340d600392818df2413382dc7d8325c360d83ea49a262d31760348484bbc10b5

Resubmissions

28/07/2024, 14:48

240728-r6fwdatfnh 3

24/07/2024, 05:35

05/07/2024, 10:33

05/07/2024, 10:21

05/07/2024, 10:21

05/07/2024, 10:18

05/07/2024, 10:15

03/07/2024, 18:34

Analysis

max time kernel
150s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

windows.ps1
Size

7B
MD5

0f4137ed1502b5045d6083aa258b5c42
SHA1

ab378b80a8a4aafabac7db7ae169f25796e65994
SHA256

340d600392818df2413382dc7d8325c360d83ea49a262d31760348484bbc10b5
SHA512

716280a95a7860c1854caaf45b63fc4b67b4aece0370ea6ec5dc21cc3b6794ea7f10d724aca13d57c81a7e92ae64929d90be8c1cf449fe86e91937a9a6e1f2c6

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
4420	powershell.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133646483167803994"	chrome.exe

Runs regedit.exe 1 IoCs

pid	Process
4556	regedit.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4420	powershell.exe
4420	powershell.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
3124	msedge.exe
3124	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4556	regedit.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4420	powershell.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4680 wrote to memory of 1656	4680	chrome.exe	84
PID 4680 wrote to memory of 1656	4680	chrome.exe	84
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3976	4680	chrome.exe	85
PID 4680 wrote to memory of 3384	4680	chrome.exe	86
PID 4680 wrote to memory of 3384	4680	chrome.exe	86
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87
PID 4680 wrote to memory of 5096	4680	chrome.exe	87

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\windows.ps1
1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff956edab58,0x7ff956edab68,0x7ff956edab78
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:2
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:8
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4300 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:8
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4700 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4888 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3140 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4312 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3604 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2440 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1612
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff66fc6ae48,0x7ff66fc6ae58,0x7ff66fc6ae68
    3⤵
    PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2944 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2156 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:1
  2⤵
  PID:264
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:832
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x240,0x244,0x248,0x218,0x24c,0x7ff66fc6ae48,0x7ff66fc6ae58,0x7ff66fc6ae68
    3⤵
    PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2424 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:1
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3012 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:8
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4052 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3040 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4660 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5076 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5556 --field-trial-handle=1684,i,4781062781866415880,10239883335569905619,131072 /prefetch:1
  2⤵
  PID:4936

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2752

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe
"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe" -Embedding
1⤵
PID:1544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault035f2a95h0349h4c33h8917h23a649415fc0
1⤵
PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9476246f8,0x7ff947624708,0x7ff947624718
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,6810746132931224174,10962782701484003397,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,6810746132931224174,10962782701484003397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,6810746132931224174,10962782701484003397,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:3876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3324

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4792

C:\Windows\regedit.exe
"C:\Windows\regedit.exe"
1⤵
- Runs regedit.exe
- Suspicious behavior: GetForegroundWindowSpam
PID:4556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\SetupMetrics\20240705101914.pma

Filesize
488B

MD5
6d971ce11af4a6a93a4311841da1a178

SHA1
cbfdbc9b184f340cbad764abc4d8a31b9c250176

SHA256
338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

SHA512
c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
810B

MD5
840743ea95117313d5dfdb3df01101e2

SHA1
fd9e066d1b6aca9899f3c4287095803f59e05fac

SHA256
892a0b7f34f88278baaa1fbbab96b7fe893b853a06c754360a3575676f0b26cf

SHA512
195d98ec437e273a9566c25d78cfcf306812de83af4636ff15104217526cfdb9b3559fc3dd603b8e7c6052e186c5e7d3e75ffd9936ff5626c477d8e4bba3bd91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5bb35a850f8a98e2e55371773ae99aa1

SHA1
b6d34491b8f2e5a13751a61902336f30f00aa946

SHA256
841e6a5449a2b333740f7f202a833264014bdfc61cb75a5353f7490a39bea811

SHA512
6bf96a7bfa17663408925b47bf3a6c139a2135b2f08ff977ae67b516843c8e096702c593c73dfcadb90349a9c01ca9faad0273ad1a5f6da7845ed6971faaec12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
51f7f87ab88f9c26f05bc50a397662ad

SHA1
30d4aaa7870ba6727b9445f9337330075a17ee5c

SHA256
10951ceb99c53bee71e9b1e874f757ee3bf877fb2cac9073131f9ac03d9b8c92

SHA512
1907c20169e3b3bf0dbfe281bf50bc42c2a5d34ffac6d6e735aa70bcb74abce66186d1626391598c6821d4a29d5a18e1f44b424d9f68fae88993a6406065c56c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f4650f13ddcd3b888b1631bbedc88b3d

SHA1
8a083d1ff34711cc304726dff0bcf7dbc1532c18

SHA256
47d7ef1e4cdc311a846b6d09b6e38369418c5a077af5e187df01ff9fa24e98e0

SHA512
9a9ea47f4a347f19152fe8b4c16b0d1c4fe896c488303b239f9f82ed7cd674bdfe9f7d268aa05a7d28e73657809df41e7e6b009dd01810ac87a44534cc4f3d2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e5785fec83c0381ddae3fe714f9b23e5

SHA1
d28c4f663c4793e5ea4de85a18b9e66b7b521845

SHA256
36d7dc87ec6a293839f5828a3f291c02e14ee75e5692b36302da88d96534395e

SHA512
13a98edbad7acb00127c6209f2e3ae672b4b519d4746628e03f92ecdc2e4c7cf7ba9e50eb97c2d88cc419d5c109bf0f5fc527b6f0aab675fcc88fa7156c4e714

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
904269648a4ec4c97cd3e467a8af41dc

SHA1
e760e4ca3331e3405cbc58acd48612be0ee18fe0

SHA256
5a40dd932698d6013270fc9b530a4a948e4b09631eaf24b42ac0c6031fd7de42

SHA512
c2134b236e892bd6e94c941e2a2ae497682403a4b4402727be960af2b42d987c6239a4e00fb33d8ae3ee5143f32ba5b1dcb5cf1e8e2c34c8288fe68cd25b2a0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
a290d795dcb4d6d432ed79f9643adede

SHA1
f2e63f7c0f4b6c91477b739fd72dfba16a25e9a1

SHA256
761e32f26da8603440581620c7d46cfdb1baeb2439990b54317f84d06c83ecc4

SHA512
335086bdad979304c27c147812db523f43286149bc82b79beeded14bd39da5f870c415c6ced161cf67edcfb19ef65eb1878e4ce549956cdb40736aae38f61d89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
f663e1972f496d5bcab0370bbe724fd7

SHA1
61a2c2c40c9d2a2ce990f87a4c21ea6c851af1ef

SHA256
dccf4b064560dff2484b3a0d648c1c379b52c4b60206227d808c8eb9fe517b34

SHA512
3ba125b996efc7331a39411820c682c26b8e240fd5a90774931b5e75c228e4b0c8445fdea4a6021a9af436601d45032737f58e02ae284c3fe342d40f3b409f27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
6761adb644ce8d6e0e858d4c43f5fe58

SHA1
5c696d212ecd21fe90f7ce497f885700ec576e9b

SHA256
00393b65f21a6edf2b89484cc8a1293cd0eac97f834a42cd1b2070970fe1d5b9

SHA512
73af7380aa3caa0a4b44cf26608f90ba2ab1c32fe4b884e63cb7e18adb3437ed1c352527a6423cba7b58adb0874a04e2c2f2af8ea15e77eef3d894b40a325150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
339KB

MD5
d5487f4b4b3e3b3a24cc969ad1b2405e

SHA1
43ad0bfa609e524b71ad2106b0180e0518149d8e

SHA256
17396617db4bb7d939c728591fd8759d8f14c851a9fafea6b31672438c370b5e

SHA512
c65a8c084f0148d89fc986a449bef577fd0d8b9b1a722a2c5f51896cfcc2ff39d4b5f7420e166ffc69ef17f68ad9fa0e3c048b95ec93b47d385e7fb630ab3fe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
310KB

MD5
5e34e8bb633ca4859b238656a66e000d

SHA1
de10378e64e06ddd6c7d5e343d42843d09a60c12

SHA256
a66f4844d5b369d5d1c9a74a22175f8863b9feaa9742c96e95bfebdbcf96e66e

SHA512
c822aa6e943ed561e3e740fc8294ee23689ec9b9202aebe837113a66b353b71e16022a0b08c49de078a853eae32d02b88cb5b3ad6186ab5eed7f3f0462508091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
0c1c86b3482f552c1c27105b64a3f720

SHA1
9f0f4f00cb2c3f1348793109f21b66e7bc3946f0

SHA256
6318062837601512c79b250746c21465bcd1b2827c0269928a4d461af0d0b072

SHA512
7f4ea241615f393192ba7ddf66a63c9ec1c73c9e28c0f6d23d7248918bdf9f6e66196eb4b1c344d5cd794a979b218024f22eb4adf282e3c3d8b0d897a7e387f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
0e3f374853d2e8650e03dcb4ff24cfa1

SHA1
a15d11f9e653c8a08dfe8979a46876e4c21cdb64

SHA256
b97d0124af3a11de850b5ae6279da4e440500e3a2dab464f6e21eaabe97220a5

SHA512
9b96b74628cd058b9f3442744172e7dd58673c2870ecf3b1bd8791bbfd39a209fd7b1017eca0438528f99088fe06c6f823e8d4e3c4ca984ddf1f0d23f8b0489c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
33558613a62af9a75764f12286a4554b

SHA1
04abcfff19dc9661ccfd25c72267b918ce67f1e8

SHA256
999e54bce98b696cde7fe77ac66f47abe31c8bcbf93648f697f53154efb3af37

SHA512
522c189cd3ab12a9179f0b640a4245929a5885d48ac8e832c5fccea75b92842493b2261b47edf4ab0aa260758e2dc68d8b3de86df5a339295ac3f32bea3b4fb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580114.TMP

Filesize
88KB

MD5
126faa974abc8ed245c2b867b5500d98

SHA1
2c9bfaee9bf85ede23ce9aacc3625ec27c3ff393

SHA256
8aa19addbbc0a68bbd76d563fb9814302335a206da29a6c054a63143dcd692d9

SHA512
3279bea9694d4c93b93331e56762c2eefcfd80367135d43f30472d483c18809719ac64c024980f601dbf7cbc308e0ed0ea5a83d82267db68ead61b74c927e9dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
018ad271e8cbd12a3f1981024c94fdab

SHA1
21aa2c01c21c012cdfc068502411b6fc28bd025c

SHA256
80ac27c654c1e43668dc611a4311c5868b976afbd2b8c805bf0d5f411577e777

SHA512
009f7d7bda444dc96762c493e8873534ecd5d789a818c267b9baec586446bdc747bc13976f2f6e4c50a71bdd77ddc035c28ad82c3722cb6c813ae559c6d44cd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
649af27356723eaf439d79510b00dca6

SHA1
ae5205a8d02ce62a8e6e235558151962662ce016

SHA256
5414f20c11c38b6aa7e76da8d5be5cee5c57c04bc366507a071906905fd768c1

SHA512
c7b25600036b281cda6e78971d230c90d33bd060cfb1eb0243511fa27937f2a34037f8865b619f6d5a374b633aceff83c9db84c44cf9084291e5a5d115a21d26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
4b2d7faea779a924178d4f9e42a83827

SHA1
c9522243ec9dace797f458d0b5a99e0886117ba9

SHA256
b2b103eee0791c50f73146582fb51d67b9c3012d8de4b23e9f54e3c6dd64faad

SHA512
21672b9d7ed112c02d7004f8876b38ffaaaac10cf3614991eb1a75e96b415fb0c13acd0080ecfcfc5c6f7cbb3815ff66a09cf75c7a9ab354ec47324264766b14

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jg2kgldl.prf.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\TEMP\Crashpad\settings.dat

Filesize
40B

MD5
8323eb783d4b3475bc1107f7b22fe30a

SHA1
8b61ba2d4ceddcce64913e45b0b3aaedba641153

SHA256
b04e4a8229ad76f418899a184586a34f1da04653efdd8f0386b76fe7282bd7c4

SHA512
a6e5fa59549dd9f848741b7c5e0e99e3efd1ac639e61a1a430fe7a62e6f13bf625fc22d619b29e9319f0bddd46eda6bd61057d4afcde7c846a72bf6e4ef79972

Download Submit
memory/4420-6-0x0000027B7FE00000-0x0000027B7FE22000-memory.dmp

Filesize
136KB

Download
memory/4420-15-0x00007FF947470000-0x00007FF947F31000-memory.dmp

Filesize
10.8MB

Download
memory/4420-0-0x00007FF947473000-0x00007FF947475000-memory.dmp

Filesize
8KB

Download
memory/4420-12-0x00007FF947470000-0x00007FF947F31000-memory.dmp

Filesize
10.8MB

Download
memory/4420-11-0x00007FF947470000-0x00007FF947F31000-memory.dmp

Filesize
10.8MB

Download