a64e052d1c68f9a610499455ff604189d9748b7246d7bf7903a92970f6036905

Analysis

max time kernel
149s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
23-06-2024 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Spotify Premium/resources/LICENSES.chromium.html
Size

6.3MB
MD5

34999967f735b07e9cbcf6c397cea4db
SHA1

8001fcdd6ce0c6e5a3d91fd45e4c9726fa67f3e4
SHA256

c5a05048505c00af46c75fb5ca22057f09dce001eada3a756c3839d59011758f
SHA512

b6c2f722b6551231801e453bba8f9593d9f1a82edb305869ee07ef77f286968eb6ad5db1abbe750e88c8af973c362ee161aa5c591ea04ff39e4f4b34e6fa4baf
SSDEEP

24576:/PV05W5WS9YzHIlGMmfu626s6W6a6q5AHWeQFpD:F9n

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133636364742106868"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

chrome.exemsedge.exemsedge.exemsedge.exeidentity_helper.exechrome.exe

pid process

4604 chrome.exe
4604 chrome.exe
2752 msedge.exe
2752 msedge.exe
1264 msedge.exe
1264 msedge.exe
3604 msedge.exe
3604 msedge.exe
4492 identity_helper.exe
4492 identity_helper.exe
3148 chrome.exe
3148 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exemsedge.exe

pid process

4604 chrome.exe
4604 chrome.exe
1264 msedge.exe
1264 msedge.exe
1264 msedge.exe
1264 msedge.exe
1264 msedge.exe
1264 msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

Processes:

chrome.exemsedge.exe

pid	process
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exemsedge.exe

pid	process
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4604 wrote to memory of 4552	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4552	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2432	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2440	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 2440	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe
PID 4604 wrote to memory of 4152	4604	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Spotify Premium\resources\LICENSES.chromium.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff4611ab58,0x7fff4611ab68,0x7fff4611ab78
2⤵
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1548,i,12507962587314183752,8881185188287276496,131072 /prefetch:2
2⤵
PID:2432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1548,i,12507962587314183752,8881185188287276496,131072 /prefetch:8
2⤵
PID:2440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2100 --field-trial-handle=1548,i,12507962587314183752,8881185188287276496,131072 /prefetch:8
2⤵
PID:4152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1548,i,12507962587314183752,8881185188287276496,131072 /prefetch:1
2⤵
PID:2244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1548,i,12507962587314183752,8881185188287276496,131072 /prefetch:1
2⤵
PID:4900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4276 --field-trial-handle=1548,i,12507962587314183752,8881185188287276496,131072 /prefetch:8
2⤵
PID:336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1548,i,12507962587314183752,8881185188287276496,131072 /prefetch:8
2⤵
PID:2384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4328 --field-trial-handle=1548,i,12507962587314183752,8881185188287276496,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3148

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1216

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http:///Users/Admin/AppData/Local/Temp/Spotify%20Premium/resources/LICENSES.chromium.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff43b53cb8,0x7fff43b53cc8,0x7fff43b53cd8
2⤵
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,18163894076722414879,7072689487448069837,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
2⤵
PID:2308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,18163894076722414879,7072689487448069837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,18163894076722414879,7072689487448069837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
2⤵
PID:4944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18163894076722414879,7072689487448069837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
2⤵
PID:2644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18163894076722414879,7072689487448069837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
2⤵
PID:740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18163894076722414879,7072689487448069837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
2⤵
PID:3752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18163894076722414879,7072689487448069837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
2⤵
PID:392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,18163894076722414879,7072689487448069837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3604

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,18163894076722414879,7072689487448069837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18163894076722414879,7072689487448069837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
2⤵
PID:2884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18163894076722414879,7072689487448069837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3004 /prefetch:1
2⤵
PID:1296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1932

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
04e0b03b63409c2eee1bfcd1c5363923

SHA1
6e2117cd79827fdcc13084b50316ecddbee9e975

SHA256
77b014ff592f8be2280449a79184b3cb6260b48075aa4fdf33098df411ad4ca6

SHA512
3e7937b51036790410cddd6a776f6560a963a95fea01b881b3ea93c1968f2d748682673515234d34cbfe41c92bc4a78b663c2cdb1b691acdbb6cc4b1dbf9fc38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
dd5cda80a975098d46c38471e2ede415

SHA1
38e4d26d6e6229cf845652f983467c2de2063c11

SHA256
bc7eaedbfb65df23ca05910dd13a2c615a2503d5fa0e3f888e5a879ea0e0019f

SHA512
08d0f5b5ced73d0b2e65830b66dd67c9c487feaca94cb18dc7bd73011da2740c285532713af27e8092e847881e1514962a0b9ae1485d23a7ccfc835ecf051820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
68de3df9998ac29e64228cf1c32c9649

SHA1
be17a7ab177bef0f03c9d7bd2f25277d86e8fcee

SHA256
96825c1e60e4a87dc5dbae78b97104e6968275fa1602c69053d0192cae143f43

SHA512
1658b0bc504a8a5c57c496477cd800a893d751f03d632ef50aff9327cd33ad0e4e4f27bcb85b20bd22bef2ca65600b7d92e2a1f18fd3d08ad6391983de77beaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6f738fcca0370135adb459fac0d129b9

SHA1
5af8b563ee883e0b27c1c312dc42245135f7d116

SHA256
1d37a186c9be361a782dd6e45fe98b1f74215a26990af945a2b8b9aa4587ec63

SHA512
8749675cdd8f667ff7ca0a0f04d5d9cad9121fd02ed786e66bcd3c1278d8eb9ce5995d3e38669612bdc4dccae83a2d1b10312db32d5097ef843512244f6f769a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
a12a3ece5fc9e4c05653e044ea194fd5

SHA1
8f7c9ea9e506624211c30bba5cbbc9244940c594

SHA256
80993f4b5a394899ad2ade25d06ed3fd409b8be5b1cb415b8024052580df3b17

SHA512
78afafa10f5238247f82fe2fdfc26ca6e68e96de8f1f3c24018c413fa7886ce5d0b536e89c91bed45dc076dc29a25b02a5093b098050412bbbd42711bb260bce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
19ca6b2e53a048e2d304a224aa36505f

SHA1
6e22de559d38170e78f5c90b166f3aa584d87927

SHA256
e02843f8aac8b78ae119fbfe3c763e4c7e76df930ed27d72456daa576d79d64e

SHA512
3c58f1e7d8d695d2088c97f8f66224f6a12f49172e5e8352a9fba6d3cdbfab12d9dd4916a2c866f53e251a8f2d03312f295e08874535beb6e9a1d60d7d582c80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
d6ce86e3066d0a06fab18d9eedc81e67

SHA1
446756f478e64c374be729335302cfca107c63e6

SHA256
549248c5961494cefd97de3ac4047f28d5ba2f3e25fd69ee071dd8caecb8ea09

SHA512
2977fbfec99d1f9f3491eb8a8c3947f0f8747a992002fcef4ddc1c3be4204df92bb3171ae3cf1aa1ad729d04e5a54ea46bd3d1a62edafb2c632500c3a32c0c10

Download Submit
\??\pipe\crashpad_4604_HWRRWUSYATQSNRCP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit