hxxp://jetaer[.]ca

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 05:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://jetaer.ca

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133731845443900197"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1648	chrome.exe
1648	chrome.exe
648	msedge.exe
648	msedge.exe
1900	msedge.exe
1900	msedge.exe
5904	chrome.exe
5904	chrome.exe
5904	chrome.exe
5904	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4848	OpenWith.exe
4848	OpenWith.exe
4848	OpenWith.exe
4848	OpenWith.exe
4848	OpenWith.exe
4848	OpenWith.exe
4848	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 1196	1648	chrome.exe	83
PID 1648 wrote to memory of 1196	1648	chrome.exe	83
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 4652	1648	chrome.exe	84
PID 1648 wrote to memory of 3452	1648	chrome.exe	85
PID 1648 wrote to memory of 3452	1648	chrome.exe	85
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86
PID 1648 wrote to memory of 704	1648	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://jetaer.ca
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9395fcc40,0x7ff9395fcc4c,0x7ff9395fcc58
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,10196214332846550663,2384287648089338111,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,10196214332846550663,2384287648089338111,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,10196214332846550663,2384287648089338111,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2416 /prefetch:8
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,10196214332846550663,2384287648089338111,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3068,i,10196214332846550663,2384287648089338111,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3044,i,10196214332846550663,2384287648089338111,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3340,i,10196214332846550663,2384287648089338111,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3768,i,10196214332846550663,2384287648089338111,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4948,i,10196214332846550663,2384287648089338111,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4860,i,10196214332846550663,2384287648089338111,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5904

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4984

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2988

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument mailto:[email protected]
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff92aa146f8,0x7ff92aa14708,0x7ff92aa14718
    3⤵
    PID:4300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,270151626183262599,9468094831979229535,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
    3⤵
    PID:4956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,270151626183262599,9468094831979229535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,270151626183262599,9468094831979229535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
    3⤵
    PID:1016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,270151626183262599,9468094831979229535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
    3⤵
    PID:4088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,270151626183262599,9468094831979229535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
    3⤵
    PID:5084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,270151626183262599,9468094831979229535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
    3⤵
    PID:5152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,270151626183262599,9468094831979229535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
    3⤵
    PID:5160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
215KB

MD5
1585c4c0ffdb55b2a4fdc0b0f5c317be

SHA1
aac0e0f12332063c75c690458b2cfe5acb800d0a

SHA256
18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5

SHA512
7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
e9d169d05becab3b442367bc71ce6511

SHA1
7c6036d6a304c97c016028d4bf59295e7ea2849a

SHA256
1c1bf39efb16308c630f586e51554bb53ef1be5c3c3d704c48707ad2ede0b0fc

SHA512
1f79e35055776f48cf8881c4eca23a204b1b770b9cd11547fabccfc19d6f889b4fa53c6ce3baa9814f47a6b07ac1ea11067714b3542647115491467defd3e4b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4c3c42baba31c8d8e646e6aa84a0def1

SHA1
3f58d393db9c4929d16196650b02973f5f6d9c48

SHA256
88a5b1969db635f48838cd06f7ffc02f53043c442f79e445b085c0bc1c107a63

SHA512
4395488115aeef35d43549bde0f21d32922d0c9fd8f6d3b32f4b48e664d015a920c92f25b991db323841565341220c9cf988610b17f6b0595c4a8bf06b704ff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
ea98c6657e2906066060734275e78140

SHA1
bda941d5045270da23624031234a0f3cea7e055e

SHA256
408ce3560f6e82d6da04754b7b9e4b07aefa42174674a3ea380c068cf3203953

SHA512
ef45ef04f20ca70bbd875cf962ea3aeb5873fe1a9e932193e1fb1c482eae0bfa3a37367d08e2557a3d468f9502e707080ef1ba268aca62a80ab547c43010f5a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
fdda24d51bcc12995eb79a5815b007e5

SHA1
d524cacd71f6ce28775bde358076774c96575b3c

SHA256
e0907d876c1c67451fd415c4cf4da3f12902511cd79da6195b2951d980e9a16c

SHA512
9c476767c7691c386ab432fe9712376694e907ad5a40010e4f52ff02b6b11f4888a7065912b617b9dc0122702bdc0442c4458f7ca60375f14c1deb42d9c0752b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
44eb3506e91d7fe8c1b722ea20f747ad

SHA1
dcca75b3e0ed11f0b245095702170a6f6fd6500a

SHA256
08141db3dc347056d1db4e8d08e7f15c6879b4ec3a814eafebb70cae97de5306

SHA512
f63db627fe199ab67167c64dedb486b89b54555f4c70271aa2239285d1332db3914ed8306bd6c65e26fd0247b15d0796e55d8cee13f545e8c5699c660b64d992

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d0ea5b76ebf42e3eb80b33013bcbf594

SHA1
80969eecd766291c60186f14db46ae683563f7f9

SHA256
6914be5b76affbd1d6247145ead312ddab99c800fc198791c05328e4afb848ee

SHA512
ed61b01de317038863d038646195d929bbeb2b223043298097be9a209701bb963a86b193dc5835ba5c1dc03e40c75515d0e657d267160b0d2457e27a1b424345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
83cde49eccb7242f5892c095d56c14d5

SHA1
2c66f919a975013d568479ced260b905bc4b5b6e

SHA256
e6d47287f2b6ecf19c33c3098a9ef16cb6e99624bd90a81b467841633de3c6e4

SHA512
0b55a113871348e8caf41c5a5191d804df395a05d98f814c7780e62ddb56841e48717061df644d4d6d9f55bd7b2a1e6e833d2532b0ef75266197fbfd7e9fc4af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
db9d28f53d3a04298abc96a646e772de

SHA1
fa633698317005535175a15b290e712109354b0d

SHA256
cc4fc39455bb5c1683ddb89d01cfcc8c388b1a2f35e378891973af320b0a1e87

SHA512
39de130c0d46c3bb4cddd93d9041074f6cc92f71a5b108c97c386966196847026fd49e8b050187aa952ff1acc4582774aa0e10e0dd295ef77dc34982cd34de6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b4210ca8a9fec035614a41edc476213b

SHA1
c5950dd9d01e27f4fe28e0f9bea23d67030bfc7d

SHA256
72df4a01d391e5505dd09a4be519fea2783610d42f75155c1c921621dce50aa9

SHA512
fa0a0965ba67829eea7abde26fed3ece3c8a773e5bed58a3079baf5a7d35e3f7daa842947052012e62273fb238a94ba8f63ea4a91cfc60f534afcf8c4832ee11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d93c984accc3ebc954e3aa7fc2a7c3ef

SHA1
d9fda69c578eb1d623e6e2ab539bc86c0c85f31d

SHA256
fc43b36498712ae42e49b4801abc29bdd2e82c9d7d00f9fea1d32d975cab5f8f

SHA512
30d3ec32b933bbfe50805a79e1a408122789cc060b082273e03066fdeaed95ea745021781077d76188afe1be145de643ad5bfb0701bbaad9c34138fa38bfdcc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
490c9d37865be6e25b942dde0306f6e4

SHA1
8c8746dbd25a485aaa835acfa3eb5024bf00d185

SHA256
b8469c04b0ecda9391e858e6fc5116f7867a28aadf2c4d7156c686fe5e43db9c

SHA512
6787c2611424e30eafac4d2eea77e25577e8af84b2ec2ed0a8d75d5943029d9153e1e2077d4a95a3ce3ded49bc7aaef40a632a952ba3663b5db7e75f80961ef3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dc55cbb6746403a52350616a47d6bcfc

SHA1
f0dedcba79b330c7dfdb0a1c6d6a782ebd1cc872

SHA256
77cec990580269597ec473b29e08750888020788947e0d07f7658e964153547c

SHA512
991c3ab7c16cb9ab3f6ce5183568b051fe3c327ad5970288c66069bb2c2f00ee594769304cdbaf81811d45b9ce235fc3e550dd169f458c24c0f251eabfd3ade5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\6c4b9c61a641d262abc818efc87d8cfd27076d30\9397a4b0-ce37-4b79-b96d-32ecddbda8c8\index-dir\the-real-index

Filesize
72B

MD5
6019f09ad31e4f28ec67954700eacd54

SHA1
23a1f5f1b15bce89d1d6b54e390b5412887bc3a7

SHA256
46dcb81acefc3fd31909c3896f46e674e32a14c430a78fbe1dd8802d4657d3a6

SHA512
46efe00f90126b57147416bfcc8efb41d10c3cd2c437022bbd29de3309c15e897fb350c51d35f180fc3a7c3eacd556ee60fa7dd2e93104fc1dc7c2ff80d1e414

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\6c4b9c61a641d262abc818efc87d8cfd27076d30\9397a4b0-ce37-4b79-b96d-32ecddbda8c8\index-dir\the-real-index~RFe57fb86.TMP

Filesize
48B

MD5
e475509d59b955fd15802a0e2e84753d

SHA1
a88bff2d69c5bae478434077ecd2fc1b3fe016bf

SHA256
cf1e0a5b5cb0ec53e68488ac9dfd657780203d4cd9a68f5fd08b9df22db54a16

SHA512
d2eb1ea1317f59873a63833e20d4828354cd010e5abad1dfd5638e215e0484697926b2770e592eafae5cfe56676d6196c718702770406894a2e23b4509683786

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\6c4b9c61a641d262abc818efc87d8cfd27076d30\f391ac6b-8e9f-4919-a4fe-d4f4ae299c54\index-dir\the-real-index

Filesize
504B

MD5
9570993b3868dd477f3e2e6a6c209a57

SHA1
efcf20774053a06b34e1ff01b9c6fe13330501e9

SHA256
ce2d0a02b26663c09851dcfdd1feafb25dff475f3362bfad9b477fe5de628091

SHA512
632644f9acf3952107874fd62de684017c036c3ff813b879dc1740c8313551e91ef83655c4afba28c49008b317bf56ab67263dbc73a5106874242f991593e37c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\6c4b9c61a641d262abc818efc87d8cfd27076d30\f391ac6b-8e9f-4919-a4fe-d4f4ae299c54\index-dir\the-real-index~RFe581e51.TMP

Filesize
48B

MD5
cac8cb204a7cda203181757336868bf3

SHA1
2dfcec5d84aa30e800c8d477f440e372377fc9ce

SHA256
63490bfd1c3efa0e7c51026f28805fe245403bc64faea06eb4bd32b28bca9868

SHA512
9ea18a29e4681b067d70ce2e5e9ccce08d3cefab72071b01680e8bf541a9f7ed04cd302ea88d4a35d494ff9db3123ae70738c5e05cf0e6f250db0cd3c8ad7b0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\6c4b9c61a641d262abc818efc87d8cfd27076d30\index.txt

Filesize
198B

MD5
bf093bbbea630479a93d68de3d9319c5

SHA1
05cc7f55e0d7bb1cbf91e24538cc7ca20df5f4ec

SHA256
2ee9be15dd6d9b24c9fb1ab76fa2070e1c24f2cc91926c2a0db2c0d258b57a03

SHA512
e843c0710adcfd985c345f4ae4feaa47064568c0084dc3bceec6d6e1af7b4bf00895dfb056639f5bc8cd94e11e048d7ac011d4504685fb7d3f3955154c08f06d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\6c4b9c61a641d262abc818efc87d8cfd27076d30\index.txt

Filesize
203B

MD5
b4207772e69c55b545abc9aa8cf04e3b

SHA1
e6f31053e1178bc9d278d151859a31dd8e47ff29

SHA256
ce6995acd53e35262b13e6cb3cd97c4ae9649429aa5c50fa053da7b725351bb0

SHA512
141373840730119fbb9140d1f12353fab274258f375ac71bcee871bbac4c078712af3ec693739e90237e2e3da60a374890f7f2101c48bff0176fccd0409895c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\6c4b9c61a641d262abc818efc87d8cfd27076d30\index.txt~RFe57c95b.TMP

Filesize
137B

MD5
dc7161290ae05d37665366fa25c328d4

SHA1
046dc582b0be8f49210b94a5bb5fc6f816e06608

SHA256
3bdae67236897625f24af6a9159e55c0fdf2cc607c2b8c6e98ef01482ba43abc

SHA512
12b18a097fae70501888f370610572bf7a82eb0d7b1e1ba55d4aa682fbee0af4273b562abed11b8a566bb95a044297b56eacffbaaa2c40dfe4770129d8efc5d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
e1ed5f581c19b0f1b0d1566ed58f5dfb

SHA1
82e6162d6788e573affd524c1d0cc1eb9753f79d

SHA256
3ee5650b7c2fe5944c13b3412338fbdc6a707d337cf9f90eea46a4875f7fc37a

SHA512
5c6d2eb925a927220c2a5926b30ec16b94897f85d4ee120140b8ff632ea3714cce128ad8007d380e78658942ecdd5887f3f8fe0b523d2bc0e01a6edd8f46308c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c546f46b-3ae4-48c4-9c37-b78117630d60.tmp

Filesize
9KB

MD5
9169bae391bcc758b6f32f655a1de2b9

SHA1
aa1ca0dcae10adabe1d079116b52bbe03f6fb570

SHA256
b2db3d56fe12cbb42105fa7c69dd51c370d57454242776fda035766cadabc59a

SHA512
d5927adf6c3653c62777d5e32c1c48a357130aded87fc400e8b275004d5ee6cb5a86bf7de3d1de79fb1be3010349adebb268bc9df2b315dc085b31d909decd28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
e97ad5920497c7c069b15570feab0f4d

SHA1
a1840e14d209d9ab6f9a23ef33c0b817b815e8ff

SHA256
655429507a0474b6f7bf66473f1b75c808b0f90ae19426bd73e2d73f6baa64d7

SHA512
0737d7155b36767170b5e5aa994733e9377d682f7f12a2cab65c432abede085968fa5eeecd59578eb0edd1e17f57e4456e68e1ee8ba03d7a946f7daf40ae0ec9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
3f8385a1d292307c41b0d58474288bb0

SHA1
2c5df201700e27eea7dbb0c9f487d69c94a3871f

SHA256
5292213ecb2f683487649799ad38fc647f128e42a09cd444472a9b6a350b453e

SHA512
b609ead329aa821fbd4485cc08d0651dabb36f971f0d6f8c794c780638ad95fedb4ae8784e13b22a9407ab65842f0e565438bba6c099e9ef9e74b11996133319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3c3da4b8ebd18565cf1ad723b7676cb

SHA1
edf980b62d64165a05b50ff7132e54ab69c93fda

SHA256
3e43aa9c442dcc62664ba3fcf612f688c77fab8d467969051fc30167df94a4e0

SHA512
17ab4d62ed6a94df687a9a3328126a0ff150e95bbf8f8047f02c1ac9907bfda58e7e88f4d00bb0eb9ccdf6c3943d0580e9c38adbdc3c693075bbea9a4ca39154

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eaef9521d2ac87991f369ef657ebd1ba

SHA1
4d17ef176f324e063967939da75ad8bab357ced9

SHA256
de891f640083671bc43e09d5a3d3f2d28fb0c96204e2c8af9a2f7e73ed1d2b0e

SHA512
1cc74b430c1c8edef0806aa9c73ea69310d736d7fb646ae51bd16f5925aa4369e2c1280c43e825b2a489e4ba97ed30b2422e037ff5789346ac5b8fe0a7d7d979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1860640883e417ac50a1a146c3038e12

SHA1
428ce458a42c29fcc65b7b8e0786f487a5cfc977

SHA256
f39439ade9507863617a00f2f30782fe37da9571296d9834a6e2bf63604be3e7

SHA512
02c79d333476d02d53d1c3d14c9f83316432fb747044fd9eb4bc6fcc2580d4be2fc1fc58129a2aee12aa16f0788401e439332f9555412ac7c7ca1e19d910d3a7

Download Submit