d880aba42c6dc89816450a143f746ddb56ff00faa9241e12af20e6e966c02f00

Resubmissions

02/08/2024, 15:24

240802-ss5g9azarq 1

02/08/2024, 15:20

240802-sq7vlazakn 4

02/08/2024, 15:19

240802-sp5nvatglh 1

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 15:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

shaderFile_1/shaderFile_L.zip
Size

17KB
MD5

44cf23e66002b14efc308355e36c0c7f
SHA1

0c4ec08c4c9ed5ca8a2096b1b0fc0437bea7be58
SHA256

74ea2fcb43a7f194e136cf0915b9ce5c8fc55f42f745a30e1fbaccf0f77020f6
SHA512

d3a5804b032077bac0d3b87a5ffb64639feb06d4b25e59e75ec02fe06f31f4c84e056c2eb9608b06c1cbc50bb5f3e844861e77b0f7945a1a59b2305e61a26945
SSDEEP

384:2/GUTaPz0Z8YVzCY2aAKwEnbxEk54RZN0gk602mN/tkmBe:2/furCYFaNwEnO10cjmdO3

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2412658365-3084825385-3340777666-1000\{7291CA7D-68A7-4C2A-98D0-46488B117AE7}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3452	chrome.exe
3452	chrome.exe
5456	msedge.exe
5456	msedge.exe

Suspicious behavior: LoadsDriver 18 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
656	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3452 wrote to memory of 5044	3452	chrome.exe	85
PID 3452 wrote to memory of 5044	3452	chrome.exe	85
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 3332	3452	chrome.exe	86
PID 3452 wrote to memory of 4120	3452	chrome.exe	87
PID 3452 wrote to memory of 4120	3452	chrome.exe	87
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88
PID 3452 wrote to memory of 4744	3452	chrome.exe	88

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\shaderFile_1\shaderFile_L.zip
1⤵
PID:3948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8f893cc40,0x7ff8f893cc4c,0x7ff8f893cc58
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2040,i,18379576431243366975,2230394176072135967,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1896,i,18379576431243366975,2230394176072135967,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2360,i,18379576431243366975,2230394176072135967,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2368 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,18379576431243366975,2230394176072135967,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,18379576431243366975,2230394176072135967,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4592,i,18379576431243366975,2230394176072135967,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4584,i,18379576431243366975,2230394176072135967,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4576 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4896,i,18379576431243366975,2230394176072135967,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:940
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff750fb4698,0x7ff750fb46a4,0x7ff750fb46b0
    3⤵
    - Drops file in Program Files directory
    PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4444,i,18379576431243366975,2230394176072135967,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5412,i,18379576431243366975,2230394176072135967,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3184,i,18379576431243366975,2230394176072135967,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3244 /prefetch:8
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3248,i,18379576431243366975,2230394176072135967,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3276 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5172

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1532

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault2905cb99h926dh4458hb6f2h056cbf580850
1⤵
PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8e55746f8,0x7ff8e5574708,0x7ff8e5574718
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,7371447075448840299,15270034358416415898,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,7371447075448840299,15270034358416415898,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,7371447075448840299,15270034358416415898,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:5488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2f4ca1cc-1543-49b4-a1f5-bf895e1040b9.tmp

Filesize
8KB

MD5
9c4c75b468d5d9e619db06bfbb8774cb

SHA1
d51f5135619c507e2883b8e8c938dda5144a9382

SHA256
09c7a476bab2da68ad39d2442ce00be55d87e6503925d824a9a6813c2f72fb1f

SHA512
739c0a34de9bacb5d578e8c74c9ddaa1aa4de9ee7be7f0510c0e0210c7fb7d8b3e3f877a31b8d39826bd5b1f8d62b720ce3dcd4b4c7614976cd0f07ac25e52ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b1cc4b5798e1194dc68931645a572ef0

SHA1
92d5bd20ecb69296d5ea9fac1bf946b443c97e66

SHA256
5f243c484f423ea4effc95f9aefeb3de1d1ed91b8d6ebe353fa903079ccb664a

SHA512
abfa5652e9726eca064dab70bd038858d4ece7433362057b8d26d14e877997431aae8bf55f7d499666981354574f0cf035648f7b43ec1b046f779dd4aa3fdf18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d7969208eb511546ae2e7686b2427f90

SHA1
a04da0d9d0f46a87b0946b7e35a75b650e502edc

SHA256
15c21692c7d83daf07272ff4c619f3120c1361b31a01df87c067be61f719e67f

SHA512
1fec033fce2c30316762af6ae8c278eaed1e692f42a91024aea293595d80c7d6f3eec2241c1a418590e647ff13a901d051eb27fddd16e20fd9b58eae8f02ba67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
44358d842db41597f843931df3841102

SHA1
a9d381fa02f5b2e6ce1bc452a8ed280fc25900d8

SHA256
fc6051ece26c2edb020585bc16d876948d69c6ae891fa097738930a704c7b511

SHA512
19100c406bcb1f5a25cd9fab6fd2b7729f93f8e1cd36247214095de6c7fd3b82431e76504f0d5264aa8105dee9b11d7805c3fb633acf5e40d71c21531e1fb9e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a41db97da6e0af294d67a664ce82dfaf

SHA1
ea9708f5b1cc6286bbe30844cd0a8685d7d2b3c5

SHA256
7414ac419cdefc075c762d82624548aa9e0b4effae33cefa2a97ad1c3d73f201

SHA512
2a89b4cef176dd63dd450585660a7c84a0be9e9d9f28bfda5b2278ed8bc51426fcc3bd0f7c80ae00bcecc58ca875ab89d84198f39e79d587e7f63e2c95f1caf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
47f3aa5490999cea4bd7b7becbdfa770

SHA1
b2b61ff72bececadaee92a2c5538681c451102b3

SHA256
c4bcb6989309342cf2a20d81e1e440d78cdb6ae189d7816ea64fa22804fe8ce3

SHA512
f6fbc80105e9e2257814ea8902864407cda79915027328017a5d0844ba208b590e5a41dfdb17f9d8f6b7a5f63fbcfb7bc881f45402bb83511f6fc07f28a2b29a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c739c628bd6303a10ffbc53c1b073e5e

SHA1
3e306a8bf97d11124a4b985531c6bf35d1c46c93

SHA256
c3f5ce52a334bd84e80458d630c804b8f4f570a25a294a08da730051667de9b1

SHA512
6f43463058bafaf2bfd3dcbd534ab41fc3318a1298b293cc97843ad45e9d1aaa0bdfb9e9940a94f4c370a114e2ccd913d34d5c7ed1606efab550d6377b4aa2e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
058cb00ec3d8b6030afc2bf7e37235ec

SHA1
9a9f30ba3603c19e26278ad66c69ecb189f73f9c

SHA256
7f369a23c8a0a1f7456e47dfaf8d63c231d5cee608b19c0373f15d91bcf20a6d

SHA512
04031a9939727c90eb586a7e2b2bba7cc7c0af6235080fbfbaef4a60d02a44bbfcdaade5aadefc867c9ccca6cefcc23fa1d21475edc2db13c0d3e2c7f198043b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a80d1ad2112973f7bb98949c1aa85d48

SHA1
8b2d16c9dd45fe6d3662efc6b9f4df0e08ad4f71

SHA256
ad4be4c73821346c176fd5351edacde3d3f84b71ee5858f1401ce9d8dc5a5910

SHA512
0c2589b0b8bdfd43b8ffe8a24f4d797279556f2c4c3a00133c41a50b05b4bd8324bb5a82b687b31ad5fa0d107258d4006b59c615876e94605ca4731fa3a8edf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5554d7df983656dae94441fbfb632d20

SHA1
31d05faa828dae2dc1065748e0e41682c324a063

SHA256
a2cb4ceec340ae04b2b0136918717edb0c4ef3685b3b76425243f0d0002133e5

SHA512
82b80be97eb2f0a1dc8d59192224c6cf87bd0ff3dba5956306d7e083597d51084c2c74f1bda1702e9b006ce3a1eae6954e62675de09c307b8d55996301ac776c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
86c55aeb9aca002d4c334093c6f335fb

SHA1
a2f847a5e96631be16bf93595b0a54934b0073b4

SHA256
1792d7c4c242212ceaffcd2ad20f49a6ff3ca49f99aa8b49651ef97ed74c512a

SHA512
ae81ca53b3b7cc164c25b18bb5c9e5564fecbf17cdf1a53a8ee09f01d547ef91f12fff9a3ddb5e615260c24012198e42b3a4df6f57288fcb2d2458c0b390bd9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f66bf0dc70746d42f14c00404945f6db

SHA1
2f6e5075db4608018d13e3bebb5c2ea83fd3af3a

SHA256
6b1a7a36a3455e4ac8585e868738c0d723e6c52e61f1e5a12229f815db4d5fa1

SHA512
e387c61a33d51113a2b250c095d6cce7f163f29c34a992470c398a8e5fffacb8ed770b635b9d43ff18fe12cb299b5bb68be9fdefcc17b1a89c31e0df1c148af4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
178c9f0c835e0cff7a50b9ad7312e236

SHA1
cd58dcc29236882d7808ad3d5c0a05db13cdae7e

SHA256
adc7a380301de3fe1d2898ac7a82ac874b1b5649096d3d64c487ff6164371703

SHA512
8fc5f8228ff86523f848dba6e32ca527dd61771a8b71e585027a9948a2ae1d12293e8d6beaee91296a69d25dea35d27a104f598fd0d6bac1f4e13bc0d8d8b129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b1902a6e085cd1e7954efb8f133810b9

SHA1
70f7ba0efed8602f9562939cd8e09b186dfdff9c

SHA256
3f94a98e460cae74a04797889252e5494129d174036f81f61ee22c47905d5988

SHA512
85e22dc2491dbd3789fec40ec0d583c01b60a2774f5a5b72d71b43e75812fb870009ef27a078f1b202c35ee4a35823375698446e0f0ef733cab1e0ca1b5ae76a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cf5165c869ca5ae74396596c8a2c8141

SHA1
1cc6d8171bb50d65d56a2f06c8ca22cba7a77729

SHA256
7edb39a7a8831cfcad1160815aaaf7f9cc16486b0e00748cd1d0793859587641

SHA512
592ed989ae6fbc8ed009666916eafb6ac83c81efaf34e7c39106a05cb16f22f8d38d980edf9749e86ba4a3fd6846923095091c0a18d5a411f50ba7d7f9baf3bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b970ec3ea1b5a6a37d693a8b2cd56f65

SHA1
72988e6922bee28beb5ce0dcc4e653e24c36be9c

SHA256
64c03266c083637e513bac66ba766cc30b5e777893ce9e80926e1afab4d25753

SHA512
99a0428719b3754eab760e875eacf7ac8b7f61445ac8d29993349a044e7e231bf72d3148a566d1f31b7aba1f68f9c3fd7ba4d3c51a854ddf0d165ac1477ab2dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
238111487a73e83ddf57f1e55e4bc687

SHA1
d866d342a9786ab2161ef2a8294e63ff7c75e1ba

SHA256
d3974c7a393388593d5624fbb4fc4eb9a155b0e6c5a361a19ca6c4d6e146f3eb

SHA512
a80f5c16fb85465df58efa349b3f451d2889e90c430f1ed46f12b3a3b69f04de25b21ddc03d567b214abd7e6376144a38459dc75082d24d90b2f516a35d4663a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
eedd1d1de5f2c844f440a72c9f37d850

SHA1
c399240868593559e7de3945b0dfb4fe7082826f

SHA256
32d7386f2432edb158bae0d09ead3109f0dd8b30954cdd5b8438fa9570b4b162

SHA512
8827396e91c31c9b9a8f2d3605f1ff222bac65a27fe8fa5bd99946576370da4ed28982696921a834f08cf33353e116316768df528f59dae6030517ae1fa87d73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
796687708c4155513aff220e764f28b0

SHA1
e14e30fc8be358d45d54b6a7e5200a2073d492b7

SHA256
428b4e46620b44315e572937474b84392f5e0b30256debd5f68fd0598b303b07

SHA512
b60df5580d765f3e25e6ff7216de6f7c1dbcc9fec1807eee784b8844e3b3db700392bab89640bb0ddfd3200323afed6b74cea7bffee374890bfbe4d3682629e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
c79e2509a2f247cc4e36ab54549e436d

SHA1
be94ba4525d82b45d1db7a80543b6a2535e71181

SHA256
616a81176afa8853c13f3457e91707752c721a882a4b00b1cbd3760389058038

SHA512
b2f9ebb118bb4a0a8fd2c176154a7820d6796bea46fcc7d335779cc8a3fdd0121a66553ee23b0d268aa56b1ae0586eb347c84f21526ad191ea98b78bc4a27ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4ca9f9bfbd622762970d38169c2257f8

SHA1
8fac59093b3c70febea003b3d6c9e5bc3e5530ff

SHA256
81ed368b9556fa77753aed8f98ed240fc1e3eaebd8e5f5448d93fba176254205

SHA512
4a157661630c505c2b3666ec387d6b8b7274685415e31a139a3d2a909d3538deff766881ca6421b866cd9be200cb65d202564132b04a2918f922c4ba5cc7c25b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
08122ed424ac1d6ef56f14d7e9ad19b1

SHA1
7cd4d0d2abecadb354fd1070490b916161918e4d

SHA256
f4ba6b774f9e6c3e046eee8f37bcff1c692956b160a3e362d1e4e503680051d2

SHA512
ba2c97f4eda4ef44f517b77dd78c4a2b743c5971551217c15bd6b23590afaff5474acbaecd4fa9f27e1bfc9527b10b4c1b028cae79ad00e8b5ba8e232a025079

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit