hxxps://social-unlock[.]com/YHeFo

Resubmissions

08/09/2024, 23:54

240908-3x6afsthkh 3

08/09/2024, 23:44

240908-3rmads1enq 6

Analysis

max time kernel
86s
max time network
87s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 23:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://social-unlock.com/YHeFo

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133703132885635471"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3680	chrome.exe
3680	chrome.exe
3632	msedge.exe
3632	msedge.exe
2756	msedge.exe
2756	msedge.exe
5572	identity_helper.exe
5572	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
3680	chrome.exe
3680	chrome.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe
Token: SeShutdownPrivilege	3680	chrome.exe
Token: SeCreatePagefilePrivilege	3680	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
3680	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
3680	chrome.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3680 wrote to memory of 4348	3680	chrome.exe	83
PID 3680 wrote to memory of 4348	3680	chrome.exe	83
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3560	3680	chrome.exe	84
PID 3680 wrote to memory of 3688	3680	chrome.exe	85
PID 3680 wrote to memory of 3688	3680	chrome.exe	85
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86
PID 3680 wrote to memory of 2692	3680	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://social-unlock.com/YHeFo
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9e39bcc40,0x7ff9e39bcc4c,0x7ff9e39bcc58
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,11593570681065412434,15995294025293347203,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,11593570681065412434,15995294025293347203,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,11593570681065412434,15995294025293347203,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,11593570681065412434,15995294025293347203,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,11593570681065412434,15995294025293347203,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,11593570681065412434,15995294025293347203,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:4312

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2564

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9d1cb46f8,0x7ff9d1cb4708,0x7ff9d1cb4718
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,10738832912011182997,11812861323092707863,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,10738832912011182997,11812861323092707863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,10738832912011182997,11812861323092707863,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,10738832912011182997,11812861323092707863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,10738832912011182997,11812861323092707863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,10738832912011182997,11812861323092707863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,10738832912011182997,11812861323092707863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,10738832912011182997,11812861323092707863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,10738832912011182997,11812861323092707863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,10738832912011182997,11812861323092707863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,10738832912011182997,11812861323092707863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,10738832912011182997,11812861323092707863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,10738832912011182997,11812861323092707863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,10738832912011182997,11812861323092707863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,10738832912011182997,11812861323092707863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,10738832912011182997,11812861323092707863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,10738832912011182997,11812861323092707863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,10738832912011182997,11812861323092707863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,10738832912011182997,11812861323092707863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,10738832912011182997,11812861323092707863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:5188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
95e30e9c097450ab11a48e308f21cd60

SHA1
a54fdace76a190162ca074c7ff1d23fd1cc6577e

SHA256
d8c73d5327b6d0486796184c8b4172c524c88512afba2a4a2ebc73957d599381

SHA512
e50f836f1120fa31ab1a8cd7d5d321b92a1e8a0eae56e373680be936c9e1a912f87686a1a99f169782c31f5a48a87b98270be3b5e4641a641f549c0faaa2f837

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
225a2a54f5022c02a9e3ec184357d404

SHA1
c1f835acb31d9539838ab333224a282690feddec

SHA256
3c2edaa6ede2754a56a0062c65b9fb847a2aa46754a60f9d4217f51bed24ace2

SHA512
168f4ebe8aef47c3a07ef44df259cf9a057c8e91cd4d78f1dcdb1d22531935ec18eee48c3dfd005107bf7476dc78de56e5b5456fd716ac72736677e6501d5e9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c11a2739889eb4aa11317bfb78b7a989

SHA1
8ffd243a96eeb51d7c7514a5d4e111acf97b57e9

SHA256
88dba184bc41bdf7226caae3fe9ecbbc7eb0fda251489faf7d2d184ccf9e7850

SHA512
b5e42ee7fdda202946f7c65f3b14dc79f5c9ba515466002f0e7f11b59b301a88b51dd6f757f32fdfabdaed55790ea49eca4d0153296875875eba62845f682004

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
f52a76d4c20506df963b34e39d3abd1f

SHA1
bbb19372142fe65857eb48ca91da2bdd4ac8d274

SHA256
feece6152e0de31c73652570a39915c9d87489802e3216956a9ed635f77fe2f4

SHA512
49232cdfdda3799deb318ede4c5e8a130a7cd7042aa478e2555a45f2028a32317440022247e6dbe232e99b495e83938ffe7d75b11bff38db80c2955b9fef77ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
35c96014384c732749f84e40601e38e0

SHA1
1af92ad52f9826d7af2ba789970f725e822d0a55

SHA256
e81139f422b920d9df95659cc871b5f17bcecd5a19832316a34a7258e9f8b5bf

SHA512
068cf6433efd8af05c1aef7e798b68fa42a9a43b6279a967afe7e20bc9bd767743567a669e6ca51712e33a3465ead57a4c68550d9a7e8ecb813b6f5fa58d106e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fe9c712648343f91206d1fa31fd34789

SHA1
595dbf1da58669513c62dbff74c416a4adbbd90e

SHA256
23611ff12a57a66e0aaf3c63ab82ea4d936f42a1ceb161ec4faaab32c156622a

SHA512
65ba16675a0091ca71630fa8ceaf4e565ea68904fac11a44b32076f6f8da356f6cee4abbb42b7c289c0f5f81cb678f11a7a9bf0cd9207cc1501dadb7978740a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
02f4531db3fabe716fe7ddc72409520a

SHA1
e109348a8adea7ceb5b4a1778d58ed161f45f2d1

SHA256
c668ef55d56a0442868b3528dd319f952d17c776fbe6e17bbc54396ad7618668

SHA512
1f8bcd3985b83a1cc3215673f5b7b712e5b4bb8203fb57b97e848c80ac5af6d0131d6651aa243db8be8efd08f68a581105fe41cc13ac95e08b515e56a67b516a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f28792d676ccf262827d537e0c6fc6fd

SHA1
39900c992f76cd5e7dcf4111ed420670028779e2

SHA256
2cd93c9486a2165cd3d7db66721ed417b4aba7cf30ef4f0971cafc89982ffcd1

SHA512
4a4e5f96213c9f389d1f973b1fbf9ae7b52ab9a9cec3a024b445639cce0238ea15d504b3843ae8a6d562e33a6bcfbaaa0b71a1df2a3db134921d9202ec18d17e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4dbbafb9f6b80c0b0ef7ac938dd0575f

SHA1
c0ab005ef901bd094353ca8a905c7c59d42a7f9b

SHA256
8dec76e3b20737c44fa6d66118986102c463bfaef6b80473318139c4a67ac72e

SHA512
feac8920355bc7a4c4843012c383f556f55ea9cc4fa9637b79152d41e84906d37d74257df39e43cc775c0f9c8f05cfed09def44023732a4ee4957c3ff9b2a779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
9c64df8012f07e20fdf393ec82398be5

SHA1
76560564fc40d066b56fd74b7ac4c216cb61baa2

SHA256
03c710f91b03cd35408b099bc09406016020cf90a11bef510beb23cf653e698e

SHA512
02a5bf21d17f0b3697dc61a2d0afff80bee917cdc8d2e13065c9546f645f54222ac5f241280d11c78cffe5261e6324eb91aba3ddc9bcdec9e76ff95ea7880f02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
4d90ebb87dc5659d47cb4bc904f3c05f

SHA1
ff6d6f524ba4843eb0e7ad0a349b07dbd17ce80a

SHA256
5c0bfdb0c1949a09887e9a1a8106bf945d1a299ad1715753cc7eb81b1dd636ee

SHA512
e532f1295dbd83f78cb5d528809011f4e1c97b254949caf629340ef4f2bd4d7b451f7e5aafcadf681172408424df7a3a06a7cd136a2395a770017503fdaae65a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
ddb58fcb72f41dba3ed39a66d6cc35fb

SHA1
54e39763ee42f499bc2a78c9c721b04e8d6d1711

SHA256
9aa280caabeb0514574b65d181db6de88a542ae80ece5a5ee6479779ed9f8a45

SHA512
81780f92e3a0344294f38e5cd644f89c07c3a399618f3dd3cc84b005a288fc35891758427757938e0f0d7a70df2b1fcc768e209967248f6d24d8c45da8d16546

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
158bb4b8dd5040ea83403c6c656eecac

SHA1
9b342f11c49458f1e7fb6fa9bfe60a0239d931f4

SHA256
4cc50216d848f45908573bf4e830cac0929cb1e31420c2226f4a212abeba3712

SHA512
acd0700aa93a3e1b536a89c034ee831f4e15c1005a2d02155d9b4467643f44b0e0a066e776208b6f0cafcc9238dd2a396e046185cb153654a90ad7377fe53f70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f13fd2056ffa74ac42efaec5c14c1fa2

SHA1
400b466170d611e958258b801c67eb6948b6cc0a

SHA256
fdc8e8d5e2bddfc70b3107ad339ef1caf33424c9f6875ea7d1f08c8d7855dd24

SHA512
35d5909f7823d37552c1fdf4be31e8ba747348337719005030d0cec5b0b1e3c32cc75b35b71a4fc419057b4275b93563eef62e6e9156025340dfef3f648627a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4367b5d0ba5fe46c401028beb55e0c3f

SHA1
d484851e79035a637ba218aa9bd829ab2abda51b

SHA256
f9122b914471644bad14f3ba5bf8c2a8cbe918faf7c633b423281b69219b7f6c

SHA512
fdc9ea6c8cfea1edac5085d8e150fd0b455c5d6437ba4df398d1f5ba537fb95f516cb93cbe52d0d2c14b39f2166016f6fb77d6cdcc236ed56bdcef80577a0f4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5c69de29090f5eff811baaf0042da294

SHA1
6e9f505604ba5c7853112690317f8eaedf6e8097

SHA256
627451eef8def2e7b09ce85ab4adf3024cca2e7ce8336f3cb55521febb8aecfa

SHA512
ae0e6f6c899c41798577c2f333368dc45950099217fd5e085a0e3434690edca199b71ed03770aaa2fc9baeb633898a0246b993faf2cf890c5d5a395af2f0d74b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ac42c73aea028f891363c469970ee3d3

SHA1
2403653bb27fbbe4e3556b547413bd629d1a6f63

SHA256
71a501f7e012f94f5824e7f284cef1865de23a9266401aaebf1cd793c8a8e45d

SHA512
3e2fd027a889177208a7ac12929df1d050d050dd6968d6bfd893b85da946ed5a7810cac02bcade01b7a58768ff728f50d249b757eb2d95e454066747ea8fac78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
d32050e85f37e00273afb55443697c71

SHA1
51b7d29d6d7240e4feac7537e046d92be7811e57

SHA256
68dc9e31591bf8674069c2aa6710194aeff203a71ad4016d1e1d7fbfd99cb713

SHA512
a8f4138f310e47daa2c4547ac7076cfe68106a8d45cb7d77531ea9c87d5b70fb50ff4f5f255dbcd9baadf79e0616247092c632b2a999f80522a02d78a156ed32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5886fe.TMP

Filesize
204B

MD5
bb6fe5e798581f988955e127efa10f04

SHA1
83634f1f78ebb724f2d12417586af2d406967b4d

SHA256
5b538a30d0d4e17d8d2261bf1734742368a989c47eef2a5c22674b784f6313cf

SHA512
7320c670d4be54c29cc1453b4b83e09a57db3e1bf95cfbe8847fd27aeabbbc3a7faefc5678d2650d98c8d107605c7596d2cc3b7acbdab8d999c0d895d3a1efe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5d2c0a55acb811da83632bbfaaf647fc

SHA1
e40066c2459bc26ba36db39e078e39a52759b8de

SHA256
6b7034d668cfe634b942149a9f043b2e7318b3274e3e9d618c5c57d5328e4c1a

SHA512
2108f5eed670f541ff943ef1836011ae69315bcc657253cc1eca7369d43e006b37dfbc9f7f69c8118dad0a1c7a50699d64ac3945e2f38df0f3fc4f14474108ff

Download Submit