Analysis

  • max time kernel
    162s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/08/2024, 10:51

General

  • Target

    https://google.com

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.com
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3980
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3f7f46f8,0x7ffa3f7f4708,0x7ffa3f7f4718
      2⤵
        PID:3632
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
        2⤵
          PID:1656
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1468
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
          2⤵
            PID:368
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
            2⤵
              PID:644
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
              2⤵
                PID:184
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
                2⤵
                  PID:2580
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
                  2⤵
                    PID:1824
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3700
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
                    2⤵
                      PID:1464
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
                      2⤵
                        PID:5064
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
                        2⤵
                          PID:1268
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
                          2⤵
                            PID:2512
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
                            2⤵
                              PID:3804
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5552 /prefetch:8
                              2⤵
                                PID:1812
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
                                2⤵
                                  PID:776
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
                                  2⤵
                                    PID:4560
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
                                    2⤵
                                      PID:4944
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
                                      2⤵
                                        PID:2512
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
                                        2⤵
                                          PID:1064
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
                                          2⤵
                                            PID:528
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12899589145448456006,7011932577658778708,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6000 /prefetch:2
                                            2⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:6136
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:2160
                                          • C:\Windows\System32\CompPkgSrv.exe
                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                            1⤵
                                              PID:1252
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                              1⤵
                                              • Enumerates system info in registry
                                              • Modifies data under HKEY_USERS
                                              • Modifies registry class
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                              • Suspicious use of AdjustPrivilegeToken
                                              • Suspicious use of FindShellTrayWindow
                                              • Suspicious use of SendNotifyMessage
                                              PID:4848
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa2e2acc40,0x7ffa2e2acc4c,0x7ffa2e2acc58
                                                2⤵
                                                  PID:2572
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2004,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1928 /prefetch:2
                                                  2⤵
                                                    PID:1496
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2444 /prefetch:3
                                                    2⤵
                                                      PID:4444
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2572 /prefetch:8
                                                      2⤵
                                                        PID:4744
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
                                                        2⤵
                                                          PID:3592
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3276,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3292 /prefetch:1
                                                          2⤵
                                                            PID:4736
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4616,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4612 /prefetch:1
                                                            2⤵
                                                              PID:5300
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4548,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4752 /prefetch:1
                                                              2⤵
                                                                PID:5416
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3556,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3412 /prefetch:8
                                                                2⤵
                                                                  PID:5604
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5016,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5028 /prefetch:8
                                                                  2⤵
                                                                    PID:5676
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4540,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3512 /prefetch:1
                                                                    2⤵
                                                                      PID:5888
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4916,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3520 /prefetch:8
                                                                      2⤵
                                                                        PID:6016
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3496,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4976 /prefetch:1
                                                                        2⤵
                                                                          PID:5476
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5436,i,6213952007273900156,11384947501045675787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4488 /prefetch:8
                                                                          2⤵
                                                                            PID:5312
                                                                        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                          "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                          1⤵
                                                                            PID:5208
                                                                          • C:\Windows\system32\svchost.exe
                                                                            C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                            1⤵
                                                                              PID:5684
                                                                            • C:\Windows\System32\rundll32.exe
                                                                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                              1⤵
                                                                                PID:6132
                                                                              • C:\Program Files\7-Zip\7zG.exe
                                                                                "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap18972:86:7zEvent20954
                                                                                1⤵
                                                                                  PID:5644
                                                                                • C:\Users\Admin\Downloads\dota2maphack.exe
                                                                                  "C:\Users\Admin\Downloads\dota2maphack.exe"
                                                                                  1⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:4948

                                                                                Network

                                                                                      MITRE ATT&CK Enterprise v15

                                                                                      Replay Monitor

                                                                                      Loading Replay Monitor...

                                                                                      Downloads

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                                                        Filesize

                                                                                        649B

                                                                                        MD5

                                                                                        f7d2b753a751be4201412ba3c60a540f

                                                                                        SHA1

                                                                                        11a4a43ca3de74de1b5cfe63f7edbc78c1ec54bd

                                                                                        SHA256

                                                                                        69479c1ca743f78eab7cd27585551e98f10f29177f03cec912707c2b8489b9a7

                                                                                        SHA512

                                                                                        3d9c7878229c6030f6afec2c67bec320ea0b1129d58bd0cafaa77c105cca60abd1bbff4f8367931273194bcff06bc6f076597c321e80de2d871000f994cb0443

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

                                                                                        Filesize

                                                                                        144B

                                                                                        MD5

                                                                                        05f6b28ea5efc42b5f321d5c1c3463e9

                                                                                        SHA1

                                                                                        4147d6b37101adb7a8859cf34e4f8a2bb613a5dc

                                                                                        SHA256

                                                                                        60d8ce0b8be1be4a4172ca1fdfa54441547437b68fe5da13ee63efea11e9dcf3

                                                                                        SHA512

                                                                                        d5e067392f25e7629525d32cabd1b9d8f952a60ee0741946cc9637cc1a375fbd54daf3dc650377da6e7aa7f615f3fec5444f7a277dea58e09fce8fb021033c52

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        b1b93738d048a36661885ca9c74810bb

                                                                                        SHA1

                                                                                        9bccf7b9a85bf9080cd31948c606279d7bf7355e

                                                                                        SHA256

                                                                                        947091ebc23e6ce16f94c98f7af5a7887e195fc2742c166c43c4b2810774a3a2

                                                                                        SHA512

                                                                                        fd38142c0a28157aed139d8dbb7106454c03e2d113e1c0d3185cfcea87ceaaaad49b6b6838dc8d7112a21d6738a73e985f03b7aee0caf49f52b777d871ec88fb

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                        Filesize

                                                                                        2B

                                                                                        MD5

                                                                                        d751713988987e9331980363e24189ce

                                                                                        SHA1

                                                                                        97d170e1550eee4afc0af065b78cda302a97674c

                                                                                        SHA256

                                                                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                        SHA512

                                                                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                        Filesize

                                                                                        356B

                                                                                        MD5

                                                                                        da3ac72e3ee833ea69c1cfec85dbee08

                                                                                        SHA1

                                                                                        97c50ff2600f07c12be10f3dd660af2629e7067d

                                                                                        SHA256

                                                                                        2d7c1c3cfd6c9c55be42a429c97c36048497195404a0e13e6d6f12fa735b350f

                                                                                        SHA512

                                                                                        2868fbc6f295c21c2f738d400462e80aa34b35a2a876625e555cd55f86f16bca62780d5ac02fb67d1b5531976b5ea0b7456c18b0d7e04e844c235ad7c5c04f6b

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        472a5e801d10fc13736bf2e262327a1a

                                                                                        SHA1

                                                                                        4c460bc06562d98f9d953046ab644a4925c230a0

                                                                                        SHA256

                                                                                        c0503fe3ad567ce57341e0fa4afafd673c46569c1df372661173c47221086d6b

                                                                                        SHA512

                                                                                        d616b781fca08e05c2f9bad7e2656498d49b6960e7d065d8813648a570e42907ea85f5a57b2faeef4adc0c0094bdad70d43e93993716b737acfb28e6f74483ac

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        07f12ab067d544f205dd7f4b268fca48

                                                                                        SHA1

                                                                                        fbabab7171e9fcefcdd57e4d19ae0246c7d753c5

                                                                                        SHA256

                                                                                        e855a8e4af91e52241dd6c7db8aef89f42028a97971fd17d918b9d749d9344b4

                                                                                        SHA512

                                                                                        4ff14f9e57979b9327b3b69184e5f99bb9c9a70a54966ab6452fa418d22453654ba755f4fe751addf806c74a8cc979bf8f8fef56a919886291ea2aa591b205b1

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        e7e7537ab9159fddd13df019a46459ce

                                                                                        SHA1

                                                                                        a2d05d8307ed2e7ef8209aa95175a2f1ad66b793

                                                                                        SHA256

                                                                                        db94883b6f41a9f62ac5551be6b1d3316bd10d1879159f1c63333e11aba56d68

                                                                                        SHA512

                                                                                        aaf534b4a8bc5e99a5e8efdd8ba51cde21839b8738b63ef0b95144dc62c0d5d08ff041a9734e7690097928afc94d959b892d796bb37b6d4b4ef4e29381e47d88

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        a6be1cfac690536b7ff9f4e1581f08cd

                                                                                        SHA1

                                                                                        c9c453c555abc3fc341fe7cbdd5faeabf882ed38

                                                                                        SHA256

                                                                                        c824b51998fef9dea629fe4a514a6479e0294013a68256afbaa0ca70232fbe12

                                                                                        SHA512

                                                                                        ee213922276a60fa2714f52d9cca1125af0f45f74df4f28b8c5f1397a2fd40df86d4f45c4b83347b7071260a2e4deb0ca1104743f08ed49f0bf707d3cbd543d5

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        c11b1f5284dac87f6f8dd2e59423bcdd

                                                                                        SHA1

                                                                                        b4c7df49b7c7a3fe59366b3ad9d6698471b0d051

                                                                                        SHA256

                                                                                        7986324a0731445a154daf7d611e375fe27163c720b1c826f878b170f7bd2b7b

                                                                                        SHA512

                                                                                        ffb0cc8748f7f7f441d3cf915d029ce2386f90935500cce45902055b159bd2e09578d35a1b578923879181a3bf9311c02023838ed4c6f94d4af7432ff57e564c

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                        Filesize

                                                                                        15KB

                                                                                        MD5

                                                                                        057d706c619397622dc2fb9c3eca0d84

                                                                                        SHA1

                                                                                        851f8db8dcc87c0f948b61bd49bcf3ba7bd37c55

                                                                                        SHA256

                                                                                        c796407f8c2eb799cfea921ccec55deb1f33b931d7065c001c3e0f4d6c93517d

                                                                                        SHA512

                                                                                        98bac45bfda08f15782b1f628f4b2d8d22c8c8e114785e0840e56698c705a6feb12bb81b4687e5207fbb1a5b76e3d08185b6bfd6311248cb16504a4eb1b1eb80

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                        Filesize

                                                                                        196KB

                                                                                        MD5

                                                                                        7dcfc4f0d7ee1cf3dfc7f1117e1dfaf0

                                                                                        SHA1

                                                                                        ae3a4eb76cccebc13f451369e20f8c4c7d829e47

                                                                                        SHA256

                                                                                        015a4ea76ef3775298eaf57e2a93a9091432c3bd04a4e8ebd2d9da413a7540d9

                                                                                        SHA512

                                                                                        9243503d235caab1f07297f50ecdccbc65edd90779a2967a3aaf6b471d5fb61d5216df30d1bb666f147877e864be235ada5e28e24ebd82871fd9ca55b8725241

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                        Filesize

                                                                                        196KB

                                                                                        MD5

                                                                                        60babd245e3543841a03e10f5e535436

                                                                                        SHA1

                                                                                        341332485a27090951f0e1951eef9cbe51356d8c

                                                                                        SHA256

                                                                                        e459be52cbe99c37552a16ff0b84d5260fd6a0d345066102bdd2be1f7ad30a62

                                                                                        SHA512

                                                                                        36dff9353ea69a9e331c1a4db4d6704078276d2de7f2e13bc285d3cecc29b99a5db46567ddd32a27d738d19c7b5d37e9b1df1d981273c0fd52393ff7a3102a98

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                        Filesize

                                                                                        152B

                                                                                        MD5

                                                                                        9b008261dda31857d68792b46af6dd6d

                                                                                        SHA1

                                                                                        e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

                                                                                        SHA256

                                                                                        9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

                                                                                        SHA512

                                                                                        78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                        Filesize

                                                                                        152B

                                                                                        MD5

                                                                                        0446fcdd21b016db1f468971fb82a488

                                                                                        SHA1

                                                                                        726b91562bb75f80981f381e3c69d7d832c87c9d

                                                                                        SHA256

                                                                                        62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

                                                                                        SHA512

                                                                                        1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

                                                                                        Filesize

                                                                                        209KB

                                                                                        MD5

                                                                                        3e552d017d45f8fd93b94cfc86f842f2

                                                                                        SHA1

                                                                                        dbeebe83854328e2575ff67259e3fb6704b17a47

                                                                                        SHA256

                                                                                        27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

                                                                                        SHA512

                                                                                        e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                        Filesize

                                                                                        192B

                                                                                        MD5

                                                                                        15da48a2568a5a0d13f13a52caaa0991

                                                                                        SHA1

                                                                                        5e6ddde5b80358fe73552652ec0cf96ae5044dfc

                                                                                        SHA256

                                                                                        815651b2b390684c84bd98db2df86b7ed014df9024c2ab9044eeaff2b4a84820

                                                                                        SHA512

                                                                                        390d25b02f66c96286201d0d5791cfe3520cea5830eeba958ec69629afa2fe213efc7c49e1076831151f8c027fb3b7933c7f6682f64b70ee903475d0c83b89fa

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                        Filesize

                                                                                        336B

                                                                                        MD5

                                                                                        e9a4473633651918e76a05e01512def5

                                                                                        SHA1

                                                                                        e382dde4dcdcc81d2995f7952deceb6a9a428ff5

                                                                                        SHA256

                                                                                        1ff04148d9b812e4b1c347c26d1b8d40b540b9eedfd3f371899406953bb86661

                                                                                        SHA512

                                                                                        0b510cb9f045b4cb65deb7223138db4abf602ce9a01e048809763b17d2fc07eba62a00d7ad85cfc47f31a0dbd78df0cadf66eee3850d9f1e8bd16b722089e51c

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        5bc8345ba95c336cd8e6baa44eaa4634

                                                                                        SHA1

                                                                                        7906e6c37a18561ce0a6b8cbfa5d87840e6a0105

                                                                                        SHA256

                                                                                        51fb4266245dfc3b30d92a90c3476e9c7f872108e1b4e74f64bfc468cc8b280f

                                                                                        SHA512

                                                                                        144313e9d4cb8e961a2fe9dc0e9a9b2f93904c899571fc9c37ad465384d997016e84d78f4afd0edb45525d0fb29e0014f36e9bbd5c408d837b60e6c996bd45bd

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        8ea6536633bb9eae605594afac7741d9

                                                                                        SHA1

                                                                                        34c98cdaf2cf0367a8c775cefe18781ef7c391b7

                                                                                        SHA256

                                                                                        ff2a91f0e473c4c316d44e1e8f73816769d0f00dd567fb5cebee6314e3919ece

                                                                                        SHA512

                                                                                        50b634d0397aebb144e0e38244247f3b36269ab3de645e12107e5190c86a4b19de59d4c3a0519f58c1db0acf86369f3974e68912b347d189298eef587eb90e80

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        5KB

                                                                                        MD5

                                                                                        2d1a7f682a8b3684b6ee97da09e1e1e6

                                                                                        SHA1

                                                                                        2f05cee8069f3c33bd80eb7dca4b4bdd98406430

                                                                                        SHA256

                                                                                        be3527b55ecf8f7b796e27d912469b46418d381e83677af4eb761e33ae01b0e1

                                                                                        SHA512

                                                                                        ff35125d61655f650d4ac9930fc79b549d9f99f9b07630a3259bd7e19058342dcd275e8d58a8a0371e529912c7248f3789aa2dffe74d498bbc33dd025e0dd08d

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        7KB

                                                                                        MD5

                                                                                        d421108edefc83598f690cbfba2fed36

                                                                                        SHA1

                                                                                        e70d1109cae470850fd429e9e497be7a12307512

                                                                                        SHA256

                                                                                        2ebc35650973ee3654e207213b163b84f710d98e00454d14da6932557ee6173b

                                                                                        SHA512

                                                                                        7e43f77615579c999c022026cdb786aa20d103e7217765728b2cbe2290c35f08d22877d7dab40c780da3ccf600d77f6630a74096416eec48d01d1cdcaf145e54

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        7KB

                                                                                        MD5

                                                                                        7769eccc582c8caca74463be37e12deb

                                                                                        SHA1

                                                                                        393b2c918fc5b50daa1ca2488f856a5241cc4b45

                                                                                        SHA256

                                                                                        8b24eb5a36d4264dff6659d0380d90fd90e424a5c5b13fa52f7e151e0d15ce11

                                                                                        SHA512

                                                                                        5fcc91afea566ed69aaf681c9b7e5a212011d362a234156d32c6a01e3b65d8da325271b51d1a197d1cef1a6e4a91cb431ef56f98253410bef7d59db4fcb632bc

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        efc3ace456abe112e699ab68c01190b7

                                                                                        SHA1

                                                                                        0ec91df22237c39a92d92fadc27ce85e034e2c4f

                                                                                        SHA256

                                                                                        72a58a64e533906e6589271d6ead85d73ce16f449a8b8171dc7210d085f79f2b

                                                                                        SHA512

                                                                                        49a23d09d58fea0eff63d0a54dd3cab99b28be6b24aaa8667b21d75bf2ff6e8d09fa9d2627d4f32caebe9794484e090f43c436ac0cd8473a39a6f0dc710ba3ab

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        7KB

                                                                                        MD5

                                                                                        27012f8b38d2bb582b01a522f3f54d94

                                                                                        SHA1

                                                                                        bc1c4549c881d2640c9f8cf43376fdc63764b3cc

                                                                                        SHA256

                                                                                        decfc0765135cc913f8bcea48b8b24c7a114b9158fcc619592327045bb533d17

                                                                                        SHA512

                                                                                        8b89b8d10787dedc76dd2f83934151f1c01e39fdc85b7e587c791cc38113d2aef0ce34ad84e00b6db91a4d2383b2ae7e14f8732a98e875c85f032290c0388896

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                        Filesize

                                                                                        16B

                                                                                        MD5

                                                                                        6752a1d65b201c13b62ea44016eb221f

                                                                                        SHA1

                                                                                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                        SHA256

                                                                                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                        SHA512

                                                                                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                        Filesize

                                                                                        12KB

                                                                                        MD5

                                                                                        b2ee059d51138263561866fa23718d4c

                                                                                        SHA1

                                                                                        6c62ff79ee7967e310f7fd3cded18704b53ebc80

                                                                                        SHA256

                                                                                        c376a69ee00f9daf4f338efb59798039f286302a773e06a2d7e7a6517f1373a3

                                                                                        SHA512

                                                                                        86e84196be4b0b583637137459f992ed5c60eab1d23d0c66b318a1ead444dbea7cb22a2ebf52898d4369a4e019a3466e1d13e45bd2fd50c40e9abeb43bd4033f

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                        Filesize

                                                                                        11KB

                                                                                        MD5

                                                                                        6199222400b86078ed86576dc9eec2ca

                                                                                        SHA1

                                                                                        7b5fa788b048e461de6684ae7955889244564678

                                                                                        SHA256

                                                                                        1669b03fc77d09d8021db8ff1b65c7d87770158ce0e11f824077912dbd298fb2

                                                                                        SHA512

                                                                                        33144e3d08afe915be73637838776c0c3a3e089ded1b09960b93c5d1abeca73d3e9d80ec3e9285eaf2ec18c2f36dafb282c24f2c235c9a5332ce948425785d86

                                                                                      • C:\Users\Admin\Downloads\Exela.zip.crdownload

                                                                                        Filesize

                                                                                        10.7MB

                                                                                        MD5

                                                                                        ec638f00dec0f6fc493ff3ca46e0b647

                                                                                        SHA1

                                                                                        311df1b92cc2bfafa60be3df1b8956de028e6a99

                                                                                        SHA256

                                                                                        442db2bab424c56c75470821c35022f6a79cb08a4a83ef13bcdf72e25d274b9d

                                                                                        SHA512

                                                                                        816a1f28e95ff80e22df286d7c2a6e150f0de224fe3a1f10d618db8908e1647da98310aeacc349a25769214c165a6e69603e75530c09d2e2ccf9e5a9530b8406

                                                                                      • C:\Users\Admin\Downloads\dota2maphack.exe

                                                                                        Filesize

                                                                                        97KB

                                                                                        MD5

                                                                                        ba440ead8128cdb67b4bda06210e340f

                                                                                        SHA1

                                                                                        ffb4456fc497b048caf641e67d81d3e42b09a70b

                                                                                        SHA256

                                                                                        400107ce590451ebc8b11fa6b25499f64b9646760e23bfe84a330d625c9b0f9e

                                                                                        SHA512

                                                                                        ac166f5e62309dc367397d9b2353b82e94d276f1b7a70b4e6345ac0d92adb9743ff574964c48599f1a48b9dd1f407ed62faa8c08c88702898eea3698e45be153

                                                                                      • C:\Users\Admin\Downloads\dota2maphack.zip

                                                                                        Filesize

                                                                                        47KB

                                                                                        MD5

                                                                                        1679ac78d44bbaa82103d073e3f62c29

                                                                                        SHA1

                                                                                        b4b5bb550c5b4a9047dfab49c29686fe2883a3e5

                                                                                        SHA256

                                                                                        4c6560c3abef012a78618c92619b03bedd483be09477c9fe40037a52d4a04280

                                                                                        SHA512

                                                                                        05dc021d740bc308fda3bdc27a4642d983a009fb495bdc6844e7a5a4522907a7b9bae9e40a8692edfa34aac19272aa0c59cababbd1eab64d96ba0ae3f630c2d1