1fd71d75f91dcc5ae1ac0cdaff8b1117f85ff2a4223378c3f0f1df7e371e0598

Analysis

max time kernel
351s
max time network
845s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15-06-2024 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea.txt
Size

93B
MD5

426d897eb73b01bbf00f40ea20e9b9b8
SHA1

90f4ef19a9e2ad4537ed686889c6af8ea4416d19
SHA256

1fd71d75f91dcc5ae1ac0cdaff8b1117f85ff2a4223378c3f0f1df7e371e0598
SHA512

8ba686deafb8eb4e8ecbc6584331fb99cef15bf0a1d1d9c0018e9f85f0675c8c4a7e546ce218f48d340f7058f51cf015a276fc53a215b18729c6229e98112eee

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2768	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 2572	2608	chrome.exe	29
PID 2608 wrote to memory of 2572	2608	chrome.exe	29
PID 2608 wrote to memory of 2572	2608	chrome.exe	29
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2752	2608	chrome.exe	31
PID 2608 wrote to memory of 2636	2608	chrome.exe	32
PID 2608 wrote to memory of 2636	2608	chrome.exe	32
PID 2608 wrote to memory of 2636	2608	chrome.exe	32
PID 2608 wrote to memory of 2952	2608	chrome.exe	33
PID 2608 wrote to memory of 2952	2608	chrome.exe	33
PID 2608 wrote to memory of 2952	2608	chrome.exe	33
PID 2608 wrote to memory of 2952	2608	chrome.exe	33
PID 2608 wrote to memory of 2952	2608	chrome.exe	33
PID 2608 wrote to memory of 2952	2608	chrome.exe	33
PID 2608 wrote to memory of 2952	2608	chrome.exe	33
PID 2608 wrote to memory of 2952	2608	chrome.exe	33
PID 2608 wrote to memory of 2952	2608	chrome.exe	33
PID 2608 wrote to memory of 2952	2608	chrome.exe	33
PID 2608 wrote to memory of 2952	2608	chrome.exe	33
PID 2608 wrote to memory of 2952	2608	chrome.exe	33
PID 2608 wrote to memory of 2952	2608	chrome.exe	33
PID 2608 wrote to memory of 2952	2608	chrome.exe	33
PID 2608 wrote to memory of 2952	2608	chrome.exe	33
PID 2608 wrote to memory of 2952	2608	chrome.exe	33
PID 2608 wrote to memory of 2952	2608	chrome.exe	33
PID 2608 wrote to memory of 2952	2608	chrome.exe	33
PID 2608 wrote to memory of 2952	2608	chrome.exe	33

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\ea.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7809758,0x7fef7809768,0x7fef7809778
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:2
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1424 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1464 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1544 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:2
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3268 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1260 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3584 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3600 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1352 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3532 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:1
  2⤵
  PID:344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3468 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1356 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1456 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3460 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2680 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:1
  2⤵
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1384 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2484 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3472 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2552 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:1
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1344 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3840 --field-trial-handle=1196,i,8006717715636888082,13947294064878070279,131072 /prefetch:8
  2⤵
  PID:2996

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2724

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x544
1⤵
PID:840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0af5087e944b2a91fb8c308557b9a837

SHA1
4efcde757d5959316815d6c3e637a6a507614ac0

SHA256
1f23a1fb3554e9d63b98a1dbab2c6bc8f8c6fb9d4ba754ec957832a4cbf2a33d

SHA512
ef604243678bc3d380c1845761f68c3d13dbf2c19f479ed64275e3128baa8ca1feeaec71dabb11dfbd082274528f0feaab87dec8b7d982e342a5a78b728a6c6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
10b687cd662b40f1f38cce31e80546a6

SHA1
f183215960965d8834164337282ec9831bcf7f7d

SHA256
4ddc8a150493f613166c3178670b2980864f83b3762d864de3c169ba9bccba93

SHA512
eb42a3770ea0c977c94db9ea212c3a5312f1768e8e2780b79be495008e3b19cf7244ad6a6aa4dbaca13f2fb9ffd0f5a391773e2360ca90b88745e457e87ae343

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT~RFf76fee8.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5a1cdda461814b64b4593e009b034ddd

SHA1
fe112eeceb187e8747f0c143868ee11dcf10ecbf

SHA256
a189cddd81b9798ebcfc8420a6fa168345b21284379f5ceacd33271235eaa35a

SHA512
c5610dccdd7928501b758abf156ab1f6f2a2ccca32e3d71eae248e4d0bfffd0683b6dbebda9d9ae0b6db81af47e6af248f455ddfa9efe984847e3d977dc1173d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
91216d15d63b241f2b5a147280216307

SHA1
62a65c23cb30f94cb7caafd64b541b92d97ae56a

SHA256
b5932a92cfd45441eaa3617a3066a9c01cac0320ea80caab16cda6c068a55961

SHA512
f91f17cc248a026b8d270be1cab273e3d1ad8936547ddbb967e8565349049f30ce6efd4c6c7207f4cb4e313db23c03a767346f624f7025544a3bf6d87663e1e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
04d7ed80a541746542e816058ea9fb24

SHA1
d74f2dcd866be459586076780702b1b8ed995b67

SHA256
f68cb67d9152f2b46f8d51f04fd93387441c76b533a6f07b4aaae22afd4fa0d3

SHA512
71c04d6c6a2c7d98ac99d10e5d8f1b5f85a3a9ed1f10d6ea144cc2df5071b17a891c2b0c5bacc0f17ce5ef548cce7e9632069718cde5a36ad75ef10185fcc0a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
adb29f41db3d79ab8eb0a146a592ec88

SHA1
f9d6cf8b83182f380ae832ed195eebefafec193e

SHA256
e50c06345e6ebd0434dd5305c1c7e881c7343a1b6fe8c1fca5dfdb0ad4f64a85

SHA512
402185a37429771d88b27a43743becff788bc65f833f2b11de19202a09c3a24276208382cf162194bcf5431c186e92bae69418ed7a62f5acc076cf3f18411c6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c768173697df050c91e2d1824320bf5f

SHA1
3f58a619048ecf1c93cd821e4174ebbc5890292b

SHA256
514764eaa59a693ef0f1c722155e688018dc5711d5f9b4e2f83066fa9d84bd17

SHA512
fe1d77581b7b882654767b8dd77a191648de545a0e1780d239e5a6359d5e9b98ebd9c50671761e6d5d0d93d47528a3a8583f9b81fe127faa6e118dc61803023d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
700ffcae541d4c7395358c344288547f

SHA1
78221470ecac65ba924fb6c4f6d9a058a46efcb1

SHA256
38266b49b8b00a1e770c13d573466cfa1ed6b9e553dc30d31a3c326f83da1edc

SHA512
5c9ae9a07cb69e8900bae5e89d4c39897173135338ef94d15f0f8d79c39e357787bd56db50b6a1d4b7a139338ebc5e3216f1f20435181d42367254219fc34025

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
38759a851fce53873d8491b90e4f9d58

SHA1
3f78e49d89a3ee692976616819de2fc88c1f010a

SHA256
64191c488d7f409f32070997266bf3b29385ddeafde4605cc06aba8b9459d893

SHA512
b97a5d285226034c32c4c185b0bcaeb00a342158be42697ceabd9f728b0dd95886495f67a5edc4c4e541c2513d3a8451b2f047fd4490400ce917a76fbd23684e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1239cf3e8b22dc23886de98426add104

SHA1
5edbeaaf0d019b0818973210fd51f6b1ad425821

SHA256
c0fe50c7aa5619f7b4e91373d98553147655fff2fd5003798cd4805136dec00e

SHA512
429d616c22d676aa12dc5f1413f5ca357f2542fe4a71b181b631800102dc6073ffe593b0d332f6f41711d94c24ed2f5d38e2e825da12651780e03d1fa29f11b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
200B

MD5
bad227b60f27d2328aa75bfb844bbd3d

SHA1
fefaa3f26e0039249f017cf7bff4f5dc9463a8a3

SHA256
48533915f3aa3cbd0dd92014b10cb485967c5fd12de315052c8ffa9127f26cc6

SHA512
7a2c07635e233cfc08fe9f8ee0e66002648ce8238f11bd1224b5075b8d29bc1d363d2e399c480e554fe7869d8394ce0e57d3d50975df13c531cf42dfc0666b36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
900e29b640296df98062818bd4b4fcce

SHA1
1e8765e99689c26aa46a1d6e23663ddefd8a4502

SHA256
bc5586b7bd104171d63ce1ad380254e5b6ed5803c547ef841925196334e6530c

SHA512
3f18d20e66d05af84826a840e00b54483717f53ffe29263b236016c71fe3828447188b051ceee319c67e13ec953ac62b109d1febe71b96acd4a19112e115e692

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e616843d7d1a6ce2ce058f7d2754d36c

SHA1
9c7114df0093cb857ca234679b439f76629015ca

SHA256
cc4a4644f10b8c123838f24eb31875cda7b602e8372368e7aafbfa7ae465ed2c

SHA512
ff5d899f8d8703174c10d2360e5f0c1e49949dcedf3a8452166d22b368857124279ac63bcd43bba79fd822d29ef9c6b957b1a400432517bc557f862ab710869c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e0f80248ac72c4953a1191d30aab2b66

SHA1
e46e375d32bd1476da9b699897a79108467bd75c

SHA256
00808051078bee9260e36a0ffc48780fe1b442aebec7a79f315f551eb32dd40f

SHA512
5e3fcdc8bd2e72b16d428ca987e612d4de8e31efb936dd4d27cb981ed46945dffc75d4466503301d48f796d26c49fd03d5e0ad3de0364b186d207084dead1f27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cc151e5646fc04b9db5d68f50946e7a5

SHA1
37409d5e5036e9552c6c63978ef59c2112cddfc3

SHA256
ae7f215a7329c1a212501a407b1b69344936ea7e65468f0e13276abb39f809bd

SHA512
d8a387737faca91d839292039e01a87bd7cd6167c9306e9a2a87b7fd680944190e019fa3a87f6868f941c0969672154c612b3fcdcc1c543bdf8b03696eda810f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5b1e7613699d7b43370945d685e33662

SHA1
bbc745e21c57dd8e8ba9222b850c1a2969024b47

SHA256
9a3594e967016ab23bc41091691ded844ad2fb9f89eb02d4b86500b183218ad7

SHA512
7086f88920bed84277d2067b2cc4b6b1ca0009286dfb472d5ca0dc8aee271863566203a7412fb806988e5b8103f29681f4383a1bbfb245a708150bc7912e618e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b401f232ae0b97048dc079a6327128d7

SHA1
078d576fa3cc207ad38b7383d576d242996e9ad7

SHA256
7e0ac1d6cb0593c5ad5582ef4f84fe1c9ead67cac7357cb9d2e928c9382a01b0

SHA512
9fdfcf10cf88152e3faf3fb3e47d389f8c501cc54360b2748bcdf15dc200cf23de76eedb8caf958d7a2d721ef00b1985c1c1829eb94e694326286cb8ea030e2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
05b80118786c351114aadf72dfbeb201

SHA1
99b4d6766f25d05f7510ed2163b290bf52e4d75c

SHA256
7e3134bccd95acc250218595bd6785ac04a987c495372aba7546e5f8a0448325

SHA512
e922bfd4941b4326b91a452720498c50d15f40a8ea8d5852c7adefb1637f43750ed9ec00024523043c1f6dc50180ce37bb0a4fc15e4e0079854544a5f3cb1130

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF8D2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF990.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit