hxxp://www[.]nowe-miasto[.]eu/zygzak-karting-i-nowe-gokarty/

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2024 17:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.nowe-miasto.eu/zygzak-karting-i-nowe-gokarty/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674396007420180"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4780	msedge.exe
4780	msedge.exe
4348	msedge.exe
4348	msedge.exe
1212	identity_helper.exe
1212	identity_helper.exe
4388	chrome.exe
4388	chrome.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4348 wrote to memory of 4652	4348	msedge.exe	84
PID 4348 wrote to memory of 4652	4348	msedge.exe	84
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 2128	4348	msedge.exe	85
PID 4348 wrote to memory of 4780	4348	msedge.exe	86
PID 4348 wrote to memory of 4780	4348	msedge.exe	86
PID 4348 wrote to memory of 3372	4348	msedge.exe	87
PID 4348 wrote to memory of 3372	4348	msedge.exe	87
PID 4348 wrote to memory of 3372	4348	msedge.exe	87
PID 4348 wrote to memory of 3372	4348	msedge.exe	87
PID 4348 wrote to memory of 3372	4348	msedge.exe	87
PID 4348 wrote to memory of 3372	4348	msedge.exe	87
PID 4348 wrote to memory of 3372	4348	msedge.exe	87
PID 4348 wrote to memory of 3372	4348	msedge.exe	87
PID 4348 wrote to memory of 3372	4348	msedge.exe	87
PID 4348 wrote to memory of 3372	4348	msedge.exe	87
PID 4348 wrote to memory of 3372	4348	msedge.exe	87
PID 4348 wrote to memory of 3372	4348	msedge.exe	87
PID 4348 wrote to memory of 3372	4348	msedge.exe	87
PID 4348 wrote to memory of 3372	4348	msedge.exe	87
PID 4348 wrote to memory of 3372	4348	msedge.exe	87
PID 4348 wrote to memory of 3372	4348	msedge.exe	87
PID 4348 wrote to memory of 3372	4348	msedge.exe	87
PID 4348 wrote to memory of 3372	4348	msedge.exe	87
PID 4348 wrote to memory of 3372	4348	msedge.exe	87
PID 4348 wrote to memory of 3372	4348	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.nowe-miasto.eu/zygzak-karting-i-nowe-gokarty/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8b5d46f8,0x7ffa8b5d4708,0x7ffa8b5d4718
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9519893264151845895,10486885365014712316,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,9519893264151845895,10486885365014712316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,9519893264151845895,10486885365014712316,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9519893264151845895,10486885365014712316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9519893264151845895,10486885365014712316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9519893264151845895,10486885365014712316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9519893264151845895,10486885365014712316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9519893264151845895,10486885365014712316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9519893264151845895,10486885365014712316,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9519893264151845895,10486885365014712316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9519893264151845895,10486885365014712316,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9519893264151845895,10486885365014712316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9519893264151845895,10486885365014712316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2512 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9519893264151845895,10486885365014712316,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9519893264151845895,10486885365014712316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9519893264151845895,10486885365014712316,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa79fecc40,0x7ffa79fecc4c,0x7ffa79fecc58
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,10584427802013284399,14634580219133811094,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2172,i,10584427802013284399,14634580219133811094,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,10584427802013284399,14634580219133811094,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2292 /prefetch:8
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,10584427802013284399,14634580219133811094,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3296,i,10584427802013284399,14634580219133811094,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4544,i,10584427802013284399,14634580219133811094,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,10584427802013284399,14634580219133811094,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4884,i,10584427802013284399,14634580219133811094,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:2320

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1360

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1daafd4f-04a1-41cd-8c73-21a55aa9b10a.tmp

Filesize
8KB

MD5
08edf346df6452fa738226a91ad322b6

SHA1
dd435d011566ba069c88d3e2cfcd109d46fd49bd

SHA256
a39f3163fe73fa9bc545f846a501267063231b65b213291c19bc9358dfc1a1fe

SHA512
3630f3d1cfcd4de3ab1f8a9574a5028bc533af48d3c1d19cd8ca7b0113224bab30a290920652b01365076eb21794642502c72d7289de46efd29809911cfee127

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8e3e1e133ca3f0b0cc9d050c68c85db0

SHA1
64b8acf63f3fe52d9a1b586c86e8b729bd3ae69c

SHA256
1e15f5e5612e9101deaf9b898b911714124473298acc39e1daabac3b1221a33e

SHA512
5bc105934cb7b34bb0809d8efc5b8f7943b446df2247a6513b4774667a9255fba6e759551d6ee9b90903b5f608a5b1fc55dc44e30e7ef19350d4f54d0b2df166

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
798cf046482d88f4ada521fbfc6e8ea8

SHA1
ed4cd7480c59d396453149f4297b5ca8df86f68a

SHA256
a67b73d93f77cdb3435e3d11db7aac8140c566ed174bda0c907b3e904fd42c34

SHA512
737b6227678f5a70647c75b62c79b9286598a803bcc1038fb4e164053cab9e33c54b2654f836b187db39b074a84d0727b0acbfa438e09721ae888af4415f418f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f8d78f61aeab3e23903f35d9dbeca2a1

SHA1
237a9b6ce3ae0783c694d01b8382ddff83a3ffd5

SHA256
4a2fae33ae6c58d159057b88d2cb99ba16cf0a44743b739d0cce15d924ed20bc

SHA512
7ae9235bbde8093dda45eb3d201ffeff3a2d496aa4b2ed5443cfb26fea9d5f33c129438a150449598bf455fde3d11705e8a10e2fe4af1b047215a81c7bc2ec2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
36b9a926faf80920eac83931d2accf68

SHA1
8d542320a01eb0663e43907d828b9836a0240952

SHA256
e1691faeea5e16ba7e385c09ba337553efd7b2b7c7b4fe52a71ff92d597c4e35

SHA512
207ce37530d8f8fe1150777f25f479c9ccc1ff86b85e1d145a4fde2fbf164280149d4f3892f79fdfc120b0dd36fe5f2613449253f45ac918e2e4dcdbf6ae6d17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
72fabb6b92f3d534d8b2e52169507e91

SHA1
344bdb5bcc85fb3cc22aae0100493e8ab6c30cf1

SHA256
ffeab1e3f61951ad0ea07842725997b0ec74542c2279d60e26b13af6fb39a805

SHA512
61d3c3972845ea700dbcb81a6e1ac4015f85a6e910ada77045f890063fb42b16c90fcb36866fea2d2b22a1b121d0a5cff60f37279f9e59be6d50ddca47c1efbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c80a08dc1f7e30dcc08c5a65e96cbf3f

SHA1
857b97d46aea8e5f565b6871a24f5d15801b8d3d

SHA256
306b113fba0d6b157e334288e22d907d8f2be105293577d431683fc4212dcfc4

SHA512
50dd23d43543d3aa81465bb58bf5457deaf5f34a4b86abfc61b005c0c216765856d2c2c47ed8d4c2c1025598a951ce071750ae6d4878398d043af30c2d06dc0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4ad2abb719518a572b2130e20abe19cc

SHA1
4427ff6327540f049f0710954b6ddc44b6b76c9a

SHA256
fc3f6201c5b328583098f45c56f5e26dca8b582ba3308ca4d2c99d167ccddca0

SHA512
1ab34a2fe1523516c2c8a896631baf35dabf6e36d6f2e2737e98c37314a46c59f169011bf040c4312c4b016b783fc00f858443f6b0a1eab23fc347bcfa1bde53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ff4258a91041e6e722f6c5b7e0e77976

SHA1
0343edc7dc7d9ac1890dba246f43a9d11223aaf1

SHA256
7ffddd8ec745182bc046061ef7ea18aa9c528743d96234221143dad5d37ce75a

SHA512
a5dae0dfe1cfee588de832f5379ca384b4f1732b80c8696117c550eb22a56ce04e8ca57e17a154e80bee351400dd0408f6c01a21fbd8ae3aba951233a9a7800c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6ccc9f13e39f4345e23a8ad8d07533b8

SHA1
ffc717c22c1749654604028313b28b6d7d1e2782

SHA256
3dd6a8020caef84b96cc4ab5eecf44120e5a19b7c01405122b090d2ae40bb9ea

SHA512
5e6a339c32ae9454b689ab13ce6a4d39c960d1988293a57e03e95c327e9a9510d9000960997a17ee1a45a90047ab152d3788e12eaf071e6f822129a1b6dfb059

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b9e08680-c39d-4740-b15e-f9f395b5c0a4.tmp

Filesize
100KB

MD5
895fd25c267c699aea9b5a076b3a62a3

SHA1
9886df2d8357d84a4aac9d89eb7eca7e4d85e930

SHA256
10af18191cd7313b6c3b1a5b82e23b0b34060f22952b9cb6d53ba0573d7af5d3

SHA512
c7ddf5628dcb503970c8c817646ec34a66d2053ee61de4c3f962a1bd228301bd0c895b48c9e6a41661853d455335531ad1a709fbf0bf94b7b5dab2316f864c48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
88ba83915a62521fcf847b4df55be9e4

SHA1
2c6cf0469987cf11dfc7c78297b86c2cee98f526

SHA256
5fd0bd8398dedb41eb20e276504b0846e22fd16c09788015d33d552d6425c095

SHA512
1bdaa34d8281f766f9c6487110c06259ff8da27af05dd607540d19025c18c3505049a29de22aed2c9eacdb0417b4729e17be85822ba0eafb0cc8fb61c5fc638b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1011B

MD5
970483e1fa0f27af4b28ed0735c6c109

SHA1
07df73a88b5612993f0d361c4c41fd62be831511

SHA256
9659fe420dcaa175d81d6d6b64c8e3fad143f5ac18c03129c05321b5d29ed89c

SHA512
3033e90470a5dc15c8a17efc8da7e34c647efc5f861dbe26bb7c0dedba3867206429b22ef17516e5437b01ad31c0d65628a8eb88f10cd875b60b195dc5bea493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8e1a0cde5715c87589fc2540ccdb9baf

SHA1
6df0d25612217e228414e7c1c5053ecb91e46c89

SHA256
c1ef38521449fe8782c97af3e4656e8dded9ce7472210e2506643a79729df04d

SHA512
912a21634f19ef9f5927a337f687e310d85d9c675f0b7e137f7c499854a3d612fe9c2ae3a4f77c1e7133859491334ec508f70dc4b6045d1c063cc44b2e8689bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
48f835ae0d46ca05cc23e92a95feb5c8

SHA1
26c56cb2061b9d21d9d86ca2e357a8433b56c665

SHA256
b90f0934a36a33d44b8edcebaeb27a739d6dcb7dfeb17e507695bdf8843edaeb

SHA512
9e06a6df3aee242678f9815e26dbd00383dea807431c871e95b1d473cee53935ca5839a6539282799e8fbd54745b55c21169e02b31ba04cc25f5323b32612ea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5b61c17859abf9e29a3ee4c7675de47b

SHA1
7bf9ba5fc303934c90f5bdea0ac15df127f3bef6

SHA256
2987b86ddd0dc1ba2dfc097157fe5b9b988ad139179318ad387e941dc25a8c75

SHA512
ce1ab67e4204cc8497b8cee4b4c861a24691bbbee6ab72c0546633e625fe95a3a8af9dfe57cc2b836d7e36b814145c941963654bbb880d4a60c8d68ff2f29aa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e43e9ce409f14e84a3f3f539854ab026

SHA1
5fd3d910760681803606cfa5ccf38dca21167975

SHA256
3de60c90576a2bc517d508b77267aabe5c81924ce1fdd645cc0c37da66a5c10c

SHA512
1560fd1f826a7f60b63418ed4943b94a3bc68df34830b7ff1c621bfea23aaf8c222857fc7ca363447faa178849b2e18ce4b07c0b6cf9d8c0514ba85707f3dc09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5e9242116655d8c163b617b020d83726

SHA1
1b92d6a9595e358067a6aa6abb43dfe83a5bf270

SHA256
727c8c6595a0e0d757360b1d7ea21cfbd21664c5493436ae295094f52f7a904b

SHA512
016f79bf8fe2c648d67c1bb41b9b772be33ab9fdc40618fcc49ba8dd7b34ce99b26dfddb404c48deda923574c234325cbbf7ec33036ed67d5be5ba24ed80c1a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e5173b66cca3fa205233e27ff342fae5

SHA1
9fed1db17ea1e41a000bdc92e8815827cc4d13ce

SHA256
0eceaf339f020e33bbda6674578f32ddaf2ab0002fcdd15007aae1f070ecb9fb

SHA512
333282bb8bee6a5506d3584cb51808e33a6e4a54282ca2ec59ad2808de9d295422c3ee09f2d864123485e12db56936ddfbdcc510e9c959f11c93a9300f19ef9d

Download Submit