7276050cd20df57177abd53efb77d1f68ec7ebc29d91cc0c26bccb798fca995e

Resubmissions

03/07/2023, 03:44

230703-eastvaee79 6

03/07/2023, 03:40

230703-d8habsfg5s 6

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2023, 03:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Ware.mp4
Size

17.8MB
MD5

55774a34c0c133143e332ccb39611d07
SHA1

0622ad9a3ec15bdd4cc99a14ae2f1b799d906ec3
SHA256

7276050cd20df57177abd53efb77d1f68ec7ebc29d91cc0c26bccb798fca995e
SHA512

1418e084fe2feb7d83a4e0a2d8a0f15f506e692dead7afe7d9921f4397d176ca3024712e0f79a0176c3bdfa887d957089a29773619b60ea3a06d02e868dbb813
SSDEEP

393216:N7zT4yQyn3hbRITwnjsK3vYn0lJO7sxeU4q20:N7fMy3lRIEwipagsVq9

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133328292583860932"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
4852	chrome.exe
4852	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2192	unregmp2.exe
Token: SeCreatePagefilePrivilege	2192	unregmp2.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4396 wrote to memory of 4476	4396	wmplayer.exe	84
PID 4396 wrote to memory of 4476	4396	wmplayer.exe	84
PID 4396 wrote to memory of 4476	4396	wmplayer.exe	84
PID 4396 wrote to memory of 4160	4396	wmplayer.exe	85
PID 4396 wrote to memory of 4160	4396	wmplayer.exe	85
PID 4396 wrote to memory of 4160	4396	wmplayer.exe	85
PID 4160 wrote to memory of 2192	4160	unregmp2.exe	86
PID 4160 wrote to memory of 2192	4160	unregmp2.exe	86
PID 2476 wrote to memory of 180	2476	chrome.exe	89
PID 2476 wrote to memory of 180	2476	chrome.exe	89
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 2416	2476	chrome.exe	90
PID 2476 wrote to memory of 4228	2476	chrome.exe	91
PID 2476 wrote to memory of 4228	2476	chrome.exe	91
PID 2476 wrote to memory of 1368	2476	chrome.exe	94
PID 2476 wrote to memory of 1368	2476	chrome.exe	94
PID 2476 wrote to memory of 1368	2476	chrome.exe	94
PID 2476 wrote to memory of 1368	2476	chrome.exe	94
PID 2476 wrote to memory of 1368	2476	chrome.exe	94
PID 2476 wrote to memory of 1368	2476	chrome.exe	94
PID 2476 wrote to memory of 1368	2476	chrome.exe	94
PID 2476 wrote to memory of 1368	2476	chrome.exe	94
PID 2476 wrote to memory of 1368	2476	chrome.exe	94
PID 2476 wrote to memory of 1368	2476	chrome.exe	94
PID 2476 wrote to memory of 1368	2476	chrome.exe	94
PID 2476 wrote to memory of 1368	2476	chrome.exe	94
PID 2476 wrote to memory of 1368	2476	chrome.exe	94
PID 2476 wrote to memory of 1368	2476	chrome.exe	94

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Ware.mp4"
1⤵
- Suspicious use of WriteProcessMemory
PID:4396
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Ware.mp4"
  2⤵
  PID:4476
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4160
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:2192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf7509758,0x7ffcf7509768,0x7ffcf7509778
  2⤵
  PID:180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1792,i,11416255583371306981,13583135467522249030,131072 /prefetch:2
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1792,i,11416255583371306981,13583135467522249030,131072 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1792,i,11416255583371306981,13583135467522249030,131072 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1792,i,11416255583371306981,13583135467522249030,131072 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3332 --field-trial-handle=1792,i,11416255583371306981,13583135467522249030,131072 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4436 --field-trial-handle=1792,i,11416255583371306981,13583135467522249030,131072 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4432 --field-trial-handle=1792,i,11416255583371306981,13583135467522249030,131072 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4836 --field-trial-handle=1792,i,11416255583371306981,13583135467522249030,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1792,i,11416255583371306981,13583135467522249030,131072 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1792,i,11416255583371306981,13583135467522249030,131072 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4812 --field-trial-handle=1792,i,11416255583371306981,13583135467522249030,131072 /prefetch:1
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3256 --field-trial-handle=1792,i,11416255583371306981,13583135467522249030,131072 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 --field-trial-handle=1792,i,11416255583371306981,13583135467522249030,131072 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1792,i,11416255583371306981,13583135467522249030,131072 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 --field-trial-handle=1792,i,11416255583371306981,13583135467522249030,131072 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4712 --field-trial-handle=1792,i,11416255583371306981,13583135467522249030,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=1792,i,11416255583371306981,13583135467522249030,131072 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 --field-trial-handle=1792,i,11416255583371306981,13583135467522249030,131072 /prefetch:8
  2⤵
  PID:3820

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3144

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
69KB

MD5
987edae1041cf0d45c2887f6455cb66a

SHA1
8c467f6d7b8c761acaa50ddf4d30b3c7eac6e0ae

SHA256
b18d4fb20951e267ed35ba9b72a16e300bdfe7286077acb9afbf2e97a4deefe4

SHA512
4d4b2a72f0b25113b079935a186994e9d2cbda85497acb555b7073e395a8eed5eb85743f22cda2c9f6bf6877408d3950da1d15aa6f3ee3a72c23c9b1fc10a76e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
39KB

MD5
8877fbc3201048f22d98ad32e400ca4a

SHA1
993343bbecb3479a01a76d4bd3594d5b73a129bd

SHA256
22f8221159c3f919338da3a842d9a50171ddc5ac805be6239bd63e0db78046af

SHA512
3dfb36cd2d15347eaa3c7ae29bfa6aa61638e9739174f0559a3a0c676108ccc1a6028f58dad093d6b90cac72b4468eb1d88b6414339555c9f872a5638271d9c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
81KB

MD5
47832329bc7e029cf06e27647932ac96

SHA1
16212a06c0a3f733fdd8078d6dacb2ec2ab087bf

SHA256
3e54754451428566e7ead9215211a533f025229c8cc9d11b3abfb5ca5fbc199b

SHA512
9667d3bdf8c27c025e6d5c18089e5cfee07b7a92f6ea2e8b12e40cec5bb59614a96ad5729df96cf57a87fc95fef37cb0f4b619f67f6be4b97dfe080cf0c764c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
51055c4ded7276a6dcefff121c2c343c

SHA1
5654ca8a9aa0b528e012a953310758c45574c750

SHA256
3d85ca0d802700b6db16624ce4cc6e883433415d2edf0e7923d9bff8e3ea9e40

SHA512
20fa7713e3ab37da9d5c86004cd65a88af9da93736cc64148892ef21f0b7477d597be1dc90f29eddb6e601f0fa262c2844c2a2f2b5515e60b03ec89dff7de356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a24bf12a8b5409bca9d6717415dcd536

SHA1
40b76cbeb69513085e64671cec8930d0826a3d1b

SHA256
aac689513ed97407e1ac8f9a549d72d17de2f0f2f02ae92a93495171a35b4bce

SHA512
306d5d85a2ee1b026fb056a84f048467782bc1ab46e1bead646d245c9969feef134614d7c6e1c78dbc4f463071f393717ec1b443be92e74fb746ff9e14012a23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a0ecbdb030d95f8219b5b2541bac1772

SHA1
f6330c123d7339160378d467dc45bddb6d648f5f

SHA256
75c7baf8d2ec98534a62d67b6bb9579491a1c00c6dda796aa4db1e5c750e7ed0

SHA512
747cf207b688f3f4f7cf2f19c9843aa8b0c5c1b6cc12bd6c905602a457a6bc7c0ed83f9c5a6b33fa791b25eda5daede349f3f4bebb1d08a6e337ab56ef5ac8eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b1896363892e514382faf8f1d089c117

SHA1
9eff2af8957859abc42341623790f3a290d5473f

SHA256
c456e228658ad54f9f3dcd927d2db064f3d2acddc3c83e1870c4bf750c688e83

SHA512
c030a06621aa4574f70e6c165f0a40b303415edb1b407bf13a35c88d77fcb52b6fa87831c9522fdc251e6cda6da63d9018f7a657dd26ffd1a97bf109d0ab44d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
ee2805ef97d0c88397c5cff906d42f15

SHA1
52349e2e228feac1a93061e57cf865034847cb2a

SHA256
f62e42f06519aec58c918becfce4b9495811a2f224ec1a2ac71994646940ef75

SHA512
48907e2de0a37b98805570af489cd94a4033e6f8ab3fbd13b59ef8751a42cf3e89439f8cd5524c2f4bc0e750d9bbac69f03f41636e4f12f93cb8912b0e9a7961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
e3efbe71461177127c4d038143a7615a

SHA1
bfb15d27261e8d94b6b3b4bbeb9721cd5cf1f591

SHA256
5961d71177c1b7c0883fff416fd629405595c115a146fe91fe63fd942676812b

SHA512
a6e5e3fa96ea73a2e68158aaa698ddf0360bc2960ee9258c2937399a14d76b36b5bda775e981eda3336cc68736a5c8d2f304fe39576a368f432515a1ab6942ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
e868ab00cfb1dc215721aed2ccc3c907

SHA1
f36b4b7b3459f2ee67fd52fef056a1ed24340aab

SHA256
242b3e9d4fae7dd8c9ae8a372af9f9590e9576d1d86594e521d15a5335d29109

SHA512
b054daece45e9da87040d6ce0451a83ae74e6dee1a5f2161a366095fd7c9e8db24c9f897b588bbab74a6616d0be3fd88387c850bd73ea036812af3fcf00446a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
96cb214eda31837af7d2c34c23c58a09

SHA1
887a4035eb9c8303ce2e09de35e61184006d1576

SHA256
9cf3e112eec6ef0ca1f66654f16c4c4b2c76202db4bbcf5f0c69d6d4ea4a69ef

SHA512
276998ee05e397ebc505021c90ab0da9dfae05068834864c0a27e8a928228573ea9d5d1d9b032956e5316f297a5b40bf155ae87e7be652449acf1a5c569e0625

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
369192627de1c47839875ddd16695539

SHA1
e601277c8a2b01a3d97d5c856a98004112f4efd7

SHA256
98e037c4bd6213861f60e096215552b8fb3258828bbd45d4209c7179921bf6da

SHA512
a9bedc5b5bae82c4a26ba427651f599e49874bcebe98386ddb22757fe9064e5b0929a51264f689b9b2f6b6884063ce45452a253f9c86dee01212658963137318

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
553327537e841bea6450f29db634215f

SHA1
1a4d8923b62c6cfbb5191443454a568ba01e874a

SHA256
bff415842aef64b2dd68ccf18ef949095be4f9507af83ad1ebaa352a7502d0bd

SHA512
1e6a2803d0ab5193f9634dc485d7cd772bb4e9644473e51f25ded1bbf3a367fc46713d1e119bbd4956a0450dd11101883c2ff8500a72d3fd9077a7f1a7226638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
3cf50370c27adc1ca370a23599688ea3

SHA1
fd83150f54870266df078099df4afef9ec02a8a0

SHA256
eebbe6f87a08293a3963771eb1eda3dc6795cc1a19bffbc14a0e24e15a24becc

SHA512
817e53f136b5b268cd0d4bf468ee64e8be00b2c694f963d3a657b9e88cf56dba469c3e0218f6989a5c785b073bb2ccf1b357b6f3ecf742ca386e557111ed1fbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e87ee7aa5bb1941d57d953df60f48056

SHA1
bea572b41e3b1ca4b787b7b2a22ad802100a6d83

SHA256
00a0f09a1fcee7cc39fa63be91e0c4d22b71bf158ec72122d6dbcacb9d51511e

SHA512
8b7dec941753e68ae6c69900473f6ba9efb93ec392ad1adfdbe554de22485eed252d8ffbf146cba8e2ab4f3516c1cbcaffd093e0e799732a676bf542c80eb5e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8691b0f52c215c9ce76c45176fb8b2b4

SHA1
a75776bcc4f871148f41b184b9e3895b53bd1731

SHA256
3b3f267ed38986d104947555e40f8f30c98199c1d828f9195b43926d58c84275

SHA512
d1b74ec3b4b3f3031fbbef278c8ef3ec36cce237fa7cf92f5b1dbfe6383e1e41288d0041452a2c0e48f4b7a559693579576bf1207885457aed38f9b9866a3c33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
158693a1e88b3a3acd59349bbcfd2d09

SHA1
79326a7bb772488e2bd1c2a108eb64b586903628

SHA256
8ca7b411ac32e80b25390218d6d4012911d46bfa4e3f6ae149b2d2f7ef1992e5

SHA512
b4b8d64bd4b370d91238dd532c6c11d4a0723c617f5b7f298454c72f1af32d173721e2bcc0a282729e5a7f3f3d0a4456b31b49b27d06dd5028049007aed24aa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d569c4b3901eee25420f0deea520a5ce

SHA1
30a93b1b9762131029be4180d52f5a26f41d8454

SHA256
7c9b0c57441b5049f8645862f9fe6389b54bd835517d67ed6eae0e508c6e38a6

SHA512
c337e1288fd3967454247861e4a5b26ec56b3e29f3ff0b969d3e77112db84764473de34ceee41869e3be0561ba154585b8b2cecfd160718b1fd5a489ecc39068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bf6d07cb62dfeca234b565170cc83895

SHA1
05a2ce3ca4984da8745fea2754a757183fcd46a9

SHA256
d3550b8a7639a7cd5dd3321ed04a164af2cc3a4e9e32f4c9ff935e0ae7fa71d7

SHA512
548bb4fbf76e62afa81edcfbba68fc89a10587824f981517b1cee1cf371b73e3bd3d3c36079e94cf9b0628ecd1d3ee9eb55cda94873af97c108b2c7e4d4933f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe574815.TMP

Filesize
120B

MD5
e82817826b644975814fc6c806da97ce

SHA1
5a0c183b97e74d9b1f2519b85b2fe35b00c9b564

SHA256
0995bed20fe7a48c39812cbc1abda23cd829ee539fb2777d623f4b2fa490bbf4

SHA512
2b4e415efe2d53d0ac49ea6850b0408d9cd5e3af478d3ce3ad70700dce37d6584574f98f138d3d79a9b7fba4f9c040fb7f669597da87943fd7a86f93d2ba497b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
647dfe543423f4abddcbf9c64b4d3d72

SHA1
1e9c63286e0617db3c49e1833dc54026e09c00d1

SHA256
ab99c539f9426c6d95703fc1ddc431377aeaa7a808739eec91c6ae6fb9969250

SHA512
aef084a853d3d977a648bfa64df7800a349533ebbf0b6cdec52058c1a6c0c8dfbae28b5106256cd18816032e6d739223e13fde204c9b5c4300611b22b83bf0c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
3fc20a91b596629f608f328e009e279f

SHA1
3a76451751e41b3aaf9a872b78794487e2a22e06

SHA256
40becbc1560dd307d3519d4cd1128e14a95f1e358372a694f35b3f358c7596b1

SHA512
bd2ec388cea4151b7123bcc78c42445a308f0179dbbbc71138f9b23cef6a8d0d77b8a931f8aff452534baf3b861e34cb01cb7ea549f3d0aa6b3b7fd6343e3e8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
88KB

MD5
1222f7bb1eed492424515cce70e6f635

SHA1
2eae1473911f4605fa4aa8f5209fc9246afeaced

SHA256
fd51e8b06603f8a2d8ac174d7ae1aac1e83bd4bb0f60a5f9f4c54dac64c68cba

SHA512
28369ffd028c0a501e0895c16b5848ebb2ae9c71afdf3b5ffa7681456fa8286df106ee532d4fa3deb0a64a6707ff3995e664f27bda0f4ebbda6898d80065ff8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
f10bbcc86fd1de1a7765a199123295e8

SHA1
9c25e1979acb9f0b34dbb78db729272f8d68b57d

SHA256
70cceea58dda9d5cc16e60f6010b1a10b84e21f13186e7647aa686b50d366eaf

SHA512
8a87ee05a9bffc478f03cd6e451f61cafb55aa618d8b715e0caf9f14ff0cfc81976815a4ea0a22c2995abb032550cac93487ea5a7a6313a8310b456cf4c11442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58ec9d.TMP

Filesize
99KB

MD5
51112346f8bfc7ac3bb65e5c54257f71

SHA1
655995ffe037cc874a534aac92f55b63fe94d766

SHA256
95d87c33b4948854f6f75fd4e5ebc8b3627d2ba108a4d128054bac214e55320e

SHA512
443f19a6a75f917b6b469c1550bce15302a779c92c814fbe6f9ab2d0572bf4e302a3829446e632f5773958c0602ac7f15f3cf98c8d6abd734da2d97e4ba043e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
384KB

MD5
7f00d2250062e1e6a6207f6f526b7960

SHA1
4f7120afb0a143eea31000ebf4f2147f325f8536

SHA256
a91369366e5e9775e1d9dc9ff2c06d2705acfc7197993759db1c89f8c9a02184

SHA512
ad5272dcdf65246b432b834c6a7ff062f9e7afc43f6366ff53d6653eab78a13f0d278cb9e066051e17bdc61b97114ff4ff99dbc27547cc9c1f595d1b17eb72ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
2a5791d53d990fbecafdff65efc1a45f

SHA1
b9ddee17f2ef73e90295263b58489ce1879ff4c9

SHA256
57f3b30feb6237b537c17a3bfdc5c49b1ff83715914f29a11d2eca43fc3f26e9

SHA512
e15ef99a80a6ad2119613ed0cec75127a7ac60f1e2836868380f09809bb4ec6bc0137e176e1c34b3e844159c8140f9183921592e8fa5a952ee15433c5e07e23e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit