac0fbaad97c71d58e0910ca16859754386437184a6f0a8b27222ec4a1dce287d8d3a03fdf87d7f6b8aafc639afc8f3f2f361200193f81ba137b3ee6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
792B

MD5
1dfe697ec7246a8a3f078cbae5d6e239

SHA1
90a6032ca0ed9cc3654cf10c6cff2777bf9acf57

SHA256
e4ff7b016d26483257c93bb2f838a474b3ec611d15184e035483ea90ed9e51bd

SHA512
d4b336fa5fdd2ddf82a776359222a6901fa97a50a9f998fc50dee87624626f4ebe5efa0b3a379f73788593ac406cb3e949039132693e4ed377d6f5036a9a5e02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
5473e51239a5f339b4486f23b21517a3

SHA1
0eaecabe4147e68aee578934780f7e33d1417f08

SHA256
3aba5e6325dd74e0bae0129a241b4ab1f18a3688806886e1999d5da3f8c88031

SHA512
f7a5b2840860bcb1ae7a8be30657513ec02b4d7c015d58e30fcd9e770427896e5664a042f1eb716b72f133351eb0a30b5ce1384ef283c28d8f5d075544f4bad5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
859B

MD5
354c230928511a5eb302016a89c351b4

SHA1
cd097c44eaffd23e966652da295029042dc0bd99

SHA256
37f6eadb03a961ccf00bcb4684ca15ee3ce5786b62dcf501c518f343edefa412

SHA512
8c9fad8bf4deb010ccd60b468c6d2263a78a793a1d37337ce1a6afdae8f10d123a960f4ea3ce82f2d02d5fa7a5617a52b2eeebc3311ecd8d3e9946e90a0d1ae5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
859B

MD5
0407fe9e29963c652e0ea4dac50fc990

SHA1
502d0fc15500d951bbc0e7a2c151c8427dc298b3

SHA256
e4860f235f2e2a24aec6402422ddb48385d8073a24d22ec87641f2e2035ca49b

SHA512
6252f6094547d671d0a2760ec3e67b7af68e4f2decd5f4d5402bef6e8404a311cde0063d82130e44d2e812673104e776eee90645e83e8d8e3030443f87137b7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e1833b7d-5d14-4f8d-af38-54241bfef5ea.tmp
Filesize
356B

MD5
b0032ae253423b41a1145a591bd1399b

SHA1
ea4e4ee4ac2f857902bd5d1daf807c1714fb53c4

SHA256
27210e4c26a6b5e83cb1de82c55d5144299216bcee9b17ae227748db94525e71

SHA512
0a724e20b69f5e61acff1f7881d5187bb5badf6d4e32798fb36453a628690be27f99d2a431a54cd8b4eafc322856b283449cdd128e76d5a9ddb139768cb2fc0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
c0d17cb2f44511c062c62c1fa2374df4

SHA1
80e3849185e5e18142cb3f5a228b48c1dea16f9e

SHA256
4c2494f6e588e6c3d02e0651b0cf5e4ceb322d788854f3dfd4b93a7e4f5db4c7

SHA512
a9865012db0f6821404e64bf112665103597ce3d70a73a299111317199a49e029d5beda93fff6475a9d9282fd344135772ebd701ca994522847a87c13d7c3e2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
0169ee818d064a6da0bdfa0e7389f968

SHA1
5322de2cbc4474a2c34c3e7f24d977b25f03e729

SHA256
707239e8ce67815e3793e93f30cfbe7a9f07d2508eb39ef7cf90c2d26da28e18

SHA512
088e6c6042dbf08322ca4554624a3bba029c34b78384936b8d8c3438d60f598c7988a84cb0eaebc40f949479eb731b4aa3af9e83a00a72343a60a6fb0b7e9a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
19aa067d97aed6727df05377dfe67c7c

SHA1
2c2c87ec4a79acd8234420893523cfd6e3dce107

SHA256
7d1fdb941491916ffac7eae029951b7dd248c4073cfa688d3b1c7e5d6d593c7c

SHA512
b11761274b29198596a3f5be39996148ea2c4f91af5893bb3546c6fe497bc1eec773244bcfacabda2b5934eb062327f801eb7a7eb50813aba8c33d28b9543ba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
ac9aebc3b9d4387cc8e78e33df25de9b

SHA1
0644d3d9a0953a054f7a7b0c07f954acb727cb6e

SHA256
de517a73a91266f379ac4257579d47361f3cabd9bead8ac4dfae8124c57eb8b3

SHA512
425eb637741258d71dd585b85c8acaf91e8afe0d8c94be6b43b9bb0e56a84d316a036e2e0356d6c04762d410da2e26884c566bf1701f35e86bbcb8c2c6dbe456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
62af36c0308fb1bfee809e6dd2495f26

SHA1
58133ef91fbf03b49fbbe55efade99596146159a

SHA256
e1be7bd0c0d9388a7fb868f3291158385bd83d1a30bc573ba73d61e3abb37bd2

SHA512
379fe8860fe57f525fc83ee25ca71dbee60f68817bacb07d1146864e3fa3559155a883daf472c40cdb640b97c1a1933c5e12b8540161ad54d9e086090d91a7ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
a7d05c3e5103b4a91070a53b577f3149

SHA1
771b6a5c0da9e32e737cba9c48a4435c87715b97

SHA256
98d5020a27fcf760af3b5eb830829e56c85eaab1f682a25657e91363b53cf692

SHA512
59872625951de728d150997d010aec85fce8490fcabfee8604d271c143b829f295a462a1d2453d39be7ee31c026ba6eb9192c9796de074e2bac9ee39e3368c3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
ffb34af4d890a491ae1b7bf62ef38298

SHA1
63bc5d32619cec34455698074b7097cfa98c93f9

SHA256
2fc0ac3f6a857ea1748abe4007c856eb14047d0593b215c549c29ffff207cbbf

SHA512
bf1a3ab4998a73b3dd2bd8adc28bf3aa6778013fc984427b440b484f8ed1c3819e979e43d91ebe6f64cfda347667b57fd38ec1d48cb7ba9bc12e4b6c6ffb3646

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
89KB

MD5
1150e6d5a630025fab5f6ae9ddd4e0ba

SHA1
1332e1adb248883c3e0975a7a774944df5032082

SHA256
f1f673e1472ca7d6b04c3ce241876f62a0ad3827c873bf7b1517a8851959faa2

SHA512
d6985f713b8c686f85b4ad5bad3378fc410bb58cdcfe29965a8399a2251e3222379f0f41f6f5764bc30b8adb9bd4cfff3f4c7bf31f1fa931e17f2e3213667220

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58fdd3.TMP
Filesize
88KB

MD5
43d27b4d353149e255aedc0f7ad62beb

SHA1
a8eb20490a915f4e2edfda5b54f76439b3b1c0ac

SHA256
1fabd3cb22e6e7c1e567a43daaa7e6aa84b4d3fc3995915e91b469a944e16e64

SHA512
88d46de3ae553f280b4ca1240df50c1ea942a225e4705c70350b50bd2dda947972c28ac33f8ce5989c5523be290dd18a25c97b89524f6667d120f3071019ecf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
5687b28592eeacfa83f69fd2255e1c21

SHA1
abd25685616bf36f09e2a995b215939c3f4f3fb8

SHA256
d121738cf2825eb7866f4b3dbefb6145cdde975c8c06c6ec3e966303c76583d3

SHA512
75f7bbdbd8a058eeb4bcf54b90e6ccbd4cca68e4e8cd92b271b7bcd0fe1dfd6f71f877ad831c108d898dfe893a26e212dba40dd2681bb643cbc94963df8e1474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
380B

MD5
2420fb8436d548f0d483810fc76d1539

SHA1
2892c8a8c4ee3bdf506ca7673ab82e0c27b778b3

SHA256
a3915bafaeaa6407e6b0dcf531b0fb9ff0d1010861d34535d65c79d586fb2a4a

SHA512
e18b9817f3e7fb8c0497121fc3d56ccd77d1f8e4085d72b52432c4502b057f4e534be7021fc548ffaa404c48abb90ef059156586f20e582c6dcae5a2b522a0e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b3328f8ef25fe632278036d79dab88a5

SHA1
9a577220be4071fc5277a1923eba4b2f99eec551

SHA256
2d66a6ecc9fb888df822e461d9e17763001a015503f3dd1156490a2ab3737c95

SHA512
dc4af793d6b160efaf50805be0bbbdd1f818c1b7bc167b196ae3dbd837761fcead51bd15db4fbd673f2f71b1bf1c8f6dff48ec567a2b598a63ca44a3c88e3714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
3f4f68ba623ea8c50eb559d836cd9ac4

SHA1
7d73c8bfb3c116acf716b7c074ef60de665d04e4

SHA256
2b81a7a4bab06c34c8599d5bacdda4296471ce2115f2290ea8c549377dc8c8b1

SHA512
1b5e7ec1f42b5d395cd4af13d2de2558087a9fee105881ec0be18b6ec295997de6aaac05abf2292c9369ab01d1eff2e1574d5e667062e93710b05e56362c0456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
fc517b869d4169070beaec7965732fa3

SHA1
74287ef1e4d87a99f84da75e3b6b22023b5eaaed

SHA256
694d08535d420bbe0a1c48fb91041f5de95ac28ec76efd36cf36735688d9a9e7

SHA512
05cd90cf8d20b787f582329254562a54aabde92a734d2a7b3937ae45b38b2375c2271ef75931ddbb9ac400f583f7230e0ac47137ed26ac905c56ac6c3456741e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_3140_WSBETRSVHZFYGFMS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit