862cd7ab7c81b20a4e848888bc2493dda0181759c39958a42cc5c3d02dfb195a

Analysis

max time kernel
148s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 04:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FiveNightsatFreddys.exe
Size

220.7MB
MD5

d926fee3666c1c854a475a9766ad7ff7
SHA1

6459df8e4ae6d8b4dd77273f6337bd77874a8276
SHA256

862cd7ab7c81b20a4e848888bc2493dda0181759c39958a42cc5c3d02dfb195a
SHA512

0e5ff32ab864651e8dc54ca9488394d619316cf6bb1678f82cee758b0a5f973f3f436abeed1eac5dfbed6c7473c0d986cc317d0c8eaa34b4f98a1539440cec25
SSDEEP

6291456:f/aRHk3y95IDXNBvbYrQOKKtE8DDY+XA+WKqg4Zn4XEboaN0yG:f/a23y95OXzMQOK2dXA+TqJn4XEboaZG

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 9 IoCs

pid	Process
3560	FiveNightsatFreddys.exe
3560	FiveNightsatFreddys.exe
3560	FiveNightsatFreddys.exe
3560	FiveNightsatFreddys.exe
3560	FiveNightsatFreddys.exe
3560	FiveNightsatFreddys.exe
3560	FiveNightsatFreddys.exe
3560	FiveNightsatFreddys.exe
3560	FiveNightsatFreddys.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133512363623349867"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-768304381-2824894965-3840216961-1000\{7FECA293-4CE4-4000-B92A-0AD8E8176714}	svchost.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1936	OpenWith.exe
3560	FiveNightsatFreddys.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	1852	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1852	AUDIODG.EXE
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3560	FiveNightsatFreddys.exe
1936	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 912	2776	chrome.exe	102
PID 2776 wrote to memory of 912	2776	chrome.exe	102
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4724	2776	chrome.exe	103
PID 2776 wrote to memory of 4008	2776	chrome.exe	104
PID 2776 wrote to memory of 4008	2776	chrome.exe	104
PID 2776 wrote to memory of 1652	2776	chrome.exe	105
PID 2776 wrote to memory of 1652	2776	chrome.exe	105
PID 2776 wrote to memory of 1652	2776	chrome.exe	105
PID 2776 wrote to memory of 1652	2776	chrome.exe	105
PID 2776 wrote to memory of 1652	2776	chrome.exe	105
PID 2776 wrote to memory of 1652	2776	chrome.exe	105
PID 2776 wrote to memory of 1652	2776	chrome.exe	105
PID 2776 wrote to memory of 1652	2776	chrome.exe	105
PID 2776 wrote to memory of 1652	2776	chrome.exe	105
PID 2776 wrote to memory of 1652	2776	chrome.exe	105
PID 2776 wrote to memory of 1652	2776	chrome.exe	105
PID 2776 wrote to memory of 1652	2776	chrome.exe	105
PID 2776 wrote to memory of 1652	2776	chrome.exe	105
PID 2776 wrote to memory of 1652	2776	chrome.exe	105
PID 2776 wrote to memory of 1652	2776	chrome.exe	105
PID 2776 wrote to memory of 1652	2776	chrome.exe	105
PID 2776 wrote to memory of 1652	2776	chrome.exe	105
PID 2776 wrote to memory of 1652	2776	chrome.exe	105
PID 2776 wrote to memory of 1652	2776	chrome.exe	105
PID 2776 wrote to memory of 1652	2776	chrome.exe	105
PID 2776 wrote to memory of 1652	2776	chrome.exe	105
PID 2776 wrote to memory of 1652	2776	chrome.exe	105

C:\Users\Admin\AppData\Local\Temp\FiveNightsatFreddys.exe
"C:\Users\Admin\AppData\Local\Temp\FiveNightsatFreddys.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3560

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:3900

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:3432

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x470 0x478
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff918509758,0x7ff918509768,0x7ff918509778
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:2
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1732 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4560 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:1
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:8
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4952 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4924 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4788 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3816 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5468 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4840 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2776 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3744 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1712 --field-trial-handle=2100,i,8355433595726401309,11988653455287078920,131072 /prefetch:1
  2⤵
  PID:3392

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8c6f24c7-f77f-4049-b988-9dada7ff52df.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
263165b6637d00959c0d277164715606

SHA1
96b9d6878c0aef6993df1111f67e2ed01d6b1bf3

SHA256
6563de399acc4377f315a625b7a61e3ba7502b64759c18e4389fcb04faf9c6a5

SHA512
15798d41fb6513743730ab03eafb4ceb960d02520de60ed82fef8241a8279cfaed20052e7edeeb2214b134f626052dc0e6c78ded462679a4b59dc03ce4ceec00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
4c562c3a074efa3bca3b90278c225f26

SHA1
39318260740f7b62d5a1a30ed367cd9dcfcfab6f

SHA256
7f2cb6d6bd4fc033e8d88e600dbda60eea40d38924116ca81f25c849f5c762be

SHA512
d65818414a6d741995b358f7e30f7aa25ce936a44399427b1552bf72681704331dbf3431054da4d9b7d847b30b45abd9e55dd4910ea27d4b3609eadedc4d347b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8dab5fc910385cdf530a3b3d926476df

SHA1
741a0ff32028bea41558d0851b288124e71e8fe1

SHA256
01f22f1331c110c5b92e6e476346b8000384d6cdeec4c6b9950a52c437bb3f1d

SHA512
6b2b160750477c4a4b950c1ee0818a8cfdc7b813c73b2ad0db0d36fb1f9f42e7ffb05f7e4a33d4e8f0c15c5e87386309740cebe0b2330ac17e01643075797094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
957df2a8cff58071de65070c7147888a

SHA1
fc6fb4a40c95ab0b3fa2759c4e7cabdc008b80fd

SHA256
66ade233a420757a2ff67849ad5e5a5dd220717f2021590c51cc7f87524ac47d

SHA512
cd76963ac0eb959845477e246b7806905a85f70e6c4b024c4122d421b0dbb9ec571c5def3c3270d7b4505a4133143eb9953a88a8c4c92608bc7e7733dd104921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
70140c208bc3b7acb2991cb40658f18c

SHA1
fbd1cceac5586d0431f81c3bf53348ca60ca2a95

SHA256
e69f844ed5295568bbd103538a75f4841cce7ef4e6ac2bf4e59ac26c9f5c4220

SHA512
b63cc71f488751619cf01e27a7c28c8c2ba46f1e3522bcc8450a4440e8fe4a794d0884ed0fb2bf88e97da474a259e333a464c6a510bd830c23303edc2d33f83f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8b9233918145fa225b46fa21635e27dc

SHA1
bfb5094116565a3c04de4d2900953525f115b873

SHA256
964901f9ef256dcca83b0d083730d9ddb6ddd9a882482b766f6aa8559f9a6d51

SHA512
c05f41532c8ce99f006be11052144b1ab4a8c375a1866e7ff960375ca4b1d4e8c4ecdac9eae4ef7672336c8eaab1f896e0fa7f7b8e83fae5d547e8e97ea5a782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
826d14e77753be200d06f4131c994da0

SHA1
5b8d071dd5da0fade6976b42bb5954dbb6097fce

SHA256
53c6bfe3fb8d7b801c13bdbf4051f1567786eaf2a63bd29d89cfbf297661db23

SHA512
a007ce7b6a71a72c806e99063cf750c1e6027be246e3e60744840a78af2c8344f783272b14d377d62b8be9a96cf2e98e1f6b2d574e3f454b69ad1b0977f0883e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
60ec0647e8ecfd340bf2e7b1c5c1b76c

SHA1
5e08be140d35d2bfeff725195b6acc16ce9df4e8

SHA256
4da3ca6a1a8e7a57081dedb8fa70a9bf2b41fac7c3d2c45a0cb91e92dae6bb54

SHA512
9301b0fa3399c767b846cbac8252f8feffb707c40ee7cdf81b48b248d40d2c4b6aa05d6c7166359fc95eec0ea6522278bfc8c68ab192c8e5938f486518acd39b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d5aee44398474900d6bb8e36163bbdfb

SHA1
be3604c3d7ad3c60990d1aba5f0629ed7dd428b4

SHA256
bb9c1dcee47b9c815b1261117b62878462385752b75f7f22a53bcfb99591c409

SHA512
a70648e274c9b3491f565596748643e30f7ea28432530f23a889c338264a215360f333fe1598f962a6e741c5205417190e2fd8b91c2b17a2d72b232a10987a77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
75731a133054b06d72f1629176e1b132

SHA1
593647a278319558023ca58e362bc5a5ded50b4f

SHA256
f88e4ca99c1eaced10605ad6b607b7a6653e04bd529f87a3eae477a158c2be0c

SHA512
b1861099334448dcdf0dc3333f463103809d73e6f53ec6bfd782291bc2a67471b766922f6ee5940e393f542a74e1dd14a77646f44dba0ba64cdff681e63b7895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
5763f3d489506fb27bacd7b20fbe4642

SHA1
0a832de75a605646e535d87ea3778a6105c607d7

SHA256
91dbd92d7685f960516875afe82734f9cf4bfd43ddc0cf77181447cac52dc813

SHA512
7e4ee1d585b1071fe0c431d0b26e9fcedfcb0d815c073c578652bcebd321da67e679198c08299d647cde81dacd1323390de596db7b04befcb8ea6a7064b6f5b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe593cf0.TMP

Filesize
48B

MD5
ab080841637e3ce50c09bee88b0d7bef

SHA1
b1ef2ae6c5f1a7d36c7550e3672d872c171f9de5

SHA256
5f4e154a7dd0491ad94081eea5a3b5302843d4f2bdf401ba998daccc96678a53

SHA512
d5e8bf246eefbcc0f417fab107de99f5dd8ad5502ae38b366ace287a7770ea306dc546eb4835e29293958d2d466fc4ddeaa0c3aa93a4f90c5e70ee751cbd2d60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
a6507674a81bc99a17924c118f6b8eb9

SHA1
877bf83b0206bb083620c41fb6b4e4b2081d985b

SHA256
c9efb6fa7851a572a72dd86d2dbbf71c3f022c40d3eaf8c1d235e7680f94da18

SHA512
df1dddffe168d66f7f2fbfadc9ab9b8a90bd4f96d9151894c08a9490cd8e0e139935e3e4ace8f0212e58663f2039fcd755d1b30a7bd2814f01b3acff41e2602c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
f0dbf201a78ce94e645a184ba2ef0cf2

SHA1
0f4a7d8bfcdb84ecf767402c19ad62500097eded

SHA256
99b326c1c2f5b8a6772ecd84d93b7389eb9428da86627d1b2816e115c339bbc2

SHA512
f100f852029a5888d25bad585c88ef2f80795cfd1b45a8e622a736c7177266a9b4cfaa9d2f5af442cdda621723caecd0cda17a51272393e9fc280f28ebcbe605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
6fb486bfd296d4c2591e0b41b23aba8f

SHA1
304070b44000bd8f51f5a4c64a093a432048cfb4

SHA256
9c494d6675a6ceb041169990518cc0bbe402a0a185b7b55cb1bdc01ee4c3e521

SHA512
b6bab61306c3ba58e88e9af0d5665c5e4dd175cefaa3a5799b6f5f152aca7c205d25dac931057a505579110ec423d178bc7fc2276c6b5f032242cfcf9621dfd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
91b5f36b26c7f18911d5702a43c53b75

SHA1
88756927d08a4155486aff0673859024b06d9468

SHA256
8cd7074f8783e7e3967d692d649fffe0292bd3170ece7109f59449f5fbf0c3f9

SHA512
a1c771e2dbc7b67a3610a5c2bc115c21e428ba16559063554b2d28029cd5eda42020d8643f6b9176ccbea0fbf7bf3f5374f1f9d4ef8254e5632c1bd3485ef761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
0952877a74fc59d50d2f0c1ac5b4ecbb

SHA1
fe16504ce58c2b6dd118edaf7ddd901c5571540b

SHA256
46b77025bb1297b4b32f83b1edf1a862fe3e018de69753883eeb84d653d80463

SHA512
31cd8fb0e0083d6bd1b80921c977d1ac258b1b16f14a7a5062e9ad8c367fa1bcaddfd09c4402ac539ee9984e2da3ce91d5b2e8708034feeed4b24523845a42f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
1235c9a8a25f34609b2fcded457b5c7f

SHA1
3b1060496a13590ce233578fb3b651583141d0ca

SHA256
cb1e30c0c22a855a1d54f2f78429aee5b38c8bda1debc5c983d271f89fac6383

SHA512
c4c6e9a1ebd87c04cda4d2dd7774e2bd31d5e079b12cc7925e1645815b104f7609e511a1ff137a25c0f89d30a1a3d0b1c9ee2fe7d92a83a9b083e0a9950ec6f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
349cb7116bcc19cc4aad36f667eb97eb

SHA1
23cb10b068391f07e6b0e8ea6c8c3cb41cfaf7b7

SHA256
a7baa0fb16a7ea7123c92c34b19f2be3e3fbe32aafee994cf80f917ea0203bba

SHA512
c5f9c56cd91ef5e961ff2aceb7b78cbc6462e8979b852acea94623adbf4ab66c38d7dd3ec1b355898a9cec907dd1afe8d7c7c4bd94ab81f31ccb7e97c4c51020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe587143.TMP

Filesize
98KB

MD5
7d40f804a24435b01fe0a7e7e8f98d53

SHA1
c568236f0e3e52f6451fbbcd0d7dc7296799bcac

SHA256
9357f55ef10833205c7dcd7cbb07743232088f12f47d00111740b70f420b1b64

SHA512
0f67485334e1aa58ef8f6b21ffbbe151a654f5de3cda897bca74d154c334c0248af71f86340f48a287a8104c26dc3dc9ce08777b2c125b56b1eb761c0455b62d

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60EC.tmp\Perspective.mfx

Filesize
15KB

MD5
9f064bdcb066daa428db0ed9e33e785d

SHA1
3c0df73cf247ce49d1010fe0e2f722424fe43f4f

SHA256
090925a4cd961f22b1ecd2fba4ce04ab063e26507a1dc09b1d6a40c4860a8777

SHA512
4a510ce13c379e8cb5ccb9f9c69e28e9440f48156c8c4c1fef6987495cace7c028d45530ac961f47786e8f503f90c54310cb1ccf43d7fd584506461c1bd616d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60EC.tmp\cctrans.dll

Filesize
64KB

MD5
a20165b7e7dfee46a59e48c175523af0

SHA1
6ed627806753d11e1a121689369668294d15be74

SHA256
cba1c0fa69bc6b106408d06878390a5699cd2b25adfed1a2610ee01ae2524cbe

SHA512
a9295b814fe77aa4ba4dec5cbed790858852f775799fe9da01bf07d67fa294d4ca1c5a68c9255c3fb716d0dbeb8b5a5ea38b8ec72263f40957beafe7bf323cd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60EC.tmp\kcclock.mfx

Filesize
36KB

MD5
35fa0df588606e5a382e7c155b28d0ff

SHA1
0552d9a6124b11d3ccea7ff8170b3a84c2afd0a7

SHA256
d320a4aeb6940a6a8589a99e5e16abb086e96c4c3376fdf4f066c0e125302247

SHA512
0421292d49fcf3bc87091f52fdc6def36cf7ace90123ee16289e6893c57d8ff23b72c8e9ad2261b9267c7c13f9de9d8c38246d6d68d3bad97c8967470d81ef64

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60EC.tmp\kcini.mfx

Filesize
28KB

MD5
5522465eba7c81f1fb67d6ad1a5df233

SHA1
0ec415bfaa9db6984cf922d5503d9fde67d0b3e2

SHA256
82c4f5af3c25a8daf60185833d3d61f2e8e2851ad640b59af54060eab6bc859e

SHA512
30d0ed91bf072e7b7367a708eb6a7d92cc0f326249ffdd44a0d94c3b8feb37b38387141c88add61a578393a186e9fb379d42ab0018aa14e917705e4344233f6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60EC.tmp\mmf2d3d9.dll

Filesize
1.1MB

MD5
22284d6bb382967ff72363f828050e13

SHA1
5c98e25d24aacafffded9353c9526be0128c6dbd

SHA256
9eaa342059785bd584df956574c637e6d0e6016a099221a56e0397f8c86cd93f

SHA512
2e5a5bf115b1d2a07d0647b6f4925ab84301ca6354e3f3beb8d44f51900ff21b06b97b23128160fd94dfd33116d03094ca47c49143ae98473eaaed441f9705b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60EC.tmp\mmfs2.dll

Filesize
459KB

MD5
4cf7bb74d8104280b7e986f4df21109d

SHA1
edc21a43136afddbf4786593e84b934d40591b74

SHA256
c0d56cefb509e5600ac6b430adcaf53b81881d3fff4e62b7ede158d66d826622

SHA512
2bbac48354657659795697e67508d777ee595348e1fb3d4b6c65d8618c346b3be0052b1e2e2fe669dcca19c3c00d59d1833acc21d88a97efbde2694935e3c292

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60EC.tmp\waveflt.sft

Filesize
8KB

MD5
f76739536860a0bdb4a7e3bbb0c06d08

SHA1
b21581aa36eda87db8845caf58c668749e26b29f

SHA256
41136b09b033a20b9acc430620ea095ff76afbdc7aebe7f26f7d2b4315afddef

SHA512
6e65f23a4c1e3b0068b190f9aaaedcfa0466b0185cd6bbafa5f6f6940c8bc332e7c8c611d1b3b63bb2c5fcda48bbe2a678d81a3819940ecc0c701d6fec4194c7

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/3560-41-0x0000000008330000-0x0000000008340000-memory.dmp

Filesize
64KB

Download