hxxp://fs17[.]megadb[.]xyz[:]8080/d/5lnk7vyoy5vxygoid7w6xgqmh3gm67scr6s4a62yll7yuodgwssw52sqrgu6m4tyrdvqsw6c/Need-for-Speed-Most-Wanted-Limited-Edition-SteamRIP[.]com[.]rar

Analysis

max time kernel
300s
max time network
306s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 13:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://fs17.megadb.xyz:8080/d/5lnk7vyoy5vxygoid7w6xgqmh3gm67scr6s4a62yll7yuodgwssw52sqrgu6m4tyrdvqsw6c/Need-for-Speed-Most-Wanted-Limited-Edition-SteamRIP.com.rar

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4580	msedge.exe
4580	msedge.exe
4388	msedge.exe
4388	msedge.exe
3876	chrome.exe
3876	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4480 wrote to memory of 2060	4480	chrome.exe	79
PID 4480 wrote to memory of 2060	4480	chrome.exe	79
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4484	4480	chrome.exe	82
PID 4480 wrote to memory of 4648	4480	chrome.exe	83
PID 4480 wrote to memory of 4648	4480	chrome.exe	83
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84
PID 4480 wrote to memory of 1152	4480	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://fs17.megadb.xyz:8080/d/5lnk7vyoy5vxygoid7w6xgqmh3gm67scr6s4a62yll7yuodgwssw52sqrgu6m4tyrdvqsw6c/Need-for-Speed-Most-Wanted-Limited-Edition-SteamRIP.com.rar
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xd8,0xe0,0x7ffedb2cab58,0x7ffedb2cab68,0x7ffedb2cab78
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1928,i,5508217875931624124,1436339081747422743,131072 /prefetch:2
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1928,i,5508217875931624124,1436339081747422743,131072 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1928,i,5508217875931624124,1436339081747422743,131072 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1928,i,5508217875931624124,1436339081747422743,131072 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1928,i,5508217875931624124,1436339081747422743,131072 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1928,i,5508217875931624124,1436339081747422743,131072 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1928,i,5508217875931624124,1436339081747422743,131072 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4180 --field-trial-handle=1928,i,5508217875931624124,1436339081747422743,131072 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1928,i,5508217875931624124,1436339081747422743,131072 /prefetch:8
  2⤵
  PID:364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 --field-trial-handle=1928,i,5508217875931624124,1436339081747422743,131072 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2708 --field-trial-handle=1928,i,5508217875931624124,1436339081747422743,131072 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4972 --field-trial-handle=1928,i,5508217875931624124,1436339081747422743,131072 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 --field-trial-handle=1928,i,5508217875931624124,1436339081747422743,131072 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5188 --field-trial-handle=1928,i,5508217875931624124,1436339081747422743,131072 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1928,i,5508217875931624124,1436339081747422743,131072 /prefetch:8
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3020 --field-trial-handle=1928,i,5508217875931624124,1436339081747422743,131072 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3268 --field-trial-handle=1928,i,5508217875931624124,1436339081747422743,131072 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5532 --field-trial-handle=1928,i,5508217875931624124,1436339081747422743,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3876

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2304

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\SwitchSuspend.shtml
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffec92946f8,0x7ffec9294708,0x7ffec9294718
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,5831300861412853655,4521948219514064235,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,5831300861412853655,4521948219514064235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,5831300861412853655,4521948219514064235,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5831300861412853655,4521948219514064235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5831300861412853655,4521948219514064235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:4324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6f2dac48810ba00c6dc5533f335f9f1f

SHA1
f7b25bf153ceb9a938fd20944f91821254ffeef8

SHA256
479b545c77f550b6dd2625323b1cee39c44915c32172085220401355f9c65f7a

SHA512
e3bce67805b43f181233d7138bb4c592d61ef8988c9e1dfe17c4085e409d253101ba1ef36473115ddef9dd4075fa296c91d068ad943bbb19cccc1a8a024b9dc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9e6d1e0a7f44242a8ff51a026847e38a

SHA1
415f16423d032a73c8aaeddb6b7678ce20f0f02c

SHA256
edeb86cdf79ff5c43fafa3f5c687c8befc063a3b4c1ace7ed67b6a1235bd2539

SHA512
253ecead53d019286256608d46e627da177ec746d2254a75206aa4751860b6354ebeaf39baa2ff7acd81b6722808618f00783473fccda12e150add71a0881c2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8d9f62e1c1ce7abc0696d7469f04923e

SHA1
aef543be079f9ff76e2eec852ce9c0c1b941dff8

SHA256
2be63d987dca0dda60a4f9ecc9fe5b3510ecbdd534492eb6b49995c4a99c7c39

SHA512
cbe89a07d936e3217cc25cf54ba1ed3383bdb5a76f8a6cbe5714823662efca0900937153f6f5b0daa68ca824884ad856a1bc3e4af9fe3dcf37436e18a4e8cd4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0c90411a6e571e28269f57e856c1c957

SHA1
8afb2f5fb72e8b1836ef58d4af66749f81264324

SHA256
d9db4b897bf3793706de920d9e206f6cb1604c7a70eefcba6beefd3503c618fe

SHA512
4e6ddabb176907b46a904b6c3422aa68da55cfbd0eb93308e908f7d324206b8d15d3615489a2d286709e1d84b5786ecc0a3181a1a021fff39a68b826b79553a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7d262c09b806a7ef9749ac905e6a51e9

SHA1
3eeca73126893ee8d10c452b78891b79c10b0e8a

SHA256
456e4ea814c18a3f95f3802e6e7c89c57b1a3a9d35095e33963f04c52c28a173

SHA512
1893255031d0d4ff2fcbd22c84767067f822096adbdfce359bc2c65e0f159dbcc954689f7edf4649f806946a1af4bc3fda5a79a599f366c27eaad17c193551ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f91171b12cc27b546bc980bba395c24a

SHA1
7b838508f1be22f955e0a6b1c68d83d19005854f

SHA256
c9fb731094a3749a40a6c57e0de906f9c337f6edf44dfd0f8ee6915c4edefd4c

SHA512
2a5fbe12545b2d4aad10fbbd8d14a2f899a77119d73dfea3eab89879310fef659d43fcd969877c78b0d92fe83b2b15b952875d2bac1505970e38ee6b82fccbd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
82319a46334f88013f38d01e180bb0db

SHA1
a5f58130830f30599b473484caec3ec10dabe7a9

SHA256
ec2508552f0c5bf36a7ad824a536d228ee8a90257f3ff49001942a2868f012c9

SHA512
99083bf233712752bb66dc6dfc164dc47c26b0a93ca47ad15160f8bf359829c4d311588023c0b38ec0a9b0a36d6aea25227a59ad468b61a11915f867178c17ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cfdebe2904c67eaa12ca1c3646af36d5

SHA1
47a86391438a9f1a05f29ffce6db0a65a2fe1968

SHA256
d52444f6a760377155c5731b9963475d6137978d63c5e714703042cb5b5639d7

SHA512
4296fa37c24e57f29ce1c6f3fd09b770a435d5a783ea8d10d2fbd2d9e442d0b6c874e7bea217c8963818df6ead233afc65d4a262b06fd88b0e90ae75fa087332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a0f57e7ea0aee55bf2626b4f42b945a4

SHA1
0988dee58fb7f83b2320477da4da55a5f4f4ebb0

SHA256
d2a978ae924c18be1d58c5737e53fdc9c45bddbcf38b57a6e56a077de31eb4ad

SHA512
0646498e20ba6d628c415781d2e77b7227a182ff6d256fad20c75b4b38fcf7f073247e682f405617c432efe087545b5034833d1fea766a1feeab2b9ab3a44033

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
1393d9e1acef1683bfe22949a054e4b2

SHA1
3236515788f5ea53a9ce2123241387e63c51b633

SHA256
959948289882b2ef9e6ca3120cada50d407a7cd7a135029367d81ebca5663876

SHA512
84211905204a2604916bd3fa8e4e21e4a0429b646a3fc916cd5fea6a3d620907d0fb0544f7c5314d7a51e1d4cff79280fc2360a851bcb65a6805e7c833cecf0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
ea4866461100884bcfc2d1dc075316c0

SHA1
ae2826c985278e10e0ed288a63989f90ea295f36

SHA256
4fd091777cc67d2143df1de5ceabb1014e57f1d0178b85d54e7efa32f17b5cf7

SHA512
1717920db9cc08acf262dfd3e34fb9fa0480251925882e2afb2afc488e55fb48dda20f89f1b926da819c02e341d2c4e262fba9fcd875540a48c8c9f687aa5eb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
25985b6ef5298287f6d578130f488550

SHA1
077b9e2d192773cc106431a27e4a0f0724c9011e

SHA256
1efb204672c1a56a85b1ea198e0ce9fc4be8f6e3aad95da8335e6d235db07dd9

SHA512
6b33828d179c8377bbf4f078a955c0d83a0c6d1c706aad6d4d8c60bee2b80910ced7e20161dbc05318410f00725e1a9ec908d76688605eba6bb602733bdc7bf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
286KB

MD5
7f55851471ee6725a4d89f9415f596eb

SHA1
94710c32826c8ef15f89f950ab9ad0528249f263

SHA256
058004ca535c733971b42bd4ee742ecf6edb7a76e477356ce04745b70486fbe3

SHA512
4b920ab3c5edee409cf24a1a63a3a51425adbb83e1019ae45eeac209cc4c08a616afe23d226832512fddf74bcefb9ce4638ac8644850ca3c95aa1423179e3d14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
5c150e7ade921c2e1f040217d30d3880

SHA1
d6d2e6a29bbe169b3f67c17de82460e54e709d46

SHA256
248111a0b6ba05dc521828d4ca31a90d7ff3f4cc38cf0ebb6dd65f06b088ea1e

SHA512
85bf5cb4281fd06f9bc784f28ffd5530d6a642b22576ffe7411e537dae2d9d7108288d9f737edb2cdf0f1e0580ac697812e9a9daff0b76ff22862e7b09c200f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
e35fb83bfe9a588e740d74f3f30d1646

SHA1
c82a6337f42e443fd76bbff8b978b0db52b7395b

SHA256
d4a43066bb64aceabb04df602bb7321bf80ab8add6b169b732b2b16ee6311f84

SHA512
ffdae0f1be7844d58b88e0fdac5dbc50c7ab491364b191489829d634f7c7344570d52478fe49a8ff42841f72b854d48871d0f3ced5a36313db2a56bb72de58be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
248c2a753967b5329fd13b7b789b5cd9

SHA1
845b4fb2aacd864a4235ccb53bb7c0a7977b90c0

SHA256
2e2813a15a2eba4ccc83d9b5e87dfeb6fe4a9297be7ffb29b11134e3be8ffac1

SHA512
169d3cb0304758f55374b965f4af3a0779b9864ab6a82c940e4646b79e5b9ce19bef23916be21a5c612b9c4afe29e5c309feb44fee5845a291c229a79051ada5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
b13cca68805f4426f80ff8f0bb3e1dac

SHA1
87544d2099b8da57ef50bdf55ed9fc754e6a217f

SHA256
b18d485f0490338a33e2e253003e7d209039ed80808798071e4e6161e07d76c2

SHA512
a9b84508a02d4ee62552ee80d0c878b6f164e320563ddf817ba36e47c4426e246849455245491b7c96b373bd0112930921c0cd6b6898344c766d1e1ce1e69006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e86c.TMP

Filesize
94KB

MD5
68a3b1d7e3b245e47921707cf100422a

SHA1
2355b53daec4028d347f4b3d2ebb538aa5ed05ef

SHA256
8bb656f1847be5d045b8026d83474edc6e1f30f7f0b99a641fdf20c75d76c813

SHA512
e724809f5fb8f9ec21040782368509bdc081ea888a7644956202eaec2d8960b94d5f0b301689df10287ee4393c55300dad201510430c0d4a6b1c8b13a4c07cab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
37ee1daeeed85e855581e458fd145749

SHA1
a768e4b02cc458d7c63d5ad086d267834c95685f

SHA256
a7f3ee7bfcf16745ebb736ad5227790ec0fb51894cc8d868f664ed9cb0399477

SHA512
f4ab6de8b828e558354d23ac9c96d34cd1dddf0f326a6b3165d98388f7831730105b859b847461e1394dc1dbb88b9edf9882b75e066deb4d6ba1e69f9b5e5fae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4dbbf4190efe307fcb6615ad38eb4b43

SHA1
40969e0e0f87849ebff6fd519b462e28acc67fc9

SHA256
5c603761763bb038efd03795e4e53bf164b2d6b4e6b0cd8f49906b0b7f7d3c1c

SHA512
b3a9875724b71d126c8c6341bea569155ae64d39b83cbf915fa5dc1dd9d02cb8f675dd532ef196ab379249c73ef8ffd261d2f52202f9dcd35f217906593abd82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1c11e47f071a3d2c12a1d2c855b657e0

SHA1
1afba37324f2e318b40a8c2504fcecda3efc55a5

SHA256
2171ab9862b6bfb83cd203cf844834b7184359366bf8142a39de0ac78c8a5a03

SHA512
3971ae07695540402949111b5513f3b4a8b8d3397edc0eb646fe64a643e5d7fae2f3923696c983993144e190feaac96bdfe6e056e6c2e3ec66e1d7e7f1d9550c

Download Submit