662d56478c8fa24fb43b71cba64af8d941ddb90659c2412144b46137e2cc4c36

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 22:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

koid.exe
Size

1.7MB
MD5

937bd53a5f505b8e9b00416590ad8d92
SHA1

5abece11f9d282ec009bf441f132676344f1ede2
SHA256

662d56478c8fa24fb43b71cba64af8d941ddb90659c2412144b46137e2cc4c36
SHA512

2027fe14eff8cc0edd67be7f159e0710d79376aef11a70d4c0ad94d501667fd178780fb3a8f0c4481d2da32a3f6fd698e45cef297aee628cda1ae164e0434dd5
SSDEEP

49152:MXi87ZaoNcK9mVrSPYO1M+BrgdhwmzJnU:yvycBr

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640867966458015"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exemsedge.exe

pid process

3728 chrome.exe
3728 chrome.exe
3728 chrome.exe
3728 chrome.exe
2220 msedge.exe
2220 msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

chrome.exe

pid	process
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3728 wrote to memory of 2056	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2056	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3992	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4108	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4108	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 764	3728	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\koid.exe
"C:\Users\Admin\AppData\Local\Temp\koid.exe"
1⤵
PID:1524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd5bb7ab58,0x7ffd5bb7ab68,0x7ffd5bb7ab78
2⤵
PID:2056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:2
2⤵
PID:3992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:8
2⤵
PID:4108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:8
2⤵
PID:764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:1
2⤵
PID:3444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:1
2⤵
PID:2772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4064 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:1
2⤵
PID:1596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:8
2⤵
PID:3968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:8
2⤵
PID:1296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4668 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:1
2⤵
PID:4508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4476 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:1
2⤵
PID:2152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2896 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:1
2⤵
PID:4644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3264 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:1
2⤵
PID:2776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4480 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:1
2⤵
PID:3692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4232 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:8
2⤵
PID:1572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:8
2⤵
PID:4292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4236 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:8
2⤵
PID:4648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2328 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:1
2⤵
PID:1660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1408 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:1
2⤵
PID:1272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4372 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:1
2⤵
PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1896 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:1
2⤵
PID:4380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4896 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:1
2⤵
PID:2716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2348 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:1
2⤵
PID:2072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4620 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:1
2⤵
PID:4648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3100 --field-trial-handle=1660,i,18421230992678028294,13363349928299576796,131072 /prefetch:1
2⤵
PID:4788

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault38113160h7dd8h4915hb965h5537e9c969b5
1⤵
PID:1108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd5be646f8,0x7ffd5be64708,0x7ffd5be64718
2⤵
PID:1948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,13555628591419156615,4610947726025299966,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
2⤵
PID:3252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,13555628591419156615,4610947726025299966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,13555628591419156615,4610947726025299966,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
2⤵
PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1276

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
811B

MD5
d2f3de95cf8f206624fd8b04778c6e75

SHA1
a773044cf36db3743bf4c362a16f1e0f89be709b

SHA256
5b3c67d8fc299665757dce192988aa1548f344384ca412ee469abe68114a8fb6

SHA512
d6bf5cbba69aff3a623f8022d2aafc7781122c0b7c35f93e5c79a965135daefed61251930f7185757b47419835c39900861b10c6972ec0de160b186263d90822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d0015447bfa476ccf6a895e49146a37a

SHA1
1bdd2bfcff8138260176f1e5acf5176c6d78bcff

SHA256
959bab378716c82bb441fcf8e619b575fc4512670e9e52e1ca724f00b32c7143

SHA512
347da21254d49a6fe7b3dfdfc13ffacd7223c42d00c2fb646fe89d6798e5d85b7930d8ccd6d1fc576eb3e1525da074645f10e19db6cd4921b44178b188bbd495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f83613505b1edaff07c307806d45d85f

SHA1
69112bbb314b557bea90351d4c55c1ca6983cd9a

SHA256
d609c3d2f1e7f2af8506990dec8272c34621ac7e2c6814463f5a096c400d08a6

SHA512
b7eb186725e50553df2877fb5e70cf6198b6ed837b9a7bf6c9fb2b7acd34864761c5c01574eccff0635089b3bdc630116e3425a3fcc0926c4467e3efbdef8005

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
72d75def227e8e82f9dd0057bb80188a

SHA1
2ddb00e1ab6ef5027f0ba08bb2678b49e0e5600a

SHA256
030f289ebeb8c633c83026a9a527e1bf60133cf9dd64ac58f64c78e8c2e77ede

SHA512
e9a957be4876fe0983305ef8c9b8a2c16a6112ce2acbffb31decebf6e5ccfc821bd96e4173c2afd061e6132ea1a8fc0762c36419c8909fe476b8b7fcdfa741a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
337KB

MD5
ffc1aa116839b888ba32500a1aca9b41

SHA1
159f66f8ff2b5cc7b138d00f472767409ba01240

SHA256
3f249f22b97963470c536cc32cfb6c0567777229d4d5424bba84b3d07ea72bff

SHA512
a870de6fdf5a5f524c30a79de4e89415f0ab255a0c8ea0b6af10c1886cd96ca7bce8f18a9249e5c0a528f032cb05818261c7db5e592f39763d48c303f800abb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
e0a92893473e3ba2eca5685c7f94bf19

SHA1
c599d7df1b6870ea768f6a34f6f46c7054c0aa20

SHA256
9a207af100eedde95addb39b6f973905d1aa1beb9faaceb2785c48c87cda5515

SHA512
5064ce06a3cf4f2e372cad92e2734cea4d60d6602ed73958a6b8861fae436a744d6b6eb6889801173eff5683ab157f864d586b47e18394f3d2a1a825d7270993

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
287KB

MD5
6046bb39216bf8d0c6a06996228d67f2

SHA1
882239fc8dc9aa3ab70df78ba3a1ec8f6e91a6fb

SHA256
81135683fa8ea7b41b765d61900906ef0ad5ab3d4a18b4f042090cafccb50c6a

SHA512
3aac992a48c588b647057d0896566e6f2171746a997208f781678aa1ee2384a4aa91ffd428844aec5b3a8532e5d8f2b8d14a408df15257cef2fe3fc47efe10bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
1c1fa91d6e462f4a78c1610e7478aa4d

SHA1
4f3c7f132e7639072c1077737e452c8d5f4833a9

SHA256
2408b28004c28021b862d52fa96f92b555056233a947473a3b190ad06d44310c

SHA512
b3a2760bee603c30d6684c8a975aea59418766f0106825eadb796a148b33ecf793825a6d36d56409d32086ce7c2fa8fa3de4c32bb35a92ae5e594e0dc9169d2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5844c4.TMP

Filesize
89KB

MD5
121f8b698b89e4d347c0ec84ddfb2c38

SHA1
cde22b464c666d0fd56e57568e4af054aa12ef4b

SHA256
e2f9dde571038b47af4e73c3a9193fcfe5517ffa0c07dc00311ff1bdf5eca962

SHA512
e4d4bc6cbaf575d4e568bcfa2acb6260b62cbfe534dc0359b3559ec272c94780f4bcee21680d09fe1f20bfe21550c1300fd26acd291cbac255b7ddc9eccd6c3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
1c586a9bc6d045c4947867f0684aaefd

SHA1
df382e1437cf53cc8eee765b008f1729800fde43

SHA256
ff167304089fff9e3ceeb767952ceb8c883bff7a12f7e1c25bfb4c7852e7d29f

SHA512
967ca3a765c4743520f51437492ed0609ff5d510a0f94710c5abe0fc405fdba52517f06d92e6d4db350019c061985faa1eb370ab16f2a00883eabd4881cc603f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
03b7c3a5272309b954a6b8e1fef0adef

SHA1
605e9a9690319c70857b2d5cfefa1546e48453a1

SHA256
5e1b3bdfe9880939bd946f1a7be317effb43249bbab25960aa68bf83d2be6938

SHA512
f3053e7550de7a8a834a4414530d05d1b3003c4f45ed30f6fdf709c6fac2cccc59d6090c0ea67c19d5f74da2eab109e3bf80195dcc8a2d11083792e65899f8b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
f98c3dc58c181c81a0b01dc3cef5f38a

SHA1
3e572001559794592a37445d1b3dac53e6193c9a

SHA256
d04a6a4fb1fc93b5eb1f7cc4b72fa0bf92fd14ce141b2001af5b2d02133abade

SHA512
e8c4f765194381332211f4673a8c55505e2d4d7661be03da5d9c6cebb7bf8a1fa8a862f87fae29c8d673e469526438c277323a8fe41b6edac9cbf05de348f56f

Download Submit
\??\pipe\crashpad_3728_LOJNGKVHXSLQSPKZ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit