2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818

Analysis

max time kernel
47s
max time network
142s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21-06-2024 03:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XMouseButtonControlSetup.2.20.5.exe
Size

2.9MB
MD5

2e9725bc1d71ad1b8006dfc5a2510f88
SHA1

6e1f7d12881696944bf5e030a7d131b969de0c6c
SHA256

2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818
SHA512

62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39
SSDEEP

49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1932	XMouseButtonControlSetup.2.20.5.exe
1932	XMouseButtonControlSetup.2.20.5.exe
1932	XMouseButtonControlSetup.2.20.5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2908	chrome.exe
2908	chrome.exe

Suspicious use of AdjustPrivilegeToken 58 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 760	2908	chrome.exe	29
PID 2908 wrote to memory of 760	2908	chrome.exe	29
PID 2908 wrote to memory of 760	2908	chrome.exe	29
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1984	2908	chrome.exe	31
PID 2908 wrote to memory of 1324	2908	chrome.exe	32
PID 2908 wrote to memory of 1324	2908	chrome.exe	32
PID 2908 wrote to memory of 1324	2908	chrome.exe	32
PID 2908 wrote to memory of 2388	2908	chrome.exe	33
PID 2908 wrote to memory of 2388	2908	chrome.exe	33
PID 2908 wrote to memory of 2388	2908	chrome.exe	33
PID 2908 wrote to memory of 2388	2908	chrome.exe	33
PID 2908 wrote to memory of 2388	2908	chrome.exe	33
PID 2908 wrote to memory of 2388	2908	chrome.exe	33
PID 2908 wrote to memory of 2388	2908	chrome.exe	33
PID 2908 wrote to memory of 2388	2908	chrome.exe	33
PID 2908 wrote to memory of 2388	2908	chrome.exe	33
PID 2908 wrote to memory of 2388	2908	chrome.exe	33
PID 2908 wrote to memory of 2388	2908	chrome.exe	33
PID 2908 wrote to memory of 2388	2908	chrome.exe	33
PID 2908 wrote to memory of 2388	2908	chrome.exe	33
PID 2908 wrote to memory of 2388	2908	chrome.exe	33
PID 2908 wrote to memory of 2388	2908	chrome.exe	33
PID 2908 wrote to memory of 2388	2908	chrome.exe	33
PID 2908 wrote to memory of 2388	2908	chrome.exe	33
PID 2908 wrote to memory of 2388	2908	chrome.exe	33
PID 2908 wrote to memory of 2388	2908	chrome.exe	33

C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe
"C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"
1⤵
- Loads dropped DLL
PID:1932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7319758,0x7fef7319768,0x7fef7319778
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:2
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1564 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2344 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2432 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1504 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:2
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2272 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3300 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1556 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3048 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1072 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2492 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3004 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2640 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2092 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2468 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:1
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3488 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3376 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2372 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3668 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:1
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2128 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3592 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:1
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3748 --field-trial-handle=1320,i,4821991200912810419,11465468818711722317,131072 /prefetch:1
  2⤵
  PID:888

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6d3e494a4331367258ae9e8b81bbbf5d

SHA1
e3415bf5941735b97a5025c33b9520644ddcd025

SHA256
9e12bf71099ba5250e7e025d06d2dbfdec667f8583c5b2356c998365a79b23aa

SHA512
b023e78258de67e5eebf04748c5c5ebe1b7c9f6c7e9506c43702abd3f36342070b70d94ea9f018f4a1603f994759ae980ad68b48ded296e590999c01ddf63a65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b0afd689a3830d5e271210d72a095995

SHA1
88bc445de3199103708f38268df9d4059f5e960f

SHA256
cee41846af86e1984eeded44cffc8611f22148433df7a97fa9f6785f09c69ffe

SHA512
ef1dde05b35e788c5d915ea509d835265d1979d1f3230644509d892506e7ab1390f5fb7edceb2a483e5c2c2c57f76dcc02d093f8b5b03bf4d726fca0d0c0ded5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cab46bd7d2315d99935f76ed05ab2097

SHA1
c4f2a739edea62c40910620cdd0006bc56dfe446

SHA256
c564981e9bd5037230dfe918110d0ca8c732469c4c9f68449675578e1390b41b

SHA512
26768f5c0a5c4636dc012a30ba16bd96b2717d7ec065cb62225e590907ab9cb6e3ec71d7aa363187421dd454e7267144b4f08080a6cbbbe61fd1868a523c1df6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
094d3201069028733a043161ab2b16f2

SHA1
2c238b453f113ba10748e2f76dae00c8d711e20d

SHA256
7e652c3a2f2237ff104c4cf365b0685f51016587c51b3c93ceb881452e32a8fe

SHA512
fba26703aee89a512604c181074d6a3bf98acbf5925039077ea57b6a3930ca7ed6c72c60384dda01285de196c51f2c06597c301937bc7d4c60119b55a44d4972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b581e3511631dcf40e62038d2bdcf547

SHA1
00d0671a447bb3161d1f00fbd406a6705c888ce8

SHA256
e5d60389436ba87c5e3a0abe798cdb74455ac178a7863e4a84d1077bea753131

SHA512
e083a23c8553fc5f0c80adb352b72cae84de45b61931237a65a8638e8e1f0f812b6043a3c9019e87481cbd47654712fa2f03359a0df7fec76db3cf2ff732ad33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
f6fff2063b18358bd2de5c13079feac9

SHA1
3451cf10ef87c1742d3aecf3c40e5f6207fcaccf

SHA256
19d193040db848242804ce0016b3abccee105f77bed7bc6d8f6a0a23f9eef1f1

SHA512
a15e29923afda070727faadab7f120ef71f6edae5a2b367e4a94e9840b9722f928e8eda0a99148c37261715f20d099aed64c3410db3c8c1d5fc443400765a1bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
2a0fe2a5baa96b08da25155725ff540a

SHA1
703bd3f116b3a7ea8c8effcf625049db3e81497e

SHA256
cfe3a0ca70dcb5760eba7cf5fc814d0eac8a230ce7f4211c06871dbee5321e30

SHA512
dd9002f0f3ae529723d1ba30525fdf7bcf7db478db81309665ca2ce6a2b5ae07445d9f8795cc01ab492ca32759be36ed6d94718697e3572cb38b2a8ce33fa39b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy1AA4.tmp\ioSpecial.ini

Filesize
726B

MD5
b54253222ef92e59707f3ffc9d9f7c1b

SHA1
ea5ebdb68ad94cfc73dda6a816676d644c40d79c

SHA256
9dc29dea84ae3eed01c825f234fabc889394fe062e2572f884f18b15f25db833

SHA512
e0e573733f61ac394c0ccfd900c84dfb0599952297f50ca5fd4eb167a5232b2f173dbe771159c5e1e536db5de4af10d3cac68cd4f5b33370438a7505ae1ab14d

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1AA4.tmp\InstallOptions.dll

Filesize
14KB

MD5
d753362649aecd60ff434adf171a4e7f

SHA1
3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

SHA256
8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

SHA512
41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1AA4.tmp\System.dll

Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit