hxxps://go[.]microsoft[.]com/fwlink/?LinkId=521839

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
28/06/2024, 15:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://go.microsoft.com/fwlink/?LinkId=521839

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640637551855253"	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
572	msedge.exe
572	msedge.exe
3272	msedge.exe
3272	msedge.exe
3540	identity_helper.exe
3540	identity_helper.exe
968	chrome.exe
968	chrome.exe
3496	msedge.exe
3496	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
4716	chrome.exe
4716	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3272	msedge.exe
3272	msedge.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
968	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3272 wrote to memory of 5112	3272	msedge.exe	77
PID 3272 wrote to memory of 5112	3272	msedge.exe	77
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 236	3272	msedge.exe	78
PID 3272 wrote to memory of 572	3272	msedge.exe	79
PID 3272 wrote to memory of 572	3272	msedge.exe	79
PID 3272 wrote to memory of 2916	3272	msedge.exe	80
PID 3272 wrote to memory of 2916	3272	msedge.exe	80
PID 3272 wrote to memory of 2916	3272	msedge.exe	80
PID 3272 wrote to memory of 2916	3272	msedge.exe	80
PID 3272 wrote to memory of 2916	3272	msedge.exe	80
PID 3272 wrote to memory of 2916	3272	msedge.exe	80
PID 3272 wrote to memory of 2916	3272	msedge.exe	80
PID 3272 wrote to memory of 2916	3272	msedge.exe	80
PID 3272 wrote to memory of 2916	3272	msedge.exe	80
PID 3272 wrote to memory of 2916	3272	msedge.exe	80
PID 3272 wrote to memory of 2916	3272	msedge.exe	80
PID 3272 wrote to memory of 2916	3272	msedge.exe	80
PID 3272 wrote to memory of 2916	3272	msedge.exe	80
PID 3272 wrote to memory of 2916	3272	msedge.exe	80
PID 3272 wrote to memory of 2916	3272	msedge.exe	80
PID 3272 wrote to memory of 2916	3272	msedge.exe	80
PID 3272 wrote to memory of 2916	3272	msedge.exe	80
PID 3272 wrote to memory of 2916	3272	msedge.exe	80
PID 3272 wrote to memory of 2916	3272	msedge.exe	80
PID 3272 wrote to memory of 2916	3272	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?LinkId=521839
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffc0193cb8,0x7fffc0193cc8,0x7fffc0193cd8
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1700,7976952572040847849,11695397344679973841,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1740 /prefetch:2
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1700,7976952572040847849,11695397344679973841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1700,7976952572040847849,11695397344679973841,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,7976952572040847849,11695397344679973841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,7976952572040847849,11695397344679973841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1700,7976952572040847849,11695397344679973841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1700,7976952572040847849,11695397344679973841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,7976952572040847849,11695397344679973841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,7976952572040847849,11695397344679973841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,7976952572040847849,11695397344679973841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,7976952572040847849,11695397344679973841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1700,7976952572040847849,11695397344679973841,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1700,7976952572040847849,11695397344679973841,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffad4eab58,0x7fffad4eab68,0x7fffad4eab78
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1820,i,6805730268259378222,10078055875235719754,131072 /prefetch:2
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 --field-trial-handle=1820,i,6805730268259378222,10078055875235719754,131072 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1820,i,6805730268259378222,10078055875235719754,131072 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1820,i,6805730268259378222,10078055875235719754,131072 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1820,i,6805730268259378222,10078055875235719754,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4248 --field-trial-handle=1820,i,6805730268259378222,10078055875235719754,131072 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4332 --field-trial-handle=1820,i,6805730268259378222,10078055875235719754,131072 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4348 --field-trial-handle=1820,i,6805730268259378222,10078055875235719754,131072 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2372 --field-trial-handle=1820,i,6805730268259378222,10078055875235719754,131072 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1820,i,6805730268259378222,10078055875235719754,131072 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1820,i,6805730268259378222,10078055875235719754,131072 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1820,i,6805730268259378222,10078055875235719754,131072 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1820,i,6805730268259378222,10078055875235719754,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4716

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
d2f853e85eb898b3b5334beb9cba48b7

SHA1
e0ad705de82e9aa91744fd94371720e20c8f6ebd

SHA256
2c079bd462100fd5b96af39d2aa53f4a2be6e500cad611bb7930dfc8f973ece0

SHA512
0c5d1c417ed47ad2cbd0597fc161c42a5c88095348dbc1148cc993a80d2e2b81a520532fc1b3005cffe71d19fd9156be1e187fe7e3f3c7c692d9e3a70fe74dbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
110a47331ac54388c1e5dc62f64174ed

SHA1
5d07747ecedc5518d7b2138adcb6423e66f9d919

SHA256
f98a9c7b430ef3e04f6a61c62e541034ad9a10bbb95a8d041b32d19e78d73110

SHA512
996bec0f1a582234d0ded06c032e612340d4222ae2d5d31539c8b78e32d8842a1078bff757601aab00982134cafbbf38425d3bbabc1965ef2237b15ee469a2a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
80ad1fab1ee7f8fee8a9f0d2be87f1da

SHA1
95db39d9ea906044f16546d0bf97382a50bed439

SHA256
2af4400f2abad9cdc22b47b885911acfe9620ecb8d43a4196b57cddd87b8a80f

SHA512
63bd0bbaf3e8ff535df592ff7492fa60274d880344a255d305d459546f3ee201e7a2fdd662808f369416a7de46b908e378877ff0bcabbf8eb202417932479cb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
95d569cf5a7303c867c0971c26a58938

SHA1
ce4e838e40a5ea921a7876f5e1608c8870f3fe76

SHA256
943db7c9f5651a9007c81997cc56334c3f07230905529f6449a2ebdef0636d55

SHA512
91d966d7067affff94a957527a4ca2439b9991cd146ec84fe271e83c598bc2fa45ea6f7264504be2fd081f65b02e37cd614b42195da3674b59e9287d31eec449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3d478a234edd82f60eb0ab40d6a4c71e

SHA1
a932fc2f2256c2af9924145fabc2c92fe0c00c72

SHA256
63c60132bd8f51f60ee056d136a43ac1d1b1279415da75084a23168879e249fe

SHA512
b3870802880556ca5a3aa101d230e33aefd940376e934bde4997361241ff9482c4ce7cb9c7ffc973242c25f898ae5821e0d8c33eb405d3b446fed58058faa0e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7f8922682b806ba0beed61a8c757d68a

SHA1
a9ba64404d32d89ecd8f3491234a4f2722058cf6

SHA256
9ab9074729cb5cefab5ce196b65fe2f9e8a5399fc8b8253f27713409984cf36f

SHA512
2dd49e54fe27fdf0bcf4fbb446b87efebe56618e48021da661d7eb95103e97273b3cda2688d1fb0cfc20d6d19c5c28e945a5d00ae94eed60f1b5fb0eab0fdd94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
3d749ca0a1d4666b62c6e1b5f58bd451

SHA1
096a9a802d4248ef76633fbf5c35882ddaf25994

SHA256
138748f84461d9fa626d74c75f7b2916a5b35228c908093cd2ac4ef7277261a9

SHA512
30b68a622d8b6461ecbfd2e1a9d96b2a38f5d98e51fb0ee668c29a4e7bbb70f2f2927f8ebfb6ba84bad8c36f46905453b02db9a3e89f2474c0c59c4235665c6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
9350f2b5afb3d834bd7a56cd2a586b81

SHA1
e5264bc8d1fc74139a2c48ce48ca26ac7a891ba7

SHA256
4d4ae8b599e36a3b5d1c2592ad964e78dcd7dede8580417722ef5086ea78cb13

SHA512
d47fe8c357200e9a96de719dd415770dff324f28344a62932be5d62b58bdaeb92eea4e0de1f5ef5cbfba5c6d7a8e3d8e88b1ea267c5cfdebb3b68e22d76471c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
edb9f48348c5ec00f07346ef7c763591

SHA1
c1d04081b6704650d87149e58c56b44329389842

SHA256
417a207a306fdf68b39a0eddeb10ed738e57354bdb6c56666bad98bc5aa77d7c

SHA512
78c694e2ec5c40742d18cd0bc4ef5902df806dc5d9c06e1b0e6f06bc01d2eebcfcebf2dde66a305ae85042d4e40baa8265968975957f3c56f443a69e24105986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6876cbd342d4d6b236f44f52c50f780f

SHA1
a215cf6a499bfb67a3266d211844ec4c82128d83

SHA256
ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e

SHA512
dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1c7e2f451eb3836d23007799bc21d5f

SHA1
11a25f6055210aa7f99d77346b0d4f1dc123ce79

SHA256
429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800

SHA512
2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
64dbaacf64cce97d46c08f56f609c950

SHA1
9b5a17b81249b93c62207aa9d1a55673d602543d

SHA256
76dd3ce0be74207f1a37b8a5ec7bdf67054689e39a05fd3736aa986b40336db8

SHA512
8742576788d5480a73a44fd72f6d4f2c9cc104599cb0a0cbcaebb261193efaf831c90bb68bc1979cf02a3301d5cce245ce82aa320567ac775fa7da1934ae1ec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
711B

MD5
cf4137001551a29759f256875a626fe7

SHA1
af36bea8f961fcc7dff049be064e6c9c765b188a

SHA256
94fda398dd0e467729a270343cf3d7e7b47d86d78823169e88cc367d2c532082

SHA512
6a5833c5b8e5fd75b4caf684b70ae0cb1da405e630e5a3820bf793b19327bd6227a7ecb02201a5c430b39db0d52623ab763ea81bca657f9cf0549f3bc11111f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aab0d57d9107f533fa6c8a93552f7b70

SHA1
d821e8c0c98bcf268ca72b7e3d8b5d619ae375d6

SHA256
618b5084c7573e26d0e177f7f0162289b41049c0f0f5035fd866784ea7f30a6a

SHA512
f4f17150ee0783ca564e5cae5a2186d6bd688e5e70bec991a297ef424cc3e76425721c0fef808a0a6b1daa82b452db734b8f80d2978ae3fa5347d8c3ab5ff970

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c5653ee1f279c92be6210dbee48d16b3

SHA1
9671c629d9a638dbd41bb8639016d2a99477a161

SHA256
b5038869352431399f1e865d4907e61b1f38bbf21520e874ef118fa8c5e9522d

SHA512
98f84daa3e3f4dbd9fde3c99cf644459ca33f472fa4bcaac14256aa26ca6155266fa8dbafa5aeee1be32048547d7b4983df780f80caf58b176b03eb82a44d851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2a55b1a57247ceb1fcb633ca311bb642

SHA1
9e32ddb2bd24e084592115a8b9e7a666ab7d57c8

SHA256
6b8d8f69854bd76d0fd265652268c3575d45d60ad46e11db8c109ea421e9c45f

SHA512
6978132186c7334be1eed865aa0690009249cc47d024deb5d962b2f9432d155a0522d0a04633521970e0b8cdaef96f302414b7ce7cf04bc249055b65235104e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
88fc1732f3967e61e319bc8c45383e3e

SHA1
c50a6fe270647ccd625329d96b35f6224a302b39

SHA256
628d3ebbf2a7c8e76c1814d4abaf1765d9ed2c0fdfcdd8ceef2d1ec95fd8c30e

SHA512
b1653381503ab38f1ad362a6dfc8e0b4b9915b994e6c1d06be528a92830f7a812ff0e9f4898821aa1edb8775ce182bff308902b3d2c80949264bfe6c039a96aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
56a007d9de6ce4e4f378b9c7e9844210

SHA1
eec18ffbe283b6deabf4bf3a2e30953e7e771a82

SHA256
768f7eeb2ba94ce44b497db72322898a1387970f853e891373940054150e1b84

SHA512
ffcc039b0916cb77577e2d35b9e845ac9bb05a8e4ec965d04550e35efbb08c040ea06601e2eebebe8e62d4af80f258e870add7b145b3147b3378830724455bd2

Download Submit