e4d048f08b7dd35ef5fd2bef5d824ba3b582356d28f34b7180912fd946633d2d

Analysis

max time kernel
183s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22/04/2023, 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.js
Size

15KB
MD5

6b24f04cfbe6d45529d64fac45f6b19f
SHA1

ce173c04eee2acb41adadb238a53cfa5da998024
SHA256

e4d048f08b7dd35ef5fd2bef5d824ba3b582356d28f34b7180912fd946633d2d
SHA512

360dfa6896e3ca0d2042117e83978668b3051089dced608c0ddc91e7118f6b7cd70d808f4d153ee97e0b89426cafdcfe01115c40838b9feca3099060f371ebf1
SSDEEP

384:rioRvHFiVoOsKLElKeGMQU1HhhbV/W28cSw:riAUVoOsKYI1MjBhbJQO

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133266747109111381"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1160	chrome.exe
1160	chrome.exe
4136	chrome.exe
4136	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1160 wrote to memory of 4320	1160	chrome.exe	87
PID 1160 wrote to memory of 4320	1160	chrome.exe	87
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 3692	1160	chrome.exe	91
PID 1160 wrote to memory of 4336	1160	chrome.exe	92
PID 1160 wrote to memory of 4336	1160	chrome.exe	92
PID 1160 wrote to memory of 4404	1160	chrome.exe	93
PID 1160 wrote to memory of 4404	1160	chrome.exe	93
PID 1160 wrote to memory of 4404	1160	chrome.exe	93
PID 1160 wrote to memory of 4404	1160	chrome.exe	93
PID 1160 wrote to memory of 4404	1160	chrome.exe	93
PID 1160 wrote to memory of 4404	1160	chrome.exe	93
PID 1160 wrote to memory of 4404	1160	chrome.exe	93
PID 1160 wrote to memory of 4404	1160	chrome.exe	93
PID 1160 wrote to memory of 4404	1160	chrome.exe	93
PID 1160 wrote to memory of 4404	1160	chrome.exe	93
PID 1160 wrote to memory of 4404	1160	chrome.exe	93
PID 1160 wrote to memory of 4404	1160	chrome.exe	93
PID 1160 wrote to memory of 4404	1160	chrome.exe	93
PID 1160 wrote to memory of 4404	1160	chrome.exe	93
PID 1160 wrote to memory of 4404	1160	chrome.exe	93
PID 1160 wrote to memory of 4404	1160	chrome.exe	93
PID 1160 wrote to memory of 4404	1160	chrome.exe	93
PID 1160 wrote to memory of 4404	1160	chrome.exe	93
PID 1160 wrote to memory of 4404	1160	chrome.exe	93
PID 1160 wrote to memory of 4404	1160	chrome.exe	93
PID 1160 wrote to memory of 4404	1160	chrome.exe	93
PID 1160 wrote to memory of 4404	1160	chrome.exe	93

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js
1⤵
PID:4236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbb76f9758,0x7ffbb76f9768,0x7ffbb76f9778
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:2
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3192 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4544 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4588 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5004 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4992 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5072 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:5096
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff71eb07688,0x7ff71eb07698,0x7ff71eb076a8
    3⤵
    PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5080 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=956 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3224 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4932 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5028 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5436 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5444 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4528 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3208 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3324 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3392 --field-trial-handle=1780,i,15412021123058893634,3721864531581208744,131072 /prefetch:8
  2⤵
  PID:5048

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4204

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2d4 0x470
1⤵
PID:440

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
301KB

MD5
71ee9b77f4a315b8aeafdb1ae233b029

SHA1
6ad123ea7b369cec587ec74cb6d046d8ab293dd6

SHA256
515f9cf9f1ed42f38af8812a4aaba8f3d556ceaf8d101752ee0c4c9cbc916468

SHA512
be6974692d6793d617d80a89af0eb667b0393c65bdfabd380afd9ab3e82a7ad295a92b464de0a0e164f7031222f781c66c12c15931cf821badfd89e9f1d0f0a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
65KB

MD5
a7b7e7918a12587fee69cc84717f74cc

SHA1
6d002c60853e5c94a48817fb947ac1b3d16f1b6e

SHA256
605b901bc776b2358a2ea914f06c9da0ce5b422b01f764f308c68e9a789ca3e3

SHA512
85b0c4cdc2e67f6125ce2abc45bb934ea14c0c1a27b9bccb9e1fea7638ca7680765c39e15ad64f00f1fe8568c9ea10a57e6f6d96a21c1d10a339991600b7dd2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
71KB

MD5
1a25da4514378d922ca47b31b019e763

SHA1
0ff53ab3fddafdd43ace6c16ec3eb6f836760349

SHA256
edd7d40cb4d93365259679f0fcba087bd68e994bd34279f6637e3d909750403b

SHA512
6c2b1386a52aefe3ab0885b3321c4ef5a23de1d388791e57051eedfb49ebf4fd79f6623ed2058c246546a911738c7a42f588ca0afb53f853858a32d7ec06ad5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005d

Filesize
17KB

MD5
346f33ff987d9975930765ff14fb01e9

SHA1
23a4e0688a7131ae2485bdc05c854887e19b9643

SHA256
5deb189a9e6dffb7f302010c41f94eb4d4dcc363f08a6943f6f3e8a6212ee850

SHA512
fa6a2d43c829494a30c8ac1244a2a4446dcc1a660bc7ce92d6dd6de9843cacc4b1b21ded927d2c9a5ec97f9a30f7db039e49d803129600c0ea58352a2c759baf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3df10c4c79d10434b5b8a92311de940d

SHA1
1f4303c347dd2b180e487a59b6ab21be38787d07

SHA256
702eb365ace854ee7ce408a98012bca52c8ef86425cd587eac963392bf3eade1

SHA512
f8a756c977f2be552c8910486e6535d473717f1cda6cdf6b6fbd92062bb8b553ad6c4ffd6315b6819e97adca8ab4cfa5afbce4eea6745855afea504be4ed2cd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7629904d8076d4a10f78ea3ae4a3438c

SHA1
147b46fcb5d356a62717feac68003658097ab48b

SHA256
1099092281c264d5a8ab4077304344cfb969686a4089201f2a13dd4dfad3ac67

SHA512
b382db262fe216537b7aaef4b8a45200b1d3c19f2d70d120e2a35b0a48ef6265458b97af7115d013154d8f4c861feda977432b543e643617842295e217a8c225

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c66d9f4ef2a9316e2fc21d484caebd22

SHA1
45cbb2707c787ffd52e48f510857e6c26a421c73

SHA256
481247b4df4553a7490d39e016571022c1eac5e1294f81b4bc71b046a80fab7c

SHA512
7b3e20226c9133585cd9e85425754068a0311e4b70ecaac3fca782f9bd987d019aade66870f548c9d66a6335cc77ee7d8c33c8f9652bfd659e0c6bbba6ae0e54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
711540f4d8b34ee1751bde7e8bbc3e32

SHA1
ce3f55a637d1340c1c9b067520060b0165df4eb7

SHA256
d72b26057399d9c6e91c2c2afed6ed994924adee72ad706dbaec6687e2ec5da6

SHA512
fffd391465eea432efc30be881cbce4cf0c2532200eb0c171729e4bf28facb71eaf7ddd516297f38b2fb8e70fa4820ffbb4b271c8823696d8a57393a742fde0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
ba5469b109700a6848cb8334f0514f4e

SHA1
dba11fefb69ca01a8182ed7d4b18b49e3afc64ca

SHA256
b8fdbcdcb5d7a3f03a8fc443be96e7a90d1a8ea8dd7633559b648dbeab94262e

SHA512
e16a298c44f5a0d25ab26d7e670b011e9392287649bb0aa87ce2031e28bb6f7562f30e321c95a127a5b3ce342c68365a358fd38dad2d841372a16de77d94d720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
675cb7765e739d2b90d3eb5d69bb6274

SHA1
b624d548daed8c0658b7ca5908eef23081656782

SHA256
575ccb8866ba20286655303b292031fce84fa649766a91fb619a3cc77ae750fc

SHA512
95e78b4952e928819259dce2be06309fc11a03e25db89600258e8dacbf25e0ce232e505f01d58afa421e8eac48a3376fd83c5fcd4ae0fd5512df5720b9f54159

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
a4b89c63ad9967f3297c12c00739e1ba

SHA1
ff1715dbd6239cb65e7f94b78f4d04f99429697a

SHA256
f976a34d33e7e3427dae7d20066eca3ce6d23ef96fe3f93acc87b7b471b772e3

SHA512
fe164c8539c55df62ecae8cf43c18ef80f1c8f8ff8394d0674bfa8ec0d5eb48ea166c72fa0008a5d898a3d7c06999cc93e1550a228b1385610b300b5acc622fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8eee0719859440f506b3387e88c53db4

SHA1
e8523d1bbcf84caff4b3758f8605f58a2c78f5be

SHA256
4ab77e7b111816d4093cb9c7ec36262ed70e83f0adfeb479deba134f3667e493

SHA512
115985d9032ed2a35e98b52a2ae538dd3ec83b72fdfb3f82e4e43298c1e727c6f24c48987c838f08c75f87bdca001020847ae0c7b4e929110d33e75ceb8ccdba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
17f8ab022047ef0602d2ff5f08984f9a

SHA1
5da59d9d21bf18c3e04277e5a04f2a86ca697942

SHA256
c4068ea29e1b7af9496fbebc5d6b79cfadad2db8adff30411d6ec5125b2561f2

SHA512
299dcd15ec898684a4c64d10893fb4d2b6b69cea95d66f64a9e45dcc4467c482ed048cd74a009593a35d3f15fe04637f8694e63bf251942fe57de077164856b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5f66640ea591d55cc3e3ede786a9ddae

SHA1
bc34cddd455ed5e7a1a7385700f0237368922a35

SHA256
e6268e55175954b72e0529b2f0b5ebc90759fb0cebe8fce7c27b23adc4c41f16

SHA512
a02a2e4a913e2e1cb7ce4b5deac5f34e39bad4cba1408c9079d23508d799fd7cc1f8659d4a96fd7d5c4160651fad8ff5e0991ac24c37082928e43438f0c3fdf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0e40369318519e9f0352b0a4bd1e6256

SHA1
10455fa04a9c89de0065889dbb3e8a2c018553db

SHA256
d92e1d77db17777e3ef34e6413074b00a01faf31cf87b4089bb8ea9744aed515

SHA512
a03cf304039f46c3976959d7addb623d90d3ad261f873edc12c29ebeb0d9b8cb1894689e22cbd0c79bc19241465c0cc463087493a074ff209f31af53c15db588

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
278cfe67d1406978fc9c3a8178fc2aef

SHA1
116eb8d7019105714d2b6fedccbd22bc320b1cc5

SHA256
a98fb2e5a367e0ae75594697e6945b5711d48566795d3a7b0c7738277314c9bc

SHA512
1aec935b37901f4b1b5c144eff29459ca4f5ae9d481e9aba97e2b02c71b265c0ff541aee92ad72371e8d3e2ffefc6d242b6fa36cc364dc4fa6ac0dc0bb397be0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8292ba03a17b8bd7262600ec9734529d

SHA1
2893050d619b82f28f7539361908b9f44187b5e7

SHA256
7d3fab517f43154a3acc708f41f8e5115215688a4041638ff329c3f4be9d51e9

SHA512
114167acc3d1cb844a7dd42ad025d560adb979920375c4a4f5e024879f850552f03632e979d887be4818ab6824f307088a1e0960fb1d5ffb7cdec675c88ccc75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2677c79697d3c0916e2c3002d9aef62c

SHA1
0f57c4e8913655791a709088bd116a940a3d0aa7

SHA256
04ed64455a30a50d5f6871f55d071e753ef15ba060a97f1ba55a9ffdc510310a

SHA512
6de446dd10154e37dbd522210e2780030b2651d3bfa558ca381a6646d98591dd20e708ed75c6b5c5c3211f3f0ec4cf9bb65253a6ed2d584d5727d4464d65fa57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0784f00026d4ad52ab3d25dbfef029a2

SHA1
563675fcf1dcefc314353d3c970f1d3d79a8f099

SHA256
091472fabc799c0d134d4de23b2d80f036e29c294af11fdf6327ee8e4b15b483

SHA512
8c05fdea1f3196c9071830fe85e68a0f495bb8d7763ccdbec4b3a8dd973d24a9b4a605b8eb656a056520123307b70b034381af59cf6bfc901ee702ab51f1afe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ac7c051dcb8f7ecefc17f7798ca4e8f9

SHA1
b604d60cc24c130bf8c93d29722f984d2bbd9a6d

SHA256
854d7f54febd4c0e8636ac3e07c04d1299381def2442ebfe2c77fab9be24eb79

SHA512
616c4ebbeca0006cf702d789d30aff38a5842316a782fcb537def4863eeb7040d7596797f44d817380705500a61e48a03f70f92050d1814bb515f2e5a32b085c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2cef0d18bcaffc650626dd8904c25501

SHA1
c46d839a6322273b3ae31503da56d58e8b10487b

SHA256
622c23cfcf96b6a2c0b40a2f801c3fadc2912ac39cc74f6c0788e6387d070c47

SHA512
7627cba521b61c69d1d767b18b01abd5563dbf3c9c7356ef2a9494766b6159ebe9b2ed3a3f4646c4cd3764d228196f428cd2bc38c19a08526f6fc177c06257c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6c5143e0ac5ffcf26abc9e2491e8114b

SHA1
9113589b0e6eb4cf550353bf9be467f0ad7d51c8

SHA256
8d70ad431abf1dd16e6c6ba79755215d88d76bc1667e58caa0ec498bdd57f897

SHA512
e07d61aca9370b7b477f89dec0063e1776afcfb3cea705dfb0ed4286c969cff2b42ee6bf4f9d045612da5fc81052fd72588d2ecbe9eded73a2916e975056f66b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5813e1.TMP

Filesize
48B

MD5
43a74648b6f641cb4f46f7c76a573213

SHA1
e92d63e135f75220a5585a4d4955ee77118a3fc9

SHA256
5c12a14a66dc20fcd60ea476b0c40dd686ea99d0b747428ecf27a078eb2a8482

SHA512
b94d4dc45a556b52e40d7500bf7bcdb074c42a2e7c0ab1db7fd8b58ce495b9c745000092cad10076ea3bdaea927403a6c662fae9fe8d34aa164f6a1173b0d087

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
44f5d43247e30e2d221f6d7e17045daf

SHA1
7572d7c455df502f39c88679498f7a61154bc3f9

SHA256
83dcc90557ec71635776cb1fdb426bf0b9e734028fa6ebe0966ade2d5f5dc62a

SHA512
04c506262a89146a5c75af18fb1b358189ed6c7951adbfa06871ae1b8a9021812b3fcf1adb3a09c945688050200c83ba3301ef3b1415ef4f02fbd1adc27c390a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
ea2602fe4e979c09deb3640dd91aafde

SHA1
eb8c268bad93cddf65bb591056808d453ef2fccb

SHA256
c1a3ffbf9d6be6e03f9e3e714a8bd1096f1a1c40e7f8d5e1293450e31e9ee5a1

SHA512
06bd7e984eae36b40c1456e285eb556a85ec6f37f42e859e8ae0d6aa5285080f1fc181d3c7a78cb40319d9ba5163e0d8c760d11e2c52ab1b9698f248483b2567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c752.TMP

Filesize
97KB

MD5
ede2657d9235485984fe6264d8782f52

SHA1
6ec9111af121b30cf1ef92d02277d0c9873f027d

SHA256
c7181acc485e65be12453ff387aa4b905e5bdcc39be51237597739cb7e15f60f

SHA512
f2b9136bff1c7747a735bf280e52d0b18c50b0c6afd2ac40b4a9c94f4ddbd0fe2d5a73e63a42b7180493cad384194f4314513a7764ee1f720e0ac0ba9b3f2901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit