c89a59a8d23616ae6094cbabd7d7fed94f127a7be8f1540002c7dee58d133452

Resubmissions

06/10/2023, 22:10

231006-13c5raad93 1

06/10/2023, 22:03

231006-1yc9ysgc2t 3

Analysis

max time kernel
372s
max time network
377s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
06/10/2023, 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WIN_20221020_12_30_16_Pro.jpg
Size

164KB
MD5

acccbc44bf534d72d38d5473ede32739
SHA1

a9f7f7930f7c5cb041596e103d63aa2b0613e9e7
SHA256

c89a59a8d23616ae6094cbabd7d7fed94f127a7be8f1540002c7dee58d133452
SHA512

2b3f267707289810ed84d85fbc0ce3965f3d78356af213cd0c5c597ae7f4a680ace2d33e9e344fe51d02650f0141c58f3c70c8c94725a37ffa4c0b2a6609d27b
SSDEEP

3072:xui7uV6pLPWeMdk7PApWqxybHNzn9YCDY+RChnQuReHuoJAhv/4JaNz0SivEXAKm:b7u1eYk0pWqxoNz9YP+RcQCE7JCv/aaO

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133411034318017244"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
2788	chrome.exe
2788	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: 33	3160	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3160	AUDIODG.EXE
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4600 wrote to memory of 2968	4600	chrome.exe	98
PID 4600 wrote to memory of 2968	4600	chrome.exe	98
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3796	4600	chrome.exe	99
PID 4600 wrote to memory of 3816	4600	chrome.exe	100
PID 4600 wrote to memory of 3816	4600	chrome.exe	100
PID 4600 wrote to memory of 4912	4600	chrome.exe	101
PID 4600 wrote to memory of 4912	4600	chrome.exe	101
PID 4600 wrote to memory of 4912	4600	chrome.exe	101
PID 4600 wrote to memory of 4912	4600	chrome.exe	101
PID 4600 wrote to memory of 4912	4600	chrome.exe	101
PID 4600 wrote to memory of 4912	4600	chrome.exe	101
PID 4600 wrote to memory of 4912	4600	chrome.exe	101
PID 4600 wrote to memory of 4912	4600	chrome.exe	101
PID 4600 wrote to memory of 4912	4600	chrome.exe	101
PID 4600 wrote to memory of 4912	4600	chrome.exe	101
PID 4600 wrote to memory of 4912	4600	chrome.exe	101
PID 4600 wrote to memory of 4912	4600	chrome.exe	101
PID 4600 wrote to memory of 4912	4600	chrome.exe	101
PID 4600 wrote to memory of 4912	4600	chrome.exe	101
PID 4600 wrote to memory of 4912	4600	chrome.exe	101
PID 4600 wrote to memory of 4912	4600	chrome.exe	101
PID 4600 wrote to memory of 4912	4600	chrome.exe	101
PID 4600 wrote to memory of 4912	4600	chrome.exe	101
PID 4600 wrote to memory of 4912	4600	chrome.exe	101
PID 4600 wrote to memory of 4912	4600	chrome.exe	101
PID 4600 wrote to memory of 4912	4600	chrome.exe	101
PID 4600 wrote to memory of 4912	4600	chrome.exe	101

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\WIN_20221020_12_30_16_Pro.jpg
1⤵
PID:2132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff801b09758,0x7ff801b09768,0x7ff801b09778
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1828,i,3856681857815214183,9691977782817686102,131072 /prefetch:2
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1828,i,3856681857815214183,9691977782817686102,131072 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1828,i,3856681857815214183,9691977782817686102,131072 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3220 --field-trial-handle=1828,i,3856681857815214183,9691977782817686102,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3252 --field-trial-handle=1828,i,3856681857815214183,9691977782817686102,131072 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4664 --field-trial-handle=1828,i,3856681857815214183,9691977782817686102,131072 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3936 --field-trial-handle=1828,i,3856681857815214183,9691977782817686102,131072 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4924 --field-trial-handle=1828,i,3856681857815214183,9691977782817686102,131072 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4960 --field-trial-handle=1828,i,3856681857815214183,9691977782817686102,131072 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1828,i,3856681857815214183,9691977782817686102,131072 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:4144
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff7aea27688,0x7ff7aea27698,0x7ff7aea276a8
    3⤵
    PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1828,i,3856681857815214183,9691977782817686102,131072 /prefetch:8
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5292 --field-trial-handle=1828,i,3856681857815214183,9691977782817686102,131072 /prefetch:8
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5464 --field-trial-handle=1828,i,3856681857815214183,9691977782817686102,131072 /prefetch:8
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4508 --field-trial-handle=1828,i,3856681857815214183,9691977782817686102,131072 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5172 --field-trial-handle=1828,i,3856681857815214183,9691977782817686102,131072 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1828,i,3856681857815214183,9691977782817686102,131072 /prefetch:8
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=1828,i,3856681857815214183,9691977782817686102,131072 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 --field-trial-handle=1828,i,3856681857815214183,9691977782817686102,131072 /prefetch:8
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5024 --field-trial-handle=1828,i,3856681857815214183,9691977782817686102,131072 /prefetch:8
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 --field-trial-handle=1828,i,3856681857815214183,9691977782817686102,131072 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5956 --field-trial-handle=1828,i,3856681857815214183,9691977782817686102,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2788

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1580

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x418 0x3f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3e71cc59-df80-4fa7-a667-e33c962cbd1d.tmp

Filesize
100KB

MD5
ba35a07fb5dff8c0802317332fde8ced

SHA1
d401e33fe6775ef9fd55cd8ec084f01fa83bcf67

SHA256
122cf191e4c6193796abcf03ab5fd723cd5b9fa6ddc3bde52d2241d62cd2cdc6

SHA512
79f291b250b9f2e8cd26dd9f60755a4e024811a3da515e3714f8ed95f5939d372fb3ff17d5aa8cbd1d3ce9991b15b1c52b88c610b8a5ccc09f07aa55cc121cec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
40KB

MD5
7af63db34db605d8dd2c1c9a01b1e053

SHA1
0a78f5165c37eb51371afe2e9dde9ea1f70b8912

SHA256
b4f04e6c5f7e27398f72dceeb47a4711f6b4d475c4a2c8c23e8930d6718ce938

SHA512
78387a5038d814c1ac71a35bb44e0e1e9a49456e4b0da8e38766f3ca3f4ce9f973926697701bb1cfc47552dc11ccbb1326488e0a28f1b1f0cd96e60ace05a8b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
93KB

MD5
b33c1d3a26659a5d229ada3528e57ea4

SHA1
6f89151f8d1165232ec5369eea8e6e20552e2581

SHA256
a5f99fbb37696efbff1c16cf8e4a379adaa9dd109d7559abf7df4903d7c4228d

SHA512
79e6b316f48891c7bf1b19b772a9d5a252c6337ee163f888c1ad6ce1ca4df7bc488525fd853208a915117cded80ffb833dd3dadae378900ec183e3b020f56657

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
27KB

MD5
d35898a269a4105772308ea77fa129b9

SHA1
a2b6e56581d82caaf2a598c33b8fa7cea348040d

SHA256
faf68beeb3f01de2bd80363208f8da3346b925e6e93b7898f178255ae529ff89

SHA512
6b5a020a538fe33e7c47b69c5a8669d52bb21c7a1fab52989d8df6c8aba6a557e17075cc020c6fce165b5ddc4db2b145afc2464f8850e059092ed306e4473c89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
289KB

MD5
46ec610504927c8f14e10cc8afabd5f4

SHA1
a301ff08269428458de32cbd288924b0c1cdeea6

SHA256
f67469dc8819bd3530b842d45f1b45884a955f918a9e5f744cd06ed1e4d610d3

SHA512
f43138cb01399937d98714bd2653ce514db38861211eb3827574b4858b17b378897c25744281b86c35f145a037c6f77d6c85630086eb37274983d579c692fbcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
33KB

MD5
d8c2eb850f9576501dd3ab975ec8b9e8

SHA1
c9ef6df291e69fd165f3e4a918bfd374807ec73c

SHA256
3b03321d6bcf3609e80cf882bcd3a599c61d53d3f064ec2b3ecc2c11cf21f6bb

SHA512
8bb6a54bb86485b65d9f6f74f25a715283585225ea7613542f253e53dc48b90bf74928fe86a4722432de5cdf01b2e3d93dd3af094eb0bb1ac82ab849f44a5e55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
126KB

MD5
1004cc4721ef7ac4f206c30437abde7f

SHA1
f3abf59fe8771a2693fa83a21fc052a5877cbb7f

SHA256
607e7990e5903389760613899a43ea51bdbddae1fe0fc0fd2603750356c645b7

SHA512
85a8b727762ea3300adcb7a506344dd59465c4d24e4566341de4518d0b6604fc2cba1582aaaa0b3fb6150b8a6a2a92852c4b63635d5902c13bac1f095fc31746

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
80a2050a65b9ffbea1359d61c7ca832f

SHA1
9631ba1f83e2091b5722fd6b09d9533720e48368

SHA256
5ed5d5498f88cb0e419ed7844cb226c9122a5ab2a2365bd2114ba8ab308dfe48

SHA512
ed1b035ae376024ffd8548e56003f9eaf233ea058fa0f50a95fb84b1564ffa304a71764ba969dcf1be4a01fa8e2e22390c007f5358541b3fc32a9e01ced3bd19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
c194696a48b18b0b3c3a145648fc3220

SHA1
931e7f699270f44de4f92cd591c8e3560f5f67f6

SHA256
cda44c38ffd631f717d4332f6f3b3ec23008551eea32bb481848711900d2d790

SHA512
3b4c8b2ed39f1af15f468c110ab860dbd229443b7329670a48b8e58dbcd729bf8cd7fe4182b3be4be6233b287ac663db69d02b9156a1b1110eae36b83584f285

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
eac4eeb7a01b6de294c08f96abb420df

SHA1
d9637203eafbf11e3987914996f934184f22e6f0

SHA256
380d4d7d2a225b4c1d62d9c84ff2a783e61e9426762d1cab46f19661b5213aa8

SHA512
ac1ddec01af1dc48dac42efba02d830a6babd297c5d0ace32c167b2a40d67f2d65644023af23c9b46e62212c18f13fe688e51e86882dab8f252b2b113ba87252

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8be0561b48108bfa9ff9ebf98232f92e

SHA1
8f00593229ff7617a29aa2997ce8e419704f118e

SHA256
dd9d215dfd0a5dcdaaf15a0fee4f591c971908880e4a54beec3ef2f975671509

SHA512
3de3a8b1a79858239eb0a8a25f0d08a2a85fbf6e35f0236069695499104fae6d91340726660d617054817eebfad2e1fed27938aa2d44b1c1e9cfc8618ebea94d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
db4c07416964f374197a44465be5b235

SHA1
3f5db722149bd9cb6557ee98d4b2317d1911df37

SHA256
83d213aaab03fc898d5c8a7eb1e6fc7e42ef62b8ae4a25acc27c0789fc3c48d2

SHA512
5507873f23ae55b9a6a0caeba35ec551298d5f53d801c823a8577dbfef7414c5cdf6b86f53668435cd897390543c0ae11f72bbb08957a2950c4a382020b7c823

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3e18619133703ea1df08caf15f747991

SHA1
423b780fa3c41dab28fb29fefa3131e388bac8c7

SHA256
f829a0178b1df1c3198a8861adf1df006111fc91a1a2deea4870626d8ff04e69

SHA512
cebf154819c65a0dbab6b282ac87bb1c98e5e0074cf2940e35894dfebdccc55a4dfc2400019484a14d215fd449f0035dd48bd4ef0c8e66c8b0d127fce9a9e11d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
95c6d8e9bc8e1ebe373237f079bb3ff1

SHA1
cfa6086be9798ebdbe2a526504044a951cdfde59

SHA256
981a8f008927e07ace8dffb172501a89457790e9a143adf479f9a62a3e0189dc

SHA512
e3d253bf2980c397af761cc7de3de0a37595db1fdcfbc37d7d3c6b46d0bafe5986fd4473667ccf666dd2697cfdc9dff2850f27f6b003b14b3a9e3fc53dbb2f98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
39ece697970fd95943b0a74625922a3d

SHA1
ec95ee0413e9dceb483c81f3b9ff95adb82657ef

SHA256
4897085f9b8b2db494458332316c7b8d3cf367928c8eceff2e28d7edf189e2ea

SHA512
ca3879d70200da8c40455ab9bb498cd463786a5f27fb3f483befad83a537d22e23d32f8616c67378ec9a943fa7356893ca1df6872c9d9326d729525ab0e24cff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
369c937a7ec48e4fc284bce1bd970d35

SHA1
f737f95429c3bb4bcbe160bb4e0d8e1bcba21891

SHA256
f7e1b5fcd1d1d3e0ded4538e6d0c94f6d527f3785993a0b83eeb19e699c408d6

SHA512
70fb8158cafb945d95dd9275bdc7f6dcad4f7a13028a80fe8bd1246e1f514030521edbea60eb7f8715129a82917d80cf99b63734c932e0448a0fc021612c06c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
6cd38edf5cedc99eef81ef519510e9fa

SHA1
b2a1133b0e7b3a00182239c6f46d2375c2ee5a91

SHA256
0b2f8561803a4b13ee6a228534fa35c9f6057fa5e01c69c71fd2b1c3444e24cf

SHA512
60e582b6cdd2b76e070c1b7ef7ee0212a35ec79d797ff189a0bee2daddf0c54bd2f96dc4db6d0e79dce1c166e514a6e79c9ceeeb772efd6bf889380773d3a870

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
90acf03c27eb8f39a26fc2d4b58f338f

SHA1
e09faeecc8af79cf61b49288f2f8b97acf3fab68

SHA256
4c71c2040d8b2be487d471493d80c979e179977ec1282f50a8f8e546c48cf130

SHA512
9fef29b3bd85ed33c3d03466839857b6a46555bde29ea4d1f5f8b4972a3fc4b330946b028d5d13181a3f02ca9024e24539997238cd5b0f69a25631e06df59fb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ca9b140029cbf4994572c2967835e47b

SHA1
773a267146b73ffa2500b141289d4a190482dee6

SHA256
ce887e61366e382c1f386f1c4e47b85f896c0033ef2d941cb9ff2de6bf770370

SHA512
02111c8d74383c64fb554026e9b23fabff89ccc69f4b9805706e39e8d823ab29c28ef99717c544d250529b05a59292a5535714799498540a88b316575de7ecc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
af446d159e33e9c7f799afbc57f8b09b

SHA1
b8033b4cf61512b0888a8013c5ed359a0f80b41b

SHA256
927c2d49862f2ee22b1d579e3524c442aa5576d9d1e2e4f60af4f7b16e6816bd

SHA512
ac5325198a568f9545cce6c57026df4078a5d855b39c12096beeb7ac579e397fe3439f0d3eb6a9f8ba547e27a04441102c5ef4a722fae5f3f7735161a135edbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b1ab3a76786fa804de87ac89c45e11cd

SHA1
68e48d905a665bf4609a3a9dccbf149075265424

SHA256
d4c87a479b3fbe8af7352dd75397a3a9499c94c2a36e4a6c7fd216c587debdac

SHA512
b2179f282499d340ad3670aaf50b87d66b31eee497bb04ac15ed37360fc764d46a384d6c4aad2d73e9487ac450a85510bd7f5eabb7ea1f481556afca0d0ca41f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
22d7b5f63adf155b62ebe1d5bf1d221b

SHA1
10a0edd87e0260304f1d0a253fd5577c24732c28

SHA256
20b764123ffb8c04419246166fa8a60e7687282dae6b8ad6f7d9a1df94481aaa

SHA512
3b64221b5940ece85e0a8374d50d6620f9ff4c406f0120c9a1544eb5b46debee8af3a5d1fefb23e09f128026039bcc786fc64184c96fcff4a8c171062e0ad091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f70bbb8d226ce6c8554f2a4ce026f0ab

SHA1
24517e806b3019f7fca135351b4fda4de14543aa

SHA256
e805a3b2494a448ce358c736113d43aae19e9d7eac038644f3d950035a03e41b

SHA512
3e9574c6ed727ec88610b6e780b1c7844b124ab37e0e2af1844f915478282452fb1f9b59adcc5c735bbd59846787eb922d768163cacdd42f13c88236ce7dc72b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dfc9cce5df6c869025939daaa9bfe675

SHA1
7f9e44e2da7b0f57234b64cae4bb58c1f221ba94

SHA256
a2d897c19f0c450b5e4818f86b4656cbfc3a4f87af78d76b647b157ea0b3567f

SHA512
5bcdc5deeec9b3f6a47c465c2fff80d61bd5d7e527f4d8d21f957ddf698f92039ac7a2c94e8ca3045d0c5536d7f4dadaeb04afaa580d18adb160317d2f565f61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
89edb5c3732ab5029d7c881caff0d085

SHA1
715f1f60cbe9a0c2cfcfeae7014b2dc863762e50

SHA256
e52b173a9ca5ba7b1c943d2ae10e9d7484e8cc6e00faa59159874953f6c21df6

SHA512
f6e6a56c4977b85f63efcad0c92d20342cd727bfd8b97492d1e87f26d88edff89863557f9cba0eb4f53b5c37a3d996b9ad4794f49717fd88c8040aaeab4b102b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
524f9139bbaf53925907f198d1bb9168

SHA1
e4e1c0cf7c1ce42f764afc1ce5ccb10287b6117c

SHA256
8b86f2685576abf9aa0fd93837e1ae290b38468b2bb16a6cb01850c61368e6a7

SHA512
78428dd2ae8ae4de56ddf587cde65ff4f3bbfa965e0776a9c989fc2998dd559e82ef164bbe7694fb04c31ba263e481c9e5e8b688db26bb46b8c56167a4204963

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
af8f3a1f95d8ed4f122b27ba71c28964

SHA1
a44a3e5e24c8150ac895713d8f49aeae849db212

SHA256
6d767b5bae2c990651abbb47d24deef01c1fb8988e73bb098fdd80db063acee0

SHA512
01d59c560af53069ba156dfcf4c6d6af06a7ae875003b592156aca553b431d3fa4d2663531bd390d97f374db6915a14862f82b29243eb306177b6fd37c7c4df6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
1f6d6e354f98492c57d328004e53623f

SHA1
548ed213fcc83b71241e7431fe4bd31be0e5b3d8

SHA256
1f0057c3112134b2875dbc0cf62b56cb0317ff174d3038d8f4360dce673922a6

SHA512
cfd1e7cc716588a82fbbe3a9da89aca692116155f0b2000cbc1e9450074443cbccee898f019fb33dcc72023ab5568830b3d643b9a40ba6e2ab755c99fd531840

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
4c48568b4e8c606a444a18c75dbb1944

SHA1
aeb523dba6bed7ad45764b5d09bf523ec50b45f9

SHA256
13e2b8962e09b5f566c47eed53e4781b833ce42b3080e61126eaeade99ed149d

SHA512
4088b0b6be56ad622e385d439ebe6e15e13d52bd399afbc5a30d0f54518afa250cd21026799040b656b4906610729872bd850674f5019ea39d3ec732ee4dc443

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
18990b75138e151d912a231a6e4562cd

SHA1
6c5241ef6137590157b9f61bdc71aec5ad09af1b

SHA256
ab287b365cf3c7910669f24b7fb3edb9d16936eadca08ed41804e2a2fc55ec10

SHA512
1f27f943edf0779e7862cc4cf02ee033411750b20e97cde9c9b21c30202a16666cbf158d28946ecf4d19737f1500c7182c460ece80e63438287029c5955de769

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58a38e.TMP

Filesize
98KB

MD5
0638f45df86d108a8dbee95046074902

SHA1
25f2484316f176dc17f07a551d07f3fd5e9c2fa2

SHA256
e7b66caad059e9265ed54897dc36a7e1e2cbd68b84a186d337ce8921511da5f3

SHA512
f70074be23104815b6b19a9ac6ba1fadeedc47b2efd73c4e6ac55e839a77c096b1f13a4188f918445d267312360183849ff270bc8c2deb8c981da3feb6cbc3ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit