Analysis
-
max time kernel
1194s -
max time network
1202s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 22:00
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://app.freegamewallet.com/welcome?&utm_term=free%20robux&gad_source=1&gclid=Cj0KCQjwsaqzBhDdARIsAK2gqneGWGCWITryFK0rma6mbrdPXQAZJ7NfTtnUaETeiauQmNOjGawmXlsaAnWcEALw_wcBhttps://app.freegamewallet.com/welcome?&utm_term=free%20robux&gad_source=1&gclid=Cj0KCQjwsaqzBhDdARIsAK2gqneGWGCWITryFK0rma6mbrdPXQAZJ7NfTtnUaETeiauQmNOjGawmXlsaAnWcEALw_wcB
Resource
win10v2004-20240508-en
General
-
Target
https://app.freegamewallet.com/welcome?&utm_term=free%20robux&gad_source=1&gclid=Cj0KCQjwsaqzBhDdARIsAK2gqneGWGCWITryFK0rma6mbrdPXQAZJ7NfTtnUaETeiauQmNOjGawmXlsaAnWcEALw_wcBhttps://app.freegamewallet.com/welcome?&utm_term=free%20robux&gad_source=1&gclid=Cj0KCQjwsaqzBhDdARIsAK2gqneGWGCWITryFK0rma6mbrdPXQAZJ7NfTtnUaETeiauQmNOjGawmXlsaAnWcEALw_wcB
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627896830822778" chrome.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2996 msedge.exe 2996 msedge.exe 1604 msedge.exe 1604 msedge.exe 2984 identity_helper.exe 2984 identity_helper.exe 1160 chrome.exe 1160 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs
pid Process 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe -
Suspicious use of AdjustPrivilegeToken 50 IoCs
description pid Process Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe -
Suspicious use of FindShellTrayWindow 53 IoCs
pid Process 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1604 msedge.exe -
Suspicious use of SendNotifyMessage 48 IoCs
pid Process 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1604 wrote to memory of 3124 1604 msedge.exe 82 PID 1604 wrote to memory of 3124 1604 msedge.exe 82 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2032 1604 msedge.exe 83 PID 1604 wrote to memory of 2996 1604 msedge.exe 84 PID 1604 wrote to memory of 2996 1604 msedge.exe 84 PID 1604 wrote to memory of 1896 1604 msedge.exe 85 PID 1604 wrote to memory of 1896 1604 msedge.exe 85 PID 1604 wrote to memory of 1896 1604 msedge.exe 85 PID 1604 wrote to memory of 1896 1604 msedge.exe 85 PID 1604 wrote to memory of 1896 1604 msedge.exe 85 PID 1604 wrote to memory of 1896 1604 msedge.exe 85 PID 1604 wrote to memory of 1896 1604 msedge.exe 85 PID 1604 wrote to memory of 1896 1604 msedge.exe 85 PID 1604 wrote to memory of 1896 1604 msedge.exe 85 PID 1604 wrote to memory of 1896 1604 msedge.exe 85 PID 1604 wrote to memory of 1896 1604 msedge.exe 85 PID 1604 wrote to memory of 1896 1604 msedge.exe 85 PID 1604 wrote to memory of 1896 1604 msedge.exe 85 PID 1604 wrote to memory of 1896 1604 msedge.exe 85 PID 1604 wrote to memory of 1896 1604 msedge.exe 85 PID 1604 wrote to memory of 1896 1604 msedge.exe 85 PID 1604 wrote to memory of 1896 1604 msedge.exe 85 PID 1604 wrote to memory of 1896 1604 msedge.exe 85 PID 1604 wrote to memory of 1896 1604 msedge.exe 85 PID 1604 wrote to memory of 1896 1604 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.freegamewallet.com/welcome?&utm_term=free%20robux&gad_source=1&gclid=Cj0KCQjwsaqzBhDdARIsAK2gqneGWGCWITryFK0rma6mbrdPXQAZJ7NfTtnUaETeiauQmNOjGawmXlsaAnWcEALw_wcBhttps://app.freegamewallet.com/welcome?&utm_term=free%20robux&gad_source=1&gclid=Cj0KCQjwsaqzBhDdARIsAK2gqneGWGCWITryFK0rma6mbrdPXQAZJ7NfTtnUaETeiauQmNOjGawmXlsaAnWcEALw_wcB1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1604 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb340346f8,0x7ffb34034708,0x7ffb340347182⤵PID:3124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:2032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:1896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:1704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:2684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 /prefetch:82⤵PID:2820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:12⤵PID:3540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵PID:3744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵PID:692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:12⤵PID:5088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:12⤵PID:3620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵PID:3492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4336 /prefetch:12⤵PID:1496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:12⤵PID:3608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:12⤵PID:3284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵PID:5208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:12⤵PID:5936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7204665572219078286,8540203850030331089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:12⤵PID:5960
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2524
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3596
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1160 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffb2472ab58,0x7ffb2472ab68,0x7ffb2472ab782⤵PID:772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:22⤵PID:1496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:82⤵PID:4536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:82⤵PID:1440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:12⤵PID:1280
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:12⤵PID:4612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4264 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:12⤵PID:5156
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:82⤵PID:5436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:82⤵PID:5488
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level2⤵PID:5564
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff72f17ae48,0x7ff72f17ae58,0x7ff72f17ae683⤵PID:5580
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4948 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:12⤵PID:5792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4992 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:12⤵PID:5800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4796 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:12⤵PID:5952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4132 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:12⤵PID:5236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4904 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:12⤵PID:1152
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4996 --field-trial-handle=1928,i,10823636137022933313,5213345664215083654,131072 /prefetch:12⤵PID:4104
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3580
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
811B
MD5e71ee2a79849779cad4284174008291b
SHA12c56b112a7f5498bcfeb768607b79596f54820fe
SHA256bb5c1d895a0f662016e2285aac308d591c4ceecf52b184f15be6c31627308dfc
SHA51243673d5fbc74b6fa360dd6cb65e1280cad3aa02bfc6613166a6fd137c9e061a789d1aedc8f24f5a53baa443b52084810928e383ecba5e4179ede5b08d35d655b
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD5963f7e3026a46ce1140f486ceac6eeea
SHA149ba72d809b46a747c53b13ee91b2542312c7bb9
SHA256cf79ef4b4c293336977baeffba61998281ddf786943e38a6b4fb51726140f9f1
SHA512daab4bfd41a5cc35c2de62d54cf4ac1b5d3c4868688ef29d382ff855b67dde55e2d1d6ffbc85af381c25abfdca7a913505caffcc267fdbc486cfe85921c1ad17
-
Filesize
7KB
MD556fca606ea038307034e3d635b40f018
SHA1147935a2082340e2a0c94bfa6a16ebe129bd5807
SHA2567b2a6af221cc2e230c03ae523403fff908e2200560beac76ad2c5049700b5893
SHA512d8b6852eaf8180a5026d193e560e8c1ff61df127e310549d2d74d2abd2d404b70176788930d3513a47ce6ba03a5d5cd31117bf3672e81edb9eeb2f7ea357f5ec
-
Filesize
129KB
MD5a81277aea56608346eba9825d2050d50
SHA1bab95a64c600215568bc291b57fdb44a94cb612d
SHA25687381fe9530ce782bc15d89703d1ebf613ad4bd74479e543b70d87eb9a24f093
SHA5129fe0b61ef3e5bdd26e0f4bbbfb8bc6c6366de2e7c124ae2bb5a20b5cabad852d3a5c79e933520e3a5d0f3f08a92017c874ad41d597eef04d1923c46eb5df865e
-
Filesize
129KB
MD53067d2f2b1a2f2adad60d9537f9b7220
SHA1c11c093d5c0543fa9be6b0d802c50412f74025d2
SHA256babba914059cf8a7534727d5332972db1a8bfd0e69645268306ca1c7a97938ef
SHA512f44d5204fb92635578b0a322651342f3d367fa294970654248ca363d1e49eff62a3c946e083078251c9513fbfffa5f6ae6baf99bb603a2879d6f9067a0c0e751
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
Filesize
5KB
MD5f014ca158666d99ae44c31e9b25a8c24
SHA1379becde3ec1e4ca63a3193bfa09350e78089365
SHA256b0818e27f83b3b45954fb21a4022587adfc633627a076a32633bc02fde9d36da
SHA51258107678bfd83d06f8cf5aae9dd3437a2c28182bb5cbdfd39bd856063f9901af99c72ce05da09dad894959b9eabbb8dcb58832e22244791dd521a71f255c5158
-
Filesize
6KB
MD5299028da35573a65b3dd47e0abbaac6f
SHA1990cd0782167462fe243c1ce63c7dc0a62fe442e
SHA25611e9e19c9d94a22543dc8d0b8b43640a5dfd762847fdb8a07a0388111f270ee1
SHA512432d6ee92b5e720a212e7cc1eeb2329760e7e554fc01389c769c5e5c20ebe0413367c50ef6de25e081c17d5ccf9b53c883f3919e7aacbf760da5bb7eab8cb00a
-
Filesize
6KB
MD5bedaa6ffdd440486ca10b0a8b0cffb1d
SHA11e35df12d9592257c1eaacb4622d64139af24342
SHA2568575d716a49cac4e052c511250d03e1be655a86f3c08c298ee8fda951420af76
SHA512f97f1536f6cf340c0aca58f621c6e1d5048b319d90046a9261c8bb4246959213e041b1f6b5ec9d7a64008d23e9965f33ecb92b1a4c45de5702dff4564590016f
-
Filesize
6KB
MD5ecd554acf7fccdea7dd8e4c305554fd3
SHA1980e2611bb09faff9c3a9e8c67cbf35e4736b665
SHA2568ce2b6ea74ca8671834a86d411307dfd3208813bb0eecfa2462a93c6009bf0e6
SHA5129532ec841b9df2bb9699ceefdb26947523cd4c47ddfe0288767bd03986bbfd1767e29f729a2611f6ff6c87808a3799245bb4429ebb6851189f10ace5874c7616
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
8KB
MD54a0b513276bd1037e294f9495647b130
SHA164e9cc3f3961b76ff7083e7ab2313dae68d27625
SHA2563f2cb56868e94f5cec79eda57a034263ccecb8f62468e82d68b1539a5fb55bec
SHA5126c98f07a7fc53099dee5d92923877e17256b44fe2d40e4bb1eec723eb90f3ee6ea9310ca930110199bdd0d84adf810233f81717a76aeb2f003d2de9ef62b419d
-
Filesize
9KB
MD532ab01be954c067aecd65d15907c6c8c
SHA16c286b2ea747b6f42df671b8d15ad033f0e1d832
SHA256d4c4393d5b236684bcbe2e9ee310dc2c41236edb88b88fbdb11673558e2c35a9
SHA5128f35a3e2df4f5534400a00aa1159cd271af2e3fada54abd57c270fc86de9ecd05364cfaa24d959db5400b1152f31f84da870077251823e9220712f71b6b1441c
-
Filesize
8KB
MD5e3599ebe7db57842e3624236d5dc16a4
SHA14665c02403c3d1ddcf4341b4550f5edefdc61dcf
SHA256bf473346a1875f7d28a29c7310fe7fbbc773dad0a65a18b771c4e238f9f2060a
SHA51201386707e878d93c81e62a68eaaa1a40c80f3d3f5de7a9fafe8f20e3d54d41ca005d967b820ca531c0401409f7b4f5b8aaeb58851a77c0166e7e345c211154d9