hxxps://192[.]168[.]22[.]107/acc_MOG#/login

max time kernel
300s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2023, 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://192.168.22.107/acc_MOG#/login

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133403865908664191"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1384	chrome.exe
1384	chrome.exe
4520	chrome.exe
4520	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 4508	1384	chrome.exe	37
PID 1384 wrote to memory of 4508	1384	chrome.exe	37
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4500	1384	chrome.exe	87
PID 1384 wrote to memory of 4264	1384	chrome.exe	91
PID 1384 wrote to memory of 4264	1384	chrome.exe	91
PID 1384 wrote to memory of 2472	1384	chrome.exe	88
PID 1384 wrote to memory of 2472	1384	chrome.exe	88
PID 1384 wrote to memory of 2472	1384	chrome.exe	88
PID 1384 wrote to memory of 2472	1384	chrome.exe	88
PID 1384 wrote to memory of 2472	1384	chrome.exe	88
PID 1384 wrote to memory of 2472	1384	chrome.exe	88
PID 1384 wrote to memory of 2472	1384	chrome.exe	88
PID 1384 wrote to memory of 2472	1384	chrome.exe	88
PID 1384 wrote to memory of 2472	1384	chrome.exe	88
PID 1384 wrote to memory of 2472	1384	chrome.exe	88
PID 1384 wrote to memory of 2472	1384	chrome.exe	88
PID 1384 wrote to memory of 2472	1384	chrome.exe	88
PID 1384 wrote to memory of 2472	1384	chrome.exe	88
PID 1384 wrote to memory of 2472	1384	chrome.exe	88
PID 1384 wrote to memory of 2472	1384	chrome.exe	88
PID 1384 wrote to memory of 2472	1384	chrome.exe	88
PID 1384 wrote to memory of 2472	1384	chrome.exe	88
PID 1384 wrote to memory of 2472	1384	chrome.exe	88
PID 1384 wrote to memory of 2472	1384	chrome.exe	88
PID 1384 wrote to memory of 2472	1384	chrome.exe	88
PID 1384 wrote to memory of 2472	1384	chrome.exe	88
PID 1384 wrote to memory of 2472	1384	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://192.168.22.107/acc_MOG#/login
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe45b09758,0x7ffe45b09768,0x7ffe45b09778
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:2
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:8
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4700 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3216 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3208 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5292 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5432 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4796 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5760 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5716 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2760 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3272 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6004 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5464 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6128 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3108 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3328 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5932 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=748 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4844 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:1
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3000 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:8
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3132 --field-trial-handle=1852,i,9202240911055515878,4573921401751268278,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4520

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2348

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x4e8
1⤵
PID:3432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
40KB

MD5
7af63db34db605d8dd2c1c9a01b1e053

SHA1
0a78f5165c37eb51371afe2e9dde9ea1f70b8912

SHA256
b4f04e6c5f7e27398f72dceeb47a4711f6b4d475c4a2c8c23e8930d6718ce938

SHA512
78387a5038d814c1ac71a35bb44e0e1e9a49456e4b0da8e38766f3ca3f4ce9f973926697701bb1cfc47552dc11ccbb1326488e0a28f1b1f0cd96e60ace05a8b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
263KB

MD5
3cb12db7c672b33735006480a455ec72

SHA1
d060e5996b3f7143755496cf2a06de5a59c283ce

SHA256
4c7a552d219146985961bf78d9083b7e2c1a82c4ada5d959f48b3e53754c9049

SHA512
808598eed329f0bf3ae2800eb9d7346a16e23fb4ee0a4e80f61f7f6d41fff09b76cb33e4d21d5dd6768d010d361ae63760814e4076926093afa8edb21bc52326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
259KB

MD5
3e55c56205a89c859fed005ae1729faa

SHA1
b33bba44ef2d6932707d0eef8e00b0ed534fcbb7

SHA256
3eec290a7f7da9abb00b49ca84f5f16e6d45ca33d40fd8ede4380835d6161d71

SHA512
08857f23cb9c37e55fafa55d5f2b74ef7894bb54138f6c0db243ec14310e5a47508375da83eb8d6bcbe471abe24fd71ff24040139ec85c0eb6406d3b45341aeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
64f1e79a508001b8267ac6b8a96459e2

SHA1
b092a3af2d210fec614c0d15c30cc3d6afd74058

SHA256
386b36f42d29633505a672cda78ef208267d411504c6dabcbcf436264e262599

SHA512
ac80f48424a40268ce99462ec25ac92a6ba133e92e2cbed6fb86f03ebc4eaabd8bbb3b6444be3b3a27e58d3653164fa60d210749d76909ebc980b1009957abbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f8802e258d37ba558148e032e5d9dc1e

SHA1
9ba555c7691b82ebb7fe9b2be796c120bd6db2d9

SHA256
5083990fe3dbf1e951c7680bc613a5c587a4426556c497a189267a0e2ea26414

SHA512
f6c7e6fc0530000ce79145be9ea19b7a635dce82ff709142a0818b596f2256f9e33c26048003d56af83c1dc87232eda34ba5d2a050f3cecc30a59b78e53053b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
bbd3f86c2f1324147777e172b80dca4f

SHA1
576d662b3a4394b7b1c7e1a6e386b450c4107404

SHA256
388ac56dc899b9f68c5e9ef54db0cd24d780d12292beb296390bd0a848500498

SHA512
037e840afc59e525d6515810dc1bfe0ab44daf9d9afce0e5bca6270b59a1a8da3d557daa0355a61fdda2bd7a1f51094c82ff06cd03903b3df18d9e35e22aa2b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2bd95e981906c2c99394c2e390f737ec

SHA1
23074ce426763a2d96d2870db05fa76e8fbf9b03

SHA256
b231fcda49c1f226dcbfd638a19e416d7a94514ea9f8f0a5195f6327a836b7d0

SHA512
2c7943e5e88247645c7d3e384a45acd1f4715dc2834cb083416b6b7b5c78f81fedcd6b28eb8a9e46c60079ae0bc8983b57cbb9af1eef1061d7e4e8b352ae3ff2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b14587612a069d7309293401ac38ee1c

SHA1
3adea439de7d3dfc474e4bc4aad86005c0e6d113

SHA256
5e25cde7fbf7ec0da2f144268f3baace06c026cca6c91f7e04275b019b53ada0

SHA512
bb12b50454604d47ca53309054691603d3f551008212126ab73d522e7a2042d8116a270f92171dea059fec878351a9a009fb6d8217700d26896283f79bc612f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
bbac1da987ea37e4d3e0ac99a1abfc23

SHA1
ba039cc03afad4294553f1ac6ef553e5ba5a3afc

SHA256
f2a0a4b089fdcf2ea966f3cca9ae2f1c17d995da53768375a738749957a08e6b

SHA512
f326bdcee6b48e1259a14d9e2b373d811994875e0853ea55a4be149dbae149c272b30c7be311c6917d86a770a7913c695914bfc8823c1ecf51aac635202e567c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
3985395093d10e8af668d4ae45614c72

SHA1
33b27c370f612057cf637766073567257684b98d

SHA256
602ed9b0c80ecd658ec59e771a4f9ea7045ba6925e8daaaf0e89007b5779b69e

SHA512
19f893831ef358a2282904a78081d7232654847908644bfa95f8f67690cabd4f74f42efdd5158a9dd9716ad0ae9515125ea4bb9550c6448fbb44cc4ea2e16a31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4e3865b424f3b98cd0f95e598363a871

SHA1
25d7cb05f6a2dc3cc0d4fd10cb555ad72600400d

SHA256
5fae4d02f64ef74c7918e1cb645759463de7da54e773620cff327890a5f67adf

SHA512
bee16a6e5e75c6df60edcfca84f518c826995264094545c2f0e2c8cd359cccd95c746e7ad102a1fe2f97684a2181a3022c28a283a7282317f004691789e357a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\ec02759f-ff7b-40f0-9f46-5cb95a911d21.tmp

Filesize
4KB

MD5
d67b61a59a89e73a550720b00d91164b

SHA1
b4a9d317300830025816b44a9ec95523e0d4f14d

SHA256
748ebb62d01257594586570d51b5454b1e0189cf937febfe9f33cf7756cc1d13

SHA512
3fb3dc3ee0eefac0a8822a2ce4eeac7d32961ca5c57eed894087006d05a1e3b34ae3af0da1d651829a51667279fc8aaa5a91fe3ad2412734cf173829638e74cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
10a09cd17c92186b5f33f293389ba262

SHA1
f709dc5437e1d7465209058fa18e88ef83036b17

SHA256
8726ee07190e654415fb7f1c8937701ddb3e916736b02e4d1e55d5150dab660a

SHA512
65555838a587fb358aa3b7b25a7f52a9530a15432b0ef3155d7ac9de245db2cf2168e66bfadc289276b92658cf8efb3cb434115cb12b821a34b8f6e0bb054a7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
753ed7354511e7146987f2bb2b9c3bf5

SHA1
d4df18b891e54c364bb8417672f0ddbf8a38a5c6

SHA256
e35d815f9d666ea535a20762e411942ac7bd02b1ec527de80b4c7af09f708cea

SHA512
ade899cd550bbcdf8aa5e6dd6cfe3aa53bd3fca71815291065a8042ec4efebfec9d5327139b5c6b5b8c58ffa5a40ed1669e22dfe8a15c9b291f8e45ca7e63249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
54aaf33e3b02ac9ef1d98e07a6320c20

SHA1
14c77aac6874f0db2bbd267380b02054da773933

SHA256
3d4b2ed5552fd39971e0a4b96d807cecd417dc0b93083b911f7a39df78251e36

SHA512
05600d4e663db8a30f127943d5e4283daf1582024a91c604dffb50b77ca99ed7cd3d95d1fd494692562f0f7449a377cc3b4c83bbf1209acc97c0e056caa9e016

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
13503acc61ba110447855352ff02c8e4

SHA1
aa83b0e1302ef5b5d218754049f5a8c37d6eab11

SHA256
0081d4777f53140fa37f3fe73e9a82c4ee4ee3382cfae8362bd49901f47d1ff2

SHA512
917a6e32dccda7625cb58bdf0f709e50e0ce04fd558c1448794ff0d58cce04ddafe357285cb2876b6b8b1d33f14236c143b2b60067dec3afb78b68c326d8ccf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c364a37ce9b4a4d446cbcad90c70fe5b

SHA1
16345ccc42a9644ab00ab77c9d5071f14c4713bd

SHA256
eca9789e80171843f45ee747f2efdba4da07669a7f3abf627f81dda049d9dc66

SHA512
5dde8ad76de583e4e13e94927141debf84128781120e2651f6ca1229cbbfe0dffd706005295bb740843d896dfe29ecdeea7fd18dd712604ad20c641a783fd9da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
6f9ad7b6a10533e06ff55ce35d71ed56

SHA1
056c05e82a99421bc33147812cf791a332f1db73

SHA256
9cfb6bde63cddcecafedb36a8dbbdef618e562fdfc35f53f97017ab7faa5262a

SHA512
177bd19f9211d41417743e6396784b9953eb0a68f7e47f59c93b22ce6c069509b2a45c6b0b8737e404e490996e9ea6e53f617ef7b409631e79a0ae34bcee24f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe580700.TMP

Filesize
120B

MD5
0ac432868510ecae7b31888213c69d11

SHA1
2c4d58a7641a00d44fbb61f96a9006939de8cd70

SHA256
50d16bbf2c1d8b1e4b38c2b47eb03aed84b4c88d4de29df02031581bfcd2bd91

SHA512
7c3d38b778245fb8654b6310c990d252a54e4274f8124e0840f4f0e420f51ced939ea979aad12d0d1e8df097a2bd0ee60fdb00e5aa9af4c64381a579a9940834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
0eb324f9c216868bc9e279c45e8fde52

SHA1
274a43cbea8b09908ddcd4e480a71f1e7230214f

SHA256
f37fc084bff7934f21af7a98cf4af4d99ba5c76458ed9ca555f15886005650e1

SHA512
c6c2eb244dbd1252273a273d305725eab2381531a4e6ea5b8491a148b82ce246c97aa8fff26fb61d9d053ac8f00f4d2b2be1cf9980100aba217c9914dfc57e23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
31635b1b44e678e4c5d86e0f834e47a9

SHA1
4fce1ab6c340009370376b5e88a038a509e94efa

SHA256
e963d8628cb131f80fa8a9ad83dabbb54d1a51cd5a69b818b6fffc18bf5418d1

SHA512
51974af3a9b92acb17f73ffb2142b13246cd4b5bcf94f7d7ad31573dcfcce0053e41b68efaa6ff470cca45265cf21ff8616408b435e61eb2a9a59eaa92198b60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
4d2d18a335a86f2a252f36bd719b8637

SHA1
ce8bd4ea205523320ce6bbfb8730fa4ebaa8473c

SHA256
27d96df43babde8c161c0a7b7cbbf5bf6cebbdc5398e283f29b5d4e3da1afa29

SHA512
3aeaae0e6ddbebaec518b98755d4ed6730c27cf42f938173abba3a47c6f795bce032d1abe87e3b1160f0650639bc380bbd30274a937af0465fd61e220d6d9440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
19919c05a3509d5c7f1933a99e75b94e

SHA1
777b12227e2e9d261804d077d38efcd41402c9e2

SHA256
e009c605e133d211c57594b00025b24c8faf4c46ad2534279f9c744e2f955506

SHA512
aff81833a49cdb91694b6e6959f7b915ba0d16da1b16dea39bbf9b664a1329802a438e5d0c5c62a9775e08cf18b31ed23fa69e708cdb918153f968e7281571b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
99dfdb1b6326dabe24d3ddfbcd9cd9ca

SHA1
a3380ff922f38232136c5ca9473e289315b2dc5a

SHA256
d44742173ee49a74c1c7254093ffa0ba52a73515dfec7837ff0153f449d539fd

SHA512
938455abd972d5a646f3e9c89f3b89123832a395159c81c049e2e75f299eacbbcddb2bb670dea060555cf8a6edc1038b3688eef85647ed850ae08d18d1c51f6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58cb5a.TMP

Filesize
97KB

MD5
7f8160c6902eb606c57871fa37052d68

SHA1
fb66e55e0b11921961724805c7abc405e9832a10

SHA256
4c7703f0ee90f1aa86fce9e9293ac248a48c4ab24bb1cbcb4201d95e618b8af3

SHA512
862fc692fa23c5e65d7beb0ad3febbbfd3c6ef7ffe1c4e622b8664464ea78bd497dd1a54cdd78d99ccd9d435a1dffa972faeaf90a7969d9ee82211c33cf12779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit