81d1909ef8d63d2731bd18f4c657f7c6b65bf44b8c68a257aa57d2243aa01d6a

Analysis

max time kernel
1800s
max time network
1716s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18/05/2023, 10:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

zxc-cat.gif.mp4
Size

63KB
MD5

81366d386666f9e9da8fdaf69c49db10
SHA1

43d37528c715a43accf270348ab549eb71b36371
SHA256

81d1909ef8d63d2731bd18f4c657f7c6b65bf44b8c68a257aa57d2243aa01d6a
SHA512

1eba6ee0f8d041b9425dd5f580747dead79bbffff9ba356b4c58de3d6be94705d2c4fd14579aa3b54e49ff7851ab00ac1332141721c35581577440a4ab084784
SSDEEP

1536:Cp1tkQkhRFnvChYhdXc1XevauPd5pajips4WVPpbPLGlg:CpPkDghYhdX0ZuPrpajMstTP6K

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\F:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133288865810915696"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2840	chrome.exe
2840	chrome.exe
3956	chrome.exe
3956	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	60	unregmp2.exe
Token: SeCreatePagefilePrivilege	60	unregmp2.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 4848	4952	wmplayer.exe	84
PID 4952 wrote to memory of 4848	4952	wmplayer.exe	84
PID 4952 wrote to memory of 4848	4952	wmplayer.exe	84
PID 4952 wrote to memory of 1464	4952	wmplayer.exe	85
PID 4952 wrote to memory of 1464	4952	wmplayer.exe	85
PID 4952 wrote to memory of 1464	4952	wmplayer.exe	85
PID 1464 wrote to memory of 60	1464	unregmp2.exe	86
PID 1464 wrote to memory of 60	1464	unregmp2.exe	86
PID 2840 wrote to memory of 1188	2840	chrome.exe	93
PID 2840 wrote to memory of 1188	2840	chrome.exe	93
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3188	2840	chrome.exe	96
PID 2840 wrote to memory of 3236	2840	chrome.exe	97
PID 2840 wrote to memory of 3236	2840	chrome.exe	97
PID 2840 wrote to memory of 3092	2840	chrome.exe	98
PID 2840 wrote to memory of 3092	2840	chrome.exe	98
PID 2840 wrote to memory of 3092	2840	chrome.exe	98
PID 2840 wrote to memory of 3092	2840	chrome.exe	98
PID 2840 wrote to memory of 3092	2840	chrome.exe	98
PID 2840 wrote to memory of 3092	2840	chrome.exe	98
PID 2840 wrote to memory of 3092	2840	chrome.exe	98
PID 2840 wrote to memory of 3092	2840	chrome.exe	98
PID 2840 wrote to memory of 3092	2840	chrome.exe	98
PID 2840 wrote to memory of 3092	2840	chrome.exe	98
PID 2840 wrote to memory of 3092	2840	chrome.exe	98
PID 2840 wrote to memory of 3092	2840	chrome.exe	98
PID 2840 wrote to memory of 3092	2840	chrome.exe	98
PID 2840 wrote to memory of 3092	2840	chrome.exe	98

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\zxc-cat.gif.mp4"
1⤵
- Suspicious use of WriteProcessMemory
PID:4952
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\zxc-cat.gif.mp4"
  2⤵
  PID:4848
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1464
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:60

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff81e1d9758,0x7ff81e1d9768,0x7ff81e1d9778
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1784,i,14900890040579867313,6941892357037179628,131072 /prefetch:2
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1784,i,14900890040579867313,6941892357037179628,131072 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1784,i,14900890040579867313,6941892357037179628,131072 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3168 --field-trial-handle=1784,i,14900890040579867313,6941892357037179628,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1784,i,14900890040579867313,6941892357037179628,131072 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4524 --field-trial-handle=1784,i,14900890040579867313,6941892357037179628,131072 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1784,i,14900890040579867313,6941892357037179628,131072 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1784,i,14900890040579867313,6941892357037179628,131072 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4844 --field-trial-handle=1784,i,14900890040579867313,6941892357037179628,131072 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1784,i,14900890040579867313,6941892357037179628,131072 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1784,i,14900890040579867313,6941892357037179628,131072 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5044 --field-trial-handle=1784,i,14900890040579867313,6941892357037179628,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3928 --field-trial-handle=1784,i,14900890040579867313,6941892357037179628,131072 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4976 --field-trial-handle=1784,i,14900890040579867313,6941892357037179628,131072 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 --field-trial-handle=1784,i,14900890040579867313,6941892357037179628,131072 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3172 --field-trial-handle=1784,i,14900890040579867313,6941892357037179628,131072 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2456 --field-trial-handle=1784,i,14900890040579867313,6941892357037179628,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3248 --field-trial-handle=1784,i,14900890040579867313,6941892357037179628,131072 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1360 --field-trial-handle=1784,i,14900890040579867313,6941892357037179628,131072 /prefetch:1
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3268 --field-trial-handle=1784,i,14900890040579867313,6941892357037179628,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5472 --field-trial-handle=1784,i,14900890040579867313,6941892357037179628,131072 /prefetch:8
  2⤵
  PID:2132

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3120

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x314
1⤵
PID:644

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
85KB

MD5
6356e63fee7adc9ccbd9e849a20d7c15

SHA1
a62654edcf392709878b6d53b30e9bd36e5a51e3

SHA256
a747b0a6bb35dfbd9a0eac5201aafe7dd1cee4fdf1d50d8d28ee3f98cad2dd08

SHA512
b574b11082e2fb39bf684f0b0682f5526ee00cc1166d1f9792825f0d912850b388dd0b1ffd99db44a71803483262a146dfe64f44f7886e77cb27270c0aa8e965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
26KB

MD5
33de775197fbfc84381e5c579f4100c9

SHA1
2a7dba253b43ab630fd77613dde32d4a198715f0

SHA256
7346a792f50ce293fb01b9acda5fc3ecd52c6103e2c8bf828b4565b14f17df9b

SHA512
b5dc500c98c8086d7eb9b8a30b65cc16335ee7edd822f5f7489ccca09e97ad1b5f9a62b3e47cc05e3b490a2ce407954befa367865141c918fd706d981a8bf7ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
95c7722bff43f6e2dba4a56ebbe975c1

SHA1
9638a56f842bd62b792b5e117cb72defb25dfcc9

SHA256
c2ab9d61d190874dd88c30416d5cf34c5d8bf3107aeb6f236ac8f4fe04f1ce1b

SHA512
d83b36601d1b80b2f5e0aefbad6147b464c4c00ed6dee693572464907198a5a2d40b02adbef6516c62f615a7f597bb45f6c0b1c9d9082c0f31368f60f33feaea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d5a7efcc26674654f61d4409ae648e1e

SHA1
889f54fc17cf6160c7412c6cd3caf0d5d55377ca

SHA256
cb6fb8ec20774e8d2c66c362587c9f8ccea92c6a70e88f4e3489301218a6875d

SHA512
1bf78e24aa0a028ebc896d42762ba4eba62d04fda3934ccbc5ea7ab4bf7d43ccaa0b2e684558ca64f801550721cb33952eb33fe2244afcdaee7c333add1e9680

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
d5b9d112b8db9fe16301443a95ddaa64

SHA1
92d40f9e6ccfd31ec3cf1a464dc57131d864a039

SHA256
adbe9394cf10b8ddceb5f4d47f943581f1057094d5d7a7f888b9d6d3f7bb8a67

SHA512
d2288f66ff710a17d1dc782bc14239c814cd1e55395b6941e857d2ed285c54fcb19bf285c586732dd7b7cf254c54b6a1241ed27a69199c53809e6409b277f937

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\89d98a1d-15b8-458c-9f35-87b935bbe1b5.tmp

Filesize
1KB

MD5
ccf0fbb8b0509d5c772283baa4c8a494

SHA1
2db04a53a1dba8a06683668d4e522c68dc5367d4

SHA256
18c812b0a2dd9cc8a0ac39e269ae4c21aa16ae3ec27dd788bded24b5035d19d1

SHA512
fa2fd6e49c703bc0cdf43398fcfe8168ead1b398420cf779cac558156e59e3c74fc2cc708b9ff68a27702a0ba1401b2e23cac706d8ee7e6997cc9635d97800a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
86fbdb00c299faeed4423084f7587ea5

SHA1
8b24935fb0a16b8c5ec5fec8eba469c32e20c839

SHA256
bafb305636d89bbd7012e427cbbdf5e9903aff97acd3e89b8f6bef021565e201

SHA512
f2a09017e8d23afc2e74bdeaf786742f58c1562e668a6b261e0cc14618e9749b60354ffff4fc31419afde46673bb9652aa859157911544ea1072ead18c84b910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2be3ab34358a3fa0d7ef56f3c6e3547a

SHA1
61ace3acd4e309cca812ec7430d93adcaf1619be

SHA256
9af43854806eed4c8e803aec8d44490ae505ef2034dfdbeb104d191272db73cb

SHA512
10b23e27eb21ae7c1ecb71a18ff779f66ebf9bd2b80d356325eb8eb0baa67491e447d1a518f33e3f8407cb3676e23ef03e5ae24215f2394bb590f430e706d4dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
429a86687aaf9a8d4dedc77733750b17

SHA1
29c99373273758b84d85d0435411b08903a739aa

SHA256
4ce2b1bf51b69f0a0ed2e3c391ad4fb33629f17ceb5be7c17fbb546603f59717

SHA512
8915989b55b3d2e6f762e794176c25e4b527680674bc4f7b459e08525eb58f50c2808d40ae56221b64e04fcd3454ae724381729650c6a8fe85b55c17fc55c908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
8e5518541e9824b89e9e7c7f1bf2862a

SHA1
7a90a164ae3ab2cfd3ca80150697310dd56cf5c2

SHA256
cb35c97e81d1dd43cef511d7c6988d06fd53beb0ed158c4437e01919bc4dabde

SHA512
4be031220650d0b0c4271c99e8b90b8e5a7484b845f1290e466cf61f8717b5fe719978efce94603734ed4dced47cc97de1109723d5772174a9676df7034070e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e1f11f5cc90a63299fecb830bd6e1411

SHA1
7f1b1bdcec005cf5efc983a65bc3e3cef76a0d7b

SHA256
1b1fe0a958e0ec91046f2cdd1a9d9837d150d78846700f12218d3862206894b5

SHA512
5f7f54348cf02fcee9acc17d9979fff02f21e955dca9e0781996ed33457fb39c33937d951b1dc35a08fc728bc0386b6fc08f7ebc32963ce9d48375a2a3a4983b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4af5424e204fd6328cd9cecfce1a6edd

SHA1
ebff15fc648efc00c3aa02a866054169d6f03c72

SHA256
8e41742f0a56c257e29998867ff5a9133ea9261fdcea967ba97c614c2cf5a68b

SHA512
419e4c8e7d05af452273755ee813590d66573feef491a3efadea192633d53127a5053e952ae49a327da2529d20cc0a76810d23f98d50652447325c96f8de16c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
30b86533840553da7506b687aa2a1300

SHA1
81c3affc6e010186905894329b263474fe17d844

SHA256
84bbc61448f233c03e385831d9a917f7f038985cc3ab5137ba1bca46f9bc0323

SHA512
83392ac2e616a7f265a2b9991cd79f8ab7229b5b197f6a67feca7d59ac9206a2820b1264b264ecaa7c5582de2404cc4c8e4f9390f7c530e8e05a8d76eb8d9d23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8bf709b1a28da15edb390e87eb68aa16

SHA1
76c9c9ea3bb9116a63acf0340deb8f08ce7d623c

SHA256
f943c5644f9c220fddf0c6776cbb3ad70ea2c72d1e4f7b6dcaaeb05d59da8072

SHA512
dec1d240268946290da3eef8a19f7e7f2440e27b49d1588c6065d3811e06c57f8b21059452aafbddf1529cafc2ee9c8c9a7feb791051284d4e216ce5ca703607

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9c317b5dc97124c810d3c24d29d6377f

SHA1
106d8b4de96c907bf8b158b8b1fb2818f93b7221

SHA256
bf492fb206d2f3a32c6fc6946b3b93fedfc9ade48e2f685f1b62cbcf85c6ff06

SHA512
a2619fadf9a6df6511bdb949d0168200442037c7352eadaf4ee536b85acc2653681ab5ff44dc7f4e3d81594e574f46bfa7e6cacea810432264d3554d5b336734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
910884aa20d8a813cb3e3889c5e29d83

SHA1
06899b8a1035a2a4e4dfce3c9b877f8512940bf0

SHA256
eaa4f700283aac70111832ab8549480c606aafa65e5e8e99a4f9088ab3a26b10

SHA512
f1e648f7afbac676ef970694692d72a3a1d6a7a05d044170cc9dac2ff7fd05acdb6afebffbbb76655a4102f4dc70ca356244a2b79549b3f71ebb0393a7295c4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
649e02dc9ae8fb09d85087342ff47fb1

SHA1
3c929b9102154b137f7c3957767467532cd4d550

SHA256
bd1a2e78f83ba18317002623afcb08f3555080ebec79b81f9129a73105e869b8

SHA512
b6e52bd9e1b530e1b67e527274cb3e655663f16c806ce56a4c2a7789e7bb4cbcc3275c5a74c217f88ee37c7197b83e899cd74a7d31d55805eceea0411842a20c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d00f01ac2d4edf7803e3b5ad9777809a

SHA1
fff0fd028cf218705d6fb1fc91a58558c33bfb43

SHA256
3c51b1e029cce742e78af56342fc89f5d463a2c31ac74d899c75a317f8163049

SHA512
da082f768c1d0083e897b8fb1b832fbd9bd8346faed365caaebdb796d55f9e13d18c697528cb72b7f69390dc00d15dfb910204b0833bb855dad0cd6e779ded10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
71b0858761e688eccc76d5bf4578e50b

SHA1
ca3eb483e62f945ff4956cb4e5962892629a1b66

SHA256
e3f56d28d5fa5aba69e2c370858653444d1d6489f70149949fde4caa69e6e6ff

SHA512
d024b354b358f6861d4d43b2c349218589bf3c8575b26b72d9a2d03481b27f78c1d7dd0833c6d5345c67cfc1d4ec8afb592b64be656fd49c5252f0e890e20c96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8370a4d67e5bdd1ccefe2b3da36450fe

SHA1
e0eeb43d4a706e629fb328a362d4664590db55a0

SHA256
a373e878a2002512ac9663063a989d2daa0031575bb8937c0370d18e230ca0f6

SHA512
b8593b41aa53f4a901abd77222492fdbd9b5f46375cd622acf1b348eb6a55038c39a98cbded1f7620533ccd01e5ac7289afba5ecdc079287a53b622ba689fb21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f5391bf915e7108053fcdac0181a2859

SHA1
67e14a8e2786545c82e7423f679446b7f059171f

SHA256
f0f8a3022fce69647a2d3a005ca8d518d5ed40929092099c0077bd1fbc769da4

SHA512
d668050880acab5da8ed9951a6bdec1d5d975f9a63070e9e14bc25e93781a62c70479919919129eb48e23a40f1d2d9534aae463f8af54546f8a287039aff5f3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
4a8bff5d71b39f3eea5f54c13893b8f6

SHA1
48c5054eeb51a7d165c7c63a5c8f8326701de582

SHA256
11c5811be85b93465916c845b34e9e1c9afbbcaedb1c3566edfc2e92063ecd31

SHA512
0fb37d66c0f1aa668b60fec4d8117fad05b76202f5a23877a4a1a922e87a0e55aa943a0849543d9d360574077255f1aad20319bd943c5776324451b6ffb48c46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
b2683225b4d6e79ea45de99f5a2e95e4

SHA1
084fb8372fa1cbe035028b760b9c91f73419a1c9

SHA256
3e5b87302ede6db31a47c3f0fa4be4054bebb25d63dfe7d188f625ca7182b9e1

SHA512
39ff593ac05e922fb0a19908232e1f7836d6e0e35951e1f579b59bd3de3066c5276c38a71f0f189cb5bde3ed71c7496c25a05d4b87bdbeec21b9c00e57948e5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
4b70a78931c4252023f6e9f8a763d5a8

SHA1
f14d2aa86ae3f38d0ede8bd562191884b9aad502

SHA256
55f07fc2a9174c72d9c65ba6e8edfb84e81a3db62a098e2257a02d534fbc2590

SHA512
a7bcce942c7cdc70e26e580e4b743b06c480ed5d9688fd9acd206876bb0319adf1c28cfb18d62a9f70e545761c7982ee5538d936b2a16aeef159ce2ea7ff0aeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
1abe096bfae0ac6bdb5a10f5e574ad75

SHA1
2869e0323a365210f76b1a92606185a3c28e1813

SHA256
ca3ecc1fa2e738564795c7a665c0580603aa055495e5a536e051ba6f5228ccb9

SHA512
8a4a34b737a38e5a4736fef6cc4598d1ea6d92bb72083e03079f924c48124a72d8d273f91c569f5e0deb126908cc99771281af4aaeb21120d37db30a9744844e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
afe34579fd13332d3c241112ca7889e5

SHA1
3283852ea374bb9d41f1636448334d4bab89a4cc

SHA256
6688904833f8ed7f80318ace3a36a177a666d403d9041f343ab63b66dfece74c

SHA512
9bf725649b2f92c6f5d8dd4937406f400d0d0685a428000cd402be94a557177ccacfb41c96affc0b50e8813f3e37d1cf3a2bdd52f7b68084e9cfd5dc87ffb4f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
7a1617362ec73c86b3f91db80073ffe6

SHA1
e986ad460db459b727f615d47e2ac91d37da4425

SHA256
6630d848c89733fc160dbf3a9fab86fc74632c40004b307c925a8709fe8f3db0

SHA512
39f6f097df903d63ece025819bafd99fd9295245cf8ae3d4cc0cdcbaf5c3f49a856f9ca81c12606c52058cb22656096e54110073b4492986eda4271a25ecd6f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
f6305f61bec7a683cb1c1da70a7399b4

SHA1
a7b584a1cd578eff6178561be38ad051d36d457f

SHA256
6f641feebf24aee2e3d838904398010e18569e4979af8661eefdcc4dbc57a666

SHA512
1f74c3cda356b042acfd1e90861878bb00d12766b86a47973809ec8d0dbbda0fffe6ed2ae8ae9fca5d076a11dae4d8ede21742c7edd2cdaa8abd0be06c3b07ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a7b4c.TMP

Filesize
96KB

MD5
04e897a0bbd1047e950893d7f86ac304

SHA1
f9e55a9aeb9985594939f54eaec501805a73a24e

SHA256
71d685dc2a58674fec2277a7992db2ba6cec835f43c45364928a5de12c4972be

SHA512
84e5cd6942d0292654bcc1f824f687604fee59ff5b9cc4ca474bff16e238e278e0f09bc4dfd8d4de0db3b0cf8667bcd59a9040f132dcbdb474db74415f8772de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
64KB

MD5
fc240c081ec382df4b74d591d7d37a45

SHA1
396e9d8accb2ff8b32e6c3957808cb87d23ad47c

SHA256
8cfeb277627a0fc9f2596c83dc37f9a3d8871293cd88dadd08f32098bf936038

SHA512
d8f83773c330b88b43f9ebc6220aa98368854e44a75b73a8575e7171f6c32e784d404e5a2e2e7787d3c71c0cfecdbb983631b639d9fee879b374d498d2ef0ab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
4888b40dfb5de9f4ddee3ce1f271a7ba

SHA1
55f5c1b576b5a7137500212cb3fccb2e0089da46

SHA256
b75d8240291efa09d3625d6780831ad806d902efe46b8291f6936f70cabc04f2

SHA512
1b0f8fe2cdc32c23c78ab883e874c2fd40882cc2d01a03ec47993228d8a8e3bbc92f9d928c0d6da0517f49874d6b49fbd839177314290a79edf348c3b3fb21f3

Download Submit