hxxp://wallpaperaccess[.]com

Analysis

max time kernel
42s
max time network
44s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2023, 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://wallpaperaccess.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2128	chrome.exe
2128	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 49 IoCs

pid	Process
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2076	2128	chrome.exe	84
PID 2128 wrote to memory of 2076	2128	chrome.exe	84
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3876	2128	chrome.exe	85
PID 2128 wrote to memory of 3812	2128	chrome.exe	86
PID 2128 wrote to memory of 3812	2128	chrome.exe	86
PID 2128 wrote to memory of 4000	2128	chrome.exe	87
PID 2128 wrote to memory of 4000	2128	chrome.exe	87
PID 2128 wrote to memory of 4000	2128	chrome.exe	87
PID 2128 wrote to memory of 4000	2128	chrome.exe	87
PID 2128 wrote to memory of 4000	2128	chrome.exe	87
PID 2128 wrote to memory of 4000	2128	chrome.exe	87
PID 2128 wrote to memory of 4000	2128	chrome.exe	87
PID 2128 wrote to memory of 4000	2128	chrome.exe	87
PID 2128 wrote to memory of 4000	2128	chrome.exe	87
PID 2128 wrote to memory of 4000	2128	chrome.exe	87
PID 2128 wrote to memory of 4000	2128	chrome.exe	87
PID 2128 wrote to memory of 4000	2128	chrome.exe	87
PID 2128 wrote to memory of 4000	2128	chrome.exe	87
PID 2128 wrote to memory of 4000	2128	chrome.exe	87
PID 2128 wrote to memory of 4000	2128	chrome.exe	87
PID 2128 wrote to memory of 4000	2128	chrome.exe	87
PID 2128 wrote to memory of 4000	2128	chrome.exe	87
PID 2128 wrote to memory of 4000	2128	chrome.exe	87
PID 2128 wrote to memory of 4000	2128	chrome.exe	87
PID 2128 wrote to memory of 4000	2128	chrome.exe	87
PID 2128 wrote to memory of 4000	2128	chrome.exe	87
PID 2128 wrote to memory of 4000	2128	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://wallpaperaccess.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffffb59758,0x7fffffb59768,0x7fffffb59778
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:2
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4436 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4680 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3948 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3380 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5284 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5444 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5632 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5864 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5820 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6104 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6092 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6452 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6696 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6536 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5988 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6960 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6948 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7612 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=8068 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7932 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7824 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8520 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8208 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=8220 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6820 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=9744 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=10184 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=9752 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=10796 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=10972 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=11112 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:6212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=11200 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:6220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=10940 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:6348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=10808 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:6416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=11628 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:6484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=11608 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:6492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=12048 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:6628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=11988 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:6620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=11980 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:6816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=12448 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:6884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=12648 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:6948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8064 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=12044 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=13440 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:6864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=13548 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:6760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=13836 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:6792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=13964 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:6768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=12720 --field-trial-handle=1788,i,15289923928485331539,12556819133628522814,131072 /prefetch:1
  2⤵
  PID:5684

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4244

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x450 0x448
1⤵
PID:5176

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
1024KB

MD5
492af515133f3015a9accc7ec855f229

SHA1
ffb01915dbd604e35c5e98256afe25d5b9382178

SHA256
60f3aaace2ce57f3db7bd19aa0cc871479ded2ff59ad184ce56997bd8d59e140

SHA512
644fb97a645f52d956b6645806f921d2a6e924eda7277558d7fde6e8625307f03ce3b6cecc5327e2ee970cb0530e8b109cd22b48f3a05bd976f67fc12807956f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005e

Filesize
52KB

MD5
f1d940934104403f5137326321666398

SHA1
b2933505d6b2dff6001d156e5bb07939ba455448

SHA256
f6b67b8459fc6c73cd20c39fc088ab67f577ff0a45f1aee14943734fd8956300

SHA512
ae20f70c15ff70cc089b1a715299267168a4488b378c57218a977232f2bd0b224c7a8267fa0345466655f4c6778856c594153cf4d56eaed64153466a6053982d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
4620fd1543882f489f4b665c9e2dc96a

SHA1
a0a9774191837754d367bf4ca14e95457327db4a

SHA256
4fe5e3bff133e82f01e5c4521589c1e7a3798e696deb43abe5be8c5a9d88e02a

SHA512
358fb982dad558746eb33eae9218f6eb8ec3e77940ae8913f67fc4af529b538886a6c457a5a19b9f420a5cd7201ff65e4017969151edd723d8a098aead2efa32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
3b8d52dfa5dc9ae3ff9225c6e6b9a3b7

SHA1
ccf7abcf251d6061176d97960c496db945ffb5d5

SHA256
fc1e72980288797622c166d3e55896c29b83ade5b3f6f67586ab5ceaae69f607

SHA512
ad8e9b640b98639f4d3d35fda5831b70e76f1c0fc83d250a3da22ed0ea4d18221d47acf0fb73ff6ca5bd3ad99588393bbc68aea688d25b4238e53c31b0c8e5ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
433ed19f5c5c232b092aee39a5409799

SHA1
076d9e78b675b5218b92944142f26d81dc4f0988

SHA256
70dfad95edf81a97072cbf6bf354a172ce726e3adf3967d72b4c3d3d091f6058

SHA512
518b3830446e63b10c0349ca50bed164de3d40c46a930e3538970adeabd12a59f1ea43a713ac4e94d6163210143ee83f305e9dcaa69c3c4f702784f7caa73337

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fb737bdacc349218a54db5243c1f54fa

SHA1
5b4674f98962d68bad987064bb35562fe3736067

SHA256
6cf72ee8bdf5cab57c331ce4e6fbcbbd5f35b61a70fb6c59a7ee30a8c6a7c061

SHA512
0d4b6d3af72e57e6da8e09a781ed6188ad99527e5156ed4d0375eb630bc32a98a22fbe71dfe91a12eddbc1587d477a537cf9bbc065ff82174f901b724fdbe75f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7db5273bc75cfa882cd24714f458bca3

SHA1
66cf19bc7ff16b3089fe2afbf45e1b6d11b5ba90

SHA256
ad4dd7a62cfe5c2f6f2e084f64c0a584b9e3e7b80db0e6b7cf4fab0853698bbc

SHA512
ce69aae811f9c8f371543b5c1ee3fe922fb393a1975ed5822850eeb19fb567cd4f7fe21df0403dfcd0dddaf978369c27c8a824000eefcd4cfb8644ed8d7498b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
dc2f46fa93333c52d4f67e1c92a86fb3

SHA1
742d3416a328d15f6d3b3d712256e1caf92a59fd

SHA256
6414d4dc2a1a53bdee671dfa4d2a71f6ad70d3f8d9d9604a6fc827a26d32ed39

SHA512
b46d262b8d15c5ec1f087a2d888a5b9a2f09105a06437d245278623884ba056f0241754a85802f124fc4b04c24a59fcee97ebaf8b352f5f2485b4ebf020eaedf

Download Submit