13028165183331829238c7eaa05a5dbfddf101fadfb77fdf66e1d839aee2e30d

Analysis

max time kernel
299s
max time network
296s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
14-02-2024 14:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

s-0ddffd05904987e2030c1b6dc2de7bb39a418308.png
Size

443KB
MD5

3e3522fe72903ef21eb45e14cbd7078f
SHA1

1be921b4a070f320e4cacdc14cb53fca738a5921
SHA256

13028165183331829238c7eaa05a5dbfddf101fadfb77fdf66e1d839aee2e30d
SHA512

79e7304f9f6eb2e6270574884961d1cfa36f320c9fc3d64ab24b8b71053d450cf258383326faca7fdcc7c29b6348cd1dcfca19aae61f6df324f5780eacaf4986
SSDEEP

12288:bh9AfwsiuaLeyp5q2+rXId/IhJKLRB5IIrYMPF2RNf7R:b0wxuaLeyzAId/IhEJYMGNf7R

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133523930837962570"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5380	chrome.exe
5380	chrome.exe
3832	chrome.exe
3832	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5380 wrote to memory of 2360	5380	chrome.exe	87
PID 5380 wrote to memory of 2360	5380	chrome.exe	87
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 348	5380	chrome.exe	92
PID 5380 wrote to memory of 5268	5380	chrome.exe	89
PID 5380 wrote to memory of 5268	5380	chrome.exe	89
PID 5380 wrote to memory of 5148	5380	chrome.exe	90
PID 5380 wrote to memory of 5148	5380	chrome.exe	90
PID 5380 wrote to memory of 5148	5380	chrome.exe	90
PID 5380 wrote to memory of 5148	5380	chrome.exe	90
PID 5380 wrote to memory of 5148	5380	chrome.exe	90
PID 5380 wrote to memory of 5148	5380	chrome.exe	90
PID 5380 wrote to memory of 5148	5380	chrome.exe	90
PID 5380 wrote to memory of 5148	5380	chrome.exe	90
PID 5380 wrote to memory of 5148	5380	chrome.exe	90
PID 5380 wrote to memory of 5148	5380	chrome.exe	90
PID 5380 wrote to memory of 5148	5380	chrome.exe	90
PID 5380 wrote to memory of 5148	5380	chrome.exe	90
PID 5380 wrote to memory of 5148	5380	chrome.exe	90
PID 5380 wrote to memory of 5148	5380	chrome.exe	90
PID 5380 wrote to memory of 5148	5380	chrome.exe	90
PID 5380 wrote to memory of 5148	5380	chrome.exe	90
PID 5380 wrote to memory of 5148	5380	chrome.exe	90
PID 5380 wrote to memory of 5148	5380	chrome.exe	90
PID 5380 wrote to memory of 5148	5380	chrome.exe	90
PID 5380 wrote to memory of 5148	5380	chrome.exe	90
PID 5380 wrote to memory of 5148	5380	chrome.exe	90
PID 5380 wrote to memory of 5148	5380	chrome.exe	90

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\s-0ddffd05904987e2030c1b6dc2de7bb39a418308.png
1⤵
PID:5680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc36789758,0x7ffc36789768,0x7ffc36789778
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1860,i,2725272462935572375,2574429214662179790,131072 /prefetch:8
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1860,i,2725272462935572375,2574429214662179790,131072 /prefetch:8
  2⤵
  PID:5148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1860,i,2725272462935572375,2574429214662179790,131072 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1860,i,2725272462935572375,2574429214662179790,131072 /prefetch:2
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2336 --field-trial-handle=1860,i,2725272462935572375,2574429214662179790,131072 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4616 --field-trial-handle=1860,i,2725272462935572375,2574429214662179790,131072 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4908 --field-trial-handle=1860,i,2725272462935572375,2574429214662179790,131072 /prefetch:1
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4916 --field-trial-handle=1860,i,2725272462935572375,2574429214662179790,131072 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 --field-trial-handle=1860,i,2725272462935572375,2574429214662179790,131072 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5752 --field-trial-handle=1860,i,2725272462935572375,2574429214662179790,131072 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 --field-trial-handle=1860,i,2725272462935572375,2574429214662179790,131072 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5504 --field-trial-handle=1860,i,2725272462935572375,2574429214662179790,131072 /prefetch:1
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5864 --field-trial-handle=1860,i,2725272462935572375,2574429214662179790,131072 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6048 --field-trial-handle=1860,i,2725272462935572375,2574429214662179790,131072 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4728 --field-trial-handle=1860,i,2725272462935572375,2574429214662179790,131072 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5264 --field-trial-handle=1860,i,2725272462935572375,2574429214662179790,131072 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 --field-trial-handle=1860,i,2725272462935572375,2574429214662179790,131072 /prefetch:8
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 --field-trial-handle=1860,i,2725272462935572375,2574429214662179790,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5060 --field-trial-handle=1860,i,2725272462935572375,2574429214662179790,131072 /prefetch:1
  2⤵
  PID:5220

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4736

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x308 0x4f4
1⤵
PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8126a7c7-9b5e-4442-a998-37dfacdbd3db.tmp

Filesize
6KB

MD5
f811c2c623ad01cf6e7dfff6e11e64cf

SHA1
40c25e2b02cc76a2c2658bebb364b35110aaed1b

SHA256
d7cfbd9b0474c59b3432e881caa7c5a1f103d59c4df19921b139f7b03f96abcc

SHA512
47f9c2b1f78617b67ee5a42375bd96f1362e2274e9d2d246964bee92d9c1b41f0b56033500f6b76143c70af8e0d5c48d4a3243c3b1a14e64dfb394e5426f53da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6ec451fe223571c65ce9ff00cfeb0445

SHA1
930a1eecc47fb48fe27275d9b7bd4452a996c2f9

SHA256
59708ff8cf6ee03e0c4178db176670229f0cb824547ee18028bcfece25855ce9

SHA512
356006ba04a1cb44ed576bed975bdeb0c898775721ecd3ef69549433c92e9bdcd329859608961cd1c38ebb30d7707bff24a3844d27b272142cc3341907c82116

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
00e7425cec151fd31cf96d4179bc725e

SHA1
8899349c33f0a5b056ec8240e5edadef21b071f8

SHA256
837d1c30b81bc9f6c05eb00a438c122b39a751f3bf8f4acc84833bd5c29f96bb

SHA512
7ad8cc8ca2a81e5211d9ce614864b10608e52a53b7f3d2f187642cce2d1d892810b41e54f150534d3c87d80ad43c8e9cc240b9395515c2035a426e6eeb9345d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
14b362f6b75a391247243adf2906ca1d

SHA1
52e27c8ce9413f63ee9739d03c6f665fda3e6b82

SHA256
6ca6a5fc6288351d93c9950f2a076990df5b73e8ab33c3a9f34ca26e3c0a8881

SHA512
e8b8e7430a4fc43ca69ca54dcf23cd29e3e160227b697b95885975ac9dd9637847cca6e11135b8031d241657467259613f6575712cad5fba66f9f417eba4c770

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9b669c3ecfcbaffce0d3b181c21ea6cd

SHA1
ad3ac354370cf8d830f9449bf0fc4d8fc7aac05c

SHA256
a5b92be4133a790cb3d268d594dcb426c35f7c5a92b59e41e7665a0e3659e107

SHA512
240adda3abd04599d76560a1fdaea5220d64b12c7526036dd2bdb0b905517f12e173afacb47b0d852d568ff023b0e8acab966b844248898c1ab884c4499252b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2e04d466fc9327777570c3d4df49b3ea

SHA1
9282bd6c6454fa6fc22ee1c51a2ede377014c05c

SHA256
b200f0e6cc4edef1fc97e06efe1eb813e920ac75bf25e8e7e3366f6745810e02

SHA512
d3af98551924e89ae1bd33ff6df01fc2137a6d7219b3ab718999a7bde5cdf53ac5e59464bb5b26f620efa69a67e3d81b2e26e80358726430581fd99fee15ba8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
239KB

MD5
64cd99fa997659e13f13824bce622683

SHA1
af3d3094b1b706e68049f2f73c1c38c0853b9719

SHA256
d8415dc778b6aa92ed98accd9a71d390dc123d3a0e6d897afae8967d5aa33982

SHA512
da9427b6ecf8d578393a01578d064adc01a5cc4e684215e9c9caa1ec1c0313bce9cd5cc7797d2bf65da07b6da19efbae9fa5f82d7ed9c617db7f7cdb72d83029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
38886ae7e13fceb07793a01fd2be90d1

SHA1
a0bff49d55d781445aa25cd2d2052f7ebe0cd678

SHA256
e9c6d8e51c656cadd75549e247cfb1a04d3ddcfcad1644efdcefc8b508218a3f

SHA512
779be310beca6b271c46cc172aac89dc3b25b135e65c989072f747798d05adb28243c98f298250fdd51cc95914b30b2e73ec2cae3ab1c5a032dfc32b735869aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5806d1.TMP

Filesize
101KB

MD5
2b32493d873cc035058779e297502c75

SHA1
50f56e7c05ad0102890aa64211815c0466431b42

SHA256
2d81e4762450b3ff9e14657b8ee368a72607a706d660dde59f57468fe557c498

SHA512
6cc0fc6806fa9f984aeed43518c4c8c6267e8450707c74a3bf27d905f24498229ffcab8ac0139377da35e73c6dfa6e3fd579b73eb6927f0555012f206b2465a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit