022f3a5067ebcfad464cb62ae1326f82889cfbdb1f57409bec7ebb107dd8debf

Resubmissions

18/04/2023, 13:47

230418-q3j8ysbg55 6

18/04/2023, 13:46

18/04/2023, 13:44

18/04/2023, 13:41

18/04/2023, 13:20

18/04/2023, 13:18

18/04/2023, 08:57

18/04/2023, 08:54

Analysis

max time kernel
149s
max time network
151s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
18/04/2023, 08:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2022-06-21 14.46.37.png
Size

89KB
MD5

3db0b4a9231860087b407ab8e85f1877
SHA1

d7baf924e1778fe9637a35f1c751f33a9de74ab9
SHA256

022f3a5067ebcfad464cb62ae1326f82889cfbdb1f57409bec7ebb107dd8debf
SHA512

3b335c49df321d587a800650443c4338dcdbf18baa40832a2a515f2f525f0a099fde70014c6200206cb9c710843f535ec3d03abcddb56f8363e5c0da55163e24
SSDEEP

1536:OPgXyMXGRgughoErwSze6a1pzwFpHojLnZjAxYSBruStd0M+fQM/kB3QudKT8tCX:OOyMXG8aErizn8+tYD+fzuguna

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133262889194263350"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4872	chrome.exe
4872	chrome.exe
2760	chrome.exe
2760	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe
Token: SeShutdownPrivilege	4872	chrome.exe
Token: SeCreatePagefilePrivilege	4872	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe
4872	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 2124	4872	chrome.exe	69
PID 4872 wrote to memory of 2124	4872	chrome.exe	69
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2984	4872	chrome.exe	72
PID 4872 wrote to memory of 2880	4872	chrome.exe	71
PID 4872 wrote to memory of 2880	4872	chrome.exe	71
PID 4872 wrote to memory of 3712	4872	chrome.exe	73
PID 4872 wrote to memory of 3712	4872	chrome.exe	73
PID 4872 wrote to memory of 3712	4872	chrome.exe	73
PID 4872 wrote to memory of 3712	4872	chrome.exe	73
PID 4872 wrote to memory of 3712	4872	chrome.exe	73
PID 4872 wrote to memory of 3712	4872	chrome.exe	73
PID 4872 wrote to memory of 3712	4872	chrome.exe	73
PID 4872 wrote to memory of 3712	4872	chrome.exe	73
PID 4872 wrote to memory of 3712	4872	chrome.exe	73
PID 4872 wrote to memory of 3712	4872	chrome.exe	73
PID 4872 wrote to memory of 3712	4872	chrome.exe	73
PID 4872 wrote to memory of 3712	4872	chrome.exe	73
PID 4872 wrote to memory of 3712	4872	chrome.exe	73
PID 4872 wrote to memory of 3712	4872	chrome.exe	73
PID 4872 wrote to memory of 3712	4872	chrome.exe	73
PID 4872 wrote to memory of 3712	4872	chrome.exe	73
PID 4872 wrote to memory of 3712	4872	chrome.exe	73
PID 4872 wrote to memory of 3712	4872	chrome.exe	73
PID 4872 wrote to memory of 3712	4872	chrome.exe	73
PID 4872 wrote to memory of 3712	4872	chrome.exe	73
PID 4872 wrote to memory of 3712	4872	chrome.exe	73
PID 4872 wrote to memory of 3712	4872	chrome.exe	73

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2022-06-21 14.46.37.png"
1⤵
PID:3612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffeb8439758,0x7ffeb8439768,0x7ffeb8439778
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1736,i,13471986534175009117,2722760171588653201,131072 /prefetch:8
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1736,i,13471986534175009117,2722760171588653201,131072 /prefetch:2
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1736,i,13471986534175009117,2722760171588653201,131072 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1736,i,13471986534175009117,2722760171588653201,131072 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1736,i,13471986534175009117,2722760171588653201,131072 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3536 --field-trial-handle=1736,i,13471986534175009117,2722760171588653201,131072 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4464 --field-trial-handle=1736,i,13471986534175009117,2722760171588653201,131072 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4760 --field-trial-handle=1736,i,13471986534175009117,2722760171588653201,131072 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=1736,i,13471986534175009117,2722760171588653201,131072 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1736,i,13471986534175009117,2722760171588653201,131072 /prefetch:8
  2⤵
  PID:504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4924 --field-trial-handle=1736,i,13471986534175009117,2722760171588653201,131072 /prefetch:8
  2⤵
  PID:496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1736,i,13471986534175009117,2722760171588653201,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5140 --field-trial-handle=1736,i,13471986534175009117,2722760171588653201,131072 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5308 --field-trial-handle=1736,i,13471986534175009117,2722760171588653201,131072 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 --field-trial-handle=1736,i,13471986534175009117,2722760171588653201,131072 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1504 --field-trial-handle=1736,i,13471986534175009117,2722760171588653201,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5032 --field-trial-handle=1736,i,13471986534175009117,2722760171588653201,131072 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5536 --field-trial-handle=1736,i,13471986534175009117,2722760171588653201,131072 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5632 --field-trial-handle=1736,i,13471986534175009117,2722760171588653201,131072 /prefetch:8
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1736,i,13471986534175009117,2722760171588653201,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xac,0xd0,0xd4,0x84,0xd8,0x7ffeb8439758,0x7ffeb8439768,0x7ffeb8439778
  2⤵
  PID:3488

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4708

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x38c
1⤵
PID:68

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7c48dd2f4e33b67ffa3236b9ea4aaff2

SHA1
f66927a44e7de0c0038ce744d1d1d7251742702a

SHA256
b496c6028f1d5fe18f50705c8108ae84820748a3a2286cc9b56d2bb5a38aab02

SHA512
6ccba975ea123b1f59ddda5ec486be685df0ca1def0d34ccd160047a3fc9b126ec58092ed3f98b0cd6cf9df53a95083ddd979ed311d06fcc70eda216501dfa50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7c48dd2f4e33b67ffa3236b9ea4aaff2

SHA1
f66927a44e7de0c0038ce744d1d1d7251742702a

SHA256
b496c6028f1d5fe18f50705c8108ae84820748a3a2286cc9b56d2bb5a38aab02

SHA512
6ccba975ea123b1f59ddda5ec486be685df0ca1def0d34ccd160047a3fc9b126ec58092ed3f98b0cd6cf9df53a95083ddd979ed311d06fcc70eda216501dfa50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7c48dd2f4e33b67ffa3236b9ea4aaff2

SHA1
f66927a44e7de0c0038ce744d1d1d7251742702a

SHA256
b496c6028f1d5fe18f50705c8108ae84820748a3a2286cc9b56d2bb5a38aab02

SHA512
6ccba975ea123b1f59ddda5ec486be685df0ca1def0d34ccd160047a3fc9b126ec58092ed3f98b0cd6cf9df53a95083ddd979ed311d06fcc70eda216501dfa50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
162KB

MD5
fdfdaf63d56b4a9cd6641d79f7159fdc

SHA1
18b413d8b6b9f3bec32026b7e9d9f4e5e366922f

SHA256
f4dba3e15f08cf0686e6d89370ed42e8a5dafc38973501f0aa6baa9b93c720f3

SHA512
06fd67f1a2d5f168c75b5b833d3222d6c0eccfadd4021173a7ec7f949971554d1c7df322b1dc512ef14941e76a9ff6445ba3bd16d940be5bc177be989ec39c2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c6a904a05cde3a6401cc256a8af51680

SHA1
c3c20095b5576673af06adb19461adaeb715e716

SHA256
fcab8c941bd3770479523f856c70ecfa80e29ded2710fbc2de2d77020d718705

SHA512
78177d6033d76d4262c28c3812c87f48ec93d5d6a80bd9dc5d7f5e176844362e380e752b1af6f248dd011e871db768a8ea726f174bd70ceb26d405566913988a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f615e4ac916aaf1328fd69b59bce2eba

SHA1
f39f46baacc2f2780d08ee329063b588d9acd491

SHA256
67f7453b02bc6eee5b51427a35f8b485027ac2331271f396c5d00eea2cb3eca2

SHA512
3f7ffe1bd646e78d725d39f8af622a1e449fc846b6fd6ea961640d50e3d1e3d2d70e7445762e14e0e7a266f184410f75929fadfcbbfcc9b845de041271c6acdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
59caf9c3062f70636682804e3444fb01

SHA1
c25a82af6d9d7ed48e73545b7bd5f70cf2aa40e5

SHA256
0ceb72923c1ba0ddf9f2c8f0d76446f3e1658d0d4f0dda74302f0821d335bf9b

SHA512
601fd57d096eb728052c6624f73bf131e2a8f2ae15269637bb949b6b619b8e0c5722039e41d0fcdda37d478bc3e077a69082b9d3cd55372cf7fce6cdb390f280

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
b52735fb0f0cea9b6aa7358fd08b0dfd

SHA1
7dabdb8160c70aff4d23c42449085a2c88780252

SHA256
974977078a28e7b047a7d994abaf68b622ba1662077770d0bdf5ec11504acc8a

SHA512
2768642fde6e07c07bb900202c20697596151efb1f2d249a7d715950d1b3f24a3f2ffd2e7888b33f716004ecbc287728ffb6966291ebd63cc0e4641f51c40e98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
f020ac9781f2bc8d624fb12e20965f80

SHA1
241edf06b52f0c6efd185137c3f0edf770e425e1

SHA256
2629331ea4aa15c61e2ae68c8c2f068c5bd7b5577f782f9d3b2029299443c0b6

SHA512
2c9daeba2450fc3ad3d60934a825341506e873ecee4b2174d32e873e0f8cfe35493077ebf8632d79adb7942b642c41931159af6155e29a2279c41c861f39865c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
faf8e9d52afec37a901726f90cc08c03

SHA1
3fc8d54627704c49d80245c0c8a55dc903795883

SHA256
755f4c851f2036a1eb7c8a076bfd0325a540da85290bfc93d47aa030c25132bd

SHA512
e96c7935e97d9b1d917c29a9f27680f25aa57acd18a4d26c517ee00e33152344526857f5ae52a26d47c7bd4a784f94f0a6495b31fe1a478d0ba0d946f35fcf4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
14275ebbaf828a442aed51b8076d9597

SHA1
dc9f183d690bf6f900ccaecc4fa20d9157e3109a

SHA256
6b72c6924191f39d946e95e2d8a749c3c4d9a180f5f7e8fbe9d0aeef6cc18588

SHA512
6a3d06336b571edbc8705779de358d0d5a99326df0a98dcb19f6b211a932a3ee917d1fcbb265ff429b051ca016a6b6c3fe0166fc9834b569a626068de69aaa61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
038be0856003a92237639dd7199fb115

SHA1
e5076d5fec194957294a4607c17c6b902c8b4f87

SHA256
7fa7ff1187af7e778375da727822f7e53ada0520af6624778394e57f4279df28

SHA512
a7fe0ac0f7ee88a5d93ed7460495ded08f78ea927acbcd477cad8d89f080479cf5f30ae59f3d3e18cd1c810075059bfcee4515168393ea57230ed71115fac0d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
7f2d8f32fa9f3d31d36e508975d6388a

SHA1
4cf019e7226b9c02bd9673f66672de69838c1760

SHA256
c51e9da7830518c30bcc712f6356af04cde3a82a38f4ca723cf5b9785cd3699d

SHA512
7ff6df99bfefa8ebbaa010e8a639619e9cafe0edfcd66833f79808fa4faab82f5228f7bc92a63164feb81b351591080fbe780b464d75b66d6f9f969baf8c0f63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b4b9ccb098b49413ce8df645c25a7e3f

SHA1
ca4ee107b64256d64276ec415eae991ebb099814

SHA256
18f7353a8603728473a5dc71f03b1f6613f858da173a39c155a3429d249863d7

SHA512
850a0be7805784fe7698da74e935aea0e2776c7751fa7e0ed60de5cd33556b872e149abfd3013235961ace1685c6d4329cf76659612060931bc2df5825457556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9676a9d01a9fca97ba1068cfeb41d4de

SHA1
df2c304ebf9202765983b1a363bbc83ade357f2a

SHA256
6032fec873cf9ac0383fe3a9957a473f51b9ab7a258be4680cd307890fefeceb

SHA512
bb7119ef98e2a52ae1b5c863e46ab6a9b2f64dae6b6082c2e55b5419fd05c89425c86954204a4c96d0f2723d6985cb61210f34cde63244fa87498399ccb3c849

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
8dabbf5946cdcafec7971e22dea4e0d5

SHA1
519afc66b21ce5acc1ee396492af8b9cd8392cc4

SHA256
9f05cb35523596ce0a6d31057901d32fc60a464607ba758b20f2002e6142021f

SHA512
1288eb80af57abc11a71af827007f1167ef9ffdc587df7923cbc38a55dae2f01f607cf531e955abb9f1bcb221f69a71dc132900b4bb958cc84b151d0c8c1b827

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
277b3343a3cdfb9fc4294176f6ac845f

SHA1
d8919a8c6b3926b3ea7383728754f70146016bea

SHA256
79a2d60611de7db05ef19d595a813f95f2ce99a5a762daa4a3859b7f171f34e1

SHA512
63adb08d0f8e41727a0d4868387b96d0c53b98bb4cdb96d24eaad26d09d943ccb6fd3d7b28091631f95f0fcf46209ad26f0cb54157f01ce5fe1eab293097563d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ce20206882ae7af38f8f6ad9c4f2a258

SHA1
050f8e80802554aa8d51dd7498f02eaff5474055

SHA256
333a7a7a8d1101e35d66a30625a245cc6fcc4c51da515fb477584d35b3e38aa5

SHA512
4e2739dbd07e24ac447ebd58cf43ad5a5eed8bdd20a85fbb7b191410c4d6972278b7830b23e44a0a64ba2c8d1b966889b2115d94855af2f59a79650b083b9b16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
828d03142d2f263bfddcfb0f97d6aeb1

SHA1
52ab739d5d21321e14d96a48bfa8bb87ce942513

SHA256
30c7fadb17106e6c9fcfd22beca41562459a31c87abe55f2b0f8d6c9fec20dfe

SHA512
2f3080c37b92a7d55b66139a60a6324ffd1fd235ef427c385014d380aa10688a79664d6d01526903caae4177f8994022f4178f07864a1530ae11ed0d1f288e24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c94f20cebb2b147be8f43764d2ba014c

SHA1
d26348b3531816b12716b301e8d679b981bfe89f

SHA256
e2b315070c61fe06e3be56b0470dfe3e430c4a1cb51065550d69492f8cba513f

SHA512
d8e9ead5241510d81e14655687aa3c19a5448972a9ab0a01215a1268e524972715152f6924438fa61c5b09f5bf46938c0aa0b9bb420c76992c4a538422c6a4de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6228fdd5fb4b860cc11b5d1e2fb4e1f8

SHA1
ae71f4f237dc6807b8cf8c4f6983ee025c5b5352

SHA256
644b1c79c1cd0286519199056459e9233f51598f65c704deef6c0a645d8a88e1

SHA512
e5b952b07d777778fc55eb6e0d4c19b6f401bc1809c0157cf0d597103bfaa92abc9421b0e4b98184bb374205d49145ad5f5ee62c04e30673a81a0971eecaebc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ef1c540cb919591cfa0c97a7034621ca

SHA1
f0062defc4e50f0ab49ec38a55c86261775da5e2

SHA256
3bdbd5ddc56a891bf79d0812de7def974e3f87849c4d78aef315ccc14245600a

SHA512
edc58041780614ca888b0793040bc9fc1b0868b18c2667d598fd7d9a5dc8e4ff2a8ebd60c483fa397dd61e3ad00ed5f609bd334413228f6d7405500fd25ca462

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
6d79a48eab512dedc8bfb839034c618f

SHA1
363113fa31f1f26954b721784e59a2ee3fdf6b14

SHA256
af39f459ccac647b6168557f943b3f707771b0353cc8d945d1bc60ef8939e2e5

SHA512
fb87a18669c0af53ba4573677e717314effce7cf4919adf939d1a4af9f4ce7b535d6e300d7d189ccc1319ea2c586d44cb84ce6f4671327a954cc5c6e6a72b312

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
1404a1aa4aedcbd7624d60d5e0b9b903

SHA1
cdd45583595996850b7aa91dc7cf563584a46fd9

SHA256
2fe940d8d3f0a71bda66a99fac6db861699e321159b70e2189bce808c4f61192

SHA512
0ec3e574b431011bf2e51038c640814677e507877c58ca55796bdafacad26c82b187b096f79a65ba011944f41286d64d63ecff1d3da4f9b6e458472ab216b0ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582287.TMP

Filesize
48B

MD5
d392955154a77539720e24e3324776b2

SHA1
5df2d149ef156f92fe01f1fb6c6a95adbed48c75

SHA256
4fe6adc22b0c41b31e00c3823ac6f96d4c2c849bd538c311b996f1965075ae4d

SHA512
e7eadf6e861c7c559691c017c1a622c38524a8aaae99de1bcee9b66f66bf11589ea73dc2095e3dbabdcc5a73e410b186f0a9abe0e7c3e1148ba5c0ee716f4cdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
c2cccbfdcdb56eb764264157636a170a

SHA1
1ffa74f75d029e778eb078880af2322dee2579e5

SHA256
0788deec5f127d06555429f599e6cd049ee9b15cf4a14a92775f3e10124627e7

SHA512
18317a051be254718e9719de7f76983ce402dcbb4378fb35afa7690ed9ef824feeac3ada24acd930b516fe5f0595f5de1042063a050b64f883dfd44fc65d5bfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
971fbbbe390d911504ec29c53ef9461b

SHA1
cfac333b0e0cc44a0bf774289752bdb03e31d15c

SHA256
7d84409d319b56488ba000d3b03b27c5819c8257169d87866a869c12e217888f

SHA512
31beb89c1050bd62d595a264a6b8bee730bc3ad040d12f24315260293eb04197762487e65e46b0c0c898a0aee36e4bb65e81fc689cd956675d53082076b6bc35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe573d67.TMP

Filesize
93KB

MD5
7133d88f20c58e6ded1cb82153ba564f

SHA1
fde9ddf98fc08f6ab31005f1b0ca2203dfe509a5

SHA256
80f14c948a7ad3121f09058df3779b6aca0489284a25acfb442d81e12bed58b9

SHA512
a0519abc43d220e8b12c8cde45b99456ce04c9e066821763542b455d37e7fa12bf881a944da8eb0825d08b8fa923645f453296230c7782a74fccd6000cef41f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit