hxxp://remcos | Triage

Analysis

max time kernel
910s
max time network
1735s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
02/06/2023, 13:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://remcos

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 860	1276	chrome.exe	27
PID 1276 wrote to memory of 860	1276	chrome.exe	27
PID 1276 wrote to memory of 860	1276	chrome.exe	27
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 832	1276	chrome.exe	29
PID 1276 wrote to memory of 872	1276	chrome.exe	30
PID 1276 wrote to memory of 872	1276	chrome.exe	30
PID 1276 wrote to memory of 872	1276	chrome.exe	30
PID 1276 wrote to memory of 692	1276	chrome.exe	31
PID 1276 wrote to memory of 692	1276	chrome.exe	31
PID 1276 wrote to memory of 692	1276	chrome.exe	31
PID 1276 wrote to memory of 692	1276	chrome.exe	31
PID 1276 wrote to memory of 692	1276	chrome.exe	31
PID 1276 wrote to memory of 692	1276	chrome.exe	31
PID 1276 wrote to memory of 692	1276	chrome.exe	31
PID 1276 wrote to memory of 692	1276	chrome.exe	31
PID 1276 wrote to memory of 692	1276	chrome.exe	31
PID 1276 wrote to memory of 692	1276	chrome.exe	31
PID 1276 wrote to memory of 692	1276	chrome.exe	31
PID 1276 wrote to memory of 692	1276	chrome.exe	31
PID 1276 wrote to memory of 692	1276	chrome.exe	31
PID 1276 wrote to memory of 692	1276	chrome.exe	31
PID 1276 wrote to memory of 692	1276	chrome.exe	31
PID 1276 wrote to memory of 692	1276	chrome.exe	31
PID 1276 wrote to memory of 692	1276	chrome.exe	31
PID 1276 wrote to memory of 692	1276	chrome.exe	31
PID 1276 wrote to memory of 692	1276	chrome.exe	31

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://remcos
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb169758,0x7fefb169768,0x7fefb169778
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:2
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1660 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:8
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3728 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1380 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:2
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2784 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3756 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=544 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3800 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2324 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3792 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3436 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1924 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2304 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3936 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4452 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3972 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3964 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3820 --field-trial-handle=1336,i,8674173804258557376,2168489223665086759,131072 /prefetch:1
  2⤵
  PID:2896

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1836

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1d0
1⤵
PID:3044

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
b5fcc55cffd66f38d548e8b63206c5e6

SHA1
79db08ababfa33a4f644fa8fe337195b5aba44c7

SHA256
7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

SHA512
aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
37KB

MD5
5b0c0d429185ff30e04c93f67116d98f

SHA1
8eb3286fe16a5bee5a0164b131bc534fd131f250

SHA256
f1a0b957050b529afc0e94c436976326124ed8968183859c413986487623294d

SHA512
6295bcd662325172b15c476d26f23c8794c4f1454e0e8cfd43bca79b45aa03e1ae721ebdada1c52fe7699027fa97699156280ff259ce3cc476e322ccc0337902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
62KB

MD5
3a3a76e2e8030a1ce109eb0270bf680e

SHA1
3f4cd58366f2aa53c714c086e5065fd9c0a69a0b

SHA256
3f891bab1accb37a7778fedfe65d9580221f80a37e0ef22c42cf4a31a7907cd3

SHA512
f14efed2eec06743d74d96fa02eb0e327ee9a919df6b786704f5cce406c13662e0983b7e6c68a0e3bbb3eb02ea39efc4e753e840822a891a2886566143063783

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
20KB

MD5
39307e27138b106e53f1a4af27d63094

SHA1
9c2fbfb3f19bf72a282a101d1c802c287dbb5fab

SHA256
07c09b206faa8934e6b12c518a4f834d8bd5b2bbe92a07a4f169173ab620b464

SHA512
8e48c468cceab8dfb296c62c2fcf4e82adde92fc06e3b14418a4cc08dea5712aaa7f61eb5421b9d5fbc0803b1b8f2b05a344a2e3db7831212af9e2579972bc52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
162KB

MD5
44ec03cb3248c903b67751ea27df310a

SHA1
c57e9cf90caf30457e9d57db750b8a0eb8856770

SHA256
d4de4a836d11828dd561db1eb8d7fd48a7e0ce9afd8645e2eabb19a1267b6894

SHA512
657e8958d97eab524224bbd8903e0bd7d0c2640805f77da7546060164fe03f7b6ece99a005ef44e41b7233a2e24ffc63430b2fe3c87f61a1b26e0d7c7e52c365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
433345787f45425cadcd3753c043c711

SHA1
3a64f5ff27f4653c1a79a7f56e61110864878264

SHA256
6a607c372003c5f2aaf9779328502c316c48612ba9f95cf1e4f21620cf39763a

SHA512
896b4f059d164b392f080abb2d537114fbaa1f0a0c2ca7a0af6c15afe7aa30bc0d58c1ee7b591bcb056ce05f5aa144cd0e01c308c99fdd95be07f84a395adc0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
ec1613b93fd06805d5b08d607c7cdaf9

SHA1
2db76e8d048b48ab6d6eee0869cd44571a8a2d72

SHA256
f01dd46dc2a9cef581e68553c1b1f3de0f1e9a99b93a078f5178045556ba747e

SHA512
fc4f618b76c2a2f55b0f7fed388e85f3f604e0e5bfd21689b142de91d8534d2119d6f656e02e58b7c3d60ade690c9ba96435e89f729eb1c1ea5b9c886b10034c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT~RF6e51d9.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
70020fbeacc082089ac7e0259f410235

SHA1
38e74bfd78134c0318b53747d2b606380b19f8bf

SHA256
f475689e95d4c0d45cba5680d4d3418ee19dc011c08c866835dc1af35d90358a

SHA512
db9683510220adba513bf747c0dc262cb75f4d89b9eadfe31c57b28f69d395b4ac7dea5f9f8b3732f41b53b231fd7aea6589efd34fc5f0a7bdb95df4e847160d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
949d9c470e5724ad73e1168b5a0271ba

SHA1
18c97bf1e0e40cfcd04884c9ec5c04463731b32f

SHA256
89ebda9e9f54e4caa422e274d5171d85fb384c2bd3a8db7a2eb5213a9521a883

SHA512
caff6f1f96722ca43465d285030a91c193eb7753e42f9cf422b009601046b8870af8872f44b622bddd272265750008d3ee4a48ce896ec1258803cefd0c941217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9dd774421d46ee09492d1d9c87d12b33

SHA1
96791e9ba547056025ee5b455dda4b61e7dcf9f0

SHA256
146a78355fe7fca82494cc9bdc4a87e639cb055554a04148897fff4164fbfaa3

SHA512
100af43ffd8b4e50f03e2cffee6e734c38c737b680b70ef954e63d3f8eeab46a36fab633f42f034584407370fb6b0798d06e2275d10229befca63c28d5bb25b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
64a8f1dba9b1f657dd59eb82090791e8

SHA1
5a0316377b8cc37142141974b4e29c09fe197adc

SHA256
0f7ff10de0c382cf358832fcfe69dd857319157c32150ed74d43d1590a702687

SHA512
74c9fe9be5b113e72702a08347c145c77d163bce2d95d0c4ce4917bc2297765b82593bfa0945f8a67d0dda88371fe90f22e90b419bad0054544a91bad10c181f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ada423172bfb39498728f6aeabb69bbd

SHA1
1295cb80308fec4aec22483f07045201d52d2c9d

SHA256
ebefa24cef9305bf632f936eda746f1f14c434ebc3ef62d4a9f272ec74401c39

SHA512
498d2a17d8175c3266740f267ea862c96d766fef8dc21b22130aa1f4b4a0fc1164289ad02a8a3fe2b3c2599705e7f15a9dd4258e192ba6132df98cad0db302f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
6ce36adc7abea2292df5acabc975c074

SHA1
822703ef2d8f5d4c7a09c7e7bc24d2a23ac5938d

SHA256
01e01607d023b3a2dac5359faf0e61e5b06baf571f50b2c0273114308dd036d5

SHA512
0d03198816644e8e79655fe8625947b6591e32024f7918ba304a57d4afb9959a1058c48a15796e3eb841c248999a7fdfe61f16fa098efa46cea1647db12a9aab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
e6d3d8d9fe0717aac37575b8c9403814

SHA1
170d256937f91561a2b5e857dd55991c9cd8eb22

SHA256
9bc10f2e21605cea84c0cabca03e5789092fbc0aede629225b6fc1bf0eaf4ee6

SHA512
1b9d8720f65f2218eb965e2cc054daffb985410bfed1a9649bb8a3c296d47f0a7b05df5399baef445bce7eeb6f1db1ff68b71297a359d93d3d0b16b662869872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
1f2bc4d5d979356e0fe64f660fc382e4

SHA1
8f49283a411387e966b54ac18d5f77b677fb3ab4

SHA256
3468dedb5956d36144d8ef327a4c6bffead8f001a0f650d15f0156a9240163c9

SHA512
9d838a6ea08d4e3a9885d1319a0f587d0cb5ad90f646022e84a8dbcee22f3c056724b32dcb173f340db3829dbb87e0520970d70f149d378f34f08bbc2a5f3dfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
74a3a91cc8592a88cb74d335d7c50d6d

SHA1
cc85c2ba15a222ba8ad3c5679f698f7460083101

SHA256
79bd355dee106111c40ed82eda9880f385dc5457f0a9377e816183cbe27db2a3

SHA512
0c2e7b321aa00d60ff6e84e17dbeedadee472edd5afcee9f23ce0ea903bf9ab815bf011aa1b19ad980d50b0e99319dc8d4e1cfbb56490d1cd98a498bc2f10c6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
7d1f38fb97a1f58275f89d6ea0f45f69

SHA1
e48468f3ad5a5c97eae9acd95cb6b67b7cce9675

SHA256
a359f84c6f689a57ead6d917040df744e186ce865dcf623d60edaeec5a799415

SHA512
3e908c5283977a088550e377039e274f0fd33c547be42f47adfaac67f7893d7809c6a2b2d5bf22ce22ce845bfc67792b7c6cd6d6a8be1436ca0e9849803d5e13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
c21054288b3c6d27c968a7941212ea88

SHA1
a9725dcbac82540ce71f714b4eaf1fcf7480f5c4

SHA256
785386b3c0fc8a9ba9db5f5f8608ed28d7e123d2cf60811710f52fabe5089d29

SHA512
8306bd5fa833264cc4dd2da6fc34569a9213f3c0e8a2537d701d7926f0c22a1c03aac6975613ce58848734ed87564908cda30682ed1babe1e73a571e067f5788

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e8dca0dd21d015922cb4340368d9d050

SHA1
04f362002368791626a0b32a59aeed0f5680fde0

SHA256
e84ccd6450753d610f24f33d8a509c3c7587bae91bb2bde829b2c19294953ceb

SHA512
5e4b042ff1a72b5b1b0a8af57f2a81b0cc7cf71987fe8933d3eb928851bcdc9882ac596cca1fc1b3b0b42839f3c455e04ffbaf4588f64389234d8008870c30b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
e7904ab7fa28ca68b4e74a963aac3f84

SHA1
cc090f4e9ad14714505aa00810a28af0532e0112

SHA256
24673212a4cc13b782233760cb2880b4f7bd55f9842d378ca5d4fe89da6c327a

SHA512
e6c8b7ce44934ba10d72391418d97491217ef8204129f525fa902d51de914102157ead13306623b21d4dbd7f8145c70127e5131c46db6389bfc20f3475d70db0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
57e4c0b0b1543ea713847bfa620327aa

SHA1
35bec966007aeb70c20dfa06efc52a2dbef47c54

SHA256
ea90c71f9f14008bdfe1cf01f612a7936723012e16a4033f14d49c33628ed3d4

SHA512
ea7da5f1d4bbf4be277a535407e51e1e5504b25bfe98743bbb6a9f84fc9b7e06b231f890b040e7b1fff49cdc584c5daa8f874acf752bce5bfda41249ec2f28af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
539f3b1cbf20e4068a4b91514946d8ed

SHA1
8850654a7347ab683a7fd300486ec4e9cfa93e78

SHA256
e9044f970c5aa1d044e05b0c481c1421ff479565cae55c3d7162856f302bbaa4

SHA512
e9022bdbf16dceaf12db4269bf104b29dcae1777503086d99d93ab36509f930b1038589c3c27514ffd208dbac5ce560a9c9ce3a2e813de0c4b87c9e50b98f939

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a1d85efbdd3b11fb08205c522079eefa

SHA1
d7c8b8dc4f3d1aeb3a1c03481e5d543dc55b718a

SHA256
d3a5c24918fcfd68f53f4f93d47a5f57c0eb16f0daedd2885eb5bf26159bb598

SHA512
c6e6e7e71910db0bb10824f434b834eb2696cccc29af8b16a4cab0ff771a20ed6d8ee2d0aeca7a3bb6d1250b6b662bd6a49fd82853ef74e5a0ee80401ed26f0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3a2e97427320cf464678508ad345079f

SHA1
2f67a45c315129c38c70fa6583d3dfd00847410e

SHA256
b2369023dcb252b85560294ef7c55ce1107f3a5ca780005d810b11aa026347e2

SHA512
a7b638143da8130ea1b065008a5c5828e627690edc11cf414e9096a355b6bd2a754f989b121d573534065b2adbb40c3f941ab908e9a946487e56d687cd2d67a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9fa6513ce1acf8ed2878dc32e59051ce

SHA1
cc3944372681f952a447cec4e40aa748d26361b5

SHA256
2bb4afe9d9eb26e94e949d2f12b96c82e8337ba9a424d3fa652cc498a61e9cc3

SHA512
3d3eef7285ae9bb7dbe99c2a22e71c94aa6eea2a60e6b0121a84747ce19ab709bd9f57d48bcd1ddc2f80360babb40ba98be3c14eb49c4a4e2ce222015a485f07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
dc7f1c528cc0c69e1d0de9fa3929f188

SHA1
52ee76270993d64e84dc82708a3400862af22527

SHA256
d5afe7caa1ac2cec51d760635fb331bea7f6520206a8562d16d65310719d56c6

SHA512
2c84d66cc41d3b04aa37e082c78e01712a8df1a7b6e458c3b03d058bd537340b47269396ac1821b196e1d01dedc77a297b391823da4a7bdec46b169c2f73a3c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7020e1ab7a879f889d8a76b553c46392

SHA1
3a114c26504f94f5058b9fdf5628c510a2c17219

SHA256
583fe761ac6200d3d516ac7b70e38d050c3e511262ba6185a901e7257d9393eb

SHA512
413679e78fedd3978977a918237845324b8fd63b5da730fec1aea2e58471ec76e880dde175f39a7edfa2635e2d2d93edde843a20db94fc1e5b81678ac2d342e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
3b3d0ab602710e9c7889482228ee1ecd

SHA1
53d1987823eab2ae81da25276eb48d086dfcbc21

SHA256
1b414cd9e376b62405970b4d4cfca351dcc66173e4dc71a373e401eb668b51b6

SHA512
f888c53688e8f8040a9949edfc090aa7e91943a10a235493cac89cc72e6a888f06090c08adb84ac9584eb41820dacc1fc03885ae6679888cb6cdb9c74a98d663

Download Submit