022f3a5067ebcfad464cb62ae1326f82889cfbdb1f57409bec7ebb107dd8debf

Resubmissions

18/04/2023, 13:47

230418-q3j8ysbg55 6

18/04/2023, 13:46

18/04/2023, 13:44

18/04/2023, 13:41

18/04/2023, 13:20

18/04/2023, 13:18

18/04/2023, 08:57

18/04/2023, 08:54

Analysis

max time kernel
150s
max time network
152s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
18/04/2023, 08:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2022-06-21 14.46.37.png
Size

89KB
MD5

3db0b4a9231860087b407ab8e85f1877
SHA1

d7baf924e1778fe9637a35f1c751f33a9de74ab9
SHA256

022f3a5067ebcfad464cb62ae1326f82889cfbdb1f57409bec7ebb107dd8debf
SHA512

3b335c49df321d587a800650443c4338dcdbf18baa40832a2a515f2f525f0a099fde70014c6200206cb9c710843f535ec3d03abcddb56f8363e5c0da55163e24
SSDEEP

1536:OPgXyMXGRgughoErwSze6a1pzwFpHojLnZjAxYSBruStd0M+fQM/kB3QudKT8tCX:OOyMXG8aErizn8+tYD+fzuguna

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133262890884765468"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
776	chrome.exe
776	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 4308	2060	chrome.exe	69
PID 2060 wrote to memory of 4308	2060	chrome.exe	69
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4464	2060	chrome.exe	72
PID 2060 wrote to memory of 4544	2060	chrome.exe	71
PID 2060 wrote to memory of 4544	2060	chrome.exe	71
PID 2060 wrote to memory of 2256	2060	chrome.exe	73
PID 2060 wrote to memory of 2256	2060	chrome.exe	73
PID 2060 wrote to memory of 2256	2060	chrome.exe	73
PID 2060 wrote to memory of 2256	2060	chrome.exe	73
PID 2060 wrote to memory of 2256	2060	chrome.exe	73
PID 2060 wrote to memory of 2256	2060	chrome.exe	73
PID 2060 wrote to memory of 2256	2060	chrome.exe	73
PID 2060 wrote to memory of 2256	2060	chrome.exe	73
PID 2060 wrote to memory of 2256	2060	chrome.exe	73
PID 2060 wrote to memory of 2256	2060	chrome.exe	73
PID 2060 wrote to memory of 2256	2060	chrome.exe	73
PID 2060 wrote to memory of 2256	2060	chrome.exe	73
PID 2060 wrote to memory of 2256	2060	chrome.exe	73
PID 2060 wrote to memory of 2256	2060	chrome.exe	73
PID 2060 wrote to memory of 2256	2060	chrome.exe	73
PID 2060 wrote to memory of 2256	2060	chrome.exe	73
PID 2060 wrote to memory of 2256	2060	chrome.exe	73
PID 2060 wrote to memory of 2256	2060	chrome.exe	73
PID 2060 wrote to memory of 2256	2060	chrome.exe	73
PID 2060 wrote to memory of 2256	2060	chrome.exe	73
PID 2060 wrote to memory of 2256	2060	chrome.exe	73
PID 2060 wrote to memory of 2256	2060	chrome.exe	73

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2022-06-21 14.46.37.png"
1⤵
PID:3756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8bd6d9758,0x7ff8bd6d9768,0x7ff8bd6d9778
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1860 --field-trial-handle=1732,i,15584449194672935112,3763246224923342523,131072 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1732,i,15584449194672935112,3763246224923342523,131072 /prefetch:2
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1984 --field-trial-handle=1732,i,15584449194672935112,3763246224923342523,131072 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1732,i,15584449194672935112,3763246224923342523,131072 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1732,i,15584449194672935112,3763246224923342523,131072 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4376 --field-trial-handle=1732,i,15584449194672935112,3763246224923342523,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3592 --field-trial-handle=1732,i,15584449194672935112,3763246224923342523,131072 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4708 --field-trial-handle=1732,i,15584449194672935112,3763246224923342523,131072 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1732,i,15584449194672935112,3763246224923342523,131072 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1732,i,15584449194672935112,3763246224923342523,131072 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4636 --field-trial-handle=1732,i,15584449194672935112,3763246224923342523,131072 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3272 --field-trial-handle=1732,i,15584449194672935112,3763246224923342523,131072 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1732,i,15584449194672935112,3763246224923342523,131072 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2980 --field-trial-handle=1732,i,15584449194672935112,3763246224923342523,131072 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3020 --field-trial-handle=1732,i,15584449194672935112,3763246224923342523,131072 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4832 --field-trial-handle=1732,i,15584449194672935112,3763246224923342523,131072 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2216 --field-trial-handle=1732,i,15584449194672935112,3763246224923342523,131072 /prefetch:1
  2⤵
  PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1568 --field-trial-handle=1732,i,15584449194672935112,3763246224923342523,131072 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3320 --field-trial-handle=1732,i,15584449194672935112,3763246224923342523,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:776

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4924

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x200
1⤵
PID:4208

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\82363841-095c-4109-935f-2b8c72d38ef1.tmp

Filesize
7KB

MD5
d792bf07f1f17fd559a27ce8ff090efa

SHA1
8e69fe7321741d1aad3c416b4911bf8e4e12ed5a

SHA256
a2019d912ca13c727722ef514239fb3a6156a64624d63a813412d1aa44f50c36

SHA512
6093f7c676b5fa1d626b71eb983c7e4514cb8640c1e7e9dbfd0e4100ee53e440b61ce8ec0dc0635728e8023fefa16e4a27a942908db20e01bf67c4c950922694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

Filesize
238KB

MD5
c5cd969daeac928f75fe8cc53561d3e7

SHA1
1ea45f34d50a7826d9015b60af9c925dd9694384

SHA256
e571a43213c1fb5aa223b8257592d010ece2c54410fd756ec7b511e112dc1108

SHA512
65db76cec5dc295b522ae2f82c1c8de489ff9d4aaca5f8fb2a5efd647b439e2c1fff279207c1147513ad13c75d2bb4ec04ecb0c1de271babcc46fa68ef34c87b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d82935776233471c68c49c425c07c1e3

SHA1
d17bf9a6297dcf56dc0f92467ab4b36e5a9d05a2

SHA256
3b3ccfadf95bf5781f2beee1e5c8fb2c107dde7470def012835ee68377d5a140

SHA512
d8b23381b7e178efb98d63ceddda6d60467c0eb9a4603ae2366333f4f86102ebda6454c287dff9e8b07c83dd13f10380406945d5dd7f0158fe1a2b6db0b4825a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cc28ae36971f499944151d7716af652e

SHA1
55e5264ee0e7afb360fa08c56288ac63cfc8a45a

SHA256
dc96b131b7228690a384b8bdfe6dcb8d3bdea15a3ca5ae1251c0909777d9be3f

SHA512
d39640f576e5192a8895773141372174427965f1102e563ad46d9696ecc89271423befcec40e2a92c64d38bcb6b3c371cf515d7139dcacdf9e4c5e31f84a677c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0870c7b940c00729dbe61e891b09d11b

SHA1
7660473c646e9471cef16a7e0a43eb00d113edc8

SHA256
ba41bf42d1fa781172e55a2becf3645246ae6d0b45b44a43315eef73b301af1e

SHA512
72756952a1faca24480ec61a80605baabe2606975775013dd7cd0c70ddb1fd7bac77f8660bff84ff664afe5b8bac231940844132e036ac0e962f9818afe28c36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7c35d1c1eb99246009c5109b91eea615

SHA1
cd55281a39f7eb6f6d5d47bc12a62155ce0c1a08

SHA256
6256088f1b0ddd6bc08ebe57cbf6054459e286fc39008b173d202c831ffc09a7

SHA512
65c8b0870e643f3793b49b2b0f2f0ed32206e42924a1d9458a01ddba78782653f6694991fd06fd92cde43c7a95d7f2df025ddd88d9daa23a32e7060299409414

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7c4aca35-b702-448a-a2f1-794282a03302.tmp

Filesize
873B

MD5
4e7af8f88cdac1d7c4f26e6d85b6b5f9

SHA1
5d42bc692ba3e0d666e1b7c3f8ecd05a61cedf5e

SHA256
847eca6dca7c381ce6b9770701cc0cefd6207c0796dbc3f77272cd03e01c72b9

SHA512
87c34fa34e998015b71aa60ed3ab8c50a603807bf327c1b35c867526f3f770805acd61c130711b2c821275912481b1eb53fc66bcd1b0be1f064a3a98f810177c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
23baa8fb37c21fde5c6965f8c432eef8

SHA1
0e5e0e52effdc303181a49265b3d25db6ba843fb

SHA256
ea5d7ee937c7b7c6531d61ca4367328b045d307cbcff16f03c9fd7485aacba36

SHA512
9369f9f28a259945956ea9e1a508105419614c12603705ba4d550067234efef60108e990f6caf97cf734525da4785243c2d3dec01e91e6e86d02127939ec68ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
efe67443807cb0809721bac7aa3184ae

SHA1
101334fa850025a71b34d4226b7405999de3bd79

SHA256
215590d45bb3ef336bbc50d10016d4587722c4fa7ed50d23c952bb1802472854

SHA512
827cabe873f160a40d3f494737f63fd3caf3bbba942193dc691b6bf53c46e488159cfef4b08c2fa03e250f738f1dd1d59440157c03bf458753dad9a80f86ce10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
f8f784f50a323e33578f7898fbdebcd5

SHA1
ec8e8c8a482ddf2087afef50395286189fcb8457

SHA256
306fc091eba0084b947f2616edc961becc23a4d210e2d4aef124f3c24ae3fa41

SHA512
d64e0aa528a20a9a7bf2186f3ea30ac295f31f2b9667d2601208df6f612b97ab83f2c712186d772d242da64997c00945a82fe519266dda7deb07203fd6c7424e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
cb8cb3832d27ee31422800e8862d03b8

SHA1
117b4d89f887a845a4b7efc01f398ae90f0ccebf

SHA256
d72bfa3d4dad77530a96513603f296982bda6480de9b3b521d99a6a8d8d56878

SHA512
c33dd2c475c3940fc51a16a52f972bd03804894c9a8c392c12b987f7923976f634836fced7a99bcbf7b6829e40e3458e73b82c97b0052ff8e9c63d2e44cff17d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
4c41e12841658433245d5e68faf71896

SHA1
0672a27abcdddcccc241f5c72a7877a719f34a91

SHA256
635a023a62dea6604935ef1d2ebe4b324057dcdbfa02bf86a88c17219921c6bc

SHA512
9a1a1284c0dbbcb5ab3b73daa482c16f3508722cffc7b8361858bcef2612adf39329b78ed16bf0eafb39f40d3e224cbd0042207a50f13dcafdbfef7f064f29a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
15218c6055cd3a6cdc52b548910bcf9d

SHA1
57cf36ea113fdcf02bc71cd6934c3255dc47f574

SHA256
e379e4a392bcb7ce7798cb303363b5b935fa2785b7216b1aef21be4159d85b89

SHA512
c25c7cf02d07e84787b82b14d0c70e936c0b2115967de4727e5518b369320a31895bc5db883bd658e84a55e734c01ff2cfad31d697d91fbb4ba67615485c42d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
ab6d1e1b97fe29c9158f98dab82cfa01

SHA1
41683af1f9de34f1461465af910bf2390a75be36

SHA256
7f2e096977d4831ae61cdb56fe14aa5b2db726135c4a3e0f2ff75a93c5f85b94

SHA512
0d05f9fa9b1d0e5c2ebd350c48bec3acd56df5ec6a45f6385f462a40ad790e1d3844ea2ce7fbf4e68e3eec0e0700f7c76583f627f44aefcedece16497b7422d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
58f5703753d2d399996ce3f5ec60710e

SHA1
20b1df9ed673bbe6d8f92ce61305740f8f4ae686

SHA256
95c9e2525592812029707249f699376c26c35127023ae2f174f6f0f8844247f9

SHA512
ef9340a52da8b760f9737ca9e7cfe6bde1f034091467ee5fedb10aa151aa6a4f9bea06c5fc434c2dcbeb7f016125e58d999fe322e2ab9afde10160626055728c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
22ccf9fe2b3b0c7e88b269d43c5559bf

SHA1
7be41c504628d4dd119edfe3333f7e22fc68fd32

SHA256
a29681109e4fdd808e2f45dcc94e54c98c1eb46680174fd5ae539095a32c72e0

SHA512
87c9942415e9b0615d636de3279b44d8ab4a76ee334a9aa2ead4a0b2fd7f2ad46e976ee98ba6723bd5b0f57bb0554bbd2fb6decdf06de71cf71a709b34e1e648

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
d81998618414219bd0289275e6a59e20

SHA1
6b6af6fe4091c595489fbbaa58f9d9ade10bde58

SHA256
2c6894e5cb57a33665b1f95943416a8746fc788f480b7fbf6fb6165d2d4e98d3

SHA512
53e088ad259c958bb56bf3ceceb31880b229ec5daa9612776e89cd43ad09d70d450fba0ddfb894f9b804e36322b639eb89ff42338bc4013f31c905f44db7bb24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7d474f6bc4df2adf6f5cc6e14c3e900d

SHA1
b300307cb27749bde18f7cef6aceef354a4397ed

SHA256
847fa2b1823f3dfeeaac6a9d11869ffa68b84d186e0b264bae1a621a95ffe394

SHA512
618088c0efbd5f43e150c8e4084470a6abe12f480ef8107ed22c3ed59d122b4fe2694074643125d83ea846f67da212b0ef4c75d68920b5ad73298ce64f9f2be8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1cee3a7415fca622e03aeca8e9ecfe27

SHA1
b13a269ccd507e5b1b51c293b384475b056d4ad5

SHA256
fc85e819550e3775bd31a43c180e5f4f9bddb014e5321b56c06bff8c3fc10876

SHA512
b6a2545109aa6e49a096752ff76f0af0ad396faa69b47792f69360c7f2d70a2480c39457860e5ec1418a850432a9d9943f95c597834d6a05f98ded2b43fe5cde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
869cf1123ee7a6e94617a0c642dca904

SHA1
b3867afa70bc350a2dfb6f5fbcae4c0e14964097

SHA256
56564bde3d4bba20cbb49e7e282c6c49723e7b8c84c5a4d10b26b35796e62775

SHA512
f337aef7244ca9169cb247d936d4c663b0c611a6fc411c0cdcd98c4b1b0f079a2a588ed539c2186e711669accff15df7cf59145e14d3612810c7b2d72abba254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57923d.TMP

Filesize
48B

MD5
e840d18c1f45fc934d925278f5aea609

SHA1
f490090055c021931e6baceae83d5e1535b78437

SHA256
4a5ea9ffabac0401c9ee6b5fc9dfa72e75619287d32a0ec8f00623a4004ca6a2

SHA512
c5da0fa53ac1ee64af3687d77a0aacdfaefa465dc0048b3b1153b2649e17969394780f9b24a258bca791570ed0a12586d9ab88bddf50479ea64d3536e4590089

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\aa6b8d4d-ac6e-44f1-ba7c-90db0919b51d.tmp

Filesize
6KB

MD5
66e860bf8b8244f8a88d6b8536f586d6

SHA1
840ea984e09fb2b08ce4f2361217711d91bdfe15

SHA256
a5d05bbbfa978c1fcdd87f2cc6ded4ec9ae5fa9eedf866c6479c5f078bcb3e46

SHA512
287ac13ceda5663f95e6ebe62d1370363317de220d9d39cdcec9a0064733857c5caa2fb8232b6187a62015013a4cf0beac09ed8176ff1c09fa82a38414f75650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
b02d02931b8cdf011b318fba5f09a0c6

SHA1
f03f1b7fcfd5ad96d9a7f37478a376d61ae9d058

SHA256
c13ab1b7b1713bb1040e6bb8235f05eb5a11d086dcc58008058db3d588077e92

SHA512
1471b0338b223fa254cd507ff54e2a6b8b11f8ae095670ec6d6cfc3dc705b78ff926f13c618e85b9cb771a6fe3810a583221068692e04f3cd1d991aec9436a92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
8a8e230cef2ffd38069cb1e7ea2fa263

SHA1
c864fbca0c2310593b94441802e7b7cbb2a06bb0

SHA256
e14e7bad5f5000a238a28c521c230291dc8df9ce5e886f8a808a54dfda256d42

SHA512
8acb7630f6c67da163f61ccfafd1b4f65b2f73eb9948806a67de4ed7d81b4d126a6549faaa4d65c4a86aad1e920561ad12aa55b90bd97b1d8ef1ee41caf8b55f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
99b816a1e4e9151f8390e1d93cbb0f9a

SHA1
d697c9d381bf6ca33673c0480862f4679fe99751

SHA256
ebec68d889a794de996666586db2e57ee8ec816ee7f23101a1b77c9e9539ff8c

SHA512
e9782ab2b022fa67fa171bd132aa56a905db606aee8e1babd73004ac8b595a4887c76b122da0fdf6362d4e6eebcf37c50c206189fa73e8ec570b79a9f5baeb10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
6b7d9642d908d24d58df4a0c25947579

SHA1
13b1e6d2f3c06f24a2bdf7e78432166e5b2adb3a

SHA256
242f01891487f84bee2c90af4b347baa4a9cc3cd3a77f1501ab2ec6eeb76355b

SHA512
6b19c0cbd2a000a6df4d7f18b34a92ad35c6c27bbd0900e264ea5da78d33c9fde0c718cf0c9d59f54af0a67ae539d81f58188eb74b28be52c30100676ca5a4d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
c68ebda26f5a2d8ecc9f979995ab1997

SHA1
0ef4be5e7d0890eea611e7b7fe9cf4d8e934751d

SHA256
656fe1e0e1fe5b9adfcd270ef86544283b294e294c66baeaecb6fd07744b2613

SHA512
bbdfceec901bc7b680f5fbe75e7f8cd67ff3e9fdfbd60736e0918f3d905ebb4fe735c319ce383548df8bc18e47266eaa400e49665b4bb7fad68915a769d3743c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe56f3bb.TMP

Filesize
93KB

MD5
be043c5a1a965adec39bc91a9fd814d0

SHA1
4060282deaae6271cc48ef733de6d5c07f7fdb49

SHA256
d1d65931e656098915004693d11c361b4e9573cde5e2442d9e351784d84888e9

SHA512
3f5549ea33cfe6aa582fc35f426a06ef9de76e41dbd1fa314885661cba1ccf9cc8963e3dd5a33a26060fa467280f8f22921da17cd3bb1901e37e1012fa165270

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit