36541ba684f632171aeccb75ddb15bf5e31abf06b03b068eecf3c8818b972a32

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 20:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

B6714BA457.html
Size

3KB
MD5

cdfa355f7ea4ca12848d3385ce40a35e
SHA1

dc55c9489e6e6c16a7a58a5c556bee276f162042
SHA256

36541ba684f632171aeccb75ddb15bf5e31abf06b03b068eecf3c8818b972a32
SHA512

c05508cf8a2466f938d483137d20090fa6a84de5d82fb1054b530bb365cf31847e0cc4f7b145db67f442be4af9c20e9d3fcd3ec022ee7119f12897f294636c7d

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133670194733225323"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1088	msedge.exe
1088	msedge.exe
428	msedge.exe
428	msedge.exe
316	identity_helper.exe
316	identity_helper.exe
2500	chrome.exe
2500	chrome.exe
5280	msedge.exe
5280	msedge.exe
5280	msedge.exe
5280	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 428 wrote to memory of 2032	428	msedge.exe	83
PID 428 wrote to memory of 2032	428	msedge.exe	83
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1180	428	msedge.exe	84
PID 428 wrote to memory of 1088	428	msedge.exe	85
PID 428 wrote to memory of 1088	428	msedge.exe	85
PID 428 wrote to memory of 4068	428	msedge.exe	86
PID 428 wrote to memory of 4068	428	msedge.exe	86
PID 428 wrote to memory of 4068	428	msedge.exe	86
PID 428 wrote to memory of 4068	428	msedge.exe	86
PID 428 wrote to memory of 4068	428	msedge.exe	86
PID 428 wrote to memory of 4068	428	msedge.exe	86
PID 428 wrote to memory of 4068	428	msedge.exe	86
PID 428 wrote to memory of 4068	428	msedge.exe	86
PID 428 wrote to memory of 4068	428	msedge.exe	86
PID 428 wrote to memory of 4068	428	msedge.exe	86
PID 428 wrote to memory of 4068	428	msedge.exe	86
PID 428 wrote to memory of 4068	428	msedge.exe	86
PID 428 wrote to memory of 4068	428	msedge.exe	86
PID 428 wrote to memory of 4068	428	msedge.exe	86
PID 428 wrote to memory of 4068	428	msedge.exe	86
PID 428 wrote to memory of 4068	428	msedge.exe	86
PID 428 wrote to memory of 4068	428	msedge.exe	86
PID 428 wrote to memory of 4068	428	msedge.exe	86
PID 428 wrote to memory of 4068	428	msedge.exe	86
PID 428 wrote to memory of 4068	428	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\B6714BA457.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0b9e46f8,0x7ffd0b9e4708,0x7ffd0b9e4718
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2378239830174999435,10466526579222973060,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,2378239830174999435,10466526579222973060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,2378239830174999435,10466526579222973060,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2378239830174999435,10466526579222973060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2378239830174999435,10466526579222973060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2378239830174999435,10466526579222973060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,2378239830174999435,10466526579222973060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,2378239830174999435,10466526579222973060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2378239830174999435,10466526579222973060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2378239830174999435,10466526579222973060,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2378239830174999435,10466526579222973060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2378239830174999435,10466526579222973060,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2378239830174999435,10466526579222973060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2378239830174999435,10466526579222973060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2378239830174999435,10466526579222973060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2378239830174999435,10466526579222973060,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4792 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xb8,0x124,0x7ffcf964cc40,0x7ffcf964cc4c,0x7ffcf964cc58
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,17999432707354204387,18343171768053538823,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,17999432707354204387,18343171768053538823,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,17999432707354204387,18343171768053538823,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2328 /prefetch:8
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,17999432707354204387,18343171768053538823,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,17999432707354204387,18343171768053538823,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3796,i,17999432707354204387,18343171768053538823,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3788 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4928,i,17999432707354204387,18343171768053538823,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:5352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5060,i,17999432707354204387,18343171768053538823,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:5432

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2444

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
18a91eef6ed4982c61399e774d893487

SHA1
cff8aab663ed5ab940dbc908ecea47af5e9cfdc1

SHA256
6613fbf6ff44e02f6cfb717887efe1c035a3176883087d3e3e6e1c3927dec7ec

SHA512
94998c1af790c92e6341b72f12b79139a67d3687315d9203811edbc0c6840d0653ecefb10ac6b8bd5d2f0b1a00926ce43f975d242a40393e3bd435b3f904f0a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
50f91cf67bff84c0c153b013c7d3b9c0

SHA1
c059506522a08cc5012a718b061ad6b6502fc179

SHA256
bbcf1232595c9bbf9d25db1f0fa90f9c27d5cd9560910edfd1bdafa1ec77846f

SHA512
7f90d7c0fba5d088f8eb412eb828b43424fd3e335c6666dd3506ecb0a47e627f425026910fd1b5d0e59adf985110440b63dc3e85216f1bdb76a2c562a5f2873e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a771c37e2fe5d815d0253d65a9a2159b

SHA1
143b28441a23f5190ad539da8d2f2b4054a32b92

SHA256
f07b6629d1ef49e950fcdc8d2172624523dcb41eed97be6b9d7c74dcbc87a51c

SHA512
e92477310e01744554a2a2922352eaadcb140a533c4022f3a0e58dc93fb4642c5867ab95566a571c92859b9de4fcc7690f73afe7d67939c88cfb4e6f779090e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b281c187a9fee819bc953d5ddf520d37

SHA1
1854105aa3f53d04adcdd54c3e51f61b90c957bc

SHA256
e11e7cfc55cb0e3dfcde67cd882f14518dfa13730eb55c55590bb10c49f7b590

SHA512
c9a97932f7737cb1b1f83e746ab120c943a09e8892493980953242cf97240ccf644cae40fc416c72fc5c34911fb2ae309e87df0d90a0933058394667050ffe5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8e15ec46f4eeeec55280baacc74d4d6b

SHA1
9bf7b73f93642b61377635bc4240547cca41b440

SHA256
f7587af173ecbc60a99d486f4390d22c76854c67e6219e333b0f0f3cea3670ed

SHA512
74acf893d6c8a544bdbaef094436c29a5ca3f859278c4a4a5e8ed58b92cd1032dd166c807104cb9b6043bdd157b5fe984c644f6ac7d16e8d4c10526b4a590413

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a345993c266368f3ddeea62f4106f8cc

SHA1
73d53df7bf65b031596ed0c397042052b35e91f7

SHA256
386894500c1287f2a928c11dc01e4d5a878535eab87e41c0019c3a36aa3db1b6

SHA512
1dfdf57f08fb7f13db14633edfe6ceb1bbca666e3c1085a87cd47f7643db6ef99861ea36dc19669d95f2c8e909c47c46b3f86a2ebb57ce52708714a9352be656

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b64299acf17818e16ea2fb52d99099b4

SHA1
eb0bdf64c2322fafcc6249bc9210c3a5e5f1c6e1

SHA256
868ee065e9210721d7b83cd36a5269adad6c4a61410744e6abb0501d8ce08314

SHA512
e53b0137424ee28fa113410995c342c124af63059aeef7be08b25ee052491d3f14a582d550f63c14cca07aacc64a332ee4583f3a2a4cab2896b15a4dd0ae8d7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
40ddcd0acccd158fade44c397531ef58

SHA1
178ee01824ecc0c0290ae4d78e90e3f45835773b

SHA256
5b9dfa0f5913039dfa72420499fd1c9f67b9eee43e11c7756453f08e3691b300

SHA512
6266cf811dd7a78995ce4e33832ceb0a3ba1dbe72e850f452dad81aa7ebbb6cbeaaa4b77b53cf6296b582254f06ddcc2aca655975612554b0b40fe3bb2f70add

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
332e5e5751d9b52865f83f47ecd72451

SHA1
a2984bb620664691bbbf67238d5859b81424d9b8

SHA256
0cff0994ca462e13acb468a81e6a44816705d013043d166c95c0efd5a3e6845d

SHA512
c6f54da997173e94984d84694b4c4744db479ee0b7a24ea1d54b8b15d2d839657dfc450102ac11a92609eacc670ccc8a90d8468a5ec0b2b518705f11f15b7bb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
506e03d65052f54028056da258af8ae6

SHA1
c960e67d09834d528e12e062302a97c26e317d0e

SHA256
b26d2695dfe8aed4d0d67d11b46d4542c3c9c8964533404dfe32ce7a3e6cfb98

SHA512
15da55267433c41febebbe48983023293c6d436f89a56138cef1cea7deb5cdd7d4bcf58af12835e1152a8ec59e08cfc965e521eb54eed47fe44e1f4c2d1557a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a15dea0d79ea8ba114ad8141d7d10563

SHA1
9b730b2d809d4adef7e8b68660a05ac95b5b8478

SHA256
0c4dd77399040b8c38d41b77137861002ef209c79b486f7bbdb57b5834cd8dbf

SHA512
810fc1fb12bceae4ca3fad2a277682c2c56f0af91a329048adbeb433715b1f707927274e3e4a4479222f578e8218663533440c71b22c49735a290f907cc0af1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
46KB

MD5
a2971861ddfb7f123eadb3a9119ce5b4

SHA1
b5c446dbcd9b9d70fdd1f8d1e144f86483dfbcc1

SHA256
995baacee735b6f0b56369d6dc8848dde4d74e90bce33b75accb23217fe22f02

SHA512
e74216a4e0879d05bf6fd1f9f56f4643d8c6826a4a2be2f3c70b0bc7caf4ac3c17db577b7c1c28c7a7e6a1d9da692c543f96963f23de92acc7338958b870446d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
37KB

MD5
65482a3f51bf840a4bddc8da11373bc4

SHA1
17f7d23a1399a3e875df3f00de18d78723a00eb5

SHA256
94015fde6a390c473396fbaa8435522f39097e14b2bc449f4e3926ac536062cd

SHA512
e2829b99f30f8f1f9d139bc9bb36e3af637050c5d14a97dc3c1ae922779e73f5f6e031d4949709a5ad3fb836e326ce6a1c89c1f9d3f2198d72c91ff93359d9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
34KB

MD5
0e8eefb4549a2edf26c560cb9845952e

SHA1
8d0b1718aacad934fd0043c87cbc54aa091396bf

SHA256
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a

SHA512
237659dd4b8680ab4856d38290d57ae9211b479c51033d8db4ac61326551e33cc245ebf10eed35aab6854d8196d6651eb70cb63a2ba1d7373404851fe084772e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
51448be78c9f856865ee5be0bc20ccbc

SHA1
3db6621e7e59bdf3d7c7000b33de2f329a43adfd

SHA256
5d95e21ca59e4c65b411ef8b288e1740ed8e79aa82dfa2398defa6659226f795

SHA512
112d1042d79ebfcfeca66f456db7fd3c103cf911ea70c055c586eb52532e4f392c7ad5c8db1558307d3ad22ad1e3d703ff1d572a20926503da363b153041b6e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
669B

MD5
d214ac5188edb50b710468d9fcd25ba0

SHA1
028a3e8fbcfa1e77c6eda88dc012a4a2c227c6b7

SHA256
435280a8b1eeaa13dfe1ca4a30733f2692707d58f584c217352da5c9d0286bfc

SHA512
e79da5c90b94605168dde66e4af8f3474a5b40560892fd553f3b99774f7080b04e56a4a6e4f93cd5a097ced6fd11bb5c84b1770a56e1eb141b6d0348b51d1154

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1841d6ee08bb6d495a47629349ca56ec

SHA1
0038de2f83c246e56c92160a2823f70d4ad405b6

SHA256
4f5e680273ae74e3c1609d02d7de7635e937f3ecf51c4d5272863e4ec313705a

SHA512
270a092f708162a8fe0163f785e12b55366d6b2b94814618fa2add445a6faf2150a0450b8bc9bf92fb9d2df4ce35452e43790006298f50f9158f974e9e3f7d96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8d56362a0103e660588774667225b01e

SHA1
b62254ae774b0d142d6b88b0741cd54379acfbd5

SHA256
39e88be740287865d6d8b036d9fb885f914565c0ef0cf20acaa5527c206a336a

SHA512
b4a50ba4313e41d6b9a64b3adfd71703d9037cfc85f0432140a35cb000c38adbb26ce3be5931564116cbeed77ef92b71e931ad22611d0f104a7cffd6e2c92495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ff25b7d12fe1eb55ec1f8d730ed0a3a

SHA1
63911c3ec60dbf24bb760434c87f04141aeae4b8

SHA256
1429f57ed4f7a6bccbb8bd995b906e3e2a5a1f42a13e2a04e279a679720b0928

SHA512
253072b46b6d5b159b2f30b9a4502119ab43ba5809869d302d97c4dfb8a2c0bc4d9dfd10af1b10dec6da334e0037439b33fab8d660e1483916a33c2bcbf75cb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b6efc49c4265869bbb140ea5982c31b5

SHA1
1556d4db6130044a588b1b06e166837d52973121

SHA256
387a99a1ece636d39f740ad8061f37fb699f60b8bc7bb906afec3fef825ea0d5

SHA512
6c3035c27f85d63065d7bd8dea29d64a26a6f809895f8449086feba649f8ebedf86d314b8b87e09bc4772835ce6c9d5fa0e90118824546b4905044950a193c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
961e93849ca306cec20448300fe656e3

SHA1
4f414153dd1bd47f388ae2dff85068570cfa71d9

SHA256
5ae56647e742de9e8686cacc74b4d4ad14e89b77840b879e6b7e25ad4463870a

SHA512
d643c0fda45784dbf919b170fae35913487f2c29793011be34045416f4b1bad6d11b8b0181cfc3b7ded28b142d334343cbf344e3863c22ce5d4b9a69ce8355be

Download Submit