2c51f67e236cf95e2d51df4178699da09869ab077924cff0b3df1c512878ef2f

Resubmissions

09/04/2024, 01:44

240409-b5wx7sae77 3

09/04/2024, 01:35

240409-bztwnaac56 6

09/04/2024, 01:32

240409-bxy3laab66 3

Analysis

max time kernel
132s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Wave.exe
Size

7.0MB
MD5

a8bd4a6b2f1d00928e61870a5688c13d
SHA1

e17646d5279534f2e3eb0e0cfc8b6c536bc0c095
SHA256

2c51f67e236cf95e2d51df4178699da09869ab077924cff0b3df1c512878ef2f
SHA512

6b5175beea4071668c87b16af3177bbb2cbaff6b28909dc1e09ad5b16b449c62d6adc372a0094de627fe9835f0c474d16708c3f698355ba1664bf321fa19f5fb
SSDEEP

98304:37//YITF8r2n8TevxbFKVlXk34tZ+t4+aNG5Lhd+2G4Op0cN+hmdYkvsFLL:37//1xBVqvG5dQ2m0cN+hmdYkvsFLL

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
144	api.ipify.org
149	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133571001674682438"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
632	chrome.exe
632	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 632 wrote to memory of 3716	632	chrome.exe	103
PID 632 wrote to memory of 3716	632	chrome.exe	103
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 3384	632	chrome.exe	104
PID 632 wrote to memory of 2420	632	chrome.exe	105
PID 632 wrote to memory of 2420	632	chrome.exe	105
PID 632 wrote to memory of 5068	632	chrome.exe	106
PID 632 wrote to memory of 5068	632	chrome.exe	106
PID 632 wrote to memory of 5068	632	chrome.exe	106
PID 632 wrote to memory of 5068	632	chrome.exe	106
PID 632 wrote to memory of 5068	632	chrome.exe	106
PID 632 wrote to memory of 5068	632	chrome.exe	106
PID 632 wrote to memory of 5068	632	chrome.exe	106
PID 632 wrote to memory of 5068	632	chrome.exe	106
PID 632 wrote to memory of 5068	632	chrome.exe	106
PID 632 wrote to memory of 5068	632	chrome.exe	106
PID 632 wrote to memory of 5068	632	chrome.exe	106
PID 632 wrote to memory of 5068	632	chrome.exe	106
PID 632 wrote to memory of 5068	632	chrome.exe	106
PID 632 wrote to memory of 5068	632	chrome.exe	106
PID 632 wrote to memory of 5068	632	chrome.exe	106
PID 632 wrote to memory of 5068	632	chrome.exe	106
PID 632 wrote to memory of 5068	632	chrome.exe	106
PID 632 wrote to memory of 5068	632	chrome.exe	106
PID 632 wrote to memory of 5068	632	chrome.exe	106
PID 632 wrote to memory of 5068	632	chrome.exe	106
PID 632 wrote to memory of 5068	632	chrome.exe	106
PID 632 wrote to memory of 5068	632	chrome.exe	106

C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
1⤵
PID:3900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa7b209758,0x7ffa7b209768,0x7ffa7b209778
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:2
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4596 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:1
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3700 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5036 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5184 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5072 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:8
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5560 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:1
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5336 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3764 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4028 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4752 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5344 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4692 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4596 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5212 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3184 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5968 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 --field-trial-handle=1896,i,5862766595495482773,15006163257939497088,131072 /prefetch:8
  2⤵
  PID:1488

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1628

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
60a64c45e56c4cecb53a56ccd7e1965e

SHA1
8db9801e021a2bc4704e3ad3a07493ab4a097ab0

SHA256
7de60a709ac408e4911099e45f36d3bac34f5493f7a569e8b26f33abbbac768a

SHA512
0eba1d47c385ebbefe194b5685f93da61c537acc1438f964da73fe95efd345c21ed7f4c7302335457ce6424d11467cbbad33fc5fcaa0d949cb63e13279c6154b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
1119ea5cdbf6994105a12b6e38c19df6

SHA1
806b07876a268a2d2ac13878070e78ecef097ce8

SHA256
247974194d347a5264050e29b5aa8f86eaeb8d14beacf4d45c942b7db42da307

SHA512
ec16137f5bf474776f7d6996f0b8510fa734c9ac3d37d1ae72e770986d27bd12c2b14a98f7640e5cafed2b10b920cfca7d1b44be7d3bc6b203a35aa30e0032e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
a16a35f5f8ed4acf222592b3865b1ca9

SHA1
794fe152aa6bc44304c30e969feec1caf5aa2f89

SHA256
af610494da403fdf8f381bfd78f665bdacaf023dcd179a28466c6d524f103810

SHA512
2a27408e754f1c6f416e88478668277bc16b92927a60e2a25ee64aeba54b7a6ed395913e33c693db4fb84c723295e19b843674ccff63653b8bce490ea66e9faa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
f5f6e4af1f6ea7a0565e5aa076ea6187

SHA1
744bc7f2fc0bd839c9b4135d56c207014f9a0308

SHA256
f6f0508d799d83cd1b02d62c44d99566bfb07fbd8ec864da176cd29dcc454455

SHA512
8d200cfaa9a63a522342e076c6b253f90aeaa0f54217eb4c3a6bcc1c156589b2f2f647582854d4d78e70403b234f97567f08c892afdbb3df0fe89f372485fe40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
65395502a039880b6fbcdfe64dce4e33

SHA1
297083d90aebc49b653bd669b6c78e9631f770a8

SHA256
6462f7e34f854db5873e28cf86c6923c2ef1d4c902b46b8419196116f528fa56

SHA512
11ad01dbbc79d7d44abf636b648f04fd244b9ef5e85e6c63feefbd5b931bde1ef2d7cbecc0b4963d39cbbeb4651b73a3f272b176d4a0fffe910a083929c1893a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
4b40cc5f1dc6ad8edcd7e802fc1e5f83

SHA1
64cba2203a1e65a41303656027ed6aefead88372

SHA256
c7c8c9d0be3f288c19d2851710638976161012cbc3d6fdaf9c5c404d6865ef2f

SHA512
f0d29d6bc25e5aadf41469f66349f699628bdc8a5a8ee2a525d2c4d9ccf7173fc3bb1c82facfad4f5a00fd6802c18cfc4fb67b146163cd31cb28c6a69a662c3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3a37edf7465460648e9363277ef5a9af

SHA1
4002831243ea44b86ac5bbc4df84e6da3d331d44

SHA256
250f0814ab723c1aa48312d9b9369fd42743b6dd4ff24fc1aaa21674de4b4fa4

SHA512
83d4dc6f5a80029b105ef235f9e169a39e028286433a2034fd9dd3fb6df6f65bafd9453729663a091bd44f39070c226affa12b4d30add2b83ece99389347a21f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ec106312683b0130a824e4038b2024fa

SHA1
adffc493c24854684e30cc7cd8409d35b26d2d84

SHA256
36a85f7f23dd6ac5dfca52f4d55b962ac49ec9133a68b7902698060ee9f1b05f

SHA512
c4de0dd777e8de0af05ff750da3032bc3895a116a147a03290371647efb34fad3a7e249c345a5e1660f2284a9e48b5e54a2d23cf4877fb96316530774f4a51c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a3e1ae5b55d11194c74a5ae0116b17dc

SHA1
d4f46504c0d0b98b4ccb176de227b019783c0624

SHA256
54d2ff965b28859173cb797129c11d7b1b9c0161415e740bcc844fed6859e9c4

SHA512
a8adba9af883f750bbdb878ab5670a0712d77f7feeaa6773e85ededf798fccd7b7b8599d2a5534bc721e4e3f162a83f66da3c1e2e1b60cd145641c688658966e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1337374b597d159063408672bdf61444

SHA1
a388a75f16f6a4445b6aae5c97e8d7c7559bb9ac

SHA256
75254e4b0216c91eaef63c8fa98c85b9d65a0829b1fa8d0bd946ced04361f2cc

SHA512
cac687af59accf6bb2574be29a8da0db222e166b98b8e82c991dfb60122aa3b1c1495f791e1bd4f51d5a7c47ac75aacbcd5134d27dff99557d4d128c5caf8bfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
af06ea3d526bfade54970798b11fc4aa

SHA1
906ac3f58fa2dcc3301fa59843f59a4a43da99df

SHA256
a36fe58d57648f17be58c8219a452d91f436b463dbe97dbf18d34c4ca34f7aa0

SHA512
f58e4396a9df01cea835d54c0367d37429e27c5b06a1d43ffcb93056a39f7f5c631aa05f9943bdfdf53b3653dc7817c683b2c9a302b6f5479aebfa464d3acb18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
b82c33f398b4d86384a6e5192fe09396

SHA1
2786a3a4ff7ffbbfe87398be733a01a7e165c85c

SHA256
42ecb5b290fb3191dc2c611a1a160679f93be88f062ebd5ab747f47ac2abe6d2

SHA512
1d9ab7a2b3069fbcce06692f3991b1c5bf9a8e2a9325d44461ff15473d4ae6002e12ef3528da83ce1bd01914020f8acb888c3bc30849e228681fbc71adbf7233

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
1b9090e4787a357e99f39f0caf80619e

SHA1
792034b1275fa952f7bd828c176dc1d138980415

SHA256
6247444f6a43632ab1c75fdbec97ec980a0fc0b6b5181d962323e99b358ea414

SHA512
35f36b2a44a89b4a6adba9a4093232720069f39508eb8940a91a869f10345357dd464ef20e8265f4e6838dc8c944b082843037809ae4ccfa09fffb1c4f3c844a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
1ee4a11ec6a9022168a663cd7a873dda

SHA1
0a5f3c3ca1c3517c336f7ddc18a0423ba051ecd0

SHA256
27e521c959b90b8dc4fe7bba9f0a8f8ed00ddce583932ecbfc7b35de43a629c5

SHA512
da34aab297269784bbd37a40088213c7915fcca8a936ad8dc887712579f186477758ffef6b9685172ee1eab5a6774b997735d7214bcce245f65b103312188674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
46517181f14e6f32d02c248358d660eb

SHA1
59773c0bdc8a9eb2193ab156f938b0f6ecfafc4d

SHA256
1ec86d21aaab90424295f62c60c617c65beee3d920ed9c4c5ecde9a68bc7fb12

SHA512
22268553d22bfba4ef6038110bf1708578158a7246eb84faaf35b6dc7165c21218dcb604fad3b2aef0180f1612b494014ef02d514849373c98c1604bc2d21001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5850cb.TMP

Filesize
105KB

MD5
950052f385416a0ce110d2d8e6198735

SHA1
b4d6d90c94477ac36e01804172c51bfb424b3eb1

SHA256
21c77cb641f05a1bbc6c49b4088e2868ec9ce7cd14ece903d6f20e35b658ecbc

SHA512
97810da2b612ac9c29d5558e930313a165f005c844aae98861253041d908bf8541b959d06edbb6ec08ec735cf14ea72203166537923bad5c77daf17602e3e9de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/3900-1-0x00007FFA7CD50000-0x00007FFA7D811000-memory.dmp

Filesize
10.8MB

Download
memory/3900-3-0x00007FFA7CD50000-0x00007FFA7D811000-memory.dmp

Filesize
10.8MB

Download
memory/3900-2-0x000001CE1AE90000-0x000001CE1AEA0000-memory.dmp

Filesize
64KB

Download
memory/3900-0-0x000001CE7E7B0000-0x000001CE7EEB8000-memory.dmp

Filesize
7.0MB

Download