hxxp://google[.]com

Resubmissions

22/07/2024, 12:25

240722-plkmqaxcjg 4

22/07/2024, 12:21

240722-pjcjbsybkn 4

22/07/2024, 12:18

240722-pgm72syamk 1

22/07/2024, 12:16

240722-pfx1vsxaqg 4

Analysis

max time kernel
191s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 12:21

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://google.com

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	POWERPNT.EXE

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133661246498905499"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "207"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
540	POWERPNT.EXE
5916	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
516	msedge.exe
516	msedge.exe
3656	msedge.exe
3656	msedge.exe
2780	identity_helper.exe
2780	identity_helper.exe
5564	chrome.exe
5564	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
540	POWERPNT.EXE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe

Suspicious use of AdjustPrivilegeToken 44 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5564	chrome.exe
Token: SeCreatePagefilePrivilege	5564	chrome.exe
Token: SeShutdownPrivilege	5564	chrome.exe
Token: SeCreatePagefilePrivilege	5564	chrome.exe
Token: SeShutdownPrivilege	5564	chrome.exe
Token: SeCreatePagefilePrivilege	5564	chrome.exe
Token: SeShutdownPrivilege	5564	chrome.exe
Token: SeCreatePagefilePrivilege	5564	chrome.exe
Token: SeShutdownPrivilege	5564	chrome.exe
Token: SeCreatePagefilePrivilege	5564	chrome.exe
Token: SeShutdownPrivilege	5564	chrome.exe
Token: SeCreatePagefilePrivilege	5564	chrome.exe
Token: SeShutdownPrivilege	5564	chrome.exe
Token: SeCreatePagefilePrivilege	5564	chrome.exe
Token: SeShutdownPrivilege	5564	chrome.exe
Token: SeCreatePagefilePrivilege	5564	chrome.exe
Token: SeShutdownPrivilege	5564	chrome.exe
Token: SeCreatePagefilePrivilege	5564	chrome.exe
Token: SeShutdownPrivilege	5564	chrome.exe
Token: SeCreatePagefilePrivilege	5564	chrome.exe
Token: SeShutdownPrivilege	5564	chrome.exe
Token: SeCreatePagefilePrivilege	5564	chrome.exe
Token: SeShutdownPrivilege	5564	chrome.exe
Token: SeCreatePagefilePrivilege	5564	chrome.exe
Token: SeShutdownPrivilege	5564	chrome.exe
Token: SeCreatePagefilePrivilege	5564	chrome.exe
Token: SeShutdownPrivilege	5564	chrome.exe
Token: SeCreatePagefilePrivilege	5564	chrome.exe
Token: SeShutdownPrivilege	5564	chrome.exe
Token: SeCreatePagefilePrivilege	5564	chrome.exe
Token: SeShutdownPrivilege	5564	chrome.exe
Token: SeCreatePagefilePrivilege	5564	chrome.exe
Token: SeShutdownPrivilege	5564	chrome.exe
Token: SeCreatePagefilePrivilege	5564	chrome.exe
Token: SeShutdownPrivilege	5564	chrome.exe
Token: SeCreatePagefilePrivilege	5564	chrome.exe
Token: SeShutdownPrivilege	5564	chrome.exe
Token: SeCreatePagefilePrivilege	5564	chrome.exe
Token: SeShutdownPrivilege	5564	chrome.exe
Token: SeCreatePagefilePrivilege	5564	chrome.exe
Token: SeShutdownPrivilege	5564	chrome.exe
Token: SeCreatePagefilePrivilege	5564	chrome.exe
Token: SeShutdownPrivilege	5564	chrome.exe
Token: SeCreatePagefilePrivilege	5564	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe
5564	chrome.exe

Suspicious use of SetWindowsHookEx 23 IoCs

pid	Process
540	POWERPNT.EXE
540	POWERPNT.EXE
540	POWERPNT.EXE
540	POWERPNT.EXE
540	POWERPNT.EXE
540	POWERPNT.EXE
540	POWERPNT.EXE
540	POWERPNT.EXE
540	POWERPNT.EXE
5916	EXCEL.EXE
5916	EXCEL.EXE
5916	EXCEL.EXE
5916	EXCEL.EXE
5916	EXCEL.EXE
5916	EXCEL.EXE
5916	EXCEL.EXE
5916	EXCEL.EXE
5916	EXCEL.EXE
5916	EXCEL.EXE
5916	EXCEL.EXE
5916	EXCEL.EXE
5916	EXCEL.EXE
5200	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3656 wrote to memory of 2688	3656	msedge.exe	84
PID 3656 wrote to memory of 2688	3656	msedge.exe	84
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 3228	3656	msedge.exe	85
PID 3656 wrote to memory of 516	3656	msedge.exe	86
PID 3656 wrote to memory of 516	3656	msedge.exe	86
PID 3656 wrote to memory of 4248	3656	msedge.exe	87
PID 3656 wrote to memory of 4248	3656	msedge.exe	87
PID 3656 wrote to memory of 4248	3656	msedge.exe	87
PID 3656 wrote to memory of 4248	3656	msedge.exe	87
PID 3656 wrote to memory of 4248	3656	msedge.exe	87
PID 3656 wrote to memory of 4248	3656	msedge.exe	87
PID 3656 wrote to memory of 4248	3656	msedge.exe	87
PID 3656 wrote to memory of 4248	3656	msedge.exe	87
PID 3656 wrote to memory of 4248	3656	msedge.exe	87
PID 3656 wrote to memory of 4248	3656	msedge.exe	87
PID 3656 wrote to memory of 4248	3656	msedge.exe	87
PID 3656 wrote to memory of 4248	3656	msedge.exe	87
PID 3656 wrote to memory of 4248	3656	msedge.exe	87
PID 3656 wrote to memory of 4248	3656	msedge.exe	87
PID 3656 wrote to memory of 4248	3656	msedge.exe	87
PID 3656 wrote to memory of 4248	3656	msedge.exe	87
PID 3656 wrote to memory of 4248	3656	msedge.exe	87
PID 3656 wrote to memory of 4248	3656	msedge.exe	87
PID 3656 wrote to memory of 4248	3656	msedge.exe	87
PID 3656 wrote to memory of 4248	3656	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb35e46f8,0x7ffdb35e4708,0x7ffdb35e4718
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,12768772183552500057,16112485100054104151,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,12768772183552500057,16112485100054104151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,12768772183552500057,16112485100054104151,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12768772183552500057,16112485100054104151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12768772183552500057,16112485100054104151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12768772183552500057,16112485100054104151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,12768772183552500057,16112485100054104151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,12768772183552500057,16112485100054104151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12768772183552500057,16112485100054104151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12768772183552500057,16112485100054104151,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12768772183552500057,16112485100054104151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12768772183552500057,16112485100054104151,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,12768772183552500057,16112485100054104151,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:5608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:544

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\Desktop\ResetRepair.ppt" /ou ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:540

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\New Microsoft Excel Worksheet.xlsx"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffda118cc40,0x7ffda118cc4c,0x7ffda118cc58
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,2182311009426174671,3612062639782587929,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,2182311009426174671,3612062639782587929,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,2182311009426174671,3612062639782587929,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,2182311009426174671,3612062639782587929,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3364,i,2182311009426174671,3612062639782587929,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4612,i,2182311009426174671,3612062639782587929,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4872,i,2182311009426174671,3612062639782587929,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4996,i,2182311009426174671,3612062639782587929,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:5680
- - C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff6be304698,0x7ff6be3046a4,0x7ff6be3046b0
    3⤵
    - Drops file in Program Files directory
    PID:4024

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1420

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5096

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38d2055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
82449e074dbcf7c78495353968a4f799

SHA1
a1a8ff4f9978d3036b062058182df9bb10321e93

SHA256
60176807490dc5073fa266cc30f03483bd909ae5a651cae3e178946b12c27a1f

SHA512
ef647d9da1f4b64af46ce29243ee4cf72f382baac553b1b13db61dc618dddf42467043aebd9d0cb8c1616084704bcf0fdeb9f24b83cf1b14040343b5cc412e62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e413fa804238802ac9d1241f0a0a580e

SHA1
4d842d144f77e8043dbb40b11d0d40e614480445

SHA256
f4bb30c5a15bd5bc6b065c4b8fdc64b65e7d4ee774d14cd9257c8254668ddbb8

SHA512
4985d4dd21f408f6143432eb6a3a9140feb8de5a36d7f64f3d371b487ac8100346e60cb8287fcef7286a71fecc2cd2261b70c9ede8ad97762dd58f9b9bad51fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
81364f51de265b78e1a8a189113c487d

SHA1
0475bdcb95612e358dade19e10ebf09355e0ca74

SHA256
9b29aff753bba0de2d78fbfb869bf505d4a19403504d26d821bdfe4e4b7c9007

SHA512
da8031c52956bfdbaab838f1762e61db4f57b82b2e85e9e8703c9681f55e0a6cbaac85022f4593079af236e438e20ce5ff6167e17fae5012b7d3a9be1d58feaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e4e4787dd736fa19b17ec766655e0b00

SHA1
3947b78e0f86b61bef68053173542f474c79f4fc

SHA256
55f3d64521ab8e19ae7757b5b19fb3e47cdfb0d173a0deef621d6a5115c24f10

SHA512
3f82e0eb0ca3301d0c1d2fdfc131e87664b6d2eb8324a1a540555cadb95a314aed7c455002f44a4cc0b614726899d61aba098d19b2ffd541e7ad27eb3a864265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
75e468e0a5ce437f14b8935a79777b1d

SHA1
9633c34c711b84aa85980abe702acfdcf19b5171

SHA256
6259266c1521c89deade1d1195bb3cf2c9c080c6d509124358c5a8e8459b5c9e

SHA512
9fc636c3474a65095b942e8c9b1c263c64fed8ee0fc7b35712830de850dca753a0ec5a1d47572fd7b40830b106d5149e63610b3cded1e4cee44c5478e6785dbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
22465e9248d7077952019076ab0b5706

SHA1
3659142ef304dc7edd6ef3975aee44a613df0a77

SHA256
599c91c0871fbc7efc27c7d04424d71207848ba7a7e5679a8a5f3b3fbbf9471e

SHA512
ef52793541c416badf3bfaac60eafddae4e10d556fa686556268210212deac66dca2b5b2179eb8d00f7812d92ed7869b1a61e80528362595aedc934e0cd3736d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
03670b275643bc75e068934d7a199625

SHA1
839186dc1689797f914417034f0a21a0bac3095a

SHA256
8aea3197b65a26ccb3ad874a9464c9f885a0b8f6d7512fa0159a7684517712dd

SHA512
e4edad73dc8e5373e323297c244736c8d4a360cdcac7123ba36ba55a5ade2959c01851f85a6ecb66e4d754cacb6456e55e2b2905623df4e1eef4a198455ac2e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f7089847524e26ee638f6f08c4a9d3db

SHA1
152082c7ad833374b4594c70ab5f37d69d0a545a

SHA256
5fba4616aa282270ac0e36a85ee5280d6ced3c9555cb729a844a59502d5e8d67

SHA512
3e5ca94dd13dde2c08dbcbd87ba76e0acc0d81d64b186e304ee1e1f95d99ca94162d935e3263133aad47c4da8f58a156a1df6417be848ab4ece7508735ac142c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
845B

MD5
9f5b591c747244b7cdda44c3967d9149

SHA1
a6b438fb0a3521f809643fdd9d2352e9574d0e49

SHA256
4ec10ae7752a3bb744641f47b330a2ee4a51295909d439db3f5e6e7fb7232613

SHA512
3114a22b936691e9424ed7bc03f05d9208da74ee318f93f92ed72c5f42ba57564d1e80da98bfc058af08e2570d5b441bdee8785db41870b68c5488ebf7b048c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a42494842ac93107e654e7344f0025ce

SHA1
00ff153a91b1fdce13f35ebeed946941b57501c6

SHA256
bce31e5e8c8c2f533aa2aa28a91114fcd440e3c9283ecfa1f26da11c59340ab1

SHA512
218863915a5db461bfa488ff844b3b7560334283f6d16a8809916fa295611421ce1b287b97037523bf0aa89b81d055a183a594b9ab64dcd9fc880c0de0efd61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6b6aa29708f4ab7622494baf2d093ae8

SHA1
ef23a7ddc84c4577429e5e0d5f4250c810392c22

SHA256
1f8f0750b30a3f50a635404d83adf210cd9f01e76db07d367205cc2f7397279d

SHA512
d6344245589781ba0ddeeeb16522c62d874700d23cc68f64dfc788e148a6bb1db0cc2006e6ac3c98c0a0fc8477cc5dec8c35de27a0c2d64cbff70dd4f0aabb98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f79b2d865e82637a0ea4660bf8ec3fa6

SHA1
75b3abb1e3bfbab9e19a9a0f18788189f13569d7

SHA256
b05c52f152f3f24bf2214973e2338e1387e89715ede660e05a5763f2a0c62290

SHA512
03d0baab9ce9e3f5c3d405a65d560b6ac0c1724af0ca80994d5b0d10ce33fc0837a573ee256041fac082b0dd0d7c8a8cd60c30a36d8526d3a2c2003ff7087a1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2005b4b7ddaca6bc05c2feccbe34b533

SHA1
0e27954f757219ae29df29cc8af85218e5f337cf

SHA256
bc43623b426f6931598bf46f3eb0eede24b24c0e6738069507f58f53edad9b72

SHA512
b3a083e39227c692f5bc92dfe84d88715798fec0f019d586cc400562f7b1e8545b0a1a807c4d5aa2138f488dc95a1c6787dd6b660b70dc648c5dc4fe58bd7c77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b57c98ba236b532e1ddc16abf82d7bf2

SHA1
e6a18f393e17d4a7ca0385ccf9a7a981a3f8f55a

SHA256
67bba631214cf90d46cb4bed708a7a738487d031af56c62edc642d10a2fa8196

SHA512
68fa8c11f205abb0b9381359f27519cbceae43a1b7c4d0e5380097844147d461c033de64fa396bc5dbfd47fd159bce1a1445ad0e6de1cb7ddc27bc74e890e2be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
079c1654a5c681a70b850dde66efb65a

SHA1
41134d31f646925fe00302a83dce9d0df38d6c0a

SHA256
331195fe5aecfc4e22091788f229b580127c9e7f817fa6fa8d51b3f516b55971

SHA512
ca39c374e393320a267b816f248eaffcc2b998bd1349e27db2e58e08c8796eb8d001a2c451db01832e1dcaa721d02cd5ff5ec1044be041b56004c766d7e81988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\D2FEBEDB-63C3-48B1-A4F3-CB9112CB1003

Filesize
169KB

MD5
a04ecad21f11eeb75cd173b3cacee7fd

SHA1
f160320c3023b3f93d6848b2edb854d369142cf4

SHA256
ce1c4e469f0448988978aa76e456c11d714f1790ae033cbe4891082dfb7cfbd3

SHA512
a4db307143184feec13c45a59e61149f8b825aab582d53acb2e8b4ad4d2ed204d75a69e2f278bded825b094a783d41fd127f1b90dc1de401af7c61fd4dc04d56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\mip\logs\mip_sdk.miplog

Filesize
12KB

MD5
0cc52b2cc106c5c190110904d147d63a

SHA1
d9f0fb740e5199cd799a016236ced33790cbc83a

SHA256
3113d5da56bf744aa34274d5aa24e229926fa03f3fc2fcd91c871f58dd612639

SHA512
6d537729442806114d197d4623630b0de9175e425c992be86cdf80da67598d8a05e138ffbe95ea92d1e47a1f68ca6fe87fd19549d04bc9083d754d192b8aefdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

Filesize
2KB

MD5
c35ed9d7f36f6a3d53103a55eb876be0

SHA1
65c79a7d5ade20475cef12c6121cfe3a31038621

SHA256
bebf2aabc6d180f369cb92b32a645ba426fbe227535eff04aa0407c44b8bc9ff

SHA512
aa9217574f1839db5e2b5fb22ba5981e7d60ec0ac6f5cdc70c686e57de9c2fb56c2be3a1b47c452bd1f4c390ba1ffdf75a8fefa9c54325ebd28628b4a7c4e309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
efdd4e5a619a28ef768ccae0577b6bfc

SHA1
19c9a35991fedaaf25d9136b35874feefe5d915a

SHA256
4e7131c7e0b8300303a8be7175259ad92cc3f8a5ec0f40fa8514dad69215ff07

SHA512
3c8d8be4a8be6a77657086efc02f5e710c50f981ddb24b7c7ccd30e22676da2178cd7d3037f88a18d65a680967ec923a8ceaf7f5cbaa0f0be2bec80b4facaadb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\f3df91c436730d7a37c58d5f25d9bf4a56fa3a34.tbres

Filesize
4KB

MD5
2e088bede4c924d8c7b9b6d035a68758

SHA1
877210e78b648e5e887a0288cd43591ad9a6971f

SHA256
4c2708becdfde80b3a4792efaa47a24028d47828523c25bfc46942851674aa6e

SHA512
f4bb2e745e6e06313ef3ddab6438d5c762467e4d0a4329040d6445f9a257de2bb12a569a422175f987cc89ce143a97b4802f1c29d8268c7fd16eae4b44300676

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
381B

MD5
605c96718689747ec64fce20515d43c5

SHA1
f96c491b492fd06bd80af1eed51cf21c3e833ca4

SHA256
c4fed195f48195f20bd8b72b2364472ca0620d5052c63329aec7b898802df301

SHA512
bd6a8928edcd19f7220992669ab95464c2ef1e076fa7d69adff18953558eb355dbc12cb0f159520f6b70c5964bee10ee80c4bd5a634d04f1c7c532b04d6aced7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
3KB

MD5
44e516ac0ea37b4df6659f5f0d6629bf

SHA1
21a3d927aa10eb05ed453626dcf01d3baf8ec3ce

SHA256
767ff6bd879a49b1cf9823449c01dc115370c415c18f95dbbdb8af467efc992e

SHA512
7b2062597d79857fd809149577117592161e377add6f6ad0e841ce87da58246e156d65b437493468cff3c99d2c606b7d424abdc7324b14337e7d32e47d8e2da4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
3KB

MD5
dbfa20e540f9f415d8026731f339a2b1

SHA1
32d60812fedcefd4a07c82b030d14580876047a9

SHA256
b0e9829bd429d79572f87ab851ccb7ba0d1de67a92def9b889ec7d10041d9e64

SHA512
7194a0933cdc734cc3703bb69989fa4c85101ebe7d3ba17eb5842433af1317f5664169beb821145e8fe42cbe288f5683d835277ed9c2d7b90a7ca44bd1afb575

Download Submit
memory/540-232-0x00007FFD7F940000-0x00007FFD7F950000-memory.dmp

Filesize
64KB

Download
memory/540-708-0x00007FFD81AD0000-0x00007FFD81AE0000-memory.dmp

Filesize
64KB

Download
memory/540-710-0x00007FFD81AD0000-0x00007FFD81AE0000-memory.dmp

Filesize
64KB

Download
memory/540-707-0x00007FFD81AD0000-0x00007FFD81AE0000-memory.dmp

Filesize
64KB

Download
memory/540-231-0x00007FFD7F940000-0x00007FFD7F950000-memory.dmp

Filesize
64KB

Download
memory/540-230-0x00007FFD81AD0000-0x00007FFD81AE0000-memory.dmp

Filesize
64KB

Download
memory/540-227-0x00007FFD81AD0000-0x00007FFD81AE0000-memory.dmp

Filesize
64KB

Download
memory/540-229-0x00007FFD81AD0000-0x00007FFD81AE0000-memory.dmp

Filesize
64KB

Download
memory/540-228-0x00007FFD81AD0000-0x00007FFD81AE0000-memory.dmp

Filesize
64KB

Download
memory/540-226-0x00007FFD81AD0000-0x00007FFD81AE0000-memory.dmp

Filesize
64KB

Download
memory/540-709-0x00007FFD81AD0000-0x00007FFD81AE0000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads