hxxps://gofile[.]io/d/RVPzaO

Analysis

max time kernel
1761s
max time network
1771s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2024 13:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/RVPzaO

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628446268993687"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

chrome.exechrome.exemsedge.exemsedge.exe

pid	process
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
4968	chrome.exe
4968	chrome.exe
3112	msedge.exe
3112	msedge.exe
2324	msedge.exe
2324	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

chrome.exemsedge.exe

pid	process
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

Processes:

chrome.exemsedge.exe

pid	process
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
3260	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exemsedge.exe

pid	process
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3260 wrote to memory of 4252	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4252	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1416	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2264	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2264	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 4996	3260	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/RVPzaO
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9052fab58,0x7ff9052fab68,0x7ff9052fab78
2⤵
PID:4252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1912,i,15528580833420076228,8712769665890607691,131072 /prefetch:2
2⤵
PID:1416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1912,i,15528580833420076228,8712769665890607691,131072 /prefetch:8
2⤵
PID:2264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1912,i,15528580833420076228,8712769665890607691,131072 /prefetch:8
2⤵
PID:4996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2756 --field-trial-handle=1912,i,15528580833420076228,8712769665890607691,131072 /prefetch:1
2⤵
PID:3612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2764 --field-trial-handle=1912,i,15528580833420076228,8712769665890607691,131072 /prefetch:1
2⤵
PID:1708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=1912,i,15528580833420076228,8712769665890607691,131072 /prefetch:8
2⤵
PID:3136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 --field-trial-handle=1912,i,15528580833420076228,8712769665890607691,131072 /prefetch:8
2⤵
PID:3252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5104 --field-trial-handle=1912,i,15528580833420076228,8712769665890607691,131072 /prefetch:1
2⤵
PID:3996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4848 --field-trial-handle=1912,i,15528580833420076228,8712769665890607691,131072 /prefetch:1
2⤵
PID:540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4016 --field-trial-handle=1912,i,15528580833420076228,8712769665890607691,131072 /prefetch:8
2⤵
PID:2380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1912,i,15528580833420076228,8712769665890607691,131072 /prefetch:8
2⤵
PID:4748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1912,i,15528580833420076228,8712769665890607691,131072 /prefetch:8
2⤵
PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2760 --field-trial-handle=1912,i,15528580833420076228,8712769665890607691,131072 /prefetch:1
2⤵
PID:436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1556 --field-trial-handle=1912,i,15528580833420076228,8712769665890607691,131072 /prefetch:1
2⤵
PID:1344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5072 --field-trial-handle=1912,i,15528580833420076228,8712769665890607691,131072 /prefetch:1
2⤵
PID:2552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5084 --field-trial-handle=1912,i,15528580833420076228,8712769665890607691,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5112 --field-trial-handle=1912,i,15528580833420076228,8712769665890607691,131072 /prefetch:1
2⤵
PID:556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4844 --field-trial-handle=1912,i,15528580833420076228,8712769665890607691,131072 /prefetch:1
2⤵
PID:3360

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8fe9d46f8,0x7ff8fe9d4708,0x7ff8fe9d4718
2⤵
PID:1568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,10212407452465195603,8697840700413789311,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
2⤵
PID:3756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,10212407452465195603,8697840700413789311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,10212407452465195603,8697840700413789311,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
2⤵
PID:4484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10212407452465195603,8697840700413789311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
2⤵
PID:2348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10212407452465195603,8697840700413789311,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
2⤵
PID:3404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,10212407452465195603,8697840700413789311,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4708 /prefetch:8
2⤵
PID:3304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10212407452465195603,8697840700413789311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
2⤵
PID:5032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10212407452465195603,8697840700413789311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
2⤵
PID:4828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10212407452465195603,8697840700413789311,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
2⤵
PID:2876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4464

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
811B

MD5
f82d9f02cca5b4d0b983ed66514c5b5a

SHA1
8e76899847622ad00117fd286c5e23e961635883

SHA256
8130d95f171b79f079a8b4ae96e26aa924652e3e9d72782c219da3c40252bcb5

SHA512
7023184b457a4d89d2677643dd2f327724a8321593123b16c6d66166fabc1ee126b2dcbb73542622d24476dfbe032aa958b3736f26d43353b19ddbe9475d968d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
dbfef95dc7e71b715c226fbfb4b95a4f

SHA1
336f414061355d3265d05df5ecc1e6a1761085d7

SHA256
04377dfd39b87bd0f3d0be5b85293e11b26e96c58f2e3d4f3172f45aab11701a

SHA512
f895c4cdf3062d5b553f8f0bbc7f24021976f37a712472277b5989708532234ca4d4ad410f66a6dd85034d6574c365e40acda897439924ec483a903f9a242927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
562f242420fea7c25aaf11e38dc27c10

SHA1
396f123e4e053637c4917143848e27471c1da91e

SHA256
ff4fee3c0c21810e36fb2f0f5ad8850943aad4b014178ac4eb415b6375512eea

SHA512
ae79f9020a79ec1718ef1f62385b6396a3c66659fb4d1e886acfd90b3413e2ddf3fb4d94016cf39244283124a0beb7b1837e51d1ad3921149f0f1022505c22e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
f2768842d2a3afad417902c6de825300

SHA1
8edd48469e4f7417ee5983623e37eb826e7623f6

SHA256
4cf2cad324f32555ff6763c9f2a7fd52d7ff4fdaa1d697215e5688f0e77a40ab

SHA512
476cd2ee8173f18b2b0467d005703bb6efc4d18e0bb18f1ea9ed95fece2d74ab91f1290f58ea5ce25f602410b3384e045a2b485ba797ce7331e29c56192bec61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
99218003e32e5af7716156d890388bfd

SHA1
2574e0ed6d0a7b24ceb0cdd3fa33412dd169f882

SHA256
075ebfe8a27a919c813bf98986eea9dab3052c985d1a53ca53515ab18f4b529f

SHA512
f8f348025c1a1ebc17bc12bf7c910c44b49f7ad0b0dd6eb8b3a7e243e2ab69f1626194017b56924171b1de5e7afb1aa0883fbf341203ad97553f473584cc540a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
279KB

MD5
a99ac709f60978d5dcd77fb396c00136

SHA1
708c794d80499749bd962621f8685b5105d8d708

SHA256
1559548086a420d1139902afd0c350c6367e2d31aea8b731322188f2641d1191

SHA512
8680e3a1e3dc75b8f213674a4ba1f80826560c5d23258cb5d03cd607bfc16f9383287e6aae78d9845b027aa3ce454f084365b3296ebf8798f9171450702afd2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
329KB

MD5
0bfc50975b1e35352dcf2962cc7304b2

SHA1
6de5fee301ac4701b74618f34357ccc203e8495e

SHA256
d614d9f767e459c5fe2ddc49d5d50484ccf31862daba1e8f176e57eb00423741

SHA512
f98de434e15666a45b9c98dbc4bace8f4b9ae9a4eb64acda9edfe7d20675bf20b9385617f9a516cfe68767cc9220bd8842c85e43063229e616966dfab42654e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
91KB

MD5
a5fd49afbf238dbe121239ef05681604

SHA1
96c5bd9c5438fd91654a40c124db2f63f161f6b2

SHA256
dd089fee7cce69b527ca239a38b57c362a6805e5eb537d507f47207494e03957

SHA512
1d05726bb69740191cf1bfa80a798bef345fe587e610c4314174ce4b1fc0c32b1120167649396fda2ffa12fde654819ec0f2ac486ec9dc1522eab73adefb24a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ea50.TMP
Filesize
88KB

MD5
ad83314685cea7424e940f56544e2aae

SHA1
ffd4f0d5f52c5cb15316a8c5cf26bb7ff5f8e1c4

SHA256
5745aa2ab98c9100e9443ec60661d404b427bbbc2025300d84145b1e5ba89725

SHA512
e36e044abea3fa5a95684710ff63431274b5bc14428919d238738506c0cf3b21087151d545781082047d569987c72f91a57b7bb53579dd68f10ed404b2c685d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5cb451cea65f6b454f7525cad646485e

SHA1
3a3570031b1662fcc9bb29d85abdcb5a0f6ccf0d

SHA256
3f4b976bc52c22550d643a799383258e18ca4a19bc99bec354ba8cb300a40307

SHA512
8a0d4dcfd441e08caa3d387a332b33e7496a51796d8bc2731082bfe5510dda57c95be4a14a5276184092ef4b57ea93912ef3052d0df8ba75068cbcb8f7043666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
b5589ecce9ed23c72a1c834859ccbc5b

SHA1
8877952fe46310e3a258b298f9a5863c5f8475f6

SHA256
1e01d6c89f63a50046656944a244e86b89f61b2202b7c422a26f1afcbb8b5af6

SHA512
6437de017734ef44b417935369449a9be9fdd40160f50569352a170b2437d57d9489a170b1b5bf6789d6620ea4c339b83a90b3881791d01e3f7d53cb285461b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
6c33b373aebdb6669fda36521c1a5450

SHA1
d2b8c4885c937d6e1e8a98a127c4bc413f83a32e

SHA256
29a61b5caba26c6cb8b460d1f46c0843214693a018cde3bd2e59018208c7c213

SHA512
1cb6fb0067e29e3464d1723b7a4c91fcb6fbf0e4819ad058d7311a98e279a0511f6af644e17a4c7199664920f9c1e057aa546c51af6cc166c6d858a61ab7a85e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
\??\pipe\crashpad_3260_NAECXMGPUJVKNJAM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit