ae6434d516885984b2fbfb64c0523f790ea0cb3d2dd6f3afd63b0796917e956c

Analysis

max time kernel
99s
max time network
125s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
14/11/2023, 06:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ByGay/CED3D10Hook.dll
Size

128KB
MD5

43dac1f3ca6b48263029b348111e3255
SHA1

9e399fddc2a256292a07b5c3a16b1c8bdd8da5c1
SHA256

148f12445f11a50efbd23509139bf06a47d453e8514733b5a15868d10cc6e066
SHA512

6e77a429923b503fc08895995eb8817e36145169c2937dacc2da92b846f45101846e98191aeb4f0f2f13fff05d0836aa658f505a04208188278718166c5e3032
SSDEEP

1536:jRXPVJPMo10+PfXl/IRTlsfQstLh66crJWeWyPCUpfrCWV13P1+CUOEvCvOEMI7:BdJPMlMb1g6e0dU9rf3P7UObvOja

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe

Suspicious use of AdjustPrivilegeToken 28 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2272	2196	rundll32.exe	28
PID 2196 wrote to memory of 2272	2196	rundll32.exe	28
PID 2196 wrote to memory of 2272	2196	rundll32.exe	28
PID 2196 wrote to memory of 2272	2196	rundll32.exe	28
PID 2196 wrote to memory of 2272	2196	rundll32.exe	28
PID 2196 wrote to memory of 2272	2196	rundll32.exe	28
PID 2196 wrote to memory of 2272	2196	rundll32.exe	28
PID 2800 wrote to memory of 576	2800	chrome.exe	38
PID 2800 wrote to memory of 576	2800	chrome.exe	38
PID 2800 wrote to memory of 576	2800	chrome.exe	38
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2508	2800	chrome.exe	40
PID 2800 wrote to memory of 2024	2800	chrome.exe	41
PID 2800 wrote to memory of 2024	2800	chrome.exe	41
PID 2800 wrote to memory of 2024	2800	chrome.exe	41
PID 2800 wrote to memory of 2332	2800	chrome.exe	42
PID 2800 wrote to memory of 2332	2800	chrome.exe	42
PID 2800 wrote to memory of 2332	2800	chrome.exe	42
PID 2800 wrote to memory of 2332	2800	chrome.exe	42
PID 2800 wrote to memory of 2332	2800	chrome.exe	42
PID 2800 wrote to memory of 2332	2800	chrome.exe	42
PID 2800 wrote to memory of 2332	2800	chrome.exe	42
PID 2800 wrote to memory of 2332	2800	chrome.exe	42
PID 2800 wrote to memory of 2332	2800	chrome.exe	42
PID 2800 wrote to memory of 2332	2800	chrome.exe	42
PID 2800 wrote to memory of 2332	2800	chrome.exe	42
PID 2800 wrote to memory of 2332	2800	chrome.exe	42

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ByGay\CED3D10Hook.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ByGay\CED3D10Hook.dll,#1
  2⤵
  PID:2272

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1232

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\NewSend.rar
1⤵
- Modifies registry class
PID:276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef47c9758,0x7fef47c9768,0x7fef47c9778
  2⤵
  PID:576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:2
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2104 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1496 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:2
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2216 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3480 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3604 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3676 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3596 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3792 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3832 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3936 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3952 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4036 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4048 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4136 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4152 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4300 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4316 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4380 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3744 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4396 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3980 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4280 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3488 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3548 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3432 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=2516 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3516 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3736 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=3276 --field-trial-handle=1328,i,12369977728266860268,15172361130059368777,131072 /prefetch:1
  2⤵
  PID:2020

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\772aebb5-833a-4b6e-9300-b7049305deb5.tmp

Filesize
219KB

MD5
72e628126bb50bc8a88fd98e7073f3ee

SHA1
58fc80757dbbfa565c5e8e5e9a1ea048ac788f91

SHA256
ce375bd75650d61ac17bb72dd8dbfd79d523f05b326ddb84117188930a8862f9

SHA512
68afb84b95f484af2b6f2e42528ff119ddb50cf061fecddc510c28585e452566ff7a8a60eef807d0f3ae9f45d7588f6d4f72b4d7cf90a05f7d1bc83c0bf992ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\965b43b3-2d21-4315-9d87-253883a3d19e.tmp

Filesize
7KB

MD5
ed67047d3c5c8d179725686a4954f4bd

SHA1
75bcc2e7936488434bf4770c648ee32e4e9567f9

SHA256
ec1408096b815b8c09f70e2b76b20440ab6a9e0250c34dcea7004be57ca0e6e3

SHA512
3806b3481878a83bfd94b1aee63ad0ad356d3e6dbaa6c88a286391db812c3a2225386cf678d3467f9dbe921229fa91a33517bb17d799d00202cf9fc0ae0d2045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf77cde9.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
2e33165e20393c333f7efe81429b8574

SHA1
a5d10eb902b17929241bd192a8877ee1533fc4d2

SHA256
65c68f52988d4ce2b4f0e6dbf09f47854df5e14eea750eec8a5a64092d3e3aeb

SHA512
9d43c0df8c39fa672d20f0bf138b38df3026b34883fcd4705d9fb07846ddf4baf731f78c07c1f7aed171e030a578a3bbc5f3a0919ac62ba16aad7ea7a61532a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
53b245bf5071716896524dd7f5c0d528

SHA1
cd009587faaba09966503e12f5663adc8e537c64

SHA256
ed96b3f850ad0fc9dfa100828123373598bf5c802776ada280ac89a7c1dc6d0f

SHA512
f1aedd52400921f9b52c9be103f1bc3e305fd6b2ac79207b2186109bdafb6b705c47870e1fe6415ade6c1229edfbc0c9b0e05b79ee3c233341a4c1e33e2eac1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
759c23260b8b952015adabf0d9e96e59

SHA1
50e6edfccb3e37c2798714d60b720d0c37f17066

SHA256
9795aa6b095add49f68de8bcaf4522df712b51adcfd436345c91b6f6d13f5271

SHA512
a78830056ea96086d160d75c1e734c1e0fcfd32836894bd20ef4216ea31a10fe4b802d4eac9329a67590d78c45428d2ed9c9b00590ce0a8216704530a6a6de53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
d1f28d5c2d9ae96246429b7bc7e9e77d

SHA1
92f55a28424920beefe993dd48076ab41908a1ef

SHA256
09fb4ad70760d73143137367850d688505822a60bb57be714c4bc8b84df6db7a

SHA512
b8ac5aa882a9e7b3563b2856910117d090eceb73519efc35092a6e359a05496bb338dd4c1a00a9e96dba8faaff5c1392b4a80af8b7fc2bbe19a31b81bfe193d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
e2ae8725ae5727fac93b949f56cdb41a

SHA1
a58a9a7a8e13705200d8624fc298929701ad1a80

SHA256
60e962c560fa212a1d481fdbf5ad8bc0ca5cfe41726313d4c7eebce72fa42f0d

SHA512
8b8048c9d8b97381018cac8589466e5ce850f04ee6eddd2dde6851ba2a5b621fa587805d111d902c5f90d1e3f9dc5b4d76c0b51cf9117de860891cecdfdaeafc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
d56a116d84c365cc94f058b3c210997a

SHA1
4c4acba1cf3a59ed185525a4e1eee7ca87a0817d

SHA256
b6b29612a75c44e266a616c81f6a74c14d18243b7d4d232b455c3978befa796f

SHA512
12bab8b6d920a76d17e3f6178d05eccee9afc938b5880b85514cf56eba8a3974a8fccdb549264e89c0f98a7d02ac8b446ebd2ebe2d7893b2ee4f59c0cb58109c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
219KB

MD5
31a3f986eca0d76669f28e8b54dc9b16

SHA1
155bd7f23bab2eb1e6605863aa96708df2c0b6d7

SHA256
46cc7735bf71f87a343b8eca4369ff6553a9608dbca01855e24d8ca3a1d31213

SHA512
07755109931d5da4c7abb0ef512a6745608eb50067da9b832318096f49838608a4105a85b4e009d557e4e668f248e07b90ad532cc258c913767d510fbe5e5333

Download Submit