hxxp://qbook[.]site

Analysis

max time kernel
1209s
max time network
1176s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
17/03/2023, 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://qbook.site

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133235694329329332"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4236	chrome.exe
4236	chrome.exe
3928	chrome.exe
3928	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4236 wrote to memory of 3752	4236	chrome.exe	84
PID 4236 wrote to memory of 3752	4236	chrome.exe	84
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 3972	4236	chrome.exe	85
PID 4236 wrote to memory of 2676	4236	chrome.exe	86
PID 4236 wrote to memory of 2676	4236	chrome.exe	86
PID 4236 wrote to memory of 1100	4236	chrome.exe	87
PID 4236 wrote to memory of 1100	4236	chrome.exe	87
PID 4236 wrote to memory of 1100	4236	chrome.exe	87
PID 4236 wrote to memory of 1100	4236	chrome.exe	87
PID 4236 wrote to memory of 1100	4236	chrome.exe	87
PID 4236 wrote to memory of 1100	4236	chrome.exe	87
PID 4236 wrote to memory of 1100	4236	chrome.exe	87
PID 4236 wrote to memory of 1100	4236	chrome.exe	87
PID 4236 wrote to memory of 1100	4236	chrome.exe	87
PID 4236 wrote to memory of 1100	4236	chrome.exe	87
PID 4236 wrote to memory of 1100	4236	chrome.exe	87
PID 4236 wrote to memory of 1100	4236	chrome.exe	87
PID 4236 wrote to memory of 1100	4236	chrome.exe	87
PID 4236 wrote to memory of 1100	4236	chrome.exe	87
PID 4236 wrote to memory of 1100	4236	chrome.exe	87
PID 4236 wrote to memory of 1100	4236	chrome.exe	87
PID 4236 wrote to memory of 1100	4236	chrome.exe	87
PID 4236 wrote to memory of 1100	4236	chrome.exe	87
PID 4236 wrote to memory of 1100	4236	chrome.exe	87
PID 4236 wrote to memory of 1100	4236	chrome.exe	87
PID 4236 wrote to memory of 1100	4236	chrome.exe	87
PID 4236 wrote to memory of 1100	4236	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://qbook.site
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffadec79758,0x7ffadec79768,0x7ffadec79778
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:2
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:1
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4500 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4768 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:8
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5244 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:1
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4436 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4904 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4592 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4600 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5028 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3492 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4656 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5448 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3916 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4880 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1764 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=924 --field-trial-handle=1816,i,16464966339454193469,334421836160465804,131072 /prefetch:1
  2⤵
  PID:1876

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:724

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x518 0x3d0
1⤵
PID:2088

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
28KB

MD5
a7f7dc66f5ba563bdbd4077fa667016e

SHA1
c98fd169e356a997daf790dac6ead0c49e8c1eda

SHA256
5315acee8e8c38e3fe62cff3b7a50cfb46a1130b0abb61bf119340e6b73934ac

SHA512
1a22c0fa6a0b40454113b7c42619ccf0499b694aaa02ce37bb79aba0137596ae9ef4b3026f497dcab224a1696f816772cf9c1eed54d3a4ec582da88e11e49df3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
da3ba0833a2aaa6ca805974e737abb9b

SHA1
3110dc8a7db08906873347eff6b995e53d9ce9ab

SHA256
cdefc8c1aa719205afb18537dacdafda42d6229281f5d68662bfa9ae160075fd

SHA512
743049fbd982d79ddbe35df6b7395fd41551024f2317848257e7d4b6f9d30c9a9579017b956af458183580225ae4595b874321022e2f02c044b8ee46589178b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
389f1d46d9b5554b5fe3227b8f6d906b

SHA1
340ef2347b9a1c9d9cc09baa915d48a3dc98fb4a

SHA256
03a0ed2daa51174bacc79303b95617ed611e866696bb59b140a03235b16c41bf

SHA512
fd5ed300cc7eed585a8b6d581b87d7d27b225e0b015d3580399813ef194c73dde33da7232f7dd21c2cceaa92544ad69af7dffe47d8fac9099ebe45814f0659bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
44c67b1fff474259edd7ec51768a6920

SHA1
71b066c9a8fa7ae074cea4b2d79886129015fc6a

SHA256
826cf67dd78b77c3c4a85f88df80d54cd778bc63853518f49ccb02a2226258ec

SHA512
95678a3a49141846c7d1e95df51d894cc5d404b5869fb1e1e801305f1be553b711af9cdba922f775d34513a8b1818bffc3774a378b235004a3c652ba503a0e40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
99e1c981dd8bc97d55926b690e3b7f2a

SHA1
0131ac52baabe19649d3494d19f9415653b13db0

SHA256
96f73e7465244fc42ea265237ba34a093617af2c0e5556a84ca6b72e7aa1274e

SHA512
95845df45619a8f5b21ee3ffe5cb458b10df90e7c91b5845109fb5e7c3f98fe7e466c4532e22095aef346c3dca91c68544482721c0a19ae436f029bfb2a6c870

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
6bda09c58b0255623adb0294a6c6718c

SHA1
296f761b26f1e5dbbe48677377440ecd4377d454

SHA256
54bf6895499c54ad7f69c38b51e64ec83e0bd27a2943468444dd13233e789008

SHA512
a40c6140c2d5335322abf82b8aa178796bb6398c068ee5a9a34dbf54efcc610210e3f2751bcb662c4258036dfdfadde895b6cd7337d30e341a38e41333130509

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e40aed2fa84bf41c0f0c69827e670621

SHA1
b10868c8de24b5fdc9f3cc0736b2ac21e9e5647a

SHA256
356502b8424d5f18ecbf4ca4819dfd03e7cec5a971943ad9bf8cb176bab9c32e

SHA512
967112000443a6373aab90e77f41ea65688542bd4c0d5a1ef088c7c6dd827e2a2516ed93e1d52f3867ea6251e02deac51bf8a522676216c493c027a495704f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
236c1fffbc48bc6423e8756dd1193e04

SHA1
9fd56eba1ac126abd97f9c816af7eac46254b404

SHA256
d31a45d6b84c082e701d4f534391dba74246b08502d8cec1d05a35a624e92032

SHA512
999f9cb9c05c7b88b0c3efdb57f7584e31045d22c00a48da78e72ccaff7bf03a844d5883911e2364d06d5f2cd5c23f6ce22cbd0a79a8ae8df19b8bdd3af18395

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
608c9995b8bbd8679b443c88fa350598

SHA1
6db0608d856b91cd39b8acb03ead4f27a02d3c16

SHA256
9003087be8592340517e366bcee4578a18ce060e264225b7295619f9ca47d25e

SHA512
406801cfcaab90531fbf742f8f25db712ac4c68ad366c30a1c6f8fccc8f59c665ca95743c85425fd359fb98da05fc568e94703fd7bc610dcac510ea28374acce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2822c11d8dfb57f6cf4ddf35cf15b7b5

SHA1
3450b68ed1d17c8fb80237770bb0bacf132ed6e1

SHA256
b1c5e2479f8278c31fef0126a625c19988ef307bc4486cb4125c33a4f78aa343

SHA512
3f093380ff05b5bb0dc713e2af22a39f138f1232ee9aa09f62adff1796ea093f1a130545237b2448ce4c323f53316b764a88d451d4b6b207884899a6a6231834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
9724e57b74f163d67800bb7aae0c2b58

SHA1
7257c88d70cb01c88ac34f5e3e4e578179893cdb

SHA256
e2d583533535b886e728499415ab3ee259fc9f1491e52f634a0e3693be18c90f

SHA512
ec2af7e8debee0110852e773a09e4f3c4bd931051e47d29885f86a1fb7e7e1a25f50efc85d09225f80146aa5c3aeb107c3f4eade6a5a12ede711112779a48b74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a5a5e8bb3bbddf33013e93a592802b00

SHA1
acc8084ca7d5c6ad4f4630ecb097b0037827a8a4

SHA256
be53b047e4d34c714763bafe96367ac5f8984276588718d74eb8bd7cbf27fdcf

SHA512
9af0793f80183b109dc25608018329bde014f11bcde3acaedab39b563aff827ff84ec7e02502f47997c2e51909ee16c82a60831d5f7a92e6390420a298c3ccb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
081080f5481635dcde51bed0efdb1399

SHA1
fc1c0e841e76edf8efe4d557b7e75e28aa68458a

SHA256
3639602cabb00dfcc091a759abc0071633fffa12f7ef58de3599b03498b47ab8

SHA512
e6b65bfcb8e929c541f42f507fc2a835567260cc35794ed69b2c90cee81dfa9bafebeb44f2b1459375d94fbfe9779f1168da51db871ff0f68460f848fab60dc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
961991755cca9a80e641881662b8c3b3

SHA1
32452bc38dd361733a6115239c274a9cd5b097d7

SHA256
43042f39559d5b853860c72128e7d4a97f9446997f636413e434ab146f6bf3b4

SHA512
9230c8679c335a316eb23532a3a8f9f3b4fc8e2888d4fe939e6d3a37318b6c7651e938efe5ca876d157cfc0b5833ca4d791c98539f369efb759b14f480ef2e1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
091837a0e92031583a54288fa922613d

SHA1
93675f23a4c7898d9093a427350058a08b69b1b7

SHA256
2cdb212e4518a31d9767c70862e5b07e1ca8e492c9d0bf8c866f1996ebf71d6f

SHA512
2d6d0cac4c00618ae07fa9f741b7353ad7d569f8a82f74f0862e6da9770c5d312474c2d859fe5f168c942827a4b7ea47525a10fbc4a4bcc5e79a13d567c36442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
145759f7086a3f8553e11d48a3de6c51

SHA1
57d3ea984fc4d427f39d180d73598b3b73f071d1

SHA256
2af845015d2d2f869f89242c98077bb42636843ef0373b801c1e407ccffdd522

SHA512
ddb8aebcce694ee07c7c43eac9586c4807631ff7355df6b37aef59c325ecd9684d95fb527ae3d3c0499f571b45913be3edb27fa811f79f0a77fd5f42eb6612cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3390d1841d7657508c35f80f302e8e1a

SHA1
fcf38bfce3d569e751f80364aff9bf3f3b0f647d

SHA256
1e2141567e2c55ce2019687cfa7951393808afa248f91fb4098fd3536e250568

SHA512
fd62ce1f8b93e1c565a0128ce1344c91fd5cbad96a447aa72c29f4c3ba166fad884bc9fd1b0c2b730d48786fb3a6ceae9854516074e35b25fa7aed3ddbdcce3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0e5e4a51f2267e176d0689e3460a0863

SHA1
9071097d9035180ca97eabf7d77b02b5812090ca

SHA256
e4246930ab72b625a0008934164e924be5f19c6a0b8428ccb9cb6cf4b9c58fcb

SHA512
d6e67bb3e5a713cf8415f8f74cbbffe0467380da0652b027a2cdca0b7dad0a4906129cbe13d50dc5b815cfb18f1dc8bed7a18e95c29fcf4db9323208c0a279e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6c6ebb67b8aed005851b1783d341b177

SHA1
ae0f77ff7a77005da96fa3d6a6e34b44566acc27

SHA256
1e317592bd70ad69f7e7ca331bccefeee99deed21c5697c80f30d59220949f94

SHA512
7502cd946f4ca385cba47be71854cb049a4a813d65585bd74e5320648ca8be0e2231227bc561fd1067e48e945cdbb62ec150ade2026586e694aed8889e62c149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
bd27d2b19cc72a096f007f183d6a5ace

SHA1
ad20363e61231254fdcdb0e8d166c4045900ba7a

SHA256
5048c78d4a3f4696f3a7586be970b6f6eb91dacc707a835159fcea1fb443fa5a

SHA512
02d958da39d6d02a2e9480d6ecd510ba82cae59ed68a93e3f6f78e4f1c11d301a4654f93fa76427371b9f2e84f3aaf8ee5623c2210429b3f559d0031ea04d458

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
96113bd184a19fe175e48bab93ad8e35

SHA1
fe3847e7c2aa6afdcf0f812c166cca349b8b8cff

SHA256
384f01f2163b8adff5f4b5527f581da467d10639ef1afedca11d7dfd44a98751

SHA512
97c34e50f3dd6fae6165cfd98e9b6f065e6fc40b09d3c039029c45e715984112f8c952fc20ad02ddf2700c2b9b3a268e0546d121c7261de931430d9e5add6bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe56fa14.TMP

Filesize
48B

MD5
29bab07aeb75728f1611bc2b583929c0

SHA1
1efaf9dbf5776951908baddb6c10ce5d24b7ed06

SHA256
d70c90b94422a820533c2ccba837082bed9973772ceb4c086d2e56fabec4cb27

SHA512
3409d5289b2b640c2ac88ffd3cf37273bc98fd2f24262a44ca01861ef95c67f6baf48b940d2c6513f24a42348ccf4ee184ca2375396488e1e801f750fc5027dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\de79b7dd-11b0-4b8c-a2c7-1309df200368.tmp

Filesize
9KB

MD5
b15751bada193dfa308c3a61e9d57260

SHA1
341537ea21e33f76c01abac3619a7cf53bdb2021

SHA256
2be48175f49c5a1d6bf6f1f589282a61717eb84d987c5aa06c3efa3ae7eaca15

SHA512
8878bd7685ab200d98893524983725446c04320954cda2d57c3cb75b30db334cacd414c39e26993f400722f172ae858a8a6bc063cfc764fcbe7f383eef10add8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
bc2e5405c99ea8af072f974af8d8f6b2

SHA1
1df6dd002a4883287f581dfadf35e2f807746830

SHA256
77de32eb6dc9a1c003504b8a2c950865b4e0a59287e0fca83fbaf1b89e24f249

SHA512
61c5716a378f82082e43ae1da42ee682f1000451c46c41bb4cfc8377710d5199450f90051cd799a692acbfb6217d686ef48b209d4986237af8427282af94f5ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
53e2db484b39cab1baac0133e35f6efc

SHA1
e8314fded9a8f8605fabb22e9cd63e00212c8608

SHA256
8f8b10dd320d252c288270ce0a7a6aaf86f5dc1d2f7f8d1a11c67f300442416b

SHA512
2872c82b440f8493458e2e4c9879b7d130cb486687ea5d308421fbd3f69651e5f987933b74cee7b92896eaab83cb2d5e5e2bd86979f2947709f68ea2dc6af7fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581894.TMP

Filesize
100KB

MD5
5bf05c5c0e054e15fa263f2c4fb47584

SHA1
0851914dc0758c3c5c82cb830c11ab1fab30020d

SHA256
0f968716dc7c28223c0992f976fdd77990ea762dd757717219f3166b09a1bd92

SHA512
bfed69fecffd98dd65c9d76ae72150a4ff66f29d20d9b85ddacfc2cdeabc6a7d184afc4b93204567d6ea6b12f73bb8f4cbdc1f87c5104b024803353306c9b18a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit