67585fab3642bc808c1acf81773a953a612b6483adb67ed0a6456939eb9583d4

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

blank-blank.apk
Size

201KB
MD5

77d29bcdf2915579df1b4d7747e044cb
SHA1

c34b71072951621c4e1d8a52166a233d78dcd77e
SHA256

67585fab3642bc808c1acf81773a953a612b6483adb67ed0a6456939eb9583d4
SHA512

8906875ad9d5fda18b53bfe07968c61f6561f2c032947203c94fb29cda0b520bc368a8ea35e75a1931bd9565940e02c289a4e95b47336b5babfa29eeb81e1f08
SSDEEP

3072:5s+D4MHCy0Ahq5u3gviG9flAT3ZxVT/3eJ7fxuPK5:ZD4MHjs+GITv5uRf

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-910440534-423636034-2318342392-1000\{463C00F5-C24B-4C3E-9FCD-C8FCA3A303A6}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1132	chrome.exe
1132	chrome.exe
3408	chrome.exe
3408	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
776	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1132 wrote to memory of 220	1132	chrome.exe	90
PID 1132 wrote to memory of 220	1132	chrome.exe	90
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 2060	1132	chrome.exe	92
PID 1132 wrote to memory of 3660	1132	chrome.exe	94
PID 1132 wrote to memory of 3660	1132	chrome.exe	94
PID 1132 wrote to memory of 1428	1132	chrome.exe	93
PID 1132 wrote to memory of 1428	1132	chrome.exe	93
PID 1132 wrote to memory of 1428	1132	chrome.exe	93
PID 1132 wrote to memory of 1428	1132	chrome.exe	93
PID 1132 wrote to memory of 1428	1132	chrome.exe	93
PID 1132 wrote to memory of 1428	1132	chrome.exe	93
PID 1132 wrote to memory of 1428	1132	chrome.exe	93
PID 1132 wrote to memory of 1428	1132	chrome.exe	93
PID 1132 wrote to memory of 1428	1132	chrome.exe	93
PID 1132 wrote to memory of 1428	1132	chrome.exe	93
PID 1132 wrote to memory of 1428	1132	chrome.exe	93
PID 1132 wrote to memory of 1428	1132	chrome.exe	93
PID 1132 wrote to memory of 1428	1132	chrome.exe	93
PID 1132 wrote to memory of 1428	1132	chrome.exe	93
PID 1132 wrote to memory of 1428	1132	chrome.exe	93
PID 1132 wrote to memory of 1428	1132	chrome.exe	93
PID 1132 wrote to memory of 1428	1132	chrome.exe	93
PID 1132 wrote to memory of 1428	1132	chrome.exe	93
PID 1132 wrote to memory of 1428	1132	chrome.exe	93
PID 1132 wrote to memory of 1428	1132	chrome.exe	93
PID 1132 wrote to memory of 1428	1132	chrome.exe	93
PID 1132 wrote to memory of 1428	1132	chrome.exe	93

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\blank-blank.apk
1⤵
- Modifies registry class
PID:3040

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1b659758,0x7ffa1b659768,0x7ffa1b659778
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1868,i,3755705006022861679,17566119263237084968,131072 /prefetch:2
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1868,i,3755705006022861679,17566119263237084968,131072 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1868,i,3755705006022861679,17566119263237084968,131072 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1868,i,3755705006022861679,17566119263237084968,131072 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1868,i,3755705006022861679,17566119263237084968,131072 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4632 --field-trial-handle=1868,i,3755705006022861679,17566119263237084968,131072 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1868,i,3755705006022861679,17566119263237084968,131072 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1868,i,3755705006022861679,17566119263237084968,131072 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5016 --field-trial-handle=1868,i,3755705006022861679,17566119263237084968,131072 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5532 --field-trial-handle=1868,i,3755705006022861679,17566119263237084968,131072 /prefetch:1
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2248 --field-trial-handle=1868,i,3755705006022861679,17566119263237084968,131072 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2948 --field-trial-handle=1868,i,3755705006022861679,17566119263237084968,131072 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3760 --field-trial-handle=1868,i,3755705006022861679,17566119263237084968,131072 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=852 --field-trial-handle=1868,i,3755705006022861679,17566119263237084968,131072 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5520 --field-trial-handle=1868,i,3755705006022861679,17566119263237084968,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2264 --field-trial-handle=1868,i,3755705006022861679,17566119263237084968,131072 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5420 --field-trial-handle=1868,i,3755705006022861679,17566119263237084968,131072 /prefetch:1
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1868,i,3755705006022861679,17566119263237084968,131072 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6084 --field-trial-handle=1868,i,3755705006022861679,17566119263237084968,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4084 --field-trial-handle=1868,i,3755705006022861679,17566119263237084968,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5932 --field-trial-handle=1868,i,3755705006022861679,17566119263237084968,131072 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4628 --field-trial-handle=1868,i,3755705006022861679,17566119263237084968,131072 /prefetch:1
  2⤵
  PID:2724

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
a53b9c56906b3fbc45fe5199dc506c9f

SHA1
3755884ac941067f5341090b1973bdbfdea69cc9

SHA256
f454032d936d965e93e8d06600fff432983b826b7b5e7db1d2f6db7955e4d966

SHA512
9625ee68bf155ee12afe8c69f5352e8211f146b9647d31cf9d09f539d99b9434ff3cbd7a0d92855939fca7a5751f21964ce39414a52a7136ddeb3d643aaa3e69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
d12b59ae909e56da79f28b4e56f0b07b

SHA1
70e6d1b94a42b4954dee13ee6cc65ceb88d6f01b

SHA256
e81d141d12efd864475840c027df44794c9f021cbe62842aa03d2acd9a416d29

SHA512
f253a2584695b168930ca8afbd8c3622a8c83f15c06980efcf23a7b17b8862514f3f4a94b5a852592b20d5a2615d7361b4471b313e19d3afed4a7ea248a1e76d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8e91c375435d6a52eec7bfab7edab32c

SHA1
a1b6f3e8942685ba777cd6a98693ad24d48007d5

SHA256
2c7f45b12bac592a476975867aa96e817152bc7f866fb34fa7c9a75155661c04

SHA512
7e26f40ac4f2a546b7047d275ad45b779a4175849089088e13ae26ad9c51dd31c41e2cd88fda2f8aebe54612388b4b27752f9aef361afd6fb2e763933b80acd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
df6b836ff000ee6e7358a0a9ab81e2d3

SHA1
0fe08ea543694b1f1e627418eb706dce74b4cf84

SHA256
2cbdf3b44fed3d76cf4aed775559dbe3287945fce15e92314a279bed59751a4f

SHA512
59fdac7eed7e53df99056ea73ce2e5c165e7adec244ac7f9607f34fbe8b6ce1553f2c97aa7469d8650cf3e7710592e9ea6b45343307898681063ce40ccf08b8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
716335a0823995c1bfd2fd729ec7ab93

SHA1
984cf6be3166753604814dee48d999aa92291e74

SHA256
ed1d9bc56ff53ae5643ca5f4f53698a17b528c60b95482719881f3439f0e7e6e

SHA512
855358adbe06b0d767f8488b18ff17beaeccc956432f9b812b66f11550f015ce4170a19fedb558b3b00d6f0b02e1ecfb514ac6566c99f1d6326ea3cfada10a39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c6a03b5c4827b1569fbdeca886387f8e

SHA1
47bfa1f46560ca0d5506f1c58fe0299ec593708f

SHA256
a32f1147200f0ecc2a6f4be2029efb76e298582cb0815ba41090d7cacab02c2a

SHA512
3916604a131738aad844694d574260618783162b12a2699db0e67c9ca0361f7b41a50e880e5bf60a2a5decd7fe9d87e460fbe2ace351be6baa4f895fa19b0b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
18ebb0a642f19fa4c3dd3ad1f4a340ba

SHA1
63328adf6d9a0de15e23b0db3ea4425d0f866aab

SHA256
6fceb28fcf0bb4333fcf4ee338c0e9365bfdbed67a276e3c6aaf4017349450cb

SHA512
180068f8d1b391e7fafd6ce2d7da9a7926a716c8538977f6f1605bbed57057d2bf3fa053aaf0064714a0a7cf2554fe9b6d4c54586d5af66239765aacd1456c9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
124fef81ac89944c7a8ec091b523733f

SHA1
9c47467221cb24cb728a704492fa5eaaa6fe04c1

SHA256
ce9defbb8c168b41beaa6db1c5f6de48c0bf7e8c86faf60608036462089f4a54

SHA512
a7b082f1f4dd4fa1f49ea46674d2637474a28c39e5a801dae4d6dc028ffa51de4871e8d949e246263bca24874d0043e5f8f8096f7c59998dc2eb803f4c31005f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f44f7c017efd06c3550a8131d6ece2fd

SHA1
4c79b4902e4e5e895ab7d8cc99cbe16eaa30768b

SHA256
84c9b82d6fd83e6745d1f9650824a04354eeaf6968f7f404c116a54540618800

SHA512
fc4c53bbd779eb14b861fed40786ac80e5b1aa2c1484eb6eb8da0de9ad80d3309e2014e6f53dc0531f7d650d12a6eef8406c3f61fc321e65ce40cc1a469ff117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
616d4018ab3fe9f589aa89b1569b457a

SHA1
23e2e9e422bdb4f8fe366532e45a27dc7db29533

SHA256
1304f327517462860678a7555bc147e75929e788aa815a0274bb1919d5e43250

SHA512
9bb566e51c098483c8bdffa06e58f6a76df550b7477c290165a6cd31cf688a19839d625013174ad517067127fe80f6afc6d0134c1ded10060a0421e7123e3d62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1f44da0f7f6778eff1e374a79ff08079

SHA1
8f5bcd4fc7cabd74e0f3b79a4bdfb448da55e9d8

SHA256
23eda4d981f8916c6cb7912c0e53e475c7767bda1b0e3d79986c74e70231d9b9

SHA512
3837f08efb32c011e835a4f1efce088a86fd033dd7ddf0719d4ae8b901ed51643e8f3b7be2f3a7ad5f6e3eee61b361ee266cc6f69e78c67a62983e2c9fc16fa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
89e58e589710e97c12577728ce5dccb7

SHA1
decd28134259cfa5e5588060b07ed4c2ac7f810b

SHA256
051348ce2a40b6159f062cd26d03b7a4943c053e62e90cef79237a52feeb1ebd

SHA512
f418cf5a7e7ad50988cfbd40ff3b3caea2c9f9e156e6f651d73355d3989bdac6c7e9d3704d291253c541c7bebe06d0d6cc61b46b1f3348dd7426778a689243b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2ae1e5f916c6117b2c5f5112bb904a0b

SHA1
b42b63724dc157d8a1763201f51d6d1f994c5d42

SHA256
3529742e84e848991920b7ab39fd4835d14854bea6e5e9ed55f369dff11c059d

SHA512
71a4a81f7737833d2e5cc2b0b1f47a87348e55b532389ba29013322f57c58d0085872979d599bb28442683e89ba4eeee70755b6693c9220fada79a57cdb6cbd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
dba8bdc1cf60c182218de5e496f5ebcf

SHA1
b6cd6b8df0b3940231dd3e48036b46537ba5630c

SHA256
8c6ddbb9160b5ba033a5cc40f68e9a4e19ebb5a334057da22502640fcfb8bb6e

SHA512
00fa0b57d99ee307a2b780eeb8144c36f5b648d2b44865615ce18b1128644e6ad9afd94d941f4b3091c7ce505e2490aff584c81902ac8eac37eed54ab257534d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
bcdcf846f8d91f3ff8d4d09b8ace2945

SHA1
3e34ac789b76c36ded73204d3b2bdee4aca34bdc

SHA256
ead9149dbd75be7dffce0ac15afc923dfe63666e183a141c2c23e1a4b10772a4

SHA512
4e1d79436a32f54220b40c40f1ddb0f223cf3353de6156785032ec06b34014342fcf9d9c921b6d5bae87f5cd323a47d9712fbf871f8456b9ff724095df5527fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
4228e1271aef63c7bf736dfc8f51ba0a

SHA1
80a5543cbea7042b04554313d09bce7751ef3851

SHA256
ea3ce62307ae070967ef06fc762ee525735a9c364be9aa9490b5a54fd3ada686

SHA512
1d8210f4924f687fbd02730450881f6f5526f99a033944077f2331f658bad1b0067a946775d5fcf5ec2cfa3b8c857e043c7fe3275f7d8f2c6609df7753de11d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
b5d0ff72951fa1364a27b844fe14084f

SHA1
e13cc0133253f530a3b58febefcd387a59df9cc4

SHA256
e3e0a08bef0f8f854c4ae65b3ef50e2cbd29847c16a15c8fdc07e362bbfcbe36

SHA512
4908c6fe08596d2af3b515200fa5282fe64d56ce83fa0dcf3ee8eddf4de1e9bb7f264f2128b6fa7eec200c033230d7d39984ed38432280901dbc17842ccdc691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58bce2.TMP

Filesize
96KB

MD5
b94c301e5c87cb1bc636b7faf69452fc

SHA1
dae654b89f723b0bd204b9abac6720d84ad7a858

SHA256
ac17c4c4f6e6c35d70043da57b7b81b3e6de8ecd1b7ac1516aefbaa0fd1b8599

SHA512
ce002271e980bdce9637bb3939d498a624f6819c7f5bb3fae000fbec37dfc2c28847fdbc1d9483a4a85dc98be06f0319f89664dd67ff33b15f735b7b88cb316b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit