hxxp://101[.]10[.]204[.]59/c%24

Analysis

max time kernel
58s
max time network
57s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-09-2024 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://101.10.204.59/c%24

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133701052695784586"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
344	msedge.exe
344	msedge.exe
2352	msedge.exe
2352	msedge.exe
2200	identity_helper.exe
2200	identity_helper.exe
4088	chrome.exe
4088	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
2352	msedge.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
2352	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2620	2352	msedge.exe	83
PID 2352 wrote to memory of 2620	2352	msedge.exe	83
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 3568	2352	msedge.exe	84
PID 2352 wrote to memory of 344	2352	msedge.exe	85
PID 2352 wrote to memory of 344	2352	msedge.exe	85
PID 2352 wrote to memory of 3544	2352	msedge.exe	86
PID 2352 wrote to memory of 3544	2352	msedge.exe	86
PID 2352 wrote to memory of 3544	2352	msedge.exe	86
PID 2352 wrote to memory of 3544	2352	msedge.exe	86
PID 2352 wrote to memory of 3544	2352	msedge.exe	86
PID 2352 wrote to memory of 3544	2352	msedge.exe	86
PID 2352 wrote to memory of 3544	2352	msedge.exe	86
PID 2352 wrote to memory of 3544	2352	msedge.exe	86
PID 2352 wrote to memory of 3544	2352	msedge.exe	86
PID 2352 wrote to memory of 3544	2352	msedge.exe	86
PID 2352 wrote to memory of 3544	2352	msedge.exe	86
PID 2352 wrote to memory of 3544	2352	msedge.exe	86
PID 2352 wrote to memory of 3544	2352	msedge.exe	86
PID 2352 wrote to memory of 3544	2352	msedge.exe	86
PID 2352 wrote to memory of 3544	2352	msedge.exe	86
PID 2352 wrote to memory of 3544	2352	msedge.exe	86
PID 2352 wrote to memory of 3544	2352	msedge.exe	86
PID 2352 wrote to memory of 3544	2352	msedge.exe	86
PID 2352 wrote to memory of 3544	2352	msedge.exe	86
PID 2352 wrote to memory of 3544	2352	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://101.10.204.59/c%24
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8540646f8,0x7ff854064708,0x7ff854064718
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,14603922014026204352,4748695837835769390,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,14603922014026204352,4748695837835769390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,14603922014026204352,4748695837835769390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14603922014026204352,4748695837835769390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14603922014026204352,4748695837835769390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,14603922014026204352,4748695837835769390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,14603922014026204352,4748695837835769390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14603922014026204352,4748695837835769390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14603922014026204352,4748695837835769390,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14603922014026204352,4748695837835769390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14603922014026204352,4748695837835769390,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,14603922014026204352,4748695837835769390,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14603922014026204352,4748695837835769390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14603922014026204352,4748695837835769390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14603922014026204352,4748695837835769390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xc0,0x124,0x7ff841e1cc40,0x7ff841e1cc4c,0x7ff841e1cc58
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,14172869899542233777,17245096181564246768,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1920,i,14172869899542233777,17245096181564246768,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,14172869899542233777,17245096181564246768,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2260 /prefetch:8
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,14172869899542233777,17245096181564246768,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3428,i,14172869899542233777,17245096181564246768,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4604,i,14172869899542233777,17245096181564246768,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4740,i,14172869899542233777,17245096181564246768,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5348,i,14172869899542233777,17245096181564246768,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5012,i,14172869899542233777,17245096181564246768,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:1928
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff7440b4698,0x7ff7440b46a4,0x7ff7440b46b0
    3⤵
    - Drops file in Program Files directory
    PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4700,i,14172869899542233777,17245096181564246768,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5492,i,14172869899542233777,17245096181564246768,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5672

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5512

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2e355f53a620ad2619b9fefd19a5ae78

SHA1
8427953c5a54b78408653df402013b90100549ad

SHA256
0b0ba25cb01a915d210aaaf924daa0ef71733ff56de9d1ec058522a0cf629387

SHA512
b517b9538c3349e381f9350418f01e8f40f0adf012088825064c349aec71518d7695499c9e10d8c155a4529ccad7a552ff591c5571522992fa0b3019d27d7c1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
d41450d8517531bc8ef45e22bca03a36

SHA1
5f164d631d5d9d7675059c455581c9e6b3c3c277

SHA256
1cb03a2218b1ebafff43c7e72d9c9cd10f7f8d55c07a5316d536d802261859c0

SHA512
e322240005085daf63f1bddf6f0519b0006eb113750b5b8cc96ccced9ff64b01fa485e8d9fbbb0c5a904742a251f2781e59995b3f99c159d8fae6c8606669e8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
51f191c59b01e2966584cc2aa244877f

SHA1
506f1987c538ca3c8f5d418e4bc82b0c5e2501cb

SHA256
bc856b9cdf05364253d3d91f1b0946ff9c6fa9b6d7afeb485ab2d021cb4d6802

SHA512
bb8e10f863dc23beba4ac0f92a42b1f292bf228723d275378e45cda0e549ff990a5d8f4e024d0c3c608a894dc3602d3be54436e52048e6e1d0b3fcb3bb387f88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a89ccfb902cfc9175cd1083637711359

SHA1
dc217c31eec1b8106a5820886cb53ca769b94422

SHA256
9c4c5abbddb97ef063061c5abddbc7bfaf769a7cecf099e42b54609ee84bf400

SHA512
809426d769fa38c40839804ed52c160d9c461242cd33fbe01cea0e06e0471046b299e2d150203171250237698088b8d46adce1be8bf542f29c91b14e71a6f09f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
585249303953806f3b918fb267f930c5

SHA1
396b43a4c08f9efc85ee3131a0ccb68276d196bd

SHA256
ee5b3e761917dcdf330ba6aba0f30e4264b4983a2409e0ebb8472f14ba5aa17b

SHA512
679087da666323b0ab9f8d23485372f1f391520e0d86b6ae9f08e63e70647330c78742c4392ae4f2e4cb01861a7af64dea6f3798833acc702904cb0b112c3865

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6a7bc5ab7c8202548f29e61fda54fcdd

SHA1
81f14547377c0d5b5fd97cccf15013778c9ad779

SHA256
64ef83121c59678965f6318cb80ecb45877fa0ecd6d9293b1ad678456c7eda4b

SHA512
910b2bc2c5fdfc0ae019c2071046c96b39838c20b3a0c168eb000abec5e749ec4022c2e0b7c75c5ee6e6d9580ead1dc6e577a729445a4a1b459982b33cf42f1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
fee38221fa7194a58fd99585c66c1879

SHA1
e0f196f2fedd1f974e4ddf0904e123289b597906

SHA256
566fe57f67b089e6c5b8f5cbc13af4b5b14747725605eebc0d2063e013e90891

SHA512
d3c929058d2b080432095331ce75989e0691b247346b605a578b905a434f5dc09c44e1a5fd82393777063f933d5a997c6f60097eb73f72717bd614eef66b8819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
b9d1d0d30b35a07b1a78795295e55ef6

SHA1
1c2d8803941cc45518f3e0fb718553d5fe07b3b6

SHA256
02d544a96dcedffd3ac9824e89c65fa013c5362e2ef17b58d5b532c2fe48ae77

SHA512
bfa6a163d3db22cda2c635f05cbd30b6bf2a295d4d730bb3e1bd921dc1f64d0030632bb2ec69e868a6261a53d1c041251c0a4ee20fc820c3af30aed132d9cc60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bdd5330b54200c8233ea3be9e6e910d0

SHA1
a6c48c74eae965929d4cbf8de79d922825e9b5e2

SHA256
47c9c3e3a2a472ae285789dcdf26568de12238760a6b689e868e83a33c89703a

SHA512
e47460ac9dea4c03fcf0725b1dd167893993bf27fabf688afb3eaeb25a34ac10a06800598bc890030585b802359b0365cefd1ed6b1f35d582b19efc8b0dd4e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a6bde5bd8af53a8efbfd08e0e3aaaae4

SHA1
cc4907b7e89dc70fce5754697009520d07934ddc

SHA256
9eb60a31e5dc6aaa326ab8d18645056404c42793708d6eb686fe7cd3cdd1395c

SHA512
4da43d123ef197bd36189dd547231e27c8ac4a86e2357fa6ff77e41474168462e0a3239968b391a87c3d65cac6862aff6123c89209a67584eedffd212c1dc129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c6c6fff9480f1b3232ebd680554d4ab7

SHA1
3140751759dd9f0bf5d8a3d9e3847f9ac45b2e88

SHA256
ff6c6258ee60f303357030504b8cb53a89b811c129de7948939a4cf9de42a9f1

SHA512
c229710cd8dbdda336dc211206b13d3bb33803cce7f84897dbb2d513457f7d866d5a9370c9f89788f6df81a496c888990d995362126bd8a9c3395b5b881ab14c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f8fe86224ad21be04fad8c0d4bf84e93

SHA1
73d5234eda61701062cf28542a10efdc8aa4b476

SHA256
67b9f1092ec29a6d08896e39ba7e36c762c751c91a07116a380d7ed1a5c1bf7e

SHA512
743fc213940391ff2d816b65390186412ac969aa6b658acead556a7c9b828ed0c053825c4c8d499a92f874cff4a137318889216a7f4884392c42b24da03e1bdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e49d3bd703c974bc7d1ad188fb4d2248

SHA1
58fe79d936b80fdff8d2e97b4f679b3781aca4aa

SHA256
bdddee123b7ea95ad4a89e566b7f5338702cf9b45731f70827930018cb7b5c89

SHA512
36db7200850f190a5d86e5a3f98f2fe097d31a96549fab9dc7849185241008df54a901cf9fbb45a713b3514122eeec84bc936d604acd399db797bb9c1f7cb239

Download Submit