948bdb4e53b068e5d3bbf6d127dd10d4daf5f9fcad0deb5369162046a24b23f2

Resubmissions

14/05/2024, 00:06

240514-ad1awabg34 6

13/05/2024, 23:51

240513-3wbpfsaf6v 6

Analysis

max time kernel
599s
max time network
602s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
13/05/2024, 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

maxresdefault (1).jpg
Size

439KB
MD5

7d0bf11aed2a744e9d513b12019a5011
SHA1

c38691a3560a6c2d6fe0583486bc4bc96aefecc6
SHA256

948bdb4e53b068e5d3bbf6d127dd10d4daf5f9fcad0deb5369162046a24b23f2
SHA512

6b003acb47af9b158c2c0b71521cd941fed51654be48d70eab661021d264880288b8420181310ef0e3dd80b5397264a0c917d4ff67a0ecac4b5ac07a2005d3f5
SSDEEP

6144:kz1LXDa2PBEI6Pcerdhaj1Ge7Dc1UZ/b33Mgbe/2fLCd9AVxqJhE/0BInnI+oaJP:EQhcn7A1A/neZ9AVcJhi0FipN

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
8	discord.com
14	discord.com
15	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133601179087848095"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3433428765-2473475212-4279855560-1000\{C3B53CF1-4A9C-4A15-99E5-D8C16A284ACD}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe
1824	chrome.exe
1824	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4824 wrote to memory of 2348	4824	chrome.exe	85
PID 4824 wrote to memory of 2348	4824	chrome.exe	85
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4240	4824	chrome.exe	86
PID 4824 wrote to memory of 4556	4824	chrome.exe	87
PID 4824 wrote to memory of 4556	4824	chrome.exe	87
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88
PID 4824 wrote to memory of 4552	4824	chrome.exe	88

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\maxresdefault (1).jpg"
1⤵
PID:2172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb3d04ab58,0x7ffb3d04ab68,0x7ffb3d04ab78
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:2
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4204 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4208 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4492 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:8
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4856 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:8
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1132
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff74409ae48,0x7ff74409ae58,0x7ff74409ae68
    3⤵
    PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5072 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:1
  2⤵
  PID:128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3284 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3248 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4048 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5056 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5008 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5108 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4088 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3272 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5568 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1632 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5672 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5728 --field-trial-handle=1760,i,14145158941181856302,3724558554908053400,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1824

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4164

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004B4
1⤵
PID:2920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\631c3362-0e9e-496c-b1da-ea1e021b040d.tmp

Filesize
7KB

MD5
6f4eb86b0273eb889c73e194a87f6351

SHA1
c1d45e2ef7936c03b8f580c1b2d308209fb4a2c1

SHA256
c62aa35caf39b221e42576111b3f1df75c41adbe636fd5f91f9e82cf1ce1dd9d

SHA512
482204c353cc22a3264b393fed1104854c0d9eb70ead33ce900f24347c07471ebfd030e9f81c8ba40c9eb996a955856d5a2484ceb1719305f8f860ff95b188a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
29KB

MD5
f94f670f4f78972969342f8a52fa0424

SHA1
f907b2dc132f8110e04130ba736272762ec39760

SHA256
eea7d75d9827b7d6f610143d3cbfc7e1c83da9324a82811692d9a7223771248f

SHA512
b038fe9cfe7a5bb571115065a280aa21d6ac16f424e692bcf93808db28a047e3d555ab30da4af4130658f8233b5576069a985669e05734ffda7f408f356d5b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
502KB

MD5
add520996e437bff5d081315da187fbf

SHA1
2e489fe16f3712bf36df00b03a8a5af8fa8d4b42

SHA256
922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4

SHA512
2220fa232537d339784d7cd999b1f617100acdea7184073e6a64ea4e55db629f85bfa70ffda1dc2fd32bdc254f5856eeeb87d969476a2e36b5973d2f0eb86497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
50c51c8bf91614ed7e76f3f3307e05cf

SHA1
75039a97e4bf86951c0c827bab37df6a8cd01282

SHA256
27be8e2586f36a09c0d01c526861abf3c81d4775322f15fee4690ce565cf4ec9

SHA512
dbaf630854308b610e3cec5ae9989c852dffc57ea246aec1b102ea3062887c8989def3c942efe8b5a9338dc65b1de104ea9204c9a845ca69b2c23687369f007b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
34a3c8adda5634cdc49f1fe5f583b73d

SHA1
465b6b16c1edd099380e0de92b7179ea78b0f377

SHA256
4371d02ddbcd9821a6d567478d525900ffad11ecac4537ee155fff555450749c

SHA512
70a329bc48e2b93d7a682b96d073ebc978a13c9ce469a838d866bedac90576d70b886c7b86345700a45f56641a10bc2ab7619da8bfd2d022990baa784970464d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
df3f9a3dcd16ec608e8103991f0b4ea0

SHA1
6dec5581d059d0bd3b3fe8d44bc61d501748ae32

SHA256
44c9cef64fc2198f1ab84843e0ac18d5ba248e79666b233cd37375b0bed5d952

SHA512
1d5b5f500f0debc4dac8d382e3ed6c7227d51ad1a00e205098856f30b7c8ca51c597f02b44f9af543251697790f93ed7405806215865d4ed0d8ab2a6dbf6d398

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
885b3741656377a6deb81a6a4c6d4c15

SHA1
6ffb844b501a32323aa3685d068dbebc43b8c58a

SHA256
fa70387b307edbf2a8f4fa617bc5d4c49f740f617368ba745733f6df94b5c5de

SHA512
079e36d258fc198fb4c5196a8a619f49dd8d063ae9eef54e256bbdc2502af3920fc4dfb09541a96700985f14066f5c3e0e009e20c738c941d0542de26950e875

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
cf276565dce0dcaecdbfc370ebb123c6

SHA1
b613e73317be22e19618eb7127feccbc5b830941

SHA256
e71bfa56dd877b9c8ec36a22388deb8791cd637f0534c5659470abd51f83e229

SHA512
e1393c38b5fd9c66c2fe512652f63cf7a0743c811cc664ae338f63fe657e20102fb0b9b3fcc0fd97064f436d233f40469808e46fde27d8b549aa7a25b3a1c7f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
4fe831711f381ccb5d0febe158d7e12b

SHA1
b90fe994d0e155797390dc28daa6aacc6a2b1a7b

SHA256
3d472e1a6c71acfb291944f5b273098e86f9a07dd240c8bbf93e92e17038037f

SHA512
328742a1703dd9a6cfb22073d45fe51d5ae8197a4aa353d35970917fb6914f619750315c9ddb65f2ec1c712d93821d5c32ce5573701ceaf27da03993121c9d3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
216c91a6b6213133c1082fdd957d55e9

SHA1
00c41ee1f225eeb21bfe6c557c5461358543bbb8

SHA256
cc4a4a9d0c2fbd77ff9edf04803658b267db1c4e97f659aeec5c76ca897a0fe9

SHA512
7afde1b5608cf45ffddd814779c7a9ebf3314543303369222374a80112baff363587b0b5dca161948105c5dbe98e2924a98f0184e25a23b223b89f34a6113025

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
38725aae2cfc011c512be8a8cdd85f20

SHA1
0581babbf93fa0811f865217a47cd47f39133ae3

SHA256
3298b4a6bd176acd8651a7c7844c682fd341905e1cfb878bacf861f5afb32c69

SHA512
0b8f1d6227fdcca15213337420769cbb8c7653dae1c12dadccf28a1b29b0af86fc80d480f6e5afc3ede0b0fd8c016757eb3c465d5730b42bc5b077143adebb15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
d9d32243bd6332f9ff7ac52807fee6c6

SHA1
fab5eaca3941f701588ea39efd720dfca51fb0b4

SHA256
06d9af39266ea2807bfa15877c4f9a3261d9cb1bfae15fccee3419cb766010fe

SHA512
c196ee5fdefe1696d9cd39a8c6902e9256a80c83703ce34e9f76cca292ce6afc5132bff9c848f6a2683764ef1622dd50b92c56d2057db19f5cae044a4ecf6745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
e9e3f69f60e2827a64ac6c3b6be056eb

SHA1
9517b182349a43691bb0f399a2278032461cbe60

SHA256
1db6f370f36a3bee2ef992f268a388cc279f7a48470464ded1fd6ac23e0c30ed

SHA512
e1a52075d5ebdb09bcefee0e5fbd1c5651913dd18bfe7c973bfee70ef93941da1a601bc51cb8ef7dd7f91ceba58669a26e14759c485ccefc5650013f300e47bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5154b0b26561b22b802efdaf22ee7250

SHA1
ef3ff3bc6e002a9641e1a444703e0f41327d8fc0

SHA256
c40e5ece371330526b79d5814646e0a31b0f5d3d89ec72d886d5a68077dfef8b

SHA512
cdbb9403e18beefb5971e39740be6e10eb41e4182833c4c0a59642dedf26a136d73ad9a13c91f2f1c4717219dba7c5ad9e2e448b0d7d140913d820088f76df87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b1f3bdd15a55a58967140e1edad06814

SHA1
fb90e9ad05579fd21d266ea509cc698988936d39

SHA256
7363295dc5b82490ec7c83e45038c636d23966ecc892eb22180c22df165de7c1

SHA512
8a094508c220b2653da05b6802adbe7e2d78ecb60e71d7d4e2eca4e42c314fa624ca78f38d9c2298a9f4accfa57a3e8407d1fe31ca7aa7bd5db90247edf0ef8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0348645faca147ad9c6269a4fb046d46

SHA1
549a53712cab7b2baf7036d150256eab08d1ca97

SHA256
4c6c360f07e2782d87e8b32b497f4cba3c0821b0747b8c74597f50120b95eeed

SHA512
10ffb1d071c13d0d322e4e4396924884a03d3295f482f1d7739e373eb9a8cdd8c47da6d3c531a484e162fbe05e6649275ba7348cfaf511ff0d8dcd998e32acf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
805765d09309c349753dbe8e2999ab91

SHA1
7409d4c26fc832d43c1e5dc25e8ff5e4738bc75b

SHA256
bed022a193332b45f9369eb8669c7b5eb5afb8595696f69c5f922843737ea896

SHA512
d5d146a8d1aac9ea18d7db8271e44abaae809e5cb6138cdaf5b3d8fc8547884c6f28f5977f1390df13f2452753750e1caa882926080fdb6e5b198bdab546672f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
368171bb1615cce5b4090ba062a5f8c4

SHA1
697f1baab7eaa60bda060ad03e8c80fac7c2eb65

SHA256
9a8b48322e8e60564ce4daf2693b9038b1e405e1d94dad1fd3fe5eaa9e968c67

SHA512
3be25332db9f67c743faf712f291b192aa1cd80a86d817582e14e715096b803bf4cf707930632d492aa63f03a65b128471acca1bdf8969df34408263467c5ccd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4ae5a64af5519e0a534ce8329ffe6c15

SHA1
f048c137ae4348d0ace9a6c1076c9f6bf958095d

SHA256
d76dec98298c4985c7c8edb815c615e1317fa8f9f4ecd8ceb0683eb7163a4783

SHA512
6f64e16a711fffe3977c43ac904acf257b299f30a891adb7aa3d825f1157853ba1c9e9e3b03ae238585bb2a6babbe9061183fe068d7879153af475f33977dbdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0d39d6c64b5f29ea86d264c9e60dabe8

SHA1
858894f9cfc0bc1200f0242b411659c8a10db5d9

SHA256
70ca478344e1d114e6bc1f0f6f3afe796d265077d214492da584bf97be96c1de

SHA512
5ce1163a58fae888eb1f61907e64276a3305900cf6d1a8f091788166775f36fd6d6f66353a302cbab32bcf30084b1ff227f894477dc09a6bb18ff263be2f0fb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1576e4fa403d85d39f5ce2571fb86527

SHA1
060ad1ca2b809ec50f661414c23528de2bbd2f90

SHA256
cf454397d83d16ff5dc0c4eed93e43f1c8bba826e200ca591a0db35a5ad03146

SHA512
b2ade6abd35890573c3862838e1c02e8fa33597b7b1436ab9b334e4b7c39bafdd63d7cb9046b695f47de79fcf7f07cf3b95924d6ef6d1ff228f844c6072d6717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8eab92039a75025aa85dc55a8afbc66f

SHA1
9cd469cbd84714514ac0f5b0a1a8b25dad41216f

SHA256
4566c3808d5c013b58fd84fbad32121c87d70ff6f5d1ce9a8b32ec508bca9744

SHA512
12705201c93ec27f5cc8a3d2bdc391ea11f38b703da06ba495021f5b5fd0f6d2fb69ddb6a01127e952e649b490b264c40571ff6aa27e44d55bfaad6d7253f03c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3c09f288777778208ac56a682cd4e7cb

SHA1
b14a4d06edfbf61661d7f30c3394dc750b464be8

SHA256
3310f8e650fa0c95923e3983c540452b75900cb71723a9fb006d4fbe2f1a5197

SHA512
7c941ab264d29dbc4710d5585e41b479007a0e5f49acf0b736b498b636cc76f08a14af4183da461b300d575828f99c7a25b1ffd6d2b25f8501521b6fe73efb00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
865f60b6f0dc7307cf01bd60678c0fdd

SHA1
71a5d285bdd0a73bb923064a07ce9052be15ff33

SHA256
822ae2d3fc4d5b83635aba47f5170acac98fdae19c95b23341fd44ccd8db6f52

SHA512
f3275762f0c96a0e100c279f581bd29c6ab0133aded42be86a275df7f5b7c101f7a8202864fa76aa10fc675794c6bd02ac60fe03334da6bcafae59324d17b94b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
b37b1a82e11457c9e044b35e9227a99a

SHA1
78e337599565cafd9716b9f3e5ed3c8dd3d0ded4

SHA256
ac4287566f43835730130e63da19a39549bab573b42135b67c91d6b3e9236dac

SHA512
0bb8667e69c94f875e1e3de675dd3f433ffa73131a4f5208677e0f62fa433e777a4c212b0bdddd45efe7c7ddc652a228099d5a0c373e5992cc9741b689158394

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
b1b5d4a9b0ae48a9a370b59f70123b26

SHA1
5cceff71a856778e602977928bd3e134c08794a9

SHA256
d61e0f9b053a92c59fbc234e72477472c3a0f4c0afd140e4057dc120923036e2

SHA512
a9823316018103f98127d54561ebae5456d1539385a71a7ee8877dea0e260dc14a7bd1c418421eea5f8ee63179b8f4ab078d2b3e7b20fab7a031518f049796fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
26dbe831d466fd8e386200f1c656a637

SHA1
bc9850a28d79ad24361537e19d59cfd3c6926387

SHA256
2adf2d4e075d4a57e0dcc43ece0046c066e146a4a6e809152df64a003432f480

SHA512
1fa6df0fe9855e3d8d205fe1bf3b80e6ec0352a8c1ec6127c9351795b1bd7b19e7b02881a9a59aea17c5599866996159299bbbce7ad3c6718c7beec60dfd2b28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
86KB

MD5
8e72a1fdc2e7cb309ed68e3450912d8f

SHA1
60401754bea04d2b5492938e9a124d6f6084a52d

SHA256
1080f052dd7f4b4a3d0c52313026a3b6f539beae0d539fda5549f4f6915a8e1d

SHA512
81c4e43b97c6b7380c49cfa6a6b27a9e90b4f26ab763c588a7b7800f56ca06616649b33f20fb75ffbff47d6d761f03a1b225c7411af7d2a17390fae1759be030

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c4e1.TMP

Filesize
84KB

MD5
55213ffe56b08d3218be62acfdee0cdd

SHA1
cb02f248051fe09cb03ad8e49f49da1f92294ead

SHA256
d829b18f7ceb9cd9d07ad2c90c716821ece1d95b6ad219ab5a9eabaa66f94918

SHA512
a06b185a66c6363e4b8a18a45b4fc9b75e19caa06f2451a8c4d67b76f2944da44c7bf9c49e99d37e0768e05b541941d16e6950061c24f81ee3d92d0a0c5b623c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit