hxxp://pene | Triage

Resubmissions

08/05/2024, 06:08

240508-gwdyxsha96 7

07/05/2024, 11:40

07/05/2024, 11:32

07/05/2024, 10:46

07/05/2024, 10:45

07/05/2024, 10:34

Analysis

max time kernel
354s
max time network
361s
platform
windows10-2004_x64
resource
win10v2004-20240226-es
resource tags

arch:x64arch:x86image:win10v2004-20240226-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
07/05/2024, 11:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://pene

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133595552749500745"	chrome.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.xr3e4d1a088c1f6d498c84f3c86de73ce49f82a104	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.xr3e4d1a088c1f6d498c84f3c86de73ce49f82a104\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1564618566-2075036687-2183292701-3772712905-356161540-1460609487-3404086268	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1564618566-2075036687-2183292701-3772712905-356161540-1460609487-3404086268\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1564618566-2075036687-2183292701-3772712905-356161540-1460609487-3404086268\Moniker = "cr.sb.xr3e4d1a088c1f6d498c84f3c86de73ce49f82a104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1564618566-2075036687-2183292701-3772712905-356161540-1460609487-3404086268\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1520	chrome.exe
1520	chrome.exe
2524	chrome.exe
2524	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 1668	1520	chrome.exe	91
PID 1520 wrote to memory of 1668	1520	chrome.exe	91
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 2952	1520	chrome.exe	93
PID 1520 wrote to memory of 1272	1520	chrome.exe	94
PID 1520 wrote to memory of 1272	1520	chrome.exe	94
PID 1520 wrote to memory of 692	1520	chrome.exe	95
PID 1520 wrote to memory of 692	1520	chrome.exe	95
PID 1520 wrote to memory of 692	1520	chrome.exe	95
PID 1520 wrote to memory of 692	1520	chrome.exe	95
PID 1520 wrote to memory of 692	1520	chrome.exe	95
PID 1520 wrote to memory of 692	1520	chrome.exe	95
PID 1520 wrote to memory of 692	1520	chrome.exe	95
PID 1520 wrote to memory of 692	1520	chrome.exe	95
PID 1520 wrote to memory of 692	1520	chrome.exe	95
PID 1520 wrote to memory of 692	1520	chrome.exe	95
PID 1520 wrote to memory of 692	1520	chrome.exe	95
PID 1520 wrote to memory of 692	1520	chrome.exe	95
PID 1520 wrote to memory of 692	1520	chrome.exe	95
PID 1520 wrote to memory of 692	1520	chrome.exe	95
PID 1520 wrote to memory of 692	1520	chrome.exe	95
PID 1520 wrote to memory of 692	1520	chrome.exe	95
PID 1520 wrote to memory of 692	1520	chrome.exe	95
PID 1520 wrote to memory of 692	1520	chrome.exe	95
PID 1520 wrote to memory of 692	1520	chrome.exe	95
PID 1520 wrote to memory of 692	1520	chrome.exe	95
PID 1520 wrote to memory of 692	1520	chrome.exe	95
PID 1520 wrote to memory of 692	1520	chrome.exe	95

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://pene
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa74cc9758,0x7ffa74cc9768,0x7ffa74cc9778
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:2
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:8
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3992 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4152 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4516 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4744 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3828 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5348 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5400 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4492 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:1
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5748 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4460 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=device.mojom.XRDeviceService --lang=en-US --service-sandbox-type=xr_compositing --mojo-platform-channel-handle=5992 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1612 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6020 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5836 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2988 --field-trial-handle=1688,i,12188646039847095777,13717111368581074675,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2524

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5136 --field-trial-handle=2000,i,11471789752336399729,10863385903208193579,262144 --variations-seed-version /prefetch:8
1⤵
PID:5496

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f8 0x2fc
1⤵
PID:4596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
484c493980c8ac3b6fcf0bb0a9a16343

SHA1
5e519fe9f1e95c4f1f380697fe1af3d158100465

SHA256
d728a17665982a48e693e54cf23b8715dd3b414a6fffb7387c63908424e2a659

SHA512
2eaf35e0de5108cfa738729ac21d663faf6c45a8c813f30e1cc15706c9d5f4cdd8068e8fe12a6137444f97da8a5cbaa7fc79bb91bb51b0759876905413f6317b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
24f8d889fa0b52025d58db0624c832bc

SHA1
832d1bbd939aba262ed0bc343d369e10b0361057

SHA256
c207f268d96c1f19eeef05b7910f4ca4e36bb3e353d7d786d20416a87dd65707

SHA512
6ff002021709b8de20a2bf94cd4aeceb16a856ed0f9ed1570afa279a6f22d1f0b729b04e81de21f5d2f0158e328df541e993c58f8a3f46534d46cc15f1590578

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
de7897ceded31721dbfeec269dab6c31

SHA1
92594126df9ffa35b3da0f3cbb7e41ac9dccd10d

SHA256
dc3e37b5cdfd0290c784a6cb9f56a4eaa0f8744ee041a4e934c0f7feac74da5f

SHA512
df1d340b67fc2cfd1b1b0b9a6317b6a65d63cc7a8548bd4364b80569a9651ceb4d23a906e3b5381a5c30b94a31b2cd4f00c36020453673851bbe5e2f98d01a14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
00557a37dafa66b96e8f902cc06885b7

SHA1
09b104789d5e1969ac08586c71e22554e1ff79d4

SHA256
ac1bc2ff897ecc3fc615638151491b4571ddff6cdd2a91d746a1ef1d132fd656

SHA512
eef27878068942079ea062dd3dbca97ac6e5292f10f3e7aeb0b7e9ca284f2e3a803c0e95a6a0b73c14cecfde7e6f63f60fdba099247721b6a82ff99e54e62a5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
fc27b3185873d14fba2955f61953e835

SHA1
30f5791c4b9ffcb61bf487195175854ece2478b4

SHA256
6996b30a26bfe145ebe64a4b9b6a4712ebb2e72bc088a85f63c3c0890946188c

SHA512
7cc3cca70cfcc335eafffb6f4da6b18a0383fbd951912976f7ea10b8c9ad9ee49ca6cfd8267c5e70f56d35de60ef604deac619941107dba696aa26e9b7f88f30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
33b69bfac4d3375fa35d873bb2abd700

SHA1
539ce81ccc696c8c4d5ba826456091936ecad597

SHA256
85f3171a4a257371adf00e853e6dfa21b2a0dd6ad0cb3a76098104536d988ba2

SHA512
62fd6db7541baed9c087135797740d516c579ebfc0ee2686ec406f4dbbbba6c3e59d7e5829a119fe59991d0e773846d35266a88220a3b341a7a3db781d998bf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
7c189e8c45a95622062a9d7121ba511a

SHA1
83c56e925bf944e46c7d84f870e7b90d764fd881

SHA256
6116a2171ef6194f25830062e6071a274d5a01b27e968d787c74cc8f5e03326a

SHA512
a90775a38c0c3ce12c6d204dbfc00cdabf4c08e5a0f97b51c411c24d60e39671e74a048cc7e28923ffb18d14441cc59d962c0d132d43b56dd99af4bc840d9674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
fee7d8b9bdde26e6c902e274d60375a4

SHA1
dbabdec222c022e0092a6f5b47c2dee5dc967fe5

SHA256
e367a00ceb8fbe654fb6fba594431ba08978ae3ffb7c19c2afe69a932a3bc259

SHA512
223a9cfef805bc339081888c416b55eed07673f6d3347896ba6a9a3fc3ccdf612cef667432f7b93d95370b9787e1dc42662be916337333c3435333816942dfad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
fb2c34f0f299e4803ee9a6e154d1c256

SHA1
27011ab287071f104bbbcad898bb683e003d7c38

SHA256
af480f16ce264c030dc9fc908e4d276a6cd9b45041cbd8f6d85dcc0a6d820478

SHA512
74892107c6081152284aaba9f0d84677d5aa7bd8927a070e716597c2df8564b1d806265f8f0a9dd0289168dac917eff2998aa01eee681023e48e53f03e4e3f69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
867B

MD5
653152c747a3025f596b593603f5311b

SHA1
4f3b5c919e388029507ffe75dd04d2a50268bdbf

SHA256
8f8f71cb292a977f61ed2b5cb736799458568c26f1db55e2cd2af193c16a8829

SHA512
7ff42ae78f64182d49d4ddf7f968634a2f3fb6d56e546ddf8fc1d944a93f1372c9f4e826c9c521d49273e5fc1c1d310072184f5f976a65ec45c5bb00f3c676e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
726d10c162ccb5ec86e35f1357212c69

SHA1
1267889a9cc4382832c0789f27baadc496df9e3f

SHA256
45a7042626028b35274979a6d2e09e071f954fd30ba6eb6a9245c949625424a4

SHA512
8dda799b86bfb4e564adfe1a14fbb5fb647f55eb4ebeb9cf3fceddc1527d983b4ce0cbac71a19e84b554689dabbeb5a1216391d2d5b4702a5a01b9ef2ba0ea1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f6c0d3f143963a040457587857925968

SHA1
de2ba063a628075970413cdcd108b89d847dd192

SHA256
1ebd58226dd5612f456b3850e3ffe23819679dd98a02f29060624ce3915153c8

SHA512
03950d6a9167ba3ee3435c6dbc7ac131a3f2680d5acbbcc6d1d6052f590419b6767be5b7d42aabd588e7461e4f76583e5d6f61096cbabf37d56f25082eb58e36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7e8148a7bda8745fd1876fd0722589b6

SHA1
03cc20f4862364cb01b87103d0a997d002a7e4d4

SHA256
8ba010cf6dc49dfe0ed4755e8b48b219aa54c89ad1297d6dd42006764ad8e091

SHA512
58fec0b227f589ba9cc3173efb70e41daf39cd91f36218f40d59afd2332f6a59cac24ad08ddd59fb5ef8b1a5f91e78bb8c03753c8e5665ed956e80016ecae18b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ef3845848ffae1745c1bc9d2bf587250

SHA1
ebd5b76483220c7b850512081d3dfbaa190a9965

SHA256
2afff9d2d9032db2984805422604e0fa539c7a02df5e523decf6a50a400be2f7

SHA512
10408858e048aafda02ae25d6cb186860117a6ab5e71ad496ffd98260982a4896b7569aec334d35b4b138d175421c980941d95e5a76b1137206e771419fcc72a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
39d392e90e805aee394a83c5a72150b4

SHA1
02eb8f4b957ef8488b76667e016f9facfafdad7c

SHA256
1d5a09929db88b1f65b34dbbb4671855e96355b483e52cc2d5717572069c40b1

SHA512
a938523de75b8b657ce21bbb8bff55e6b53246f15d04f88dba92070577dd30f1eafee682978c89940f8930b99bb3b34f1ab4e66a31c411a60ad4bb19d4319f24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
04ea582e44d8ed91d5b45bb112d6c008

SHA1
36cfffe3c5316a167011325aa27565ac026918f6

SHA256
66b87986c1dbac378e767c15252e85b4d3f192744fa143cc2f108489fed17591

SHA512
4cafd14d7e1d57b53743e60264f87efd46e512b9e90e48c9d4749cdaa1e9a63cf93de7483aed608d0f22cde1b0e26689ec69f36148138293b683a09468039544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
23b539968b330ce5efe9c44c7ab3dc00

SHA1
af50bc9021cb2da75fa760b94938f0806919943f

SHA256
1c286becf8dcfdaca02614ad0f06320bfe1c2a6d686e1a9af9997414c1f4a92e

SHA512
990184d220224c7b952787103e648072d570927d9d981f90afafbbbbb230ddff16f83ab1da6e36a77e7180ed1207e9d0c3d1a66edc6a7bf33b934fdd89211d7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a9b47.TMP

Filesize
103KB

MD5
4958443c76a6f13c1c6d5f03f192519f

SHA1
73e73c7b923b17a512133f306df780155a913340

SHA256
8adb9e6a3eaa2560220acbe732c80392635482a1d02c195bf6c0d12b88f78638

SHA512
1dc2d8cfc59dda264e9b5a6999a60c8df8844e7e78db28e84b54107ffe0da60512149c1bb6cab5876081f45249a7245b33a596ffa83a6c81d07531425bf52f63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit