fee4e840b33cdd9603d779b87317293329f404e287e251e047f31cb6b7f87686

max time kernel
1050s
max time network
1042s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2023, 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2023-09-20 1.23.24 PM.png
Size

83KB
MD5

c573be523efe7fa6841917a134efa791
SHA1

48e0eca79d2643680c0c360794c5b3aa23d663c7
SHA256

fee4e840b33cdd9603d779b87317293329f404e287e251e047f31cb6b7f87686
SHA512

09ffd2a2ac504e70dc9694d4149dd4dc0b34cfc4f4c7196246545705676f99a848adc28fc6db6f44056700efc1abfd4eb9b1466d679cde2b9d130f198d220801
SSDEEP

1536:kavkTHuFTMYCMLkqSPzzF7FwhXuAEOQV6W5bw+zmu3bs28OaTKmWG:oTqoSLrU8ZEnVfm+zR3I28QmH

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3027552071-446050021-1254071215-1000\{CDB70093-9BF9-4899-AD3D-8F6A903A9DA9}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4000	chrome.exe
4000	chrome.exe
4396	chrome.exe
4396	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4000 wrote to memory of 2224	4000	chrome.exe	101
PID 4000 wrote to memory of 2224	4000	chrome.exe	101
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 496	4000	chrome.exe	102
PID 4000 wrote to memory of 4912	4000	chrome.exe	103
PID 4000 wrote to memory of 4912	4000	chrome.exe	103
PID 4000 wrote to memory of 3720	4000	chrome.exe	104
PID 4000 wrote to memory of 3720	4000	chrome.exe	104
PID 4000 wrote to memory of 3720	4000	chrome.exe	104
PID 4000 wrote to memory of 3720	4000	chrome.exe	104
PID 4000 wrote to memory of 3720	4000	chrome.exe	104
PID 4000 wrote to memory of 3720	4000	chrome.exe	104
PID 4000 wrote to memory of 3720	4000	chrome.exe	104
PID 4000 wrote to memory of 3720	4000	chrome.exe	104
PID 4000 wrote to memory of 3720	4000	chrome.exe	104
PID 4000 wrote to memory of 3720	4000	chrome.exe	104
PID 4000 wrote to memory of 3720	4000	chrome.exe	104
PID 4000 wrote to memory of 3720	4000	chrome.exe	104
PID 4000 wrote to memory of 3720	4000	chrome.exe	104
PID 4000 wrote to memory of 3720	4000	chrome.exe	104
PID 4000 wrote to memory of 3720	4000	chrome.exe	104
PID 4000 wrote to memory of 3720	4000	chrome.exe	104
PID 4000 wrote to memory of 3720	4000	chrome.exe	104
PID 4000 wrote to memory of 3720	4000	chrome.exe	104
PID 4000 wrote to memory of 3720	4000	chrome.exe	104
PID 4000 wrote to memory of 3720	4000	chrome.exe	104
PID 4000 wrote to memory of 3720	4000	chrome.exe	104
PID 4000 wrote to memory of 3720	4000	chrome.exe	104

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2023-09-20 1.23.24 PM.png"
1⤵
PID:1608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb50cd9758,0x7ffb50cd9768,0x7ffb50cd9778
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1876,i,12945513929103200535,15537791740537578181,131072 /prefetch:2
  2⤵
  PID:496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1876,i,12945513929103200535,15537791740537578181,131072 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2276 --field-trial-handle=1876,i,12945513929103200535,15537791740537578181,131072 /prefetch:8
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1876,i,12945513929103200535,15537791740537578181,131072 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1876,i,12945513929103200535,15537791740537578181,131072 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3816 --field-trial-handle=1876,i,12945513929103200535,15537791740537578181,131072 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4896 --field-trial-handle=1876,i,12945513929103200535,15537791740537578181,131072 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4676 --field-trial-handle=1876,i,12945513929103200535,15537791740537578181,131072 /prefetch:8
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4900 --field-trial-handle=1876,i,12945513929103200535,15537791740537578181,131072 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5296 --field-trial-handle=1876,i,12945513929103200535,15537791740537578181,131072 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 --field-trial-handle=1876,i,12945513929103200535,15537791740537578181,131072 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5484 --field-trial-handle=1876,i,12945513929103200535,15537791740537578181,131072 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 --field-trial-handle=1876,i,12945513929103200535,15537791740537578181,131072 /prefetch:8
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:5192
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff6b3627688,0x7ff6b3627698,0x7ff6b36276a8
    3⤵
    PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4824 --field-trial-handle=1876,i,12945513929103200535,15537791740537578181,131072 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4668 --field-trial-handle=1876,i,12945513929103200535,15537791740537578181,131072 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5224 --field-trial-handle=1876,i,12945513929103200535,15537791740537578181,131072 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 --field-trial-handle=1876,i,12945513929103200535,15537791740537578181,131072 /prefetch:8
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3320 --field-trial-handle=1876,i,12945513929103200535,15537791740537578181,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3300 --field-trial-handle=1876,i,12945513929103200535,15537791740537578181,131072 /prefetch:8
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=1876,i,12945513929103200535,15537791740537578181,131072 /prefetch:8
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1876,i,12945513929103200535,15537791740537578181,131072 /prefetch:8
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5476 --field-trial-handle=1876,i,12945513929103200535,15537791740537578181,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4396

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1856

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x430 0x2f8
1⤵
PID:4112

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2072

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:3788

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
1⤵
PID:4388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1251f372f203e4dd98959ca5f88893c5

SHA1
11cdfb0f4fad104d56ce1742971a0b0a62c8f40a

SHA256
b43f3d288525ebb3fde8f3d49fa0751655e2d723aa602322668dc6cda54833e4

SHA512
04ee30af61c39088ea3ca0e9502c7c2f1345ad1615104a567fed1a18720331dc76dfb7c26b84f11923305a48f7774d8155d435b3cb22f3544ed5d9ad0065a59b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
39b5bc5a73333f2ebc7979d0cdebc8cc

SHA1
c43c01e8c74d22e5c79b1927ed5163a33fa6cd76

SHA256
f380200f3b0944df0aeeefa76a1295187f2f553855d2a31fb2122ba3c4ef722b

SHA512
86d68da2edda25574691d7ae005ff6fa0df7782c5b3de82380cbeb5c1f77f30511d760e2e1c516efaaedbfbee8a0f270cdfbe1ee8efafdce76d8f012f62d2d11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b6628b03e7e2f72f6ec7126003ee70a1

SHA1
f369b254b671109ec5346f230d5119931904f14c

SHA256
7fdcd592902b2c6cadfbd6643848f77fb9212774cd356291ea8e6305a339b998

SHA512
588840f0f944b529c3dd2101a5fdbde2364b6ab5f6c7d76fb5fe13d8058df2f675d7dd1962d8c6de55ae43f9db2be394018154653ac17d5704ac14d57cf93cdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e46e58304a994cde440492de0618db00

SHA1
b4090e3eb9477ca12f137716a09d158618d73816

SHA256
fd0c148df2afb1040d6c4174bc1e5fd8526633703cff523d5985477d845dea79

SHA512
d9e9d9c7cc78f7420bcd72ba26567355768a2b1acc74eeb4c9ab7ab76a919d5994d1373d8942f8d8e40920ed0d4cbd4f78e2f24c5c3f5e8ea921575f2e29cef1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
382655ecaa3a4eea1db4b69f542e2122

SHA1
cafabd56f84b7489ae94183d8bccf2b8be034ce1

SHA256
5c00a0b74891ade8cee691a61c31d27c43581ea7e51f2c8c495b4b5adafcf6d5

SHA512
d13fcbc2b03e631f182751d868785a182b4fda9be690f5c2a66947a50a623208e88cc2b22fa94038c9a519a69de2d9ab01b1991860540509b1b07ce9daf7a370

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
06c5a7c2a6913678d91c8ddcc9646325

SHA1
ee2444c6ad4fb36c81e3da9fa319527b7092b15e

SHA256
67147a4fb4e7bab85df952002080f079cc775e46f685018e87c3e1e2e4c9dddb

SHA512
aa018f87994ed2c3fbf68827420e9ba701cc5a01178a6396d7c398aaba9314b151bcebec3f763325a8a5f93c7d5c0163727040dade6aa9f1a9cb0243d9e81dff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
65fe959e8d35bc61e9edf8a0cca45d59

SHA1
2c81279ca5a739c194a99a9acb6f9e199f60342a

SHA256
b0652a63112c66fb17e492153730136dda759cc6a0ddbb03ba53d3287dcfcf20

SHA512
1c42d73734de0d810277905eae64df1d1fdebacdc0ab0dd4dec01f2a2e6093d7ebee5ac2d4a5b45eb8a599f86f842581ee40c3ba4a4998fd94497c40896501d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2857c7a8a9031de1b77159128e0ff5db

SHA1
0e21e1662be004ca74b15c828dbeb817456d079e

SHA256
404c8c32342806041f8d7ba148c3fd03d2480bf63c8fb235ca8c82f9beffe63e

SHA512
61eccde859e4d01140ea5d4afb38e915f4b1c03cfeeaf6ad880a7dc0052dab8f98dd7e7b3c08dac027fafc66950795d0e152da2c3b2ce69584a6287912075f8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
895941eceff16fe963d6e82cb2c971b8

SHA1
e2b442c1133f703ea62a6d06b5687b4eeb546854

SHA256
84c07e436073a1007f519bbf8438904f3d66160e059c81451c2d318e230f4d65

SHA512
882958795403ff6fd364ef466a563bd6cc89130b941ea34e7eb6cc2f332c0f4856335ffea836a707fb5213a1d44c1ff579b70a129d95c49e9e82dd560a930270

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6dd053038cf81f6c5c6ddb07c7e0f4bf

SHA1
32565f40070f23aced084441a50fbc3a4e0ee4ae

SHA256
368f717d4feb153b78f5c0b6fdbfeadc51b9d5e9c96396cfe30ec0d6b435b75a

SHA512
0638a486ba4be0b2535ff6dd7e7c5d5f2de13883d8dd6ea70a2d0b5cf144fe3bde943c17456fa8d4659b1b5034216c63e328008d5cfa886a457f752799c70e25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4542d23472a1dca3ba713c9b372b5824

SHA1
8e5def5b6fa4b4fccd75f72db96b1cf5159bcf3a

SHA256
b7a4ea60dbeaaac67832dc94f66efd038d5db1efff90e0b2eee1a93f0077835a

SHA512
70c5443f2b3b9bf1f9506cd3ca68ea3d7a3ea842bcd5b456b344d672196ab9515dcaa7c6ef0bd487664fa531adeadb116e0cbf852b0f297b2f3af696f49cf1f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1be65b0a78d176800eb05cb6de87e5f8

SHA1
15c93637bde8cba45d35aa42eb6fe3b8b07ba222

SHA256
bac57f50449ec2a81333931983b1f413a1c537b41779b9d70cb58ce0fc8c4648

SHA512
8737c1b207aee694ea54044bbb8dccf02c0cb8f324a23f74475e4846aba07ee73ac681338e929ece50bd5d8c8ad2edca9bdb0f0aec9dfa45da5cfc7d9e7d2db5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7b2e65fe47017f6acde22a418b6ceade

SHA1
10c626d9e7ec4c1f746f87c213fb50c0babfacc6

SHA256
c2867ed499decccfc000417400f344ab999740673f7442ae50372e0bc9e3c506

SHA512
f3bf4bfc80d33d4ab70a0a277924c915c4d5ba04662892ad636bd6ccd4192684e5a1e5b11bca0ce63db21e4372041d6b85755ef79ea46de152b47308d27f9057

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6ea573fb725c34af9c171a4adb015ea4

SHA1
7685de9e7ab95352090f740eaf4184fe940e6307

SHA256
e6aee98f76e20b23731a4238e490a64d7f241d0bec776b23f7d1275fd2f2cf10

SHA512
b09f85a39e7297a266463d72e73d461eb521ab5722e0d01322f4851544ac8c2615185e9bd2a72dcd082be2bdcac2521cdee025f61fadb8710562fa338bebe8d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
40ed11772fdf1f36fb64335097fe8e72

SHA1
03c5768aaec1b7acf1f1e8214ab75d3cdbde9900

SHA256
ee0c15690a2462bd45988e362db0041441753acda0cc921629e489265154b0b0

SHA512
4f5c52f85ac639d883d749fff7c4bdfe475e734c86e969f45e10492d6e42c2d745dff72e4b63e49fcd24a82184154137e46ce4b699779d35e2f624f08a83f2f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
98ee8da87f44dfcf248c9e4000779483

SHA1
2c248ed559914adddc2da6ba12c6ff3cd5708f55

SHA256
6815da07628f12ac14837e764abc8b070f3d91839173b7506799ea5577a05bd1

SHA512
01088a18839e4991c35d3195d9723dd250f983768b455adfe0b060813162129fef1a29d831a92ac694b959362e29f7375df62a680a4286e706dddd1071ca9196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1463383238e71163d37b494bd3adf129

SHA1
c1fc152aa063b261511a6e51533f795be81f2ded

SHA256
3e7948ce64713802a39581115d6f4f077b4fb43eb0c9db0caecf4c073bc7ff76

SHA512
484aac34d60e0e1931b58414df58d58e2d926f6315bb823954279f2a8d2e8efe1446791a6aa204bda0bbedf7baea6dee1a0dec20c3083a7b0017b5a1fbf7c741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
98cd42497db93c68ad2581b43f0d7d8a

SHA1
e92da8cf8b3bfcd691b5b8111794d64638203644

SHA256
db62dd0ff75de8c1431e37532006c96dd81f9068db8256f31a2e5ee41deca1a4

SHA512
ba5e2f7afd1d113cde58d82f4351c799c09478725a5d247085703a349664823fe7ee7233386f909278ff111ec4c3fb8d2da12579c1332e90615172120a616f7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
5d19b6c89b94ba97cac9aa2fb7c4e314

SHA1
5bc32d9d346a39586c247347ac6c587481fe86dc

SHA256
82adcaf6e0ae08ae5f8c9319ff698ce189f881c47efa89c23e2e67bf8c4c3175

SHA512
4bd5c77c16ba3e139ba8859c635ad77aaec353ec1b96e3de802fa0a4808569fd42c2cfa8ae18709de18822c9a8b97040262b1375165d5c8fea0faf2ef565889b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
46619ff04cc96397765535abd7a90c21

SHA1
28df1b3efb1f31596a50eb5f81f45d87a6d8786b

SHA256
5e0dee781895a762852783bec3a68170367dab41af53f4dd9682a10322dcddfd

SHA512
03527464455b78daf5de4ae97ff0dce0777d923e64ef0fd4a9f0866a553b9ae36e3494bbac0a737adafb6e13964338b6492aa81cafe59fb7e7dabf504b87d714

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
792e22f11a7a7ba4b0f4ba5a857396ed

SHA1
cc506590f8e7e3ff7cca7e8cfe7680361ad1cdcc

SHA256
a082bf052ade631c6a25313da81df5c97193de9c62890a5d6c458f95030d13ee

SHA512
eb3e504cf82e7d74b87cb5f916fffbb6c3f227936da173000fee768a8cc7b53434f3bc15ba68372f43a350abffbb9e30010a730715511454bbc2379ed2c632ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5821fa.TMP

Filesize
97KB

MD5
59649f273e19ab28dce915ea84f80bfb

SHA1
ac81ff6962f79a68450e4bea3eaabca781821ecc

SHA256
d5cb6b6c7a33194459f7382db29b5628860c2ae3c88a715d1487b1742b82eaff

SHA512
e9fa3677c35000ebce8160942c590267b4249e321c52a917c1bb82c7ebb90f9b883348392ecc7a9868a961dae72933939bce4eb8f7acf687e5a7d1d10287a365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/3788-518-0x00000211AA210000-0x00000211AA211000-memory.dmp

Filesize
4KB

Download
memory/3788-517-0x00000211AA100000-0x00000211AA101000-memory.dmp

Filesize
4KB

Download
memory/3788-516-0x00000211AA100000-0x00000211AA101000-memory.dmp

Filesize
4KB

Download
memory/3788-514-0x00000211AA0D0000-0x00000211AA0D1000-memory.dmp

Filesize
4KB

Download
memory/3788-498-0x00000211A1D60000-0x00000211A1D70000-memory.dmp

Filesize
64KB

Download
memory/3788-482-0x00000211A1C60000-0x00000211A1C70000-memory.dmp

Filesize
64KB

Download