59770d273b35dad7df9347be86ba1fe198b540a1ba10030ea0b6e859603c110e

Analysis

max time kernel
1800s
max time network
1735s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2023 21:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a chambear.png
Size

194KB
MD5

62d4d8cdaa4a73469c7b315cc454ecfd
SHA1

4d79efa04b21eba7fb4160613aaa886571c7141c
SHA256

59770d273b35dad7df9347be86ba1fe198b540a1ba10030ea0b6e859603c110e
SHA512

7a55e6a4fb5966fcffc33f064e2dce510742b0358ec9feb8030e88974d9ba3fd953a8255f3d370875ec30c844aa1159c115deb95e16182958104bc60b5f0e474
SSDEEP

6144:Ey9ZpWbTKfp1joCNdVfB8vScqTNkY3j5CgUkLn:19jboufB869pXCgUkLn

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133453360218408900"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1204	chrome.exe
1204	chrome.exe
4348	chrome.exe
4348	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 2916	1204	chrome.exe	97
PID 1204 wrote to memory of 2916	1204	chrome.exe	97
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3388	1204	chrome.exe	98
PID 1204 wrote to memory of 3088	1204	chrome.exe	100
PID 1204 wrote to memory of 3088	1204	chrome.exe	100
PID 1204 wrote to memory of 2120	1204	chrome.exe	99
PID 1204 wrote to memory of 2120	1204	chrome.exe	99
PID 1204 wrote to memory of 2120	1204	chrome.exe	99
PID 1204 wrote to memory of 2120	1204	chrome.exe	99
PID 1204 wrote to memory of 2120	1204	chrome.exe	99
PID 1204 wrote to memory of 2120	1204	chrome.exe	99
PID 1204 wrote to memory of 2120	1204	chrome.exe	99
PID 1204 wrote to memory of 2120	1204	chrome.exe	99
PID 1204 wrote to memory of 2120	1204	chrome.exe	99
PID 1204 wrote to memory of 2120	1204	chrome.exe	99
PID 1204 wrote to memory of 2120	1204	chrome.exe	99
PID 1204 wrote to memory of 2120	1204	chrome.exe	99
PID 1204 wrote to memory of 2120	1204	chrome.exe	99
PID 1204 wrote to memory of 2120	1204	chrome.exe	99
PID 1204 wrote to memory of 2120	1204	chrome.exe	99
PID 1204 wrote to memory of 2120	1204	chrome.exe	99
PID 1204 wrote to memory of 2120	1204	chrome.exe	99
PID 1204 wrote to memory of 2120	1204	chrome.exe	99
PID 1204 wrote to memory of 2120	1204	chrome.exe	99
PID 1204 wrote to memory of 2120	1204	chrome.exe	99
PID 1204 wrote to memory of 2120	1204	chrome.exe	99
PID 1204 wrote to memory of 2120	1204	chrome.exe	99

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\a chambear.png"
1⤵
PID:4876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdf3289758,0x7ffdf3289768,0x7ffdf3289778
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1952,i,3352012438949652258,7460906033490144981,131072 /prefetch:2
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1952,i,3352012438949652258,7460906033490144981,131072 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1952,i,3352012438949652258,7460906033490144981,131072 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1952,i,3352012438949652258,7460906033490144981,131072 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3156 --field-trial-handle=1952,i,3352012438949652258,7460906033490144981,131072 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4692 --field-trial-handle=1952,i,3352012438949652258,7460906033490144981,131072 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1952,i,3352012438949652258,7460906033490144981,131072 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4968 --field-trial-handle=1952,i,3352012438949652258,7460906033490144981,131072 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5216 --field-trial-handle=1952,i,3352012438949652258,7460906033490144981,131072 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 --field-trial-handle=1952,i,3352012438949652258,7460906033490144981,131072 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 --field-trial-handle=1952,i,3352012438949652258,7460906033490144981,131072 /prefetch:8
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5100 --field-trial-handle=1952,i,3352012438949652258,7460906033490144981,131072 /prefetch:1
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2552 --field-trial-handle=1952,i,3352012438949652258,7460906033490144981,131072 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=1952,i,3352012438949652258,7460906033490144981,131072 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3192 --field-trial-handle=1952,i,3352012438949652258,7460906033490144981,131072 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1676 --field-trial-handle=1952,i,3352012438949652258,7460906033490144981,131072 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=968 --field-trial-handle=1952,i,3352012438949652258,7460906033490144981,131072 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5788 --field-trial-handle=1952,i,3352012438949652258,7460906033490144981,131072 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1876 --field-trial-handle=1952,i,3352012438949652258,7460906033490144981,131072 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5580 --field-trial-handle=1952,i,3352012438949652258,7460906033490144981,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4348

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2648

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x414 0x324
1⤵
PID:1152

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4884

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:4672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
a58aa7449f5947aa769e880aaabd7985

SHA1
33dae4fb3da3beeda4b8cbfd0b53683a01d27ab4

SHA256
dcd1e3805cd90c7fff0f18afd90c32dd861d57a3bc6decf8d2021eb18a0fed51

SHA512
52b3b2967c2292011bbe7ea51ce6bff317738e21434a9f891db8fcc7a9984ca2952964bd7e99e64b748309d10a7e34f7ff53d3d7dc561cd3663ba7dc95374322

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
28KB

MD5
68957d8d01658a4ef4f331df447a9533

SHA1
44c8b7f47166a0b7046bfa1377e98f5e6abc9c9d

SHA256
09c9483b6d9e3229fda3f4c24c711b8237e20fdacf371024ae685d097300d2c2

SHA512
bbbffae32f93a74682eafa2e9186670ad6ffbde2b36ef10a2f9f4c3b76c8b5f57c58693bc27bcd13c3e8680f66322cb8a9898197d69c32ce0866f481cce43b44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
6213058cc7532231325dbea2c4ea7c74

SHA1
bd01c48b8c14a367d6d8ee5633e62b05d33fada9

SHA256
81d88837b8fd1aa886639b0a726be1d5ae7a1926f6a76e7aac8e81d97e01ba45

SHA512
4e3fd51a2fde4b9a22a4cb86109dedc5ac870bb6efa1c9f5d467b76e4a88401efbcafaacfee07c0c0c73d2811c6abc0afc5aa9a69c72529f689c4a08e402e3b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
8a03f93c2da7d8cbe2461b73c2043955

SHA1
a7ae02974156c4d2396d277e940cc3ea31520880

SHA256
aa17f7b45d93ac58910a85a2cd991c8ff02fc9f64dbc4de7d651ccdb0b919025

SHA512
1f6a2f6c47eca69d1897e6965f26683675d33b2f9e3f3dc80eff814597339fd1458f1f7915b5370e38f1943e5f3f8daeb857daab631789529e024bf26e8d4586

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
81cb7e66545744b410f2ce196fbd422e

SHA1
e5c4f0dcbd4ed9583963974c28a3b2b56706426d

SHA256
c3f3b40f40a836e7d8f37125fc502c08a4d94a59b46175037188d068fa3df24c

SHA512
5b63af11e873283f8a563af53dd709f013231c96ba3426c59457f805da4d2755a3e249675736951e7eae05f141814e848525b8986ce48e70b6a2495bfc806124

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3d195e11b94fdce3642ab618a7568484

SHA1
18717f95c7eef740de40048d04b5cb16c0a4561d

SHA256
1e9ca5dc25a0ca9ac9e70b5de53a2965deaded63fe3a295bffede60be6c03b76

SHA512
51aed58607ea61fce720b85f539b2599926c7b902b2116b084912a3122a63996ed7d61749a89d079c4a0ce2108e301108ee06032aaf262eebae2cd6f04d7f8fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
43ee281c2c489e9f7852138537563b11

SHA1
3a1913ae20bf1591b37ba1559e8c65b09db25926

SHA256
adcd370ac48cf0f9968111069470e66c84d3365d7d0e3ad0d5c6916613767dde

SHA512
d58336fdc81e18c9f9a90e032a843dfa89da9cb04c3eb31f62381d98a0a45f9acc3e6d0417a3594d911a42ad01a049c2d977fb1f73c3c86a066114d589d49bfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
ce7191ebd594bf25bb91590333305d4e

SHA1
d33a139a292054634698573ce413714b4857ba1b

SHA256
d36f93a45d734b105502ff54b34a4ab37c93439dc3d243054695ec784b82d77b

SHA512
13746c060fdc45e4d3cb2f44a321e1bf624869ac8fa46bdd375b15b137c616cc29db92890b397ff1373bd4aef85c75bfe1eec43aeb770f2d965bfae0d7ec5651

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
f18829e415c16f1f42df065606bdadd8

SHA1
fa1ac72c1be69d83fd9d47aa89072ba04c4d6b5c

SHA256
f859614fd443a41ff4ebf45114ef99bcdd1bc30749a000ee5c39290cae1de843

SHA512
23b2fba8191f7947db5b76a5068905017d77e0e7e6d6bdf870051d37d329c961ba4c34e7a9a08fdb2685a1cd5ff663a73ebbc910dc0f269850dc8db9446bcbfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
4059cdd5fe3734398c69b87482c3bb00

SHA1
ad1ab744c4da5afa22a6df6f5c8f9e817e1ffe83

SHA256
dfecf14a21739387839c8889a710a13dd321a3b9738d0b13d06e1bcff8a8b140

SHA512
34a6d5d90c8bbda7a550b0ed760a84d4d0ef3a543aa1695c2d36a2d066eaba40e9abbdb2916dbea858168f332b2f085641bc47c9701c5c31d1f802b19e33425a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
b23a0c56b0d092976006ef2b18b04a73

SHA1
15921e365cd234cdd01d99e049762277d455189c

SHA256
2b82c5d087a5758c9545f1e81a11458fce49b7cfe56bb14c28f0e02b3a1d3186

SHA512
3e83faeb6e6c23f31672481bd073e8b580f3b0ae6a243577617907f10e448835444936b83a046317717b29a51e473447d31b69df5330638ecd28baf5fe08ae51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b601272fe2d26e966278f584cb1eb709

SHA1
a109668f1d1ca4f347112e568931e08b99d89675

SHA256
96d1197097917c5140d18080d60da9296b9131363a4b43083a0738b1652da698

SHA512
d8977a817b774dad9dcf56a23d2c74f1a73f65c43646db068a94ab8f001dc7aade79b557d9dccb8bdc423095524289592941293bd6435462f4b60e75df338bb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e6a0903299ccf449d2c7b5731cd51f45

SHA1
3475e730e74922304e981e793b93c6faf5d61b0e

SHA256
e9cb3df8f4204d7d39c53d8364e58442afbe62b3c00bd9de529e488e7fe45d29

SHA512
f3662a73915953d04f554dd774d9a87dd260484f81c7921fc3bc8e2a35c0498e3d7113852445a7540a4d96c8ecf113e6f1d281f85c2d804549c1784effcd4d83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a89aaf62cd56fcb8eab69159dfe0265f

SHA1
a3a4df322ec7d50ba6e5d8510bd89ccc73245b24

SHA256
9fa09d49c23186b6d3a427ed018b44241648bc65c551c3916a7aa37cb18b6a18

SHA512
549b2a2f8a67545407e46ccb900cd07dd3b5b936b99076aa9d6434b63850f697ed3054f16a152deed73ff7650fdfec5ee638852d7cd3ee2894672a081072b56a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d718ebe8a8f6d0fe3b25a2f9ecbddc6e

SHA1
5c62272092cf9d55047060c44d8b2bc7946d3c62

SHA256
04e1820b41bd27f15c0846b4a719e1aca00a2536888ee7525b612bc4b0919418

SHA512
9005e93596f6b8ba41d2393c08b8aa697f1a6b20f7fcc51840e4ba3fe3cbc4869886b9006d461d80c81372b2a851eb521390627306ecbbac2855685f446f2274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
cde1c8346d1eb7ce3126b49cd01d782f

SHA1
08370f6e88d2a14004b5a66c2f7086130fc0e950

SHA256
5709f454495e77e2a63199a7ae1bba6c1ecf77da6daa2ffd28e7d3b38e7d0994

SHA512
67961fade7d8df6a84f24560911ec2a1214022b213342666b120fd8418b3b7e86bcdf773c2c3d62bb494edc68b249cae9a86015a141418d1105b5751a8fcc186

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
894d6ebe023554bae42268174cb5590a

SHA1
08ae8c0a92a344bfaffb1b78df3261fdc2f849e7

SHA256
ab75c776c392acd1368048a79488b2a563ebc821bc7923565ba7fe3ec50d546a

SHA512
0a72484cc143b82e293c5e8f4cbe1525c7e7a934f3b11a39986882aca1dc945152f08fabfc4ef739d53610c57bbc6c7451298047ecc694501576ffd09244afce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
c07c28e8e020f1542c7436377d5e72a8

SHA1
2f0a52e61633faf42cc48f754ce013d1204e6e00

SHA256
73c15a88dfb135f6fcd490faf5b86d7580c96d9e59a4c895864e45676e672ef9

SHA512
2d80ab1037de22ec1e7db6fd3f0b8980990091c9b5907cf954cd7c7dd69bcc0b5714f7f862a854b7bb4c36678b9d0028c7bb94267adb0619c6890c3301ca153e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
95229dfe26f9aed3d08a07ba67e0bab8

SHA1
fc0a6e6ddbdd830d1e1b21136c08c3097c3213a9

SHA256
567918f5479ab1bcf1b77a40fbdeeb7728da27a012e0ede088b83970a5a28019

SHA512
0a0fdba60a4e5b06b5676ccab00b938fc10a8d37dfba095bef4888fe32616049e8e5d8a8372a2d2249d8ca965149bf8f573b67cebbf4de8c9d57e1c212b2706b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
d9c6558cd534b02de0a04cd207edb436

SHA1
d4c0fe95d8158dc39901a82b243ef748f8a11f0d

SHA256
e9b8192d23f36da2157af7a4b7587efb2ca69fb1b7450ffca0f298283f0200be

SHA512
ea349dedcf5371713a2d6a75a9c9c446e4d39cf20a9d958cc480c5267900c9209fb2b279243a4fd6bd9acd79aeeadf51e681efd38af71ca030a55fba8d402bd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58e4be.TMP

Filesize
97KB

MD5
6e886bafc1b99c47123c877d410518c4

SHA1
3bfaadc7efed551dda9e8ca66e0605a1b7775130

SHA256
1e7d6b19241014675704f081f2e838c6c3b14f415c8e4889d400e23de126d04d

SHA512
18d52c81b94a349675e3a46b7fca1ab531de7881ba2fbf29dff354470833463173a43a55e209a9673d5814dde94787e14d90b25241803075c2cd87e0a58f2057

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/4672-330-0x000001A065240000-0x000001A065250000-memory.dmp

Filesize
64KB

Download
memory/4672-362-0x000001A06D900000-0x000001A06D901000-memory.dmp

Filesize
4KB

Download
memory/4672-363-0x000001A06D920000-0x000001A06D921000-memory.dmp

Filesize
4KB

Download
memory/4672-364-0x000001A06D920000-0x000001A06D921000-memory.dmp

Filesize
4KB

Download
memory/4672-365-0x000001A06D920000-0x000001A06D921000-memory.dmp

Filesize
4KB

Download
memory/4672-366-0x000001A06D920000-0x000001A06D921000-memory.dmp

Filesize
4KB

Download
memory/4672-367-0x000001A06D920000-0x000001A06D921000-memory.dmp

Filesize
4KB

Download
memory/4672-368-0x000001A06D920000-0x000001A06D921000-memory.dmp

Filesize
4KB

Download
memory/4672-369-0x000001A06D920000-0x000001A06D921000-memory.dmp

Filesize
4KB

Download
memory/4672-370-0x000001A06D920000-0x000001A06D921000-memory.dmp

Filesize
4KB

Download
memory/4672-371-0x000001A06D920000-0x000001A06D921000-memory.dmp

Filesize
4KB

Download
memory/4672-372-0x000001A06D920000-0x000001A06D921000-memory.dmp

Filesize
4KB

Download
memory/4672-373-0x000001A06D550000-0x000001A06D551000-memory.dmp

Filesize
4KB

Download
memory/4672-374-0x000001A06D540000-0x000001A06D541000-memory.dmp

Filesize
4KB

Download
memory/4672-376-0x000001A06D550000-0x000001A06D551000-memory.dmp

Filesize
4KB

Download
memory/4672-379-0x000001A06D540000-0x000001A06D541000-memory.dmp

Filesize
4KB

Download
memory/4672-382-0x000001A06D480000-0x000001A06D481000-memory.dmp

Filesize
4KB

Download
memory/4672-346-0x000001A065340000-0x000001A065350000-memory.dmp

Filesize
64KB

Download
memory/4672-394-0x000001A06D680000-0x000001A06D681000-memory.dmp

Filesize
4KB

Download
memory/4672-396-0x000001A06D690000-0x000001A06D691000-memory.dmp

Filesize
4KB

Download
memory/4672-397-0x000001A06D690000-0x000001A06D691000-memory.dmp

Filesize
4KB

Download
memory/4672-398-0x000001A06D7A0000-0x000001A06D7A1000-memory.dmp

Filesize
4KB

Download