hxxp://google[.]com

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 09:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133637828125565044"	chrome.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
3352	msedge.exe
3352	msedge.exe
4568	msedge.exe
4568	msedge.exe
988	identity_helper.exe
988	identity_helper.exe
2272	chrome.exe
2272	chrome.exe
2468	taskmgr.exe
2468	taskmgr.exe
2468	taskmgr.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
680	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 5004	4568	msedge.exe	87
PID 4568 wrote to memory of 5004	4568	msedge.exe	87
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3612	4568	msedge.exe	88
PID 4568 wrote to memory of 3352	4568	msedge.exe	89
PID 4568 wrote to memory of 3352	4568	msedge.exe	89
PID 4568 wrote to memory of 1780	4568	msedge.exe	90
PID 4568 wrote to memory of 1780	4568	msedge.exe	90
PID 4568 wrote to memory of 1780	4568	msedge.exe	90
PID 4568 wrote to memory of 1780	4568	msedge.exe	90
PID 4568 wrote to memory of 1780	4568	msedge.exe	90
PID 4568 wrote to memory of 1780	4568	msedge.exe	90
PID 4568 wrote to memory of 1780	4568	msedge.exe	90
PID 4568 wrote to memory of 1780	4568	msedge.exe	90
PID 4568 wrote to memory of 1780	4568	msedge.exe	90
PID 4568 wrote to memory of 1780	4568	msedge.exe	90
PID 4568 wrote to memory of 1780	4568	msedge.exe	90
PID 4568 wrote to memory of 1780	4568	msedge.exe	90
PID 4568 wrote to memory of 1780	4568	msedge.exe	90
PID 4568 wrote to memory of 1780	4568	msedge.exe	90
PID 4568 wrote to memory of 1780	4568	msedge.exe	90
PID 4568 wrote to memory of 1780	4568	msedge.exe	90
PID 4568 wrote to memory of 1780	4568	msedge.exe	90
PID 4568 wrote to memory of 1780	4568	msedge.exe	90
PID 4568 wrote to memory of 1780	4568	msedge.exe	90
PID 4568 wrote to memory of 1780	4568	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff82b7446f8,0x7ff82b744708,0x7ff82b744718
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8623021131241912097,13522766021272303362,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,8623021131241912097,13522766021272303362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,8623021131241912097,13522766021272303362,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8623021131241912097,13522766021272303362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8623021131241912097,13522766021272303362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8623021131241912097,13522766021272303362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8623021131241912097,13522766021272303362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8623021131241912097,13522766021272303362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8623021131241912097,13522766021272303362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8623021131241912097,13522766021272303362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8623021131241912097,13522766021272303362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8623021131241912097,13522766021272303362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:3640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff82a9fab58,0x7ff82a9fab68,0x7ff82a9fab78
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1916,i,6186490945670999338,10984657456089451630,131072 /prefetch:2
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1916,i,6186490945670999338,10984657456089451630,131072 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1916,i,6186490945670999338,10984657456089451630,131072 /prefetch:8
  2⤵
  PID:600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1916,i,6186490945670999338,10984657456089451630,131072 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1916,i,6186490945670999338,10984657456089451630,131072 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4308 --field-trial-handle=1916,i,6186490945670999338,10984657456089451630,131072 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3664 --field-trial-handle=1916,i,6186490945670999338,10984657456089451630,131072 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1916,i,6186490945670999338,10984657456089451630,131072 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1916,i,6186490945670999338,10984657456089451630,131072 /prefetch:8
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1916,i,6186490945670999338,10984657456089451630,131072 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1916,i,6186490945670999338,10984657456089451630,131072 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4528 --field-trial-handle=1916,i,6186490945670999338,10984657456089451630,131072 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4540 --field-trial-handle=1916,i,6186490945670999338,10984657456089451630,131072 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4976 --field-trial-handle=1916,i,6186490945670999338,10984657456089451630,131072 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4360 --field-trial-handle=1916,i,6186490945670999338,10984657456089451630,131072 /prefetch:1
  2⤵
  PID:3596

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4900

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
efdf336c3d3a1adb92b2ad84b9e0ddf8

SHA1
d12684bf46d8efdc7fe65d72974a64f8cfc83aae

SHA256
a3b64fe67ea4be6fd1cad4f43ab347f08f3c05afd11552101ddc5f80fd3e31cc

SHA512
d47956132f95e0f8c31b0d8e8b23a7748b4fd39b6acf746e65600499bb6dac8bf3ba64843a090e41066de86eadd02aeb9c1ebd3ab9cdee4bd9d7867febbb696e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
0c08f546768867833a4ed36fe7a98901

SHA1
a27257faad8af3da9cbaaa659799889ee146970f

SHA256
1e335da72e60f5e7decb9e2c8746335e46007feda5c911e3b2a5bfe7bbfb5f59

SHA512
a0ff1aa2b8765de12875095ac2d65d1cf9da3bc1f152fbfd6cf1fcf6a8cafc5884ccd7bcd70fc0c6b999fbc9d23fcfb217b206239cac105f13e06143d1aaa037

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
29299edc603c5d9bf0f8ceac847b890d

SHA1
9a7e123a6decfc6c544dfc835f6f3c3977dd0ca8

SHA256
7e24f38171f67dfc57b8928e5f876da7481b2842640bee7e0b83c239f800b0c4

SHA512
a32d6d0d15a5f79538593c87893a7b453fe462c505c735c73601d5f57f9653d571fc2b206ea01a691ccb7f01ee85048a56b6ea661b261689869ccc1681bb340d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0435e10b9030305d2f66c575d7d1ac37

SHA1
5923992e9499d5b63b4ae02f0e48c1171fef8bbc

SHA256
ef6e18b4a11579f81aae6b00aaa0c2048b5c86f63424ca6a33e6848e70cdc861

SHA512
6e91f0ac8d31fbd484871af8d6870e4359ebd7dc9f726250b188ad56e46a96c75c4d98072a9510e327ab42eee4bb9174d4c3742b11af8d5685bcee9203e5269d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
72442e188af2b76127ce10c4505a5c83

SHA1
0a3c2b2984a72ed9e878e1ceab55019d42b4a7fa

SHA256
05d582f138cadbcb25f12c2f37d40fcddce71520240641568b020538ed7aae73

SHA512
d28442a4b4ef180f4c38bacffa176f0907b9323b9173c6d76fcc982f377397a2caebe909916b3f6f24ccd2284e5da5899c7cb7da027a01a1ccd4d92ba4e18624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
bbf587d819401975ca343108a7ef8491

SHA1
bd299d9a7f2e0f31ee0ad2c60e08408c2038bc2e

SHA256
8e9eee054d47ae4ee5b7987ed0af46d22db39befbe9852e77182d7425e4a590c

SHA512
b5e062cd308c15b70a5d740286b4dc2a23c03d2ca32c2b666d55bd1ee5df906a6b5bcafa4377d0e32273250fe77d1c88b9be3683bfd2677cb656ccb0f9a96261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
0ccb856ec66e04c3b2624f0665f1e499

SHA1
e338a944ae58c14bca347ffdbb71bf5bb4156b3b

SHA256
6b4f34709c8ac8ba01c5c29667c387911c2f68d40f49f3b820bb9a9f4db22929

SHA512
98171fbe6246729840b137a2f0f32ec2d2a27730abfcc8fb8afa6a3593882f070e128dbc91fea09461a980662f9a77f74f5759103e75d66db18d5cd69f68c6ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c8b99543-32f6-4aee-966a-3c65bd6b57c6.tmp

Filesize
6KB

MD5
b070fbb74d32e1eda31ebdb60df3d578

SHA1
f964bf3f8cb6e77c528ad8fe658d50ae404dc9c2

SHA256
7f9b33b3bee5a9d1619bc479c427f6bcc2839ec06f880e70dfddf4075c2931ef

SHA512
fdc82eabc0d26bc6c648bf25ff851cfabbaa816c32092fac5f6931f3eb1d5c72ae668f265ad6e42a1727abac47b2324e174559113be57ddd5b3f4a981d2118fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
281KB

MD5
779e4dfd9db5bd555d5860c7fc64e8a6

SHA1
bbc77146ecfcf2fe2bd191764339eb305436c201

SHA256
1672476418c57c701a1114c63768021c874c5fcc7e150383644702c9883128e3

SHA512
988681dd0dfb9a158236425dbe779990ee8d07d589b4bf5034bf15044508f53d36eae163c6388cdd71cf648748dbb86caf349570866bf8088595a1afff92fc82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
281KB

MD5
4bb179dfc5708b1167d4aa841be9872a

SHA1
6b1c3e4dcfdca1847151cc85694be7f4f1f4d709

SHA256
4afc5152464331625a833c78b383ca70570e361a060c757172f892ffe200aa39

SHA512
0aa9f3074aa3880aab75d71c7afcf45a318f0027d4d4630fd4769da018b94a0fd2459d25d2671c9a953b9a88ea532acee331ff84c9e26ecd47c263a3ce1647b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
281KB

MD5
792ef7c4aa5b4ea3a08b3ce1c6551ff6

SHA1
94e3a74a363cbf907e3ebfc03ca598b362e167f9

SHA256
60e447b293be1a3e7ea00d654d530dd1ac8a53f175131111a50155a9a533318a

SHA512
4304b09fcf5737921859b267840139a59d7a15df5ab8ad0fde4b79003299846bb729ab3e7ae161880b38933b6a620353d50f109239abd6f82e0116eb55ce8d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f260e488026717d4f0e02666ef38d4e9

SHA1
790f35b8c7a6afad135cbeca696dc54ee9b6217b

SHA256
6a4e96bdd5880860b2c7eb9fd428360777730cd57998ee447e9d32cd2526cc6e

SHA512
d8611c2363307e4ed36887612d02f9a301c15f4291a4d2007b47c900f6c26b57261d111ee9c20ceac81faca2a030df9932afb9ce5a328e10f12ce78579ae4806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c5abc082d9d9307e797b7e89a2f755f4

SHA1
54c442690a8727f1d3453b6452198d3ec4ec13df

SHA256
a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716

SHA512
ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
32e357ad1871b9682b7c4816d5ab3d15

SHA1
b81c9356e9b8640a0cf93071efbc937bde3671bc

SHA256
623652394c175fa789e09c27dbbb84bb416e4db32e2156c8c7c21bf92d1c74c3

SHA512
2e2c7fa5e2970946d6d62fffeb6eebf6681bd83fe39f446bc7e428903637284ae443ff0e142384e6f31a29db429ad2883b76d6f5571af58a5fd69b9774401dfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e50ec4d234a724d54e50103e21dd5099

SHA1
36bf6f422f2673e5fbe92f2c39f790050243053f

SHA256
f4ed2cbb2547108fd9a6c70b102053337b1bf432d015b7450a37b06db714bb63

SHA512
813902442a014910ee876d67e7cfa31392a7573da342d0a6211e48acb47a2f85b48670ca278e142aecb769531f1119ea133ae5e31103fc98379531746b171b0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ca1aaf1015af850993fffe43c3109838

SHA1
d5e4f07a232af543c4c92eeca8654a9bd5c21679

SHA256
a18cfc3e1d312bcbea1326e736fb47c35c72c2a924b4b22db6a6391ce29fe9c7

SHA512
0ac8f17e52b0da24cff24738eae9ae707f5b404dda0cbf2b1844d828ee6918cc81c16df51007c8062384546e89eaa0681dfedc21a327922916a9f9fc74bef468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d61d95840c5d2074c8399c522b7a1249

SHA1
7255d7c71f5d66d76c911353e40b3d3de84df8d7

SHA256
fe1d50a41b2eb6254f1b5169e88c0752a032beb2283607464157d7a2e2da589e

SHA512
dfb798ef1ab5ed70fc8d832b420b5ecb78ef16ac03cd1669961f88edd58272c8f98284d5e5e8f37e1af07a77de289150ba2166e86f01a9fb62c2436ba5d86e67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1de30da9765e7af5ca4d81a912462c4d

SHA1
1a6310277f262d4e30c56615708472f550aba93d

SHA256
17f4a3d942487ecdf698dad6ae02a384eb8eee8230cfb0bfc7580bd294095eca

SHA512
4d76d5992ae0b8c607149f5ef6309797cd85be7afc6de5302b61c97a39f8a425f20d600b944712a193ec2528b059cebb71d2e02d6dec9cefe364438d5d014d81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2dc3e2b322d5a6b598e986d044fe463a

SHA1
3c7c463bf85fde7d9968a9f88b26a0c360bdc4f8

SHA256
b67908a3b76e6ff0b8c1befa934b63a76404ee6a383dc7e4f419ef5566464d71

SHA512
1bee9bf597220c9c9dc8254ca905d3810ce3959f2f3b1d1c48eb344923c0a850e808e743294ce1377ce14317c24a16c8401ba8f354c431c7f916f4fe4d60fa21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1a9f6e6bfaed3fcd729e154f446483df

SHA1
8d12a2ba9ca64fa0ff8970fe3db95cea4404402d

SHA256
5a93001194d1703b13da6e61add2452f19f1685fb56c28a9aeb528cdfeedd3b3

SHA512
244c51dbdfb15ff5b18dfb2902a9e965a81e286271788cf3ffd36cafc0a196259e5943aeb98d51f2d09ea00f820964c3b8d803fa419128354acd4a696628fdb8

Download Submit
memory/2468-299-0x00000240412A0000-0x00000240412A1000-memory.dmp

Filesize
4KB

Download
memory/2468-298-0x00000240412A0000-0x00000240412A1000-memory.dmp

Filesize
4KB

Download
memory/2468-297-0x00000240412A0000-0x00000240412A1000-memory.dmp

Filesize
4KB

Download
memory/2468-296-0x00000240412A0000-0x00000240412A1000-memory.dmp

Filesize
4KB

Download
memory/2468-300-0x00000240412A0000-0x00000240412A1000-memory.dmp

Filesize
4KB

Download
memory/2468-301-0x00000240412A0000-0x00000240412A1000-memory.dmp

Filesize
4KB

Download
memory/2468-295-0x00000240412A0000-0x00000240412A1000-memory.dmp

Filesize
4KB

Download
memory/2468-291-0x00000240412A0000-0x00000240412A1000-memory.dmp

Filesize
4KB

Download
memory/2468-290-0x00000240412A0000-0x00000240412A1000-memory.dmp

Filesize
4KB

Download
memory/2468-289-0x00000240412A0000-0x00000240412A1000-memory.dmp

Filesize
4KB

Download