817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612

Analysis

max time kernel
125s
max time network
137s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
31/05/2024, 11:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

YouAreAnIdiot.zip
Size

223KB
MD5

a7a51358ab9cdf1773b76bc2e25812d9
SHA1

9f3befe37f5fbe58bbb9476a811869c5410ee919
SHA256

817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612
SHA512

3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d
SSDEEP

6144:M9iMNCHRNLhitoVak4jaChlNY4SWn0m3/ottG+DM:7IURthAXk4jBhKWl3/otc+DM

Score

3^/10

Malware Config

Signatures

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2588	908	WerFault.exe	83
5048	3064	WerFault.exe	90
1600	4064	WerFault.exe	93

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133616287364224442"	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4444	chrome.exe
4444	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4048	taskmgr.exe
Token: SeSystemProfilePrivilege	4048	taskmgr.exe
Token: SeCreateGlobalPrivilege	4048	taskmgr.exe
Token: 33	4048	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4048	taskmgr.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of SendNotifyMessage 54 IoCs

pid	Process
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4048	taskmgr.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4444 wrote to memory of 4544	4444	chrome.exe	97
PID 4444 wrote to memory of 4544	4444	chrome.exe	97
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1692	4444	chrome.exe	98
PID 4444 wrote to memory of 1412	4444	chrome.exe	99
PID 4444 wrote to memory of 1412	4444	chrome.exe	99
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100
PID 4444 wrote to memory of 3756	4444	chrome.exe	100

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\YouAreAnIdiot.zip
1⤵
PID:1584

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2508

C:\Users\Admin\Desktop\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\YouAreAnIdiot.exe"
1⤵
PID:908
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 1456
  2⤵
  - Program crash
  PID:2588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 908 -ip 908
1⤵
PID:4852

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4048

C:\Users\Admin\Desktop\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\YouAreAnIdiot.exe"
1⤵
PID:3064
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 1424
  2⤵
  - Program crash
  PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3064 -ip 3064
1⤵
PID:2280

C:\Users\Admin\Desktop\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\YouAreAnIdiot.exe"
1⤵
PID:4064
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 1428
  2⤵
  - Program crash
  PID:1600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4064 -ip 4064
1⤵
PID:3056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd2d56ab58,0x7ffd2d56ab68,0x7ffd2d56ab78
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1504 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:2
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:8
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4176 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4044 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4376 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4728 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4820 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4548 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5016 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4760 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4252 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4244 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:1
  2⤵
  PID:416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2804 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1640 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:1
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4168 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3200 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1540 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3052 --field-trial-handle=1740,i,8884970881795410547,17293229954623603072,131072 /prefetch:8
  2⤵
  PID:5048

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3208

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4036

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004C0
1⤵
PID:1548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bbdce7283f8c8e7d66ccf5cba06bcfdd

SHA1
c2e2d0145906f8992455ad7819275db251f1a482

SHA256
ac592c3e751c5521f73447f2f32b6d4fda91635f349431f89f975c1e3208537e

SHA512
b8fa50f8201bdbf43b9065e9a9f0ce5cc1a182ab5da6ce275afe823b3ea4cca84c7c43e7e09ec47523fda2013c8af5081656378326cc148c89eded6dd62e0a37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
143KB

MD5
11d891af93c6ad3778b1529f0e7dac6d

SHA1
bcca0f60b23a1535e16e74d73a916031d46fed07

SHA256
cb4e683c83387e9b0ed58d2d5c0f518050a85666aa400788500c7bb496448e8a

SHA512
e075fad7ebe409aa2e2d27ce2ba8506db1af3c53b762c213eb0901e36e78dc97e6fab9d926ebdc68944f1d9453aea18b3a9d669930c761a1712ff8769c4a2cb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c4c6e28c2194d50faae42a5b4b56b6a4

SHA1
825d1aeef9e0107130b01d37bb46191940a275bd

SHA256
7fad3418be3b1db033f0c5d756aff57123aaf1401fbe4420d794809ee84673fa

SHA512
23cc03ffa287c3b728e7b965bc091e614a31faeac1941162d7ac261792e3645446f6754fc6061f9f84f8c03b5c3c2329ac2dd343b89b29e389f1bb565166e210

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
528e120fc6b8081aebdcd6ed26f6156c

SHA1
d5526d5409565dab24c1624d206b986808c34bbe

SHA256
f7ddb8d1f7d773912302a08f268fae9057e0e125ac6648a83b103ede657b5940

SHA512
dadc5a9dd12c150ef716480d5dd241934e003050cd4bb7dac7d0c25c3429db0803d8ec4a6056bc25db80e7667885c561c555d67cfb01341c232e2787b24e3433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5cd8f2a1300a6d31ee64ca3d5891e4d1

SHA1
a150c986de448a09d8419a380c2b01b0336eaf05

SHA256
2fd33a8bc92bec44a2182ad02a212b58f79ba30ece4a8da3005b9e98f5993a6b

SHA512
14a56b4ec94517fb3ebc75b6c6c47f2128eb8e7ddd6aa461f21cad7bb9336740c23533389d74d5135dbe3873f482b909d47c0c6b2bf706fc60c4b32c7bd0df1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9e138b8fe103c4cd888abef0861f2e18

SHA1
ce110cdf96496d45ca69be07b4d4dc81600d6b29

SHA256
45826f4e57d5ec67090877e6c61c8abd5114af90ab9f8dc45546fe1f4e90e090

SHA512
9e864b21b9de12ae69a1e2793fb28ab1e7e5824e8fd3c32f3e1d240010304101af83e0cfece3e7f6ed76e84d10438dd7ccbcca53bcb5eb16b3706d13016ef7b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c8400b5e6a1d52780eab7814244e0f2a

SHA1
46d30a152da52993e644f2d39caf8dc67e03bf76

SHA256
5374ce9433b1c7afa300a4e056ee7d0d006213b17090eb8bb5b6ffc467d5be7f

SHA512
981a0e3891e8c0d0cc76906835557c0c4efcc9a05e0b3bf97550a89a33af066c5660e24f3325d0bf5f0e4248eabcdb9968bf3e0485ac976ee372a922ae9d4de3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2f19c84d17bdab59cc365d8a4f7b0532

SHA1
1666fbf460cc5b9af44295b93596fe2d28d742a2

SHA256
7c6d5c884da6c53615df45f5eb75fc4d31e74c390901ccc03fa02e680448aecb

SHA512
d52cc96fdb30094f6efc1b54422ac24985cb5b941dd3d28a40930356176aa25400e9ce1eddbb3e317a2d1577abf8958aa1c1c8a587a42c8d2cebd892feb7db6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a548b682b9a1790d21a0e67bfa6ee6b5

SHA1
035087017c6643d7d127d2fa1dc518c49fa22b6a

SHA256
8329d88c2012e105853dbc41e9a927aacf8d3de52a4f2b91d49adc4fa745fc12

SHA512
958acbc40d71ab73edcce15e4f1187c79991f2e4e377a253da9deb83e27b3d3f5d2f0254f35f339a413531d8725a5a8c086a1b7b0fc004bfc34651606ff50b6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c44755373d3e25fce3b12f787d6bb534

SHA1
761d2edf0ecf032ae0d91a84a08667d06491832f

SHA256
808f211a0ce16159c70aab0b428b114cfb9ec23836ba163855322d35c275b863

SHA512
b4deda0da85d31e0239fb33cc60d3a4353af73b28c6cd79a6bd77be255aea11a314cd7abcb2932db9d7906289b0d8171773355b3a9c62730c994bd0aa6b8174d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
761d1b211966642cc8fe302423dfcec3

SHA1
1297c31305bda0414d73923b933e14d6e89b087e

SHA256
9127b91ffe51fdca4cbaa8a327bc915189024614d68fbc60174611638096ebe5

SHA512
11ff1009031fb83fa04518a41739e5996e6589d0d4d5095c2c6ea659b00c8420fcc7960ed6a814cfbefb42b305a893accb0d59894e89111086e0377c17a86c47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
674fc8cc4155b6f564e876c9c8ea5529

SHA1
2ef92272c3663d228fc624cde3630ee373ecbb97

SHA256
9e6882bedde7e12d0ffd2cc1655c1cd75988c91d2a1ff4214a64989359194e5a

SHA512
89ac816caf2ed5e4dd164b758fb12628eed32b3ea4f4bff53723e49769cea16bba5b4dc4e542b376c72c6d3ddf53024685dee74ff847ea02993fdf52aba114ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
b00b511ed5a3d27b16683d90077aa714

SHA1
17396dc867de46e761da89d738a458270376f9a5

SHA256
2b00f2ce7823483e755e30f0e8b9227a9fd4cf701b3f5bfc2e716d6790bfefd9

SHA512
0861ffcb9104f7c863fa422cde0493e9da2e6cb272c25d174e5177880217e9e22a5a1d1795df0d296cd0000706df5c941a6a85842d1bdea66ead5a6c4925ac5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
83KB

MD5
f7e43e742dea302a079aff703a3f9331

SHA1
5a9112e29179935a419c3f5c347df66a194e8bc5

SHA256
f4640f9f4229eed295e8bb7fab27adab7c6a9d9a596e17af2f46f6f0b92c7c73

SHA512
b9e1a8936c69ce31a47769632b29a9e516e3b249f2c5e509fcd77f98eb637744af240458a819c3097b7de0d3a43e8f6779b3973a5720024230cb4250384c1fee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
85KB

MD5
eea8c48b431efb55bf0c6eb4b37dfad4

SHA1
0be59a8ee17dbebf119c32909156a4c7f8cb80bf

SHA256
98f0f35054167cb89705634fd887629a56a08c976cd354ce9affbccff938020b

SHA512
73e49cf6d1995e16b207ac28890f28b34fc1be2bf00b96671c286f6bec200a0d1657d3b073f04ea54d0ae95e50a43302297c5581547e658b6f77135af28e3684

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58f1be.TMP

Filesize
83KB

MD5
0538238b3121f8c2039431b1b28411a2

SHA1
474c739675f5aeea2738cfc9ea4df8dca96f3116

SHA256
9d3cd9ea2646b34a997a1640cd84caf4fda0752c7be955d660a11735801d0f0c

SHA512
c81070354eee69463c403732b7c31e7a3f597b83a2d68428dca45bef9c1d7d69a0f5d81e3548d966c3430cfbce624eedd2fcaa428b863d363fcb640a98549531

Download Submit
memory/908-9-0x0000000074570000-0x0000000074D21000-memory.dmp

Filesize
7.7MB

Download
memory/908-0-0x000000007457E000-0x000000007457F000-memory.dmp

Filesize
4KB

Download
memory/908-1-0x0000000000FB0000-0x0000000001022000-memory.dmp

Filesize
456KB

Download
memory/908-2-0x0000000005940000-0x00000000059DC000-memory.dmp

Filesize
624KB

Download
memory/908-3-0x0000000005FD0000-0x0000000006576000-memory.dmp

Filesize
5.6MB

Download
memory/908-4-0x0000000005AC0000-0x0000000005B52000-memory.dmp

Filesize
584KB

Download
memory/908-5-0x0000000005A40000-0x0000000005A4A000-memory.dmp

Filesize
40KB

Download
memory/908-6-0x0000000074570000-0x0000000074D21000-memory.dmp

Filesize
7.7MB

Download
memory/908-7-0x0000000005C50000-0x0000000005CA6000-memory.dmp

Filesize
344KB

Download
memory/908-8-0x0000000005AB0000-0x0000000005ABA000-memory.dmp

Filesize
40KB

Download
memory/4048-21-0x000001CA37480000-0x000001CA37481000-memory.dmp

Filesize
4KB

Download
memory/4048-10-0x000001CA37480000-0x000001CA37481000-memory.dmp

Filesize
4KB

Download
memory/4048-11-0x000001CA37480000-0x000001CA37481000-memory.dmp

Filesize
4KB

Download
memory/4048-12-0x000001CA37480000-0x000001CA37481000-memory.dmp

Filesize
4KB

Download
memory/4048-16-0x000001CA37480000-0x000001CA37481000-memory.dmp

Filesize
4KB

Download
memory/4048-22-0x000001CA37480000-0x000001CA37481000-memory.dmp

Filesize
4KB

Download
memory/4048-17-0x000001CA37480000-0x000001CA37481000-memory.dmp

Filesize
4KB

Download
memory/4048-20-0x000001CA37480000-0x000001CA37481000-memory.dmp

Filesize
4KB

Download
memory/4048-19-0x000001CA37480000-0x000001CA37481000-memory.dmp

Filesize
4KB

Download
memory/4048-18-0x000001CA37480000-0x000001CA37481000-memory.dmp

Filesize
4KB

Download