9bc978388ad2ff19c43ba79a0c6d46c618d8d3d4b0cead391244453853f9522d

Analysis

max time kernel
480s
max time network
486s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

free-tour-basilica-guadalupe-589x392.avif
Size

89KB
MD5

2ca000a0f8b5ab4111f58e72602fa503
SHA1

c8b083fa871593f56a369d0810b29d14b6badb9c
SHA256

9bc978388ad2ff19c43ba79a0c6d46c618d8d3d4b0cead391244453853f9522d
SHA512

dde2b1950adc4a8ede03e4a0ce9f0d7e4664a0338d567ad99a02758c0904a548a6c8c7e604bddd9018aac09f0f961f2331f91d7d56a349029a87ef0d415b7077
SSDEEP

1536:2OvygkX/2geHT0SCNDZGG7eQqArrznyq3CkPI4gM3JVMa2ITJoXRZ:X8/CwtaG7eyjZCJMDMaB2XRZ

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133377072555474462"	chrome.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3195054982-4292022746-1467505928-1000\{8614F30C-0FF9-4269-9E9C-B9CBF09A4A8D}	mspaint.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3195054982-4292022746-1467505928-1000\{AF289A88-518C-4351-BEC0-982A4B8E0614}	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3195054982-4292022746-1467505928-1000\{C8A64DFC-2CF2-4C4E-A17E-116CA4A53499}	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3195054982-4292022746-1467505928-1000\{52AE7D22-3BB0-4333-A362-434F7AB880AE}	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4988	mspaint.exe
4988	mspaint.exe
412	chrome.exe
412	chrome.exe
5080	chrome.exe
5080	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2668	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
4988	mspaint.exe
4988	mspaint.exe
4988	mspaint.exe
4988	mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 4988	2668	OpenWith.exe	89
PID 2668 wrote to memory of 4988	2668	OpenWith.exe	89
PID 412 wrote to memory of 5000	412	chrome.exe	99
PID 412 wrote to memory of 5000	412	chrome.exe	99
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 4428	412	chrome.exe	100
PID 412 wrote to memory of 3108	412	chrome.exe	101
PID 412 wrote to memory of 3108	412	chrome.exe	101
PID 412 wrote to memory of 1912	412	chrome.exe	102
PID 412 wrote to memory of 1912	412	chrome.exe	102
PID 412 wrote to memory of 1912	412	chrome.exe	102
PID 412 wrote to memory of 1912	412	chrome.exe	102
PID 412 wrote to memory of 1912	412	chrome.exe	102
PID 412 wrote to memory of 1912	412	chrome.exe	102
PID 412 wrote to memory of 1912	412	chrome.exe	102
PID 412 wrote to memory of 1912	412	chrome.exe	102
PID 412 wrote to memory of 1912	412	chrome.exe	102
PID 412 wrote to memory of 1912	412	chrome.exe	102
PID 412 wrote to memory of 1912	412	chrome.exe	102
PID 412 wrote to memory of 1912	412	chrome.exe	102
PID 412 wrote to memory of 1912	412	chrome.exe	102
PID 412 wrote to memory of 1912	412	chrome.exe	102
PID 412 wrote to memory of 1912	412	chrome.exe	102
PID 412 wrote to memory of 1912	412	chrome.exe	102
PID 412 wrote to memory of 1912	412	chrome.exe	102
PID 412 wrote to memory of 1912	412	chrome.exe	102
PID 412 wrote to memory of 1912	412	chrome.exe	102
PID 412 wrote to memory of 1912	412	chrome.exe	102

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\free-tour-basilica-guadalupe-589x392.avif
1⤵
- Modifies registry class
PID:1524

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Windows\system32\mspaint.exe
  "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\free-tour-basilica-guadalupe-589x392.avif"
  2⤵
  - Drops file in Windows directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4988

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:1900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff979919758,0x7ff979919768,0x7ff979919778
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1944,i,3863362445472308538,7643529150277038587,131072 /prefetch:2
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1944,i,3863362445472308538,7643529150277038587,131072 /prefetch:8
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 --field-trial-handle=1944,i,3863362445472308538,7643529150277038587,131072 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2828 --field-trial-handle=1944,i,3863362445472308538,7643529150277038587,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2820 --field-trial-handle=1944,i,3863362445472308538,7643529150277038587,131072 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4680 --field-trial-handle=1944,i,3863362445472308538,7643529150277038587,131072 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4744 --field-trial-handle=1944,i,3863362445472308538,7643529150277038587,131072 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5008 --field-trial-handle=1944,i,3863362445472308538,7643529150277038587,131072 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1944,i,3863362445472308538,7643529150277038587,131072 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5272 --field-trial-handle=1944,i,3863362445472308538,7643529150277038587,131072 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1944,i,3863362445472308538,7643529150277038587,131072 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5344 --field-trial-handle=1944,i,3863362445472308538,7643529150277038587,131072 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3360 --field-trial-handle=1944,i,3863362445472308538,7643529150277038587,131072 /prefetch:8
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 --field-trial-handle=1944,i,3863362445472308538,7643529150277038587,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4844 --field-trial-handle=1944,i,3863362445472308538,7643529150277038587,131072 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3692 --field-trial-handle=1944,i,3863362445472308538,7643529150277038587,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5080

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2456

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e8 0x2f8
1⤵
PID:3384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
fd812fcac705c20369ed1fedd964959b

SHA1
febf078fe36f71e5fddde6570eeaad90feed222b

SHA256
152f45d3d425ad0baca3b73b7bc1209f7ee3d5f1de22b4f013d91f92a8b08e4e

SHA512
9e97791b1f47a679650310fc0bb49653c2e6802c142b6670ea9bdacc9cef92aed637cbe1639599dc24b3da5bf4e021f680b74fc427381927146eced447094ef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
97eaf73b137c3544c88662b3b909a806

SHA1
1e930481df6f5537dfbbac47268246b7c29876f6

SHA256
e3ab16d5c821d3fd57a6f46356138c50a29d2645516c79b347432725f4b8a6bf

SHA512
4d7906be15218e7f639cbbc10a61d27cf3c6b4f4a37f13bcd530f57912367710388f7100787c657d3a10e0ef1e2758e84e5f90338b8fc748cd2e61f7693deff7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
dd46a2577b4b90b67fd38bf41165656b

SHA1
34398aea29c9aac0342d4d234fb159b841e841ea

SHA256
8cf31c63b9d71a4a9df5ef1a2f718ffb332d0284951ad33542d25c2fd33d2652

SHA512
4b3ec36ecef6eadc7cf6b3850abe04057a7d25b69482a0d53ee68860c1e8b55e64221d5ddb2d61ddc98a9a7fa078c22157e37a7535fd54f76a34c59041087fde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
16d3c14e6fed2fe49896929fecba3175

SHA1
d91a134d2a0e0cc9764369cf2037b4a8b2de8753

SHA256
b469985ca1d6080fa5277aa61cec37f6b7ad359008c04317bd674a83e2c9e94b

SHA512
98e3fa62cc2382390b129e33d987adcec1464f368fad42ff5553a09fdc70703fc1cfa8499d07b54c7cb94b3ee1de9cfd3e4adfb88354d9c5535a506e79a6d195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
121e6a0d299f7f853c9294321931e03e

SHA1
42c660927a21d1fab09bec6147390ef532f426c2

SHA256
4f989811d9d9c457bd3de4a2842b73316da19854e71bffdddcd58c1d52806618

SHA512
b978d82e3e17387e562e93ce7ec0b001eccc6f17729b2d7cd2025368b123af93a20eab737a9a249cdb8221e81cfb4845768a07c65f5cec864fabc975114c1b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
6b94c4a5fac06ce23462399c46d88443

SHA1
5df9f26e1f4cb0ef5791cf8465ee2f160990e7b3

SHA256
51c0cf2e44055bf18bb8c1d67bdf636e3fef4a8095a7ea7ae2ecd7c3ac472186

SHA512
b3b29f2206bdfe7f32296588d8c93422bef059030af10bc41512ff6bae322be2bc920315600b1a6af180c0661b311789ed3dd13cd8ac2c2d749af16ebaad7307

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7455c530beee93ec8846cba30d3d4e67

SHA1
78db239e74cf58f523208c7a142542043019024c

SHA256
20635acd26c2ec3b56970ae18d85cd550380ac338be51800bf4e84378a89f878

SHA512
44005bc0adb11c76a202e60637403269ac9a7e0927601e2a677a50a618902519dc0ed6ba0839c7c2bd0d037a1218288070e310bc28b90e015d993ae690859e36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5415854acc8407263e9e6306ee6f0be9

SHA1
eee0c79bc160dcafc57a4f78ae958507f251e48e

SHA256
f3440eaade5d5a43babcb8cfaa504cb697c84cbe6b289dbef2e7a02f2605530f

SHA512
473423297a7a3b5df19183cb1b46df5be164616f68033b58277b00cd4e901911a6cfe99e7d81acf0661887a72b21206edd7cdbbb324ee61e70101f98aa4c67df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b8339cda6aeffdd9ee40ebc276e82fb6

SHA1
65d355afbe61a901c572f061e226846d3885cf65

SHA256
efd72a6fc88eb5b185108c4556a70e877b8f278046eee717c8879e3edbf1a3ff

SHA512
c5a79c9f98791210edcf6b3b531fea7ff95f3d2d8f2bdc87c19f2e00001d38aaeb6fcbdd5b16ba0912c5d3efcfa1f9d4a852daf02da5dcb24a3d15defed71583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
24325a6e5d40eaef66943f00e06b630b

SHA1
c8e2b262947b68f6e38e097e5bf7d8f19d34654c

SHA256
4e14888eccbfdde41e495682df6b7e15029468045809332cc51b2d2a09850b58

SHA512
01e0a5ae0e08dba0bc2114dac027b6bbbdf9ce6d823c472520ee9d079f94e5734d008c3fe8abca683a5a45879ce6a8b9c0eb9a3d14a067d95c771e85d7889c0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
a5e38792ffd5b33434a83a5523ad9c1c

SHA1
54127038c30be173032d1e375cb96c669adb0e69

SHA256
328f09dc4bf5faa516e64dd6fe6bccfe20e967433dc015d4e36a2213e4601586

SHA512
1fa6bd77fba66162c1b0059b99b1dcd3899a51028648fc7f0aed622104cd52a2d6c22eb1e3ce54dcd35217f015fbda6a1a8008362e9e2370256c8243bae49f0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
b97fd4a88a20e5552601291287b57a01

SHA1
784ecdee0a1f8f0c9d47855f58cec0e36312e429

SHA256
2bd31e5ab6654e161dc059d26457bd5887adbdfa8787b301a3ee2584cb410b92

SHA512
f91a24cc5a41ed2adf7f46226d2e016c71799954ee1d4b869690fddf75eb86fa13fec36c9d84059dd3280267eeb9812ee3e8925404ecb01b0ca1297139cc2c95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586cee.TMP

Filesize
97KB

MD5
616a2ecdfa3c017879a067943ec44f41

SHA1
b014c8f07e2b9573df6552f1b98abc0ad26f173c

SHA256
33d4973739a3e40771d19a859e1def0be8fff34b418b865d5971aa0ed6f07fce

SHA512
c26b7e9893d039e106a4aa0d86f7fa43a585a7336385dd27d2145ba70680fefae8ccdc1f0b2ebb026fdb8876300772974c60a61f57543ba3be337b5f1d65de3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit