hxxps://shopdaviddobrik[.]com/

Analysis

max time kernel
60s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 03:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shopdaviddobrik.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133651417747150319"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2740	msedge.exe
2740	msedge.exe
1176	msedge.exe
1176	msedge.exe
1868	identity_helper.exe
1868	identity_helper.exe
1244	chrome.exe
1244	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1176	msedge.exe
1176	msedge.exe

Suspicious use of AdjustPrivilegeToken 32 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 1848	1176	msedge.exe	83
PID 1176 wrote to memory of 1848	1176	msedge.exe	83
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 3216	1176	msedge.exe	86
PID 1176 wrote to memory of 2740	1176	msedge.exe	87
PID 1176 wrote to memory of 2740	1176	msedge.exe	87
PID 1176 wrote to memory of 1680	1176	msedge.exe	88
PID 1176 wrote to memory of 1680	1176	msedge.exe	88
PID 1176 wrote to memory of 1680	1176	msedge.exe	88
PID 1176 wrote to memory of 1680	1176	msedge.exe	88
PID 1176 wrote to memory of 1680	1176	msedge.exe	88
PID 1176 wrote to memory of 1680	1176	msedge.exe	88
PID 1176 wrote to memory of 1680	1176	msedge.exe	88
PID 1176 wrote to memory of 1680	1176	msedge.exe	88
PID 1176 wrote to memory of 1680	1176	msedge.exe	88
PID 1176 wrote to memory of 1680	1176	msedge.exe	88
PID 1176 wrote to memory of 1680	1176	msedge.exe	88
PID 1176 wrote to memory of 1680	1176	msedge.exe	88
PID 1176 wrote to memory of 1680	1176	msedge.exe	88
PID 1176 wrote to memory of 1680	1176	msedge.exe	88
PID 1176 wrote to memory of 1680	1176	msedge.exe	88
PID 1176 wrote to memory of 1680	1176	msedge.exe	88
PID 1176 wrote to memory of 1680	1176	msedge.exe	88
PID 1176 wrote to memory of 1680	1176	msedge.exe	88
PID 1176 wrote to memory of 1680	1176	msedge.exe	88
PID 1176 wrote to memory of 1680	1176	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://shopdaviddobrik.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc06ba46f8,0x7ffc06ba4708,0x7ffc06ba4718
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6538612209775034464,11499580294634366445,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,6538612209775034464,11499580294634366445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,6538612209775034464,11499580294634366445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6538612209775034464,11499580294634366445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6538612209775034464,11499580294634366445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6538612209775034464,11499580294634366445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6538612209775034464,11499580294634366445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6538612209775034464,11499580294634366445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6538612209775034464,11499580294634366445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6538612209775034464,11499580294634366445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6538612209775034464,11499580294634366445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6538612209775034464,11499580294634366445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6538612209775034464,11499580294634366445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6538612209775034464,11499580294634366445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6538612209775034464,11499580294634366445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6538612209775034464,11499580294634366445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,6538612209775034464,11499580294634366445,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6538612209775034464,11499580294634366445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6538612209775034464,11499580294634366445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:1
  2⤵
  PID:6128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbf4cacc40,0x7ffbf4cacc4c,0x7ffbf4cacc58
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,4658627914415473740,16537927824616754427,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,4658627914415473740,16537927824616754427,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2000 /prefetch:3
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,4658627914415473740,16537927824616754427,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2496 /prefetch:8
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,4658627914415473740,16537927824616754427,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3320,i,4658627914415473740,16537927824616754427,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4560,i,4658627914415473740,16537927824616754427,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4440,i,4658627914415473740,16537927824616754427,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3236,i,4658627914415473740,16537927824616754427,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3340 /prefetch:8
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3260,i,4658627914415473740,16537927824616754427,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5032,i,4658627914415473740,16537927824616754427,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4896,i,4658627914415473740,16537927824616754427,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:5868

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5224

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8f3758ef74ea79de40db7aac54b3f391

SHA1
0667c69d0db3d056b6d07c418f12bcc79587b0fa

SHA256
cbfd40ce9a62b09ca0e98e336e48276c225e2868961c2c153f2f77901cb6bc7c

SHA512
05c2b1bc01689fff2b12d84cce058b389f57f00a4797a13a324bebeb497ff924197d6ffbe8a1c69c979a9071f0f58402945d15b609fb03df1499f8f0d51280b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
984a0a02ebaf3496ac30414a6790bf85

SHA1
8ea3610c5cd50a050ffb4f59c0c95322a6990a8a

SHA256
8a6d432597a6d38dc87bcb73d3c24b26ffc36a128fab66e57f80aee2f11f8b24

SHA512
590e91d26b63d65eedc597c5b2c4bcf3eb6c02145d0050d12f5c656edc88745574e44611120def5d6771d4a4411117f51c959e315df10c9f1e824c1ea0d7b5da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e32fb13b7ce6f2ed7e8593bbe378e02

SHA1
d1aa9a102a22c37582a3e5dbe3b954b75bb02366

SHA256
086f18bc4ece49ad976af137cad26c01697dd943063a4a568d092db75011236b

SHA512
6f4c728660162adddcfdb3a857d7ceac26b37527adcfcef57d2c8fa7948210e9b3c422fda1e0934b583e01c75d664a0688dce9622c9c67bafcdf74ba02250b10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
11aa43f2045d8ca8fc62603ed43dd34c

SHA1
5c445461a7ca4bed1f18143da11cae4602ccfec4

SHA256
a205348c9543813b74e88c959e5e5aeb3e07d278bc7b50d1b10081e829c67386

SHA512
629bebd8d65c44d513a3806b83d1d01e14474879e4856110dad8b4a6c035063ea1ef2d64d87d27f65dabeb62521684b0a6c4160ddc9d60d40bbdb682ed83ddba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaaad45aced1889a90a8aa4c39f92659

SHA1
5c0130d9e8d1a64c97924090d9a5258b8a31b83c

SHA256
5e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b

SHA512
0db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ee50fb26a9d3f096c47ff8696c24321

SHA1
a8c83e798d2a8b31fec0820560525e80dfa4fe66

SHA256
d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f

SHA512
479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
120f335e7653248970880b9cc0e11ac4

SHA1
de3f5d21e6caac7339d462d3d1de1fe7b345c4a3

SHA256
70fef6ec2833327089785a34f9e7abb40f51bf81699a4afc597eae53ceae227a

SHA512
a4b85c862667ab219108675f2330c17fe02f51c03ba1235d54dca7b2f9d3585cb9aef3c2f2b662d6b4b0939e119ac96794856f8b1e40e5c4bf4ea8ce33bbac19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c548c8271b7b6d86ea986c80141b5a99

SHA1
1ea65c9777a060af6ff496856e974aa3b39289e4

SHA256
99041c7cfae580e6bf71f9325c39b75fa62fc85f50ca32444f591911f02a277b

SHA512
6f8ec4be8f5726f7f04e8b4a777907f44d3340f284e4f4674b0e06fae34b1242764cd4032037cbfc08216abea7922b68a70bcca7870ec1abbb63d14e1c8011b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e1817486426e73fa7701d2e7d30ec73

SHA1
fab28ba9ff7c76ec4184363966fd1c8df6197a34

SHA256
9a3d953c550cc68ca5c999565c354ad41a578d3e371b4fcf73f3b03136369b76

SHA512
d6731e4878ee1b44e6ce8c201018a98a3fae1651e3a36a9b9ef435be6e96e3724fa2c36dc7f06aa5e03c7c786229ae72fb9b3185ae79a71152459ae82888f837

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d9b059061957450e717e52022182264e

SHA1
ecb97bd64de6efcea156a60a9d2574fa333a5abe

SHA256
34af5625baef192e2332783a9a11d2af03e846d07baf778471c3c957a719b069

SHA512
0554d974f81ff127bbf1ba43f033e11ca201af83cc764603d622a315367a4e802f2d92ae3a903166a1d8bfb413655e41038ecec9a9c89bda669bb78253002c42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1bbfbdfeefdada0a13e99b96c2ba3113

SHA1
170a30d4a14de99a70528cae73e51f5515614d9d

SHA256
2006873792ceb417f91a63e5f2e2d8521882bef72431d63bf55b090360d0bf50

SHA512
b5fb31b29f6eb301b7108862d94b037f0f284d7f68ad704aefc8d8908669c8dd5fd05daebb3ecf277eb44d4ff932542a1693e19d64b15039a0aff44e5903e9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dbb99966bffddbca44a7e1bb26a421cf

SHA1
ff1d5d518d22db3f8d8ad0b0c4de14fc9213d9bc

SHA256
c6700faaf71bc04ce4accda155d94932d6cdc6972c6ddd3dd8fad7ebda77f11f

SHA512
b309386d3c4afab3eaaa7cb4a83d2d0da24e98e52798926dda967670e679f785ddb22fe68aa2cc76fb1324d85b66708c78f3f4eb464ad2a5a10af7dcf07fa510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
913f1d51c520e489f46b6a47b286e32f

SHA1
38fc9368f98b1523a2c8caa7cff149d32def44d6

SHA256
5c5aa80b6e156b8c9f38cac3c3b0e672b6556ae122bd96d4ea2c1a1c364712d9

SHA512
04acadf411b33f0358c375ec5dab75bb6e1c39264aebbc197b895e61356eb0c1f831006ffdf7406c8c4a898c82a69933cc03f6d89cbbc3263bf730a9fc76f520

Download Submit