45bd2a14ac56f7a71d9c8b358cc0769972b5477edd1744e1f2085961558040a8

Resubmissions

24-02-2024 11:54

240224-n22eqsbf2y 5

24-02-2024 11:50

240224-nz4r3sag77 5

Analysis

max time kernel
144s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
24-02-2024 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoClicker.exe
Size

854KB
MD5

c500a7318204cc39a9e4b544fbf4f4ff
SHA1

f35013967cb5ff638491edb409eee863c5f8ada0
SHA256

45bd2a14ac56f7a71d9c8b358cc0769972b5477edd1744e1f2085961558040a8
SHA512

f57d2c6ad185bff1824ddfcdd1f8fea9da6a832c6ef421cbd8645b7ac78a9d5b4d0d321ebbf6559729d470c05ef579020bb2411fa361e9b0acf51e640e4e1580
SSDEEP

12288:maWzgMg7v3qnCiWErQohh0F49CJ8lnybQg9BFg9UmTRHlvh:haHMv6CGrjBnybQg+mmhJh

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133532490935994864"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4448	chrome.exe
4448	chrome.exe
128	chrome.exe
128	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4448 wrote to memory of 1308	4448	chrome.exe	84
PID 4448 wrote to memory of 1308	4448	chrome.exe	84
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 984	4448	chrome.exe	86
PID 4448 wrote to memory of 432	4448	chrome.exe	90
PID 4448 wrote to memory of 432	4448	chrome.exe	90
PID 4448 wrote to memory of 992	4448	chrome.exe	89
PID 4448 wrote to memory of 992	4448	chrome.exe	89
PID 4448 wrote to memory of 992	4448	chrome.exe	89
PID 4448 wrote to memory of 992	4448	chrome.exe	89
PID 4448 wrote to memory of 992	4448	chrome.exe	89
PID 4448 wrote to memory of 992	4448	chrome.exe	89
PID 4448 wrote to memory of 992	4448	chrome.exe	89
PID 4448 wrote to memory of 992	4448	chrome.exe	89
PID 4448 wrote to memory of 992	4448	chrome.exe	89
PID 4448 wrote to memory of 992	4448	chrome.exe	89
PID 4448 wrote to memory of 992	4448	chrome.exe	89
PID 4448 wrote to memory of 992	4448	chrome.exe	89
PID 4448 wrote to memory of 992	4448	chrome.exe	89
PID 4448 wrote to memory of 992	4448	chrome.exe	89
PID 4448 wrote to memory of 992	4448	chrome.exe	89
PID 4448 wrote to memory of 992	4448	chrome.exe	89
PID 4448 wrote to memory of 992	4448	chrome.exe	89
PID 4448 wrote to memory of 992	4448	chrome.exe	89
PID 4448 wrote to memory of 992	4448	chrome.exe	89
PID 4448 wrote to memory of 992	4448	chrome.exe	89
PID 4448 wrote to memory of 992	4448	chrome.exe	89
PID 4448 wrote to memory of 992	4448	chrome.exe	89

C:\Users\Admin\AppData\Local\Temp\AutoClicker.exe
"C:\Users\Admin\AppData\Local\Temp\AutoClicker.exe"
1⤵
PID:1276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc93679758,0x7ffc93679768,0x7ffc93679778
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:2
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3168 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:8
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:8
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5048 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:8
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5156 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3872 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5108 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5128 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4564 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:1
  2⤵
  PID:580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5316 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3536 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5512 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3292 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=880 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5168 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3792 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5348 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5224 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5660 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3756 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4604 --field-trial-handle=1792,i,8270319027625719313,8327736712755748961,131072 /prefetch:1
  2⤵
  PID:3576

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1896

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004C8
1⤵
PID:1408

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000066

Filesize
1017KB

MD5
9772277db7ab30e53d78db94331b2dd4

SHA1
ce4d6ab5388f24cdaeb79b6efe64640ec39e6356

SHA256
41e19d7305e37f1ac80e8ef8147c3b4a261b388d58c11c0866834afc098cabf3

SHA512
426643d8bc607395867c3f69846b84800f0f7cf4a99f5487c1c55ced9bb25eb642365fb9345934c29db9919c5f93887b40551bb43ea498b13aafc691c3204b3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006c

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
7752f34b2072e5c23786ffca772d80eb

SHA1
0978edfb1cc12a21cf88f69b971ad092b830420a

SHA256
88e8072a85fcf7f631ad1fdfbcade8114c9c593625a1f02f6a8bb154e1c7243f

SHA512
e9df2c4771eb417be84808a42f8facf2f3662743a95d94626d218062917722777fb01edc7d65a79ea26bd3c04fd9913a708c63c9f8ced3e722bffc60bc899a8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
369a94dd04fa328291676d4dfb9f70a5

SHA1
f0945fb286c1665b6e273ccf9e2e9e5079febb7e

SHA256
59148fe2721d145fddcc566b67c439dc0cd0c2f2b8a3caf6f05c9871856cb0fb

SHA512
bed043e437e35931ba361379f6376478706d64e7b048fea5ec3d765ae6c3a2c48b48c026ea7ec1db5ba6267479569f1b27766bcceb0cca50885aac124e74458d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
07b0502df2dd71328d85ec05ce92115a

SHA1
dfb050022b4b80a60799d98a8bd47e1bb1dcbfe7

SHA256
f32caa0e85d7f9af5d35fdf91aa04344a75117e3f6cf88790332f5ac9c87a1b2

SHA512
82619171fe2ff2a0bf49366c2627bfe9659dc036b9e2b690acc92da5c42ae27fcd6534ece5f756f2994151fb22b76865b9a729259e67e21ec3d020318a5c9d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b1d2b40adf8afc72526e66d723205bff

SHA1
3b2895f580d98b5ce97a1a9c8f9205c1c4690ac9

SHA256
cbe80d5b955430936195d3079ce8f0e941316fbf6b678d0c699709754930103a

SHA512
86ba946b0ad6281825314a718fd672abdf04c3db20b255d70c7c3d988f2172b152d3886516a5672bc9c5f52450d1be335004719afddbaa123c3c121fecf85c3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
f1f2d7aee4bcfc9124dc1d39c8e38cc2

SHA1
7aa37410f63f9bfc69fe7908df01acfd2f15dfc2

SHA256
afe73c8c17c865439a888d509c0a1f0217ae0b77f9071b41ff9bd10235ae8cfc

SHA512
204e1fa51e5538aada0fa27c2d4906decede8c055322ff7a67840e6136a91e024284edd6a93ae5ec43992a101571bf2ce554c69931c4bc0a10e7ef4bc7d7b6d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
578cff1da4b9876dc27bc3159588c824

SHA1
570343b8c6e49fed9f73934d9001da8673ead9f6

SHA256
4f5d2ba1c91f0d84984355eb5a0134562e4839846bc57d7613d7c26a2dc4efe6

SHA512
f522d84e304d0a18fe900f8c6438c0aace68d98386b9eba1f212800dee2a26e21d95ec8bb0155fa05beadab06b1251b66a764c6bfa412238ce49f4b051c321ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
a6e4b37ba4131e83a4fc3ce3d37dcc4e

SHA1
c51b647fc372e9b3f04f6a0b00edaeabb84590d9

SHA256
5c95edae6f48227f48d269b89425aef686a7653fc2a248433f40fe7d56e5bd91

SHA512
a9e3c6e1e4bdb903f643e7a6b06e36ca39b8e31ab3ffb85115f618fb3ef06d459efa8d7e7f18fef115f1534f363e8e3a14583323287fb032cd85075f875877f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d6c31704ccf6035f5c0f67e1af661e37

SHA1
aab2245d30e39332b619daf8d237fa21350f2cb8

SHA256
6f8b82da4b20340657dbbffd658bae664d0c34823cfdf41e24d02dc11d055963

SHA512
41ade7a7df8874dc9c231f9805ea1894972c8d4d7900ed9a3899d76667cc4cabdec3dbc02b6736eb3a536ba266dcce3f86bc74be2f22d41aaa6fdd10e92c931e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
ef35a80c9400b50f806f8c60ee4f869c

SHA1
6beea0c8dbcb7ddcf864e96a01bb34e224a91f90

SHA256
0eb7605e47ad01c823a589c8b80fa07a374e97b7521c540e67f7ac0c390770b1

SHA512
05698434b662f9ceef9e12fa8b58f95f890e402827e2c85eafc62cf6cc4cdf3a212a87e3d145ef11146911e6843bfab2cbc37ff1d337dee108ba294e1bbd4525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
1c0ffdd88d29bc5573c411869f5fe15a

SHA1
459c46d45201d97b9edc1f10de7a3efc5588c410

SHA256
bd742199650b3624cdd6a0f47c4989a6913b846e5f1d18698505df0e1f0b4426

SHA512
d6498d6e5f14ebef9246d61b38c764eed48687b1c42b13fd2d000d0f18caf956da9e536f3f96dbfa7dc15437cf9e0cad5b59535b00e74f3c79302ef528f5395e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bf217ccecd69c9ca8429ca7fc59065ad

SHA1
7a7106206bf88496d6f80ff4900cb28e0ea4cc78

SHA256
3bd98741226b4254f517e9a871ea18216d70358117cff7b6732b354e2e49be9c

SHA512
4fd70adf3083f14cb08c678ae123ecf1e2c469717839a3c96b430d5fab0804b92fd3b58d64518edb85d6c65beeaaf98669fd88c74ececf8a93b2be17d861ffed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
07a6534438f3bba03a1d16630cff146c

SHA1
6973058f008ea05468ff47226988619c4535681c

SHA256
2468723a7d83b1dfe09c954705ab4f600bdb2785d596b71907dbbdb792e8a3c8

SHA512
32e8daf2eef8ca4aac342bf39903c20a7a396c42fb3e20ea114f942a93f30bfe0b5cb8fc2efefb5fc5a48a9d1b93edd8c3e57febb7530eeaa97da64323f26323

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ea12f50af6402c8e395d4178f8222c17

SHA1
c562242fab54598335b9498715c83c114a27784b

SHA256
f21efe61ecf75343971920769d307a28a7b9c28a3676c1dde1de2fe8dee7da85

SHA512
37ce464b6c262e05d64996237e6c02369da585e2db68bcf14930e427bee1238ecf5fa05aff35ec09cbc62dde2213d07ec510d5c584447af87167b38e6c821fe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a85b1a61d5cc0c99d3eee24d42288323

SHA1
d53f78d624f13aa8f57fa83b3a6709609faac8a2

SHA256
4b6c86b7b1ae6e33af09fcd771e241892140d0aeddc377fabd9e9cebe71b23cb

SHA512
1f86e9552fdaade97b4f1a4bbb8d8f7b89f5b95334f29836737c27c4a745e0025ce21115020e1952870d31097425abea6ecd2e1b5558ba6a3edfa5047c049365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c260cadef3c7d0c62f5c802370ca1232

SHA1
9ffebd467189d20fc14db1378bfd1698c27ff41f

SHA256
7a41dfde84d49002f827fcedc1ffa954280c9aebbf5a2af176420580cbeb0c74

SHA512
e045fae68c63802d55916c87156f6fbf83017e96b333e3216ac21f2411403deb410e3dd373169151fec6813b55f1be0e9748dc1da61a9b06f3f2f211b8a7bedb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f06cc2cd78566a8027fd09a5d1ea40ad

SHA1
055577a4df1bee8fe281dcd105c7b06374fab6ce

SHA256
f461d088bec49b59a7799f5996c97918475a6de4d46963d13a3746e046824807

SHA512
308c73c49b78ac78bd0064c50995a1e5d839bb0593f83633e4d35413b0045329c53edd1810beb7112f35bcc16bf5eaca43fc5efdff5f093b54894335095e159f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ad77f1b2-8d55-41ea-9c30-d156c5041b0f.tmp

Filesize
6KB

MD5
f2ec33e4cd54538827f003a57b95ce7c

SHA1
3605473aa589d9cf85e67119abb3ee5a5fdf845e

SHA256
10efa5d2a446cb4328da01549c4c77a866a8ef36a91bedb3a00979ae69155333

SHA512
ba03da14bb3587983001f9a55ad7bbcec65bb0ed068b42765496e9f31d1c73ee1fd96acfc94c7ad3f326e4a42bc2eeb984a5ec1d7e835069cb4d931071e47da8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
6dcad24e4e31fc309cddb6e0a177b6cb

SHA1
2e257e97b9ecc81039ec0da1ff75ebd5e1b36fd4

SHA256
2ab044401e9bc6dc7d6c8245aca6eeaa599916312b7e618070e1ada341612512

SHA512
82a7273b7c63dcb9ff62c370a787a9e2b07d5a00887f78db18178f0f9d76709c2643003151b9d9de6c737df103ead423aedf29232a6401708bbd00e4764dd64f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
c453c9996b8ae7227d209b175198caae

SHA1
bb61cdc9d7923e3bd65f8d36773ae09c0660bf9b

SHA256
cadb9f79139211a9df52a439ad67d4b5a0b39640d88ea82181acc2d7469bf9a0

SHA512
474e93d83c2f342d293e09303811867d8b1540d70b3a22087880c78cef755ffb7b7d8dbeab681b815b8a1ebd2b76a9c0bf2a89a78399f711803f433f3e08d113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
1435c9c75a7bc467907edec254af8210

SHA1
ed3b5d4841605be1dbb9e21c2c16eadca71621c5

SHA256
7d6448ba4f19b6849a960b0d011ace4e56bca98c889cb19109d03f142a496330

SHA512
79cfd4fa4106bebf018add8c0589b11e4d279bb8f7e0fed440263b320b495132cc04384980abd37d750ff1e57c83c273bc35078252a588b1790a09cdfb8f1572

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
4be2118249bd9dfb08a2b64601e90b59

SHA1
9ecc39fe1e4ebd2b70371967e89b93a893d61968

SHA256
1beef5f74f0823ac61006d35b1bea29497111001c19ce62599ad5d4751a0e649

SHA512
572cf7349c0211e7a07d9047ceb8a14666188eebd500d5eedfe6c86a3ef9a1acffb0139a511de086d2a4fc6057a0c4da56aca4d7771129fa35123f120a00db03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
70201e54d2d7c576ba9ac63de718aeff

SHA1
62b450fff8ee996d9352372672602648d4d25a73

SHA256
5ac440dd41f3c13062a0a752e5539fde2292e3a96832643a81532965d8071bc3

SHA512
c3e390911fcf09b619da913e30299d9cc43b098ac055f1d8e12cb95734edd4b1878e25752bb59f2602a118402e949b5892bf67cbbaee5e0b40fdbc7480528d85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585f42.TMP

Filesize
89KB

MD5
cf0aab529a73436095b23a833de770ce

SHA1
92da3b4269145369f56c5febdf183b87201aa11f

SHA256
1447d286c36184cbcb62b542895b52abd585fbf78e19706631cc8c5b412f098e

SHA512
cbc9272db9710d22d987f98bff9a12b3b786560bc0246e6e82b034ba804a9036e87ac106846cca4648a695f474764e31010af11ae2289747b5d639f27d2ab453

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit