550321da5b10c472bc719bca2c0df74b240f80eff828079eb5253598fe112ae3

Analysis

max time kernel
150s
max time network
153s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
17-05-2023 23:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sa-mp-0.3.7-R5-1-install.exe
Size

14.8MB
MD5

f7874cc8637e5ddb98b07ed40a24de58
SHA1

0a9eac60f516a8661b5b2ae9f1d5d798ee7fecef
SHA256

550321da5b10c472bc719bca2c0df74b240f80eff828079eb5253598fe112ae3
SHA512

c0e2078d8bd1d6aeb8d6cc77ea935e41fb31c271f6503a3625d2bcbebf9a8b142a1d7856816381fb4be79a45e1ea6dbe8cdb8efa027f29c32faf52794c49f2b1
SSDEEP

393216:suNmflaNtY7G8t+LdFyBV9DVimtbA9yRbABehQtAuGuSwcBk:3NklUt3Nd2VvimtbeGbbhQtWBk

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133288471594136243"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4408	chrome.exe
4408	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: 33	4516	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4516	AUDIODG.EXE
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 368	4408	chrome.exe	69
PID 4408 wrote to memory of 368	4408	chrome.exe	69
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3032	4408	chrome.exe	72
PID 4408 wrote to memory of 3920	4408	chrome.exe	71
PID 4408 wrote to memory of 3920	4408	chrome.exe	71
PID 4408 wrote to memory of 2772	4408	chrome.exe	73
PID 4408 wrote to memory of 2772	4408	chrome.exe	73
PID 4408 wrote to memory of 2772	4408	chrome.exe	73
PID 4408 wrote to memory of 2772	4408	chrome.exe	73
PID 4408 wrote to memory of 2772	4408	chrome.exe	73
PID 4408 wrote to memory of 2772	4408	chrome.exe	73
PID 4408 wrote to memory of 2772	4408	chrome.exe	73
PID 4408 wrote to memory of 2772	4408	chrome.exe	73
PID 4408 wrote to memory of 2772	4408	chrome.exe	73
PID 4408 wrote to memory of 2772	4408	chrome.exe	73
PID 4408 wrote to memory of 2772	4408	chrome.exe	73
PID 4408 wrote to memory of 2772	4408	chrome.exe	73
PID 4408 wrote to memory of 2772	4408	chrome.exe	73
PID 4408 wrote to memory of 2772	4408	chrome.exe	73
PID 4408 wrote to memory of 2772	4408	chrome.exe	73
PID 4408 wrote to memory of 2772	4408	chrome.exe	73
PID 4408 wrote to memory of 2772	4408	chrome.exe	73
PID 4408 wrote to memory of 2772	4408	chrome.exe	73
PID 4408 wrote to memory of 2772	4408	chrome.exe	73
PID 4408 wrote to memory of 2772	4408	chrome.exe	73
PID 4408 wrote to memory of 2772	4408	chrome.exe	73
PID 4408 wrote to memory of 2772	4408	chrome.exe	73

C:\Users\Admin\AppData\Local\Temp\sa-mp-0.3.7-R5-1-install.exe
"C:\Users\Admin\AppData\Local\Temp\sa-mp-0.3.7-R5-1-install.exe"
1⤵
PID:4228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe92f79758,0x7ffe92f79768,0x7ffe92f79778
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 --field-trial-handle=1736,i,10113844014935204539,8806140847414059307,131072 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1736,i,10113844014935204539,8806140847414059307,131072 /prefetch:2
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2044 --field-trial-handle=1736,i,10113844014935204539,8806140847414059307,131072 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1736,i,10113844014935204539,8806140847414059307,131072 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3224 --field-trial-handle=1736,i,10113844014935204539,8806140847414059307,131072 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4256 --field-trial-handle=1736,i,10113844014935204539,8806140847414059307,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4548 --field-trial-handle=1736,i,10113844014935204539,8806140847414059307,131072 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1736,i,10113844014935204539,8806140847414059307,131072 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4552 --field-trial-handle=1736,i,10113844014935204539,8806140847414059307,131072 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1736,i,10113844014935204539,8806140847414059307,131072 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 --field-trial-handle=1736,i,10113844014935204539,8806140847414059307,131072 /prefetch:8
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1736,i,10113844014935204539,8806140847414059307,131072 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5160 --field-trial-handle=1736,i,10113844014935204539,8806140847414059307,131072 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3440 --field-trial-handle=1736,i,10113844014935204539,8806140847414059307,131072 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3216 --field-trial-handle=1736,i,10113844014935204539,8806140847414059307,131072 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5704 --field-trial-handle=1736,i,10113844014935204539,8806140847414059307,131072 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3248 --field-trial-handle=1736,i,10113844014935204539,8806140847414059307,131072 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3176 --field-trial-handle=1736,i,10113844014935204539,8806140847414059307,131072 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=1736,i,10113844014935204539,8806140847414059307,131072 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3188 --field-trial-handle=1736,i,10113844014935204539,8806140847414059307,131072 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3984 --field-trial-handle=1736,i,10113844014935204539,8806140847414059307,131072 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6188 --field-trial-handle=1736,i,10113844014935204539,8806140847414059307,131072 /prefetch:1
  2⤵
  PID:2120

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4512

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4516

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7c48dd2f4e33b67ffa3236b9ea4aaff2

SHA1
f66927a44e7de0c0038ce744d1d1d7251742702a

SHA256
b496c6028f1d5fe18f50705c8108ae84820748a3a2286cc9b56d2bb5a38aab02

SHA512
6ccba975ea123b1f59ddda5ec486be685df0ca1def0d34ccd160047a3fc9b126ec58092ed3f98b0cd6cf9df53a95083ddd979ed311d06fcc70eda216501dfa50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
16ba3379bbee9e6980a3ca80107309c0

SHA1
8c45d0f0d66c9e53dbb0933dbea784b1eec66b8b

SHA256
94e2abb1fe70b44e4ab5ca633813286c468d057c76f6cccacc2bdaacb8a07d76

SHA512
c9177806f3235575d6db7455cb08f6ada7b06e5b25890b989032c80ea47dd48a27504469e1ec29ddb83867f8fbcd2c212263190f10f1a62a7beefeacb21097f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
cf0de63aec5317da269eca254100308e

SHA1
38d2dc309ee2988358648857e12d02439f76e1a2

SHA256
fe479268f81f98a533f4bbdc47d8dbc96bd2f057ad8bbbebeb68c931ba4e9078

SHA512
a7834d85fd871628733dec198ce2bd8fb1d9eb59520348374d1bf53a39fc30e8f17aa2549239b4ab6d84ea5a2ed57c8ea8fd64be0b81fc791585e89f93e97a54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
875B

MD5
e4fc9b517965c1b4c19f4d3123c01e87

SHA1
0c5b5651ee4e64fcd101af3f346dabd57d69a7a9

SHA256
1a16ddbf2a336c80edf3b8a90498833a36bf12ef913457c41264eb917d4520d5

SHA512
91a711c89393b603ab57aee4ca6ae2d3cf4c0614fd968e3aeb70d6ae7bb1f6c9eb2ed60cecdcdbacd95406ec9207f01d17334eacb45486796c79d1a3529d381c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
091559f9fe6c50233c7451359584b8bb

SHA1
9a1a9be5ae5367765436a0b7f4f1885b6f51db91

SHA256
713f5774be466741bfba7d32fffc00528a3935dcb4cd7e336d341b9fefa97120

SHA512
d2ab3a9b00ef832e4614168fdad19673cdc4697443de535f3bb1851321c1295ae585860af303a09be943e8dc7db04c23e1fe4b970b2ead197aa74d84453aa377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8bc80f80da43dcec4af14f915ff2ef15

SHA1
02af98ddbdcd402667546ee65507c4ed3b5e332b

SHA256
684b38e63e944e5b72126a879bf7b77d2d7929b05e8525019371fd1534cd53f9

SHA512
1fbc7beb1e4c9c2a0fc068e338e660bddec9a39fad081b5ecbf3978bdbc56e300cf47f36b349b3f5d2ca7c8b8389b1c72a480f0af3141e481c32b66c5058e8bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
aaa8e987bb8a4749830208bec33b837d

SHA1
326e60207fcc156d52f7c0fdc5c7b8f2d02a775f

SHA256
c4d916cffdfd71e7710d4152840109dea71a42639cd52f68ffeade5e6fb47d68

SHA512
2ff0f654ef70da34a8d178c70340ebb56f2c8b527269673965b479b948530778f238945bd421d12e19f44cd07ae00b64c7c7495cb7aa743abdb527f9e57ccb3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
16f10eef6b4686a8004f0ed711bdfc06

SHA1
8c5a7d9dde45e23d1e3392136a0e696a3c537a19

SHA256
b89db635bbfb507114b003c3a9dd7dcf2c4e6fc4b21bbd439ffc5550ffec2920

SHA512
c1a903cc7e4785236195c33aad5b4b1bc92fd66320c6a7631f73e05f669e03ffc3e115e1946946f9f93150ac3a9d37bd9384b18495eb41183c811f1f9ad7817c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
669cf2dbabcab3292e59445dbc8ab60b

SHA1
8344174f4447d8bed228c37b21d888d7b77004f8

SHA256
86da3984a34a363e3ac10ebc7430d42e448eca59300a69a9c5c6a86c25ea57a4

SHA512
ba7a3224826e8f489c4b67711a90bfb7686e0d599a6107f32c5d33a2b02d919f3f2cbf4606658d595f2509f76f59272f1d8065db3bef88f70f6c7d7ccbd50812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
56c535356f76183a1e6089b45b692439

SHA1
2e6ce25927c49f7787beea3000a4f678c18bf570

SHA256
2e0e58f78458d18f0cc15c35197ba0ba5e3778ef8726fdc778d56ecdab598725

SHA512
bd7ac87bb504344c5873e68d622121c3b61f1c6dc8763ab20ef7dff898adf17b3c841c957675dcad8d0deee082aed4a967763d61d3f5d347ccc8cfd0587251dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
74d42474d61418812f0cc0cd3f87bb4b

SHA1
8b5dfd312cd962011ab7c042d7c67b6792e32913

SHA256
faf63acc0e13f623c5c71a9c81700a7c08ddd56fd56547661c7b96504079e5cf

SHA512
6805bb5c02584e5990853af70f6a90e97076bb78481b2e6f7132acebf4635f16d30cb7fda054a85e2fdf946d287c759907e58c5abc6f017586ed5b1c1cc82fbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
b0cdf721fe0ff60ca53c92609ddee95d

SHA1
ea455d32d0145d5c37c91d877ee13dfc216b84af

SHA256
514a1f98beb3efb7a3ee1d8bfc3396c8378c20fd11c3703b412f393eefc2e4bb

SHA512
e32e84dfc3c6104157f79990a78ed9750a24597eec37459a746258874bbe37dc1158e654263f72a770a3383d9ed109213ebb8c4457b3bd15e7f2c5c0a40716cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\76ea6d80-2630-4fee-8154-fd1e981ed109\index-dir\the-real-index

Filesize
624B

MD5
c43fde96854977f5572696f821190c73

SHA1
221f9ee4693682149aba71951f2ea48336c05bc3

SHA256
d548abbe63cf88cdbdf57589f4f37204ebb1dcc6e73b84f443412535eb4f77d7

SHA512
7b8a59204b99bce68933e99962bfc120896a31ed6f1b84b5fab7ccede5aa4ebbfc7956e4ef844f4f4b11dae4e6a655bc0a51278ad7e9ed8dcfaa397ddaad766b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\76ea6d80-2630-4fee-8154-fd1e981ed109\index-dir\the-real-index~RFe5821ac.TMP

Filesize
48B

MD5
0bfbcbcba63584f9f3eb3cedf64348a7

SHA1
68fa78a5d9ae4295fbb61aeb2e0895b7fd099763

SHA256
733d7667862fead1fd1f68e6cbd86f095e91cc3d26018d4b38ae52b719558398

SHA512
b96df8f441068c863bc469e65adeb8273dceaea9fa6ef2c2bcab181f225931098ce09616c72d4b675189a0750a4782c36931129cf39671c492a117b672b9043d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
129B

MD5
5005716bb36b837790fb05ed90d1bf24

SHA1
e5b1f4192d79d322830588fda7e5e9dcd963b67d

SHA256
713c9b9cffda8fe0218ec43a0c65a0e15f289f25ddf5cd4b87e0df8069c3c44e

SHA512
bb242b2d46f45c5ec8610102a5700c6b5802383acac3d0b8dcacf4aa2050f5d8234a99afdf7a8e42e9e906f8525ff10875f5383b12b199e88d4f6c36335b0002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
125B

MD5
dcca3635e95916093d296be2af5b6659

SHA1
03fd047377a4d0f44b69ac583ebdf83e1f2fe878

SHA256
dba3d28e80edb523c6ad9f93d84318bc3ce135933a31180c0a6eb91a350754aa

SHA512
5829b6409626e59360cfd59d1e755b359008f94ad5ac67e1fa0f91bd8b4a766f6ba9451351d1d88fa25381675acdcbed6040b0616a2386ce16cbfa3762988956

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57c515.TMP

Filesize
120B

MD5
f61d2cf6c3335d85dbe53ff2919560dc

SHA1
9a054ac95e948165e1e1b2c81b9fa12c3b22bfa1

SHA256
b27797091e8703b29ea2c38507d7b81e5ed4fe2b3195800f60cc8df146ed2a1c

SHA512
d9c1dd2424f3d3d701013afe2f4af3349e28855b7c8fc10b47309658f0bfc60759954e1fdfae1dfd72bfa55097353ceb0cca91f26f25cd2b9779efdb7ce69994

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
c4885fb56b843cfd281168500f2414cc

SHA1
e48af9cefddc7a2604a193b9ff2f21b9adb62c98

SHA256
fc777d366fc948603efd2ef73312779a58fbdc3fe69afccccf2f711bb7fc86f2

SHA512
c829c672297100f6536d8595c5514e84a42dc080bf4190a972eb87815f5253897b0fef10450916cc9bce3b26816bc144baf67c02d9225c4297e10cb4a1db3563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581558.TMP

Filesize
48B

MD5
2a24b9220c4f7e6f809f4d491689b86c

SHA1
cfe163113669c7812fc9b0b77753c5e03af90854

SHA256
1c12e20003075759b0c257395dddd29917185bddbb3923f3602ec10158539631

SHA512
56c839ea6f33a01d9865bcebd0ff5a54204ecf66abb1a44852c49659db7dc7f37cfe082db093c363a83b82dab5ec9606ace889127601dbfc4c7ac05be7646110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4408_2140390052\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
f14efbb7e810337ba8668ddbe741d3c7

SHA1
79485b1c6a5923247df83019266108742024f336

SHA256
d86f5cfa7897bb361fb69f901ad4e1fef9db29449e2c31710b3f7b1a5a8b7cc5

SHA512
5494c8e52b0f16a367f5d71f369ac7de58288f13ac947f55cecb9bb1ee95e2891aa9b12f109c96d8c09091c52ebd95712e9ee7f3020948969ea68aa14ac35723

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
55769098afdf6636ef2d793415b19495

SHA1
4686ac3a7682f8c72d7725999dd7f462d2854b03

SHA256
3b6868d40a14d9aeb70de0a22a8f1a03ec6fc2080de613d6f83fd3d75814055b

SHA512
6233be3a88081dc093d86cdbafaf624ca471d474c53122b275a9d49ef79c3593480862b3f5b17cb25f6e09be3016700a8e61afb5530735fe7d19ebd744fe0092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
3c5c4f61d402d60d244124c8b39b10df

SHA1
9d0128900122dbf503e0eae1a67365a5300a02bb

SHA256
c3f58bca89e8f16e439a7652dc3467b1094d088db434dded553958b55c7860d9

SHA512
3f2adb2e38972232b44d485e0f688c478ccecdad0c033d86381acdabc515ac0f13613cb01e9583cb8d1d18c3878c0f530f7086168dfda380f4443fcdaa864c56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58600d.TMP

Filesize
93KB

MD5
70aa2a3053caacc51b83423e7ab43b37

SHA1
c079bc618a2de2a8d15d6a1379956c39bd246a84

SHA256
f8ff24553abbc27e4f5bb65170ca53807566d4fe45cf8fa31f64c14e46bea44f

SHA512
f50c536e49f90d471e96ca0ff333c3c47efba404ba67b188d0d06e716e4ec5fec87f3397844ffb527431181087b2bf4b4f334a52dd59e0ce3fe20f56550ec865

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit