hxxps://ste50-card[.]com/50

Analysis

max time kernel
150s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 04:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ste50-card.com/50

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645409163114328"	chrome.exe

Modifies registry class 5 IoCs

Processes:

explorer.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

chrome.exemsedge.exemsedge.exechrome.exe

pid process

1776 chrome.exe
1776 chrome.exe
1432 msedge.exe
1432 msedge.exe
3524 msedge.exe
3524 msedge.exe
2904 chrome.exe
2904 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exemsedge.exe

pid process

1776 chrome.exe
1776 chrome.exe
3524 msedge.exe
3524 msedge.exe
3524 msedge.exe
3524 msedge.exe
1776 chrome.exe
1776 chrome.exe
1776 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

Processes:

chrome.exemsedge.exe

pid	process
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exemsedge.exe

pid	process
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1776 wrote to memory of 5040	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 5040	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2168	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2912	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 2912	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 696	1776	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ste50-card.com/50
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0b98ab58,0x7ffb0b98ab68,0x7ffb0b98ab78
2⤵
PID:5040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1888,i,16026436036801327960,5354714190056181723,131072 /prefetch:2
2⤵
PID:2168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1888,i,16026436036801327960,5354714190056181723,131072 /prefetch:8
2⤵
PID:2912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1888,i,16026436036801327960,5354714190056181723,131072 /prefetch:8
2⤵
PID:696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1888,i,16026436036801327960,5354714190056181723,131072 /prefetch:1
2⤵
PID:3120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1888,i,16026436036801327960,5354714190056181723,131072 /prefetch:1
2⤵
PID:1216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1888,i,16026436036801327960,5354714190056181723,131072 /prefetch:8
2⤵
PID:4548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 --field-trial-handle=1888,i,16026436036801327960,5354714190056181723,131072 /prefetch:8
2⤵
PID:2768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1816 --field-trial-handle=1888,i,16026436036801327960,5354714190056181723,131072 /prefetch:1
2⤵
PID:5580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5032 --field-trial-handle=1888,i,16026436036801327960,5354714190056181723,131072 /prefetch:1
2⤵
PID:5660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5024 --field-trial-handle=1888,i,16026436036801327960,5354714190056181723,131072 /prefetch:8
2⤵
PID:5696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1888,i,16026436036801327960,5354714190056181723,131072 /prefetch:8
2⤵
PID:5732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4732 --field-trial-handle=1888,i,16026436036801327960,5354714190056181723,131072 /prefetch:8
2⤵
PID:5744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5156 --field-trial-handle=1888,i,16026436036801327960,5354714190056181723,131072 /prefetch:8
2⤵
PID:5760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4860 --field-trial-handle=1888,i,16026436036801327960,5354714190056181723,131072 /prefetch:1
2⤵
PID:6132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1888,i,16026436036801327960,5354714190056181723,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2904

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4412

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3896

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:1284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaf86a46f8,0x7ffaf86a4708,0x7ffaf86a4718
2⤵
PID:4604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17670162934333986132,79175136523898260,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
2⤵
PID:4216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,17670162934333986132,79175136523898260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,17670162934333986132,79175136523898260,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
2⤵
PID:560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17670162934333986132,79175136523898260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
2⤵
PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17670162934333986132,79175136523898260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
2⤵
PID:4088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17670162934333986132,79175136523898260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
2⤵
PID:5388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17670162934333986132,79175136523898260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
2⤵
PID:5396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5212

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
Filesize
70KB

MD5
c71e661f482d2a7bfc565060281b324f

SHA1
4f66536e4d59091e4ce33e84207965c51330ecbb

SHA256
60edc95aa4f8233ce27dd1b122a78632a0b9aa5be0f183b27a08dd9fc58a4932

SHA512
7bf62c927d45ba24d1465977e8d741b2aba4faee95f7d3767fbbd781c62b3c6bc97e1fb9f525d43f3c77202ae6f8904f3389c3ffc84c306c43be876ce4a180c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
Filesize
106KB

MD5
4b71bb682cf4222565e84e3dd09881fc

SHA1
6d2f91c42b3d750f8afa1f1775927177b19b934e

SHA256
3fd1c5e501f7d8d4db7017c55fcb3c6bdaeed2331adc7bcef73de0ea49576b3f

SHA512
35c8fea37f897b3199d7db75a5fecce355a714b19938d8c92b894a19566f8f85df00919e0e47905e85275ac6e0cbf36ac01e6eeac347a465ae5827554c38e8c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036
Filesize
163KB

MD5
d5d7675604340f99633218bbe4793104

SHA1
ca1df39b7a903dbb856a555db75770f6222e7dce

SHA256
f7d966e98dacbf184660988f6b4482396b517d391e4d0475ffae4fa6f40971c6

SHA512
bd202a6a44ba24d784e3a55556b02d7c20738553832bb42d7aa3205b069913e524c08cf0a348e255b6f0c697f118f190bb5056695ee9d37d37296b9675964236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038
Filesize
42KB

MD5
54476cef20aa3e041c5b14de32a5ab6a

SHA1
032a1be25a46f795208b0365455d34e1e3b17760

SHA256
189be432c6fdba1e70841382153b3b2ac08aee391c80f6259066364be3ec461c

SHA512
0b8ba7bec920a0b73393fdcdb8fe399473965646b32ddee7a6734fa222476780c40b8ff74e528b12b2844cc15278bf0c065ffef32c227243829950623946d56f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
2e8a9281ed032f28e9da267b9ae889ce

SHA1
99fc8841b0a4237c18bc34c69ac280b6b09547aa

SHA256
790190da149c55f9df93fbc0da0b2561bc6b2bd4aad66b4931d3b6803e6948fa

SHA512
ab450fd03ea42595819e3bbfc5edc2d46d68e1a75601c307ae2e487b37c8bdb81e716233e6438d562be14312c2b962c222126286624497831b627cf9a582f619

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
7ef119a769512e6cc632e4d7d0c2c992

SHA1
1f506f4863588ade798665fbbbe4ce41c326cf3a

SHA256
6ea819677526d5a53cf4651eed2ebef2793830ff68e4c09f078d1f0995e96b07

SHA512
3232e462f0c20b91d843eacb2d70e1d97ce633a5a4097ebbc68a2fa23ed1e9d932ef127626036e89f41b80eb91201bf5605590bea3bb93f1764789f9a5c9a3ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
1c641dabad73ed33c53a2af27173db13

SHA1
6318634fb9d685a85359486c604842dd9bc49e7f

SHA256
77edadeb89b2a8e82256233fd51379c85b633e6b2ccc3ae8dfb88c88102d7a65

SHA512
e563123f014d27833c087fc5f5d36f2b777c18dde9ad956a84bea897c43a448bb479e5d76dc3af4bf829bd49381dcf57e2fb393e17885aad2ae37295a1a9b816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
93ac17a7a9ce06e8c5db8bb9b07cbbd2

SHA1
2a1266062f9ab070db22caf3f08b95287658d511

SHA256
213dbe9bf007c9c7983e736c4e8978d939afa33bc7fa6c070e0453b3d9311a50

SHA512
2ed155f6bb52d147a997d65ffb7d411dda43b32f0ac97a98a2d81729655d2e443b6542ec973ba470f55cedc147556488722458983a0ad8cbdaf2c810ae444fcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
692B

MD5
1cf44af5b47512a2ba9518e9a4aac1e4

SHA1
3143e06cd80bc91df77a41ac37041476cc60f367

SHA256
a697c92ed6a27d33478c6bc19fde5c6d5450a4465329a1886152d58453990a44

SHA512
42557cb614cc1399f79cb62aa82f627a9939dc6f11cf60fb6de86ffad933b507c4173123273170c75473c82f3565c96dc6d64dd8b6db773a18c64a0fa25a8d38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
692B

MD5
56d1b084c11487c54078b02a9c7060c1

SHA1
d9f4ee6326895f44745ca56829f60b36160656a4

SHA256
64c5c2d75656d71f8b8236827a04e3bf39a99bcae3db298e67ec86b65dc7b68d

SHA512
520879cbd580ebdb8630010829e59cde759f973a00cb2eefc91872546598fc42048c228545f79e101d8fa3cbc2ddfa962dbcebf3c61daa1bc383040c514ed251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
692B

MD5
9941e16ee52d48234b130982e97df46d

SHA1
9f97a58051532f143590775a5509f573ebe7c0e7

SHA256
d81b22faec4b050ade6a8bb6b5f60183b2d46c49310ba86764bd8a758a139b3d

SHA512
09b92e507c79bf6825ca94098648d19076f1d93cf62f363543b65f99e9f35f9703e7bb5d4f920afbd194ba57f559f4ac34156aec5f9591dc44516acb3b4be8dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
3630e4ca43a3ec830828c4944d31cc65

SHA1
8f64bdec4a6589826a6666a96aad41ed6e25c4f4

SHA256
a4e13fed381171810de932463684489b5622b3fcb86fa91c90818a9b42a95166

SHA512
bcea30e2b8b87e270d56840353934873193d8cabadb4eed217165489059c06ace9f0230b17f434fdb89e65d1048b9144a2b84906bf60308ded8be4480e633344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
76dc88fdc8b2e7c1da04ee8266f8100a

SHA1
5386f279aa03e8a4eb189a39426eb6b478cc096a

SHA256
d9d85ac2cfe3a70b8ee28ea24f827722233669c4fc4377c618f0f21714306364

SHA512
e466f2b0f2d212e578153507617e62741c27b6b772f334a7c814d1f9848ff8a2c0c387a0d7dd8be41427e870504a66d53bb01fc5b904cfe7a82eae722c6cb482

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
8339432dba89bf161a999a9d2f240bfd

SHA1
53a1acc3971a2e2032d87a6965aecdec4d8482b9

SHA256
f50ded41e1b3dd8a4fcd432120d3998b3a61f6b03e1b5883aa447de9fa78a3a2

SHA512
e402fa3a66c6b0edf9e57ffbb4b9f807acdbb2fd9cc43bcc209e79ae9aec70727d2cc80c90133fde06e37cb2dfeb97515f1de395fd3da39d7a2feba42b29ab12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
4c0393cbed1119087752f252178e5a04

SHA1
33f40baa40eba494a4146dc1cce567e55aee69b6

SHA256
75d52758c314e8a94f5f72f8257bf3e9d1257b4bb98ee81ac99c0a6f63b065c7

SHA512
50e6b014ebe6ac6c72a12d97da77ea8c7d6a7080d6f9b9463f17d231fda2d76bed781d1264a912ee7d4e7fbfa6c5744f7ba426a4a57148a955327f92f8b6ada6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
129KB

MD5
15d947efff171d5c7a316fe53afddcfc

SHA1
6690c22417fb4e02610aded0225c4cf06b3ba102

SHA256
69e9b6819b1b82dde5e2c69bb1ebb20173fa7821030dd03222b8cabcaf3b3bf5

SHA512
0389bea6c83e768766c75f7813d282a021b1550a298be2cf3575df4d7737b543393f79aed9002ad5c966c37ad440a3b6537177dd5b2649480afada86509f4be5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
129KB

MD5
8bd69a848d65a7c0e1f59ec5cf06882d

SHA1
7f47e8ed8503187af1b837dd8928977be2ee9e76

SHA256
a55e12121f0048540cef7023b62e6c25a85a73e14f00c355119fb298b29d8321

SHA512
810b2410dd553f02dce50056507b5823d2eb2534d2a543b8de613e7283ddef13b65e0ff61a6ffb6c91180a22bbe6fd55bfcb6a53a54fbc3a23445897be4fcf15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
9b90a17fee4394b7d54ff695ff8d6ff7

SHA1
81e3458fd01b4ef07d28144e978c487f1f3e9533

SHA256
9be805e98829c9de23aed6f3aa9db0064b86e999e34b67f6d18faf6a17adc174

SHA512
53cec0514a2d98ea21d05739280822551045ae2a0280dafe53739ee46c931fa37548eb23e510050c42ba97ef297b64820629f2c6e070ed279f7ada6ba8f53233

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4eee7ea7ebcaee9443df761894461f85

SHA1
441ac983ddd64ca1160024043ff96315cc1ec76d

SHA256
cc9c0f7ff5d6dcb63afe64ef4687e717932d9d0494b57b30beaedc85d4c9e26d

SHA512
f724c3be3354262236186d37ad988849e4fe0815d09ea229fe53d27fffb344b411c3ad894100186775cf8923f734864020e3931744518d4dd024258ed84bd5c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
a51a7b1336b218d252eda5c9ce360374

SHA1
43676c76e352471d0c4ce99253b1b400472ae729

SHA256
3e8a7c227354e752c0906aa5ed3abf2af98952f4eeda8e3aa5e662cae10a04ce

SHA512
ca545b9957039b428d466f872837223e8854ccbd986c29af281497eb65f6fe913d02727e698527775868065a726d92ee3d53ace3cb47c3d4bfc1fe1a06fefa56

Download Submit
\??\pipe\crashpad_1776_TJEXMXXJNWSRKODW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit