74533c6c06c0905ba7e805cb63b3b8d823db9f857ab4aa5995d6cd7083259c1c

Analysis

max time kernel
98s
max time network
104s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
23/06/2024, 23:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Download(36).mp4
Size

2.7MB
MD5

6883c5f063c55170840d334c89b9034d
SHA1

7273e4270c7e31548e8b650dd39d54145e44b3a5
SHA256

74533c6c06c0905ba7e805cb63b3b8d823db9f857ab4aa5995d6cd7083259c1c
SHA512

9f4db37acc23c1653a15b46e3e268c6085368bdc4412a37c01e3cb089e6638ff6a44c869ec307f6e0cc9ecd808760bec67eb49df867e9394ae6d097e36eb7112
SSDEEP

49152:9eKWWNQSpggQ+YYpLHBHeE/QO501JWQ5hOTLiRLXoQFAo/J+tIoZBT:9eKWWNxp3Q+dLJeiQO5KCTL1qdJ+tz/T

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133636586976276521"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3136	unregmp2.exe
Token: SeCreatePagefilePrivilege	3136	unregmp2.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3304 wrote to memory of 1080	3304	wmplayer.exe	77
PID 3304 wrote to memory of 1080	3304	wmplayer.exe	77
PID 3304 wrote to memory of 1080	3304	wmplayer.exe	77
PID 3304 wrote to memory of 784	3304	wmplayer.exe	78
PID 3304 wrote to memory of 784	3304	wmplayer.exe	78
PID 3304 wrote to memory of 784	3304	wmplayer.exe	78
PID 784 wrote to memory of 3136	784	unregmp2.exe	79
PID 784 wrote to memory of 3136	784	unregmp2.exe	79
PID 4844 wrote to memory of 3520	4844	chrome.exe	83
PID 4844 wrote to memory of 3520	4844	chrome.exe	83
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 4080	4844	chrome.exe	84
PID 4844 wrote to memory of 1244	4844	chrome.exe	85
PID 4844 wrote to memory of 1244	4844	chrome.exe	85
PID 4844 wrote to memory of 2848	4844	chrome.exe	86
PID 4844 wrote to memory of 2848	4844	chrome.exe	86
PID 4844 wrote to memory of 2848	4844	chrome.exe	86
PID 4844 wrote to memory of 2848	4844	chrome.exe	86
PID 4844 wrote to memory of 2848	4844	chrome.exe	86
PID 4844 wrote to memory of 2848	4844	chrome.exe	86
PID 4844 wrote to memory of 2848	4844	chrome.exe	86
PID 4844 wrote to memory of 2848	4844	chrome.exe	86
PID 4844 wrote to memory of 2848	4844	chrome.exe	86
PID 4844 wrote to memory of 2848	4844	chrome.exe	86
PID 4844 wrote to memory of 2848	4844	chrome.exe	86
PID 4844 wrote to memory of 2848	4844	chrome.exe	86
PID 4844 wrote to memory of 2848	4844	chrome.exe	86
PID 4844 wrote to memory of 2848	4844	chrome.exe	86
PID 4844 wrote to memory of 2848	4844	chrome.exe	86
PID 4844 wrote to memory of 2848	4844	chrome.exe	86
PID 4844 wrote to memory of 2848	4844	chrome.exe	86
PID 4844 wrote to memory of 2848	4844	chrome.exe	86
PID 4844 wrote to memory of 2848	4844	chrome.exe	86
PID 4844 wrote to memory of 2848	4844	chrome.exe	86
PID 4844 wrote to memory of 2848	4844	chrome.exe	86

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Download(36).mp4"
1⤵
- Suspicious use of WriteProcessMemory
PID:3304
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Download(36).mp4"
  2⤵
  PID:1080
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:784
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:3136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd2402ab58,0x7ffd2402ab68,0x7ffd2402ab78
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1860,i,9202040139047878765,7654532117194006530,131072 /prefetch:2
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1860,i,9202040139047878765,7654532117194006530,131072 /prefetch:8
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1860,i,9202040139047878765,7654532117194006530,131072 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1860,i,9202040139047878765,7654532117194006530,131072 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1860,i,9202040139047878765,7654532117194006530,131072 /prefetch:1
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4248 --field-trial-handle=1860,i,9202040139047878765,7654532117194006530,131072 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1860,i,9202040139047878765,7654532117194006530,131072 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 --field-trial-handle=1860,i,9202040139047878765,7654532117194006530,131072 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1860,i,9202040139047878765,7654532117194006530,131072 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1860,i,9202040139047878765,7654532117194006530,131072 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1860,i,9202040139047878765,7654532117194006530,131072 /prefetch:8
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4456 --field-trial-handle=1860,i,9202040139047878765,7654532117194006530,131072 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4880 --field-trial-handle=1860,i,9202040139047878765,7654532117194006530,131072 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3228 --field-trial-handle=1860,i,9202040139047878765,7654532117194006530,131072 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4068 --field-trial-handle=1860,i,9202040139047878765,7654532117194006530,131072 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5060 --field-trial-handle=1860,i,9202040139047878765,7654532117194006530,131072 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5116 --field-trial-handle=1860,i,9202040139047878765,7654532117194006530,131072 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1472 --field-trial-handle=1860,i,9202040139047878765,7654532117194006530,131072 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1480 --field-trial-handle=1860,i,9202040139047878765,7654532117194006530,131072 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3364 --field-trial-handle=1860,i,9202040139047878765,7654532117194006530,131072 /prefetch:1
  2⤵
  PID:3704

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:824

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
810B

MD5
376b1723d890a70a6503d3413b1fc866

SHA1
e764b5e9a35feb7c32510d751cdf6b92835c62e8

SHA256
fcff8ae375c330fbb23897dfa5c81f13f9f0bdf4d21aed36c5d296ac34826bb7

SHA512
e96f98dc296766a1b9fb0fb44bad2eab66974113cbd241b40f5692cb6e3c6f04a53ac358bfe0f0fd130e819eacdb73eb4ec8a3db202063ce02da8a67a5bc7d4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8ae12935cee7a968d4d685bb1260fe85

SHA1
6fc061264fb43ae8ab5c7e5be4b9f4867afb6bc2

SHA256
6db9e3a2a2946e93966863a564187037a8d15816987941c25ff93cae7abc3d48

SHA512
1ee447287e685d7ca76637d315d6b1476def695015779b17f2fc5aba60a1195d3596b8133c6d9f58ebc3e879551e5b9e41e046a2370596d45bb938631ecaf061

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
28606cc5e861e79c40b1841da240e1e3

SHA1
afedc8dda33507057b55af3275c8c30296b88201

SHA256
8a5819caff5d503f7d30a46eb6823b8be5bcd24fd2a4a084ff93555380a1452e

SHA512
3ff8ed5d4d37b9c18ee2a1a09f421436ef7814a39b3318ec040e6abc7986ff017f177609ce1b8704b5019c3fc28fd8bc9969b20356f5c6476a14390bcf8e6572

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
48a41c61000bd3aacc0b8054aabb6c23

SHA1
ad0ad43e3a71d97a83d3ec32d523c96d8c0e0a28

SHA256
9ca28daf58932ea02da5f625775a4425c86b7272b333ad7bb5fb7daa7d2833d5

SHA512
0fa32c57941f6354a215b3572756808c69071ce6d2484a41944eaadea489e4dc8e9c7128717a93aa7a4e9f18a2e5a94afedf64f50dfaa2d84c032db9b2b2c68e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
a537e5c81a87237bd0f7890ea3a3fa69

SHA1
34531a8eab71f376bcc6a495de0ab9dc72e1c60a

SHA256
284e7573af6b4892f7843be32b1f0405e7310e2696c85a67c44ae6d79734a8ae

SHA512
be5123abb294f05155b0af0a76455fd5efe917dec3fb874a76e66d4edb52a7d2120c9336020713ed535bc691da0cc890aed3113035cc71d429baaab30dcce81d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
3795a7c5ff941b5ebbabd15138cbbda1

SHA1
b25b6272caef8806581b78c88763e0bb3080b73f

SHA256
0c80bc6e2f8790f9812b7cf02713ba39f902a439039938a7f6ee5b9343618c96

SHA512
96c1345815f2595695d36feb41e934ee251c68ecdbd491472f44c00e4ecec5728251cb4a77974867e72385fa26a14bc1f302411b7c798ebec4733b8db0ca215a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
337KB

MD5
e046c676850c9a5be9ca683aaa8a2c3c

SHA1
2ec05417eb6b2af3f300714cba698beafb6fec3b

SHA256
155afde5953a252b57352d87ebcf4a44b064e437c58cbb995cbf8240ee292f7b

SHA512
4e9472db1486097530435eb01738a2a0f3bbd2bbebe94cbdbb6f0a3e6acb37005c5c0dfe73aec0fb938b12ffb1acea476f8dfedca7ef6d729d03105dd6f3ca75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
86KB

MD5
90f34fde90965308984327e4bbfef632

SHA1
4e9149edd08ca26e78a24091f3499ac4de896b34

SHA256
524ef8747869062225478897464ce2efe78957f2fe0263cbc767dd1f18e1d3d7

SHA512
678985b3865ea46e8bd27d7a82aef899d91eeb8a883189e7df3a06c7b2c376d80f0b48c89bc34b4650de7103b9a9d834dd340c1578c15e565ec053ea75e76cbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580bc3.TMP

Filesize
83KB

MD5
5a5cabd62e26120d7183ff9a590a545b

SHA1
1afdfc1d0fc48b366b44ab25dd5cca50eed59d1b

SHA256
16a8ffe98f44916a3a383182af46685a40aa620e0df2569a1dfde01bb356e0d1

SHA512
f3b1f2634ba798d6d04ee41ffc4b0dc1b837e8bf232711d495c42260b309474ee5dc5dee996542b442214ca98af30cedb5095512b2ffdb8e1d1b13b9694e9f9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
b54205550eeec9cb9b00cc6b41e8bf0e

SHA1
8bd942b013de39953b6f7cd6489f68048876a640

SHA256
8d67dea3b515101a4a8e5ee2e7cb6caa946dc54cdda9acfae79c6c85d67b93ca

SHA512
608a1bd55c868a54f4be2a0ce58dfb6acadd00d77d31019b41643fd2036082305a2425348878372bf63fc51e1c0928076ffacb0c0ab44c355f35cfc8ff21676c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b2d26721-fb02-4fd2-8128-8d5423477399.tmp

Filesize
289KB

MD5
426650d5f5bc5e0db43f9cc2e3a1dcae

SHA1
9d4137578555d8061fe3d75608cc43b31ce09500

SHA256
7afac8871b16f50f61fc739772e58f0b4347e7eed675dde3edf06c078ac7db52

SHA512
9927185ac5562baf000aef6ecc733bfa281bdc3fe2428497f65b9db8ded184edb69d82306245138bdb9bd96ec99b0fa9910055880e0b398b35df60ea04c229b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
256KB

MD5
1a0295014678e91e7fea0a79074d6ffc

SHA1
f93a33dfd19a09d92174a17f0912440ddb1479a0

SHA256
fba2e401545352472136e5c71b0596b9125ddcfe2b87c439d8567cb2dad16745

SHA512
d7aec99cf127bf009bad534f293b65ce93ed08c650312a32ea670b0cf09dcaa0906962d9b29ce6c078396885e8ce55bf5ae5598c2480fd508ebddd111bd6c882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit