724320da856c0f8e42c36be78f56773d2923d0bf0412392cae801fa751d122d3

Analysis

max time kernel
1800s
max time network
1694s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
06/10/2023, 22:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Capture.png
Size

108KB
MD5

14e52780caaaf4914c86ac20608c03dd
SHA1

13a8e59d763c3dca20cf1df41ec7481cfd6bfda6
SHA256

724320da856c0f8e42c36be78f56773d2923d0bf0412392cae801fa751d122d3
SHA512

119d04cc3b6ad00fe8030810fcc8e4f97d8aa1f9e14020c608f53e34175381d765d1ca52fd2a810d7e85e7253c1d89c513c96d25897d30f4469d7c7643c4c23b
SSDEEP

3072:lqR/W8khcDV2UTnghi61KcE6Br7oJ/WWbGNI:l6ehhcUUGiStBraGNI

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133411058379118311"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1188	chrome.exe
1188	chrome.exe
4144	chrome.exe
4144	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 2836	1188	chrome.exe	89
PID 1188 wrote to memory of 2836	1188	chrome.exe	89
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 1988	1188	chrome.exe	92
PID 1188 wrote to memory of 3672	1188	chrome.exe	91
PID 1188 wrote to memory of 3672	1188	chrome.exe	91
PID 1188 wrote to memory of 3416	1188	chrome.exe	93
PID 1188 wrote to memory of 3416	1188	chrome.exe	93
PID 1188 wrote to memory of 3416	1188	chrome.exe	93
PID 1188 wrote to memory of 3416	1188	chrome.exe	93
PID 1188 wrote to memory of 3416	1188	chrome.exe	93
PID 1188 wrote to memory of 3416	1188	chrome.exe	93
PID 1188 wrote to memory of 3416	1188	chrome.exe	93
PID 1188 wrote to memory of 3416	1188	chrome.exe	93
PID 1188 wrote to memory of 3416	1188	chrome.exe	93
PID 1188 wrote to memory of 3416	1188	chrome.exe	93
PID 1188 wrote to memory of 3416	1188	chrome.exe	93
PID 1188 wrote to memory of 3416	1188	chrome.exe	93
PID 1188 wrote to memory of 3416	1188	chrome.exe	93
PID 1188 wrote to memory of 3416	1188	chrome.exe	93
PID 1188 wrote to memory of 3416	1188	chrome.exe	93
PID 1188 wrote to memory of 3416	1188	chrome.exe	93
PID 1188 wrote to memory of 3416	1188	chrome.exe	93
PID 1188 wrote to memory of 3416	1188	chrome.exe	93
PID 1188 wrote to memory of 3416	1188	chrome.exe	93
PID 1188 wrote to memory of 3416	1188	chrome.exe	93
PID 1188 wrote to memory of 3416	1188	chrome.exe	93
PID 1188 wrote to memory of 3416	1188	chrome.exe	93

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Capture.png
1⤵
PID:832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa97f09758,0x7ffa97f09768,0x7ffa97f09778
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1732 --field-trial-handle=1888,i,17834368684828528436,5238049596584206260,131072 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1888,i,17834368684828528436,5238049596584206260,131072 /prefetch:2
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2264 --field-trial-handle=1888,i,17834368684828528436,5238049596584206260,131072 /prefetch:8
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1888,i,17834368684828528436,5238049596584206260,131072 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1888,i,17834368684828528436,5238049596584206260,131072 /prefetch:1
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4484 --field-trial-handle=1888,i,17834368684828528436,5238049596584206260,131072 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1888,i,17834368684828528436,5238049596584206260,131072 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 --field-trial-handle=1888,i,17834368684828528436,5238049596584206260,131072 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1888,i,17834368684828528436,5238049596584206260,131072 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1888,i,17834368684828528436,5238049596584206260,131072 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5184 --field-trial-handle=1888,i,17834368684828528436,5238049596584206260,131072 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5616 --field-trial-handle=1888,i,17834368684828528436,5238049596584206260,131072 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 --field-trial-handle=1888,i,17834368684828528436,5238049596584206260,131072 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6120 --field-trial-handle=1888,i,17834368684828528436,5238049596584206260,131072 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1060 --field-trial-handle=1888,i,17834368684828528436,5238049596584206260,131072 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4624 --field-trial-handle=1888,i,17834368684828528436,5238049596584206260,131072 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1656 --field-trial-handle=1888,i,17834368684828528436,5238049596584206260,131072 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3592 --field-trial-handle=1888,i,17834368684828528436,5238049596584206260,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5416 --field-trial-handle=1888,i,17834368684828528436,5238049596584206260,131072 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5576 --field-trial-handle=1888,i,17834368684828528436,5238049596584206260,131072 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6132 --field-trial-handle=1888,i,17834368684828528436,5238049596584206260,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 --field-trial-handle=1888,i,17834368684828528436,5238049596584206260,131072 /prefetch:8
  2⤵
  PID:3728

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:968

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x304 0x3c0
1⤵
PID:2008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
40KB

MD5
7af63db34db605d8dd2c1c9a01b1e053

SHA1
0a78f5165c37eb51371afe2e9dde9ea1f70b8912

SHA256
b4f04e6c5f7e27398f72dceeb47a4711f6b4d475c4a2c8c23e8930d6718ce938

SHA512
78387a5038d814c1ac71a35bb44e0e1e9a49456e4b0da8e38766f3ca3f4ce9f973926697701bb1cfc47552dc11ccbb1326488e0a28f1b1f0cd96e60ace05a8b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
27KB

MD5
f997ad6a984c5de84cd78091421b9c2d

SHA1
18e62fa7fcad74c4bae6288f867b5f9a858cf5f5

SHA256
0c6f1791bdcb3eadd9be02e7bcc41826f6879059a14cfd4e0d9b321438da307e

SHA512
5d6e531b32325731d802435fe3d47c67456bc8c52610590188ed752ad168aebd12e3d0bbe31a8fc5115c2b812d456fefcd07a09afae09fba0d089f02e29b3f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
33KB

MD5
d8c2eb850f9576501dd3ab975ec8b9e8

SHA1
c9ef6df291e69fd165f3e4a918bfd374807ec73c

SHA256
3b03321d6bcf3609e80cf882bcd3a599c61d53d3f064ec2b3ecc2c11cf21f6bb

SHA512
8bb6a54bb86485b65d9f6f74f25a715283585225ea7613542f253e53dc48b90bf74928fe86a4722432de5cdf01b2e3d93dd3af094eb0bb1ac82ab849f44a5e55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
289KB

MD5
46ec610504927c8f14e10cc8afabd5f4

SHA1
a301ff08269428458de32cbd288924b0c1cdeea6

SHA256
f67469dc8819bd3530b842d45f1b45884a955f918a9e5f744cd06ed1e4d610d3

SHA512
f43138cb01399937d98714bd2653ce514db38861211eb3827574b4858b17b378897c25744281b86c35f145a037c6f77d6c85630086eb37274983d579c692fbcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a5dfb048ab9b8b5f4e396d66cdc5675c

SHA1
6bf9fbf46b7f578f6596d608b00e40046a771ae5

SHA256
33805a053ab2a14b95dc7a5a9f8c19a1442612cf38b33ea9ad715436930669a5

SHA512
8f4ce8f1d751d12b97f8d1e384a8afb08d7ddba2a9533c50d4295ca95a51c1afe430735d66702088cc889a91f76b0c19e239ed7db12fda2ab6bcb254c38a7a7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7cb637ceee2e2b0eb866d75faa5dda5e

SHA1
6c98dadd9c47e70d9d9ac61a3c1736404d52544a

SHA256
db76f4d513a4b40d8077e2deaf9bc574572a8eb09b352ce035a0920c0bb5b729

SHA512
1f2106e9710baf58ac131cf63e754e1bd4bff435a31b44020c106cffa13644fd359eaa209a4438e525f3a7c31bf0d4d998af4691c4ff49cd0389d13d08a25eb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b66676a8a508efb23be6bc13d9879a17

SHA1
fff88d38fe538b2e48675b6b5a77921bc173f4d9

SHA256
54c9b68a20445438604b3c49b496d9c13e40d7ccf70556d771a4d0f3d441aa8c

SHA512
1147c3ff5099b2f9cc33934d16204c5f23d7b880f25b09f27faa10f9e564f1882ef7319b655d33f6f11b1597134c1e5c7f328cf709791f31fe574acf061ea64b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
83a2e45252ba79e0d90cefe770634809

SHA1
71b5a0a914e59c41b7bdd4c9131461e187b2b16d

SHA256
8520eef8396ada18cbb6a30ed3de9ee9ecc636aa4b38286194d9d70d949a7d13

SHA512
78abbbab033f838d06d0e60d32b7b0c4464b7ba3f1e7b79c2a7adb0323a46bccc763e2549b2c8f190b3b6af6c5b64a68248b35b24d729ed0a5b00dda43438cff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9bb296400fd42e62c9b81751b251339d

SHA1
6890c902d45737c39b26930d9e204fcd569dc1a4

SHA256
b45c6c9ea4982a5ec67baec60be7f1eb6286dc851b6ddf28a34043c5ab203656

SHA512
b4e0aa86d7998f5b031fd95ebf16cb3e6167a265f565b2d424b4b00d8995ec79e8cec01377138496e0f0bc817d22ef636e957c5c769364f5a763e22a900174bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
f8f89b5ab9b3c74592491d60cb525ff3

SHA1
d15debad66e650192de456a57a39045bb4a5d2e1

SHA256
b820073b307dd125efb414ee76a048da9f0f2d9d954f28e16c6ee50cfc114aca

SHA512
f974f64d44f19017d03f22b1cada3fd549c9cc3358843d7caf234b02f26f62ca176ce8650a93e938e96a504831f618c518456edc15c6093919e0b6f673b286e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
1031b8c01b5081ed7b82a098bc11fb01

SHA1
cee3189de8330450151c97f94a9ce225ee47aa02

SHA256
e975084abfd3ece132406b01d1644ad087b37315c01ce05374b5fcef1f067946

SHA512
278dc7f9fadcbec3fce2eb27b75fab64e8a8430aa762ec5c9ff988c39f5c15950f9d52c86942388a51f573827351636f1eda3a4a198df850d4739a8a62ff2041

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
118b803e25d16bf2fa894893951a3bb7

SHA1
4f9e07e2005e5e61a542356448e514591a6207e4

SHA256
1ffd1dfe5f3d61450ade2500c49f9d3ceade86479107fc127f4e6ba8c7fe83f3

SHA512
0b72b763cece9751ff1ba247010905ded517f9a98c0de9b0ea07a72cf806441e1ba81a1c499d2813fab6457ed30423a0540889a429950e1eba971a332f165a00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bfe2f67b80a9f1d430f8c76baa380f4d

SHA1
a6f928f3fcb35a72f3bf2d3de4af48fcce289a33

SHA256
576fa1b7fd8fc8f48893c5a4aab4c0e558be6c868d2bf8937771b35454b61697

SHA512
8244e8f7b3fec77de7aa077903e85ef586c9642a88f9fe05f48c829473f520a6a054a4132a412ee6eb30ca576e1459cd90a0dab88b643b49e963abe764aa5b31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
08ab988198d5baae7fc911dfda9941ec

SHA1
4f69d03c815e253f71ff45d4e7c25fafb7a9b408

SHA256
feb3d813ec48c5f1d1b29b1e28043e7382c2122e68e3fe3dd29dc900433dcf53

SHA512
00ac12d007c2a5acad5e847051e6cda994f5929467c642e34f7eda5b19f0713075a5a825976305764c643e64252ef9059f6404b69376ce5e357437c91d379a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e308ef6e7dd5bbbac0bbb158efa3cb0c

SHA1
8c47e3cecb960eb9a4e0483607991b24b9d3a187

SHA256
850d6b7457e3f16a0169140e32bb8a46a3a4d11d0528c0fa2d6e6741d83f78fe

SHA512
2a000a05cc7dcb331a7e19aab2e6d0941ea610960d3b8f6ed7fe4f40c9b2d472cb0f0cacfab164c4eba4190d119a04966a0c9347c42af2911669b7b62d1262ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2a3308530876aa17798a3678b00e1ec8

SHA1
f22fa1285aede23ce98b02280c85c9b2aae5cc78

SHA256
2fec5aa3bdd8a4020a0829220ba03af8ce9fe08df4e6f8cfb57ffcbc45cbe3c5

SHA512
0d30569d323968b39aa6bce67fe4f8ae1cf452aa6c63486e3d04b143313175f5708e5b9fb959150587fe565ed1b0789bbe7541064926782fa99e0d68944b0010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
027174c031fe67ef0d2d0d061afaf45a

SHA1
f1f90ff6aac4ad2d732dc46ab1a68fbae901c763

SHA256
884584de31e2f7d1580b30c534af2720c1b0532132ccb445bf4c816922ff8aa9

SHA512
9de7f4daa2ef4ae56da8c9ea1eab234d46e2afce1048a00667d00d9e6694bdc4c3a3cc514b0960b6b72418f33291413d56681ef3b07bd729262903bfcfe5ba8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
ad7dfba33858482710004b999bbe8523

SHA1
c820c7be881d7c47e4078b2452d6a926d88cf5bd

SHA256
caf54486770842e9ba69dce33f0867dfa2ff418ec6e2f7e7f705c1299a4f3e03

SHA512
fa48d92f1d2b9499d1ae7cc709f827b01d2003be09d62378ca54a45e3d0f33383fbef60a9cf6647b4bb62eb137cb89454d55189a86b284ada927f7b299fa5a00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
2bcf208b602ea1b9c41e3351987d6e07

SHA1
2cbe7f49ea0374b736b5c35b3c32da8fc7771a14

SHA256
4bf995c33262f1479498d01cf7a119293255e5a859b7597e53f6f0c27238247f

SHA512
bdbb559ec62a2c84aef5aa8de94e6f8f9dca08d7fc44eea5d00dc66a31c82c186f526d6fc4c38f74c3c85e2a74a0cc9fbc9e11e974030a3c64d814e5e4dca1a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
24fb3d1ab8e031fae88ffabe3d40f13c

SHA1
ceebdedc8ab0339a143f235cd13ba3d9b68bb14e

SHA256
4eaa13da0affd2396ce2f4f4ef6901a977a87f0341a001b9c5c71d0e8105055d

SHA512
dae2894926c2af604fcf84fb9ff521f84a34816cf6c27167060d646a23a7299b2fd6e8708a1c9838c0330a36d398e0cfd6f196e2de3d149eff872933e3cf1196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58bab0.TMP

Filesize
98KB

MD5
550c9541d21640e23b58f017a6ecab93

SHA1
bb39606ad9ab23c85e835322e31551fcb99829d2

SHA256
6c3ef8deba1922bf55ec7eaf706137c6046898f046384e5fa97c16c140c1fa3b

SHA512
a399711d7c657d64d7c3c2e64947b6b29fd07b8e9fafb91758921d22ef1156f99b8ded71d111c62bb4d984cc8ea021aec7db68fee1cd88546818026a90a1c874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit