df8cb3d9b1fba73d35f55799f5b643f8e54f28d968d197fcfd2ed47d54cb913e

Resubmissions

24/10/2023, 10:37

231024-mnsp1aea97 3

24/10/2023, 10:06

231024-l48kqacb6x 3

Analysis

max time kernel
1785s
max time network
1703s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
24/10/2023, 10:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

unnamed (5).webp
Size

428KB
MD5

2a9b8f542de4e6ff879319c81a042407
SHA1

f9aae39fd7b1a7e5f9226265c3a60b5574386205
SHA256

df8cb3d9b1fba73d35f55799f5b643f8e54f28d968d197fcfd2ed47d54cb913e
SHA512

ed72be142f4bd074d40b3779465d3450a775599156bf95da0faef95897660e0db89260a3af31999d1bf5d82720ff67aaa706c5dd0c437a37854a5cf9639af1b7
SSDEEP

6144:r8PK9DsfEg3llI4y4rY2JJJU7SYbglNOW0bWByT7f3LWwxb8eUB7Cg1d+blgsr:AsDWEgTIZA/nBMiw1yBuqdDm

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 676	2296	cmd.exe	29
PID 2296 wrote to memory of 676	2296	cmd.exe	29
PID 2296 wrote to memory of 676	2296	cmd.exe	29
PID 676 wrote to memory of 436	676	chrome.exe	30
PID 676 wrote to memory of 436	676	chrome.exe	30
PID 676 wrote to memory of 436	676	chrome.exe	30
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2400	676	chrome.exe	32
PID 676 wrote to memory of 2724	676	chrome.exe	33
PID 676 wrote to memory of 2724	676	chrome.exe	33
PID 676 wrote to memory of 2724	676	chrome.exe	33
PID 676 wrote to memory of 2800	676	chrome.exe	34
PID 676 wrote to memory of 2800	676	chrome.exe	34
PID 676 wrote to memory of 2800	676	chrome.exe	34
PID 676 wrote to memory of 2800	676	chrome.exe	34
PID 676 wrote to memory of 2800	676	chrome.exe	34
PID 676 wrote to memory of 2800	676	chrome.exe	34
PID 676 wrote to memory of 2800	676	chrome.exe	34
PID 676 wrote to memory of 2800	676	chrome.exe	34
PID 676 wrote to memory of 2800	676	chrome.exe	34
PID 676 wrote to memory of 2800	676	chrome.exe	34
PID 676 wrote to memory of 2800	676	chrome.exe	34
PID 676 wrote to memory of 2800	676	chrome.exe	34
PID 676 wrote to memory of 2800	676	chrome.exe	34
PID 676 wrote to memory of 2800	676	chrome.exe	34
PID 676 wrote to memory of 2800	676	chrome.exe	34
PID 676 wrote to memory of 2800	676	chrome.exe	34

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\unnamed (5).webp"
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\unnamed (5).webp
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:676
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6659758,0x7fef6659768,0x7fef6659778
    3⤵
    PID:436
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:2
    3⤵
    PID:2400
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:8
    3⤵
    PID:2724
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:8
    3⤵
    PID:2800
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2120 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:1
    3⤵
    PID:2856
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2136 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:1
    3⤵
    PID:2056
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1284 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:2
    3⤵
    PID:2556
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3424 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:8
    3⤵
    PID:2236
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3476 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:1
    3⤵
    PID:2496
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3720 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:1
    3⤵
    PID:1920
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4028 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:8
    3⤵
    PID:1904
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4036 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:8
    3⤵
    PID:1808
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3416 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:1
    3⤵
    PID:2324
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3660 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:1
    3⤵
    PID:1540
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4044 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:8
    3⤵
    PID:1348
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3600 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:8
    3⤵
    PID:2928
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2820 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:8
    3⤵
    PID:2108
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4240 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:1
    3⤵
    PID:1872
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1876 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:1
    3⤵
    PID:2588
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3880 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:1
    3⤵
    PID:1404
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3876 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:8
    3⤵
    PID:2176
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=108 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:1
    3⤵
    PID:2364
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2704 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:8
    3⤵
    PID:2756
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2332 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:8
    3⤵
    PID:1348
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4164 --field-trial-handle=1204,i,8862593890639307636,9202299411000263861,131072 /prefetch:8
    3⤵
    PID:1816

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2164

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x148
1⤵
PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
352cb14acb12106a1e510a4024cf677d

SHA1
203817fddd6862d5255185a1d9d270848c8a7b62

SHA256
946a387f42ff807aaf9b503bbdec9e0b40a46ad1868f44a714abf7ec8e7676e5

SHA512
e3398a946c8412a116387c6797548e1ae941bf593b4acbc99853e8f05978880bc7114bb92ea787de3b892f9d8ffa7c5d525a0b48c0ba2daea29f468c748923de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
101KB

MD5
98013b954c32798129eceecae738e366

SHA1
e5beee67a2fb4f09fcc8e2ae66d93acfccd4ad13

SHA256
bdcbe550ded20c2dc1bf24d6cc3e57d2f46c5e36e1b43991d544eb97aa465ebc

SHA512
368feea988f533632dab961936b95a648e49cb9d8dea093bb336d1265b3b5f0b2b2387438bd75906470fb41377e009e5b9eb33ad77eec3c4025b0f090ff1d43c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
27KB

MD5
e54f15aea7df9f90dc846a548d2ea2c2

SHA1
40a64c32e90858be00d0845aae9289ca69b5c674

SHA256
982c0fc6d162aa1dc665ca2d94565738c144fd7a0c76979da1fa385224bece34

SHA512
89fb8011fcc1542d0ad1392be46a6d56eae9eb788c55899e3d3c221edd1ca072e6366398bec58c57b8d9f13fd15aeb2cb58881d7c1a80adb3d71cd242bb063d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
293KB

MD5
2c0615bcc328dd55e4ea278d62bc02e3

SHA1
1be65ba968783f5e03be3d7f904ef89d74acc1ef

SHA256
2efcbe9234c0b3ba21701f653d2c374f173b93e70b2d5517113746bad4e1b24d

SHA512
08c0f91bc365213edc08a730797ebca81ae4a70981a0b9723b2a5a269d70f44e7121b89bf9e52934e7eaa205045525ebf7c8a4d19474051457d2c45d305651ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
48b7e308f8014ed508bfb409f0fcd22e

SHA1
8fb5e6cab29907173b346981ddeac954f14c1555

SHA256
f1e7e547d3876371581fbe025fea6c3a131e4a45cdec1d6abd9ef6fc176fddb4

SHA512
bbff5f56bec9e88b9bbf40fee4dceea65f5f94b029733591581a37a55f53c48344250c4d1d34c8e62c9ce832dcfa7ab35bb70157d5fc85ab8af7339ae0c8357a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
1dc48f3cb64b071f54f435c77b9eec57

SHA1
440c6c5c6d539d7d533e6cd20fb7879ce0b9ccba

SHA256
64287b67ffee367bdb27754bb4c5f65706c6a2eaee4c10668a90d257002615be

SHA512
c87b10247829d8ca197c5e55adc9b578e3abb3457023469c2c565766bb5471832939dce76c415a01a11af5e6528895d7492d1f1bcd96d3eeccdd3e34f5588839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.xnxx.com_0.indexeddb.leveldb\CURRENT~RFf76faa4.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bd961f57904b337d3b290357ba1aebb9

SHA1
7d882bf9d658fbe30d308ef6a5d7af4bbda09f98

SHA256
c1391aed3324049642300da18423c49a871d95914552c1051d181b4610569dff

SHA512
6ffd0d78ff31b436ccab4458a654e0b1960a6a7bdad84036509e9f4f3ff2d8109d9ca5b90b4821951f7b82fee6aa40c0b8a9b87eb2036c52bbbed42f91ddf225

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6344df42ebb86215fb954dc75cde7f9e

SHA1
39619b4d86a4af524096771753d1a3b37cb3d4b0

SHA256
31d65357ec3c3db7db332748c2a2dfa33f5aad7a0ca87a6c4b82a60cad126077

SHA512
76ed0aaafd6dbfa749ae207e8ed7c80f698f9a8f3f1e1fa691abb34d7daecc34f974ec43c496dba0fe7d6e628257e5880696d06f5c95c3ce23ae0ca738880bd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
11e97e57467d41e252849e62f3e5312c

SHA1
9b65a65cc0e3e565450e3a4d0dc4d12913a6d429

SHA256
2bc5e7db0494f1e00364e0b28c6a85b2ba0f914e4f260d72a49f09b49626ad5c

SHA512
eba3f5b092083a12d4841c5f854cee5a50d4fbb7aea49d378feff3f9991e5b193371604066db991180eee3775b20993fe837b65f216f92eca415fea8fcb3c8c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
294e17b7dd436a599c071b3b4b2543e4

SHA1
42212cc300cb5d0ff9d631983392ce3a8b735021

SHA256
c91caae3ca0a7dc4af954fa2a4ece7fd20ca16de8b1646fe8124d0d861e6d911

SHA512
bb6ba5703592fd8fe675bc9dd68413708bfefd70247506443d2384bc16d753ddfa224d7ddec58f520fae6ede04803798a648ac94a7e79317a180c2e194a97b98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
60dbb0994eb71e5e96ca13ee898669c6

SHA1
651bbd5130a424e0ab032cc47060f118a79e5535

SHA256
3d3880188b77161dd10cc5d6cdc4e160a9b55fa33abfbfcd996958dd9b70a662

SHA512
496f91137db7f3ef0555c65ee7e1d865f34690fde7300734d8a94f8b3c5dc044e060a2a10da0c6384cf3297e940c13f6b5f8ba729afb2711e3a67c42e7f64d9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a0e60a314507ade106d9ed813bbe5245

SHA1
0c35e11eff2f7d46128dbb849047e41353822c12

SHA256
2f97e4a56049d551f9cbfc16f40b070059d23c9f37f9a387fe0f84908dcca555

SHA512
77cf9b314c269f958acf0d8810f0d8bdacba24c86c973589d1e6f5f3421d581caa2fe123d6cdc9057c7685a1a598c5195070c4774d935761f9bcc7b2292cc83c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
463ae4961f70c01c1f7c4c7415714573

SHA1
31e407c8c0b74ffb0eeb13042ee8f59d4f2ae7c5

SHA256
f6f37243420bdd26445736e09d78068ff6beb71f2d1660dc259c257a04139140

SHA512
b0d3922cbe6d13dba1045ba5d7cf20aaff611f66d323eff4f3162d1b568a2c24cdb62230e680e9eb59cdf51f1df20b1738a524cbec434eb10c9a1e8ed910f7cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
3f445627d40153dacb6ab86b65de7230

SHA1
126e077603591e02cd768ae937d113be3bd29a2c

SHA256
15b29773e009dc45a3bbf368585459f9923d27b5070482aaff5c859a5431eee7

SHA512
93985dfd4fc902928e1e907208efb90bcfd8f61b91c3dec47043d260d379ea4a1d34910316a705c9fede79ca0711cf2ebe230d14d5191cae1a843bef92cd7ab3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
4e5261f3b94223badb64296733f005c4

SHA1
158f10a1fbb040653563ef07342e171136659e52

SHA256
49a4ea9338336fd00dec86ab62054570f2205d18be22937f3cc894b607c1cfcf

SHA512
01d5e3815a7c636c27c277638211afae62459a495e600d6bedf87bcbffe1178066c6c460525cd4221665a9312d73ab29937a18ed0df4e80e47a021e68b4f40da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6c6327daad19eb85b85df771908efa67

SHA1
76a40fa2d0ac41b0142fe72f0413d881e355f21d

SHA256
40cdfb02c5a17f032307496dd7819a5fdf2dc259fb80b460d30e55aaed56902a

SHA512
2a06ef0899f31ad18c9bcbf1a9f1b0b3cd212ae689517e521c6c0b2eaea9f005cee3feca74e5463fafb2e1df60e68d3b3cb032c48c574061d5b41f4db73a4b41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1eaf3d8c8a839d99acd95a4715bb0424

SHA1
3729a44377273ac1141bb1a9c631c3abc3513083

SHA256
2dc205569937876674225a47bd27565acc7fbe0113c24937137a34cbad1696ee

SHA512
7cc7cf2c059ebd47dd84ec43487990f9f2a16fc70769ba6a4791f5ee792f0e25565f360c9e0e4c89be637bbd1293e7cd2942ea6e90c1c62a7a7209a638c512f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
90ba4f050d33fe430efc043f3f2b2d7a

SHA1
3e7c35bd015049b61f2f5d160f372f77750229c6

SHA256
81c4145649c6fc10f901e435fefc8a7b0c7d8f1cb26ade130f0fc65e487bd78f

SHA512
544a81c20abc34d3c5cd02a3ce04faff5a530bd6f3870d4459aab39a77bd25091649fed169abc136822b053dd8572071ea57f8168aa7dca689bb88c692430d31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b2029dada83e364eff1bdb8b744bbc4c

SHA1
336513cffecbb2101491f174d88181fe3245af76

SHA256
8d6463c6225e79bed5acd433022985bb3ec7b50e78c5905efef062d653513c2f

SHA512
1f01df83c41684363bbacc2a3010865e7d2848f86ecfd74a76719bf9474c6ec5c80b18e99c3b73c0eb11df6d699d6a3c4f247b234cab269f8ee89af69fc6369d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f24882135e51694adc3b04697c8637a0

SHA1
23096d00f660afdd67281b18e05fc3697e3a3da9

SHA256
950f914d4ab1a51f5144200d4b62ca763b9543294f8c359b611ca2b474e481cc

SHA512
e303e847aca3fdfa53802450602c232c618c9b7d605b8f04c30982031689ca825bb451ae06b7529834299cb5af02196b791cccb73f161fdb27f438c24dd0f525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
b6bac17110a2990d099a6a431b1d0bc2

SHA1
79bc2643d8a9e0d945fe3dc08dbf2f0a6bc72696

SHA256
f62cc3f3e3693840342bfcf738541c83adb60c946c24c7b65d27856a514205f7

SHA512
4e7924b9ecf8bd061ef19d10a6e041e9682f632f7c82fb578e9913df76771e7c15041cedf8fd2ba29a75ea6cd52886583b3314a0c3e05eb2eb75395ba5116ee0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
ef3016f58ba54d651768256fd39fc324

SHA1
0b618fc7af80bc55069620f2359c9251bcd8da3c

SHA256
196347f3c5333506c7f1df9f89802f7aa45b3395502480eb8bef88d33dace5f5

SHA512
80efadf21b277aa86faaa1398bd15d704f2c852c69c4abfb11d09059754db643132d4edfd63df5929709c2c9f584368a770278dd27084e6eb44a62dea84f7892

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
216KB

MD5
d29550c78cc6fcfc734df782a1ecefca

SHA1
a87eda1171b4d572d90dc57ea70b8ad19332a8ad

SHA256
611a15aea04780d9e593d1158629ad5dd61cbdfdce38d76f7b0f5c4ec6e8b516

SHA512
b39563d4ba7c9612f7bb58b2ddc7e275b0ddc62da9aab4c5d589a58a3216bfc7a3a087508037cbf4fcbdbe23d6eab9973153e204c06ccfeb1a1c04cad603afa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
110KB

MD5
8b6c90e1bcb1f915db5dee6ef0126b48

SHA1
985d9999f85d81b6cca654f5b4c8e0e4ff504ac8

SHA256
49ba132777f9eec420b6ba25d78defe35072fd59d8e155c239a56a7da10f4e5b

SHA512
33cc77adb5ced9003dd38a8d00a487f99a502f20d1e34a64ddedf21e989b0e1065329c14e0d3550a0334b51f5f889b64ba9fd29e3f272690d034e431e4f1db91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
75KB

MD5
00d25f1191ada167e46538e8006cc0c0

SHA1
8fbaa5ef8579fa30f892bf2de2e265821f7c07ce

SHA256
bbf3284b05b1d2b214102133fddea050da829e4c2d9d90a3f2080216af30dcde

SHA512
aa67e8f8bb2f31332b6c0e6f5844137560a58ceba41bfbb0a3a7579e5db7dda4619da8940aa78335be48f4a188e4a32df0e3cc68a7b2b79df676520f59791943

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c3d07706-d44c-4ee4-9b68-9db4f54dcf18.tmp

Filesize
217KB

MD5
85e2a43e3662fab0d2d69c60365d1641

SHA1
b35d99bd44a9612be0f0327f269f1669e30e7a33

SHA256
f648e614ccce36125a9e7fafc3cb48f237ce4df7a2a30fc108bba5cbae6669ae

SHA512
494edd2bb76cc274afef78b7951ffbe357e692ac04edead5952613f10d76af8eaad676d6790b0f933f15edcb383d98e87876635535026199b8dd03a07d92e354

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF70E.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF75F.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit