0f2dc3df52f4fa55dc6bfc06afde19fb4fc7a8c002618ca3913f31edb8406062

Analysis

max time kernel
1520s
max time network
1155s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
04/07/2024, 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

imgui-features-shadows.rar
Size

222.6MB
MD5

be05f1023ade4cce2dc40b98b77ab7a0
SHA1

e57661da74040eb7306e9bdea584b3a692f1445f
SHA256

0f2dc3df52f4fa55dc6bfc06afde19fb4fc7a8c002618ca3913f31edb8406062
SHA512

0954ca2b6e1f83ff9725226878f41e345929cca244e2e2d61b2d51e74d7780f4a2dd4849690c2854c7954a49d14a3644db48b3317b6c425c3844b4566737b353
SSDEEP

6291456:bzs2C/VqS61R97WGC45RA4S6vCKfuSnQq:vsLVq91R97W8DM6vXfR

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2608496357-2693146533-2740208290-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2608496357-2693146533-2740208290-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3772	chrome.exe
3772	chrome.exe
5076	chrome.exe
5076	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
400	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3772 wrote to memory of 2292	3772	chrome.exe	84
PID 3772 wrote to memory of 2292	3772	chrome.exe	84
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 2112	3772	chrome.exe	85
PID 3772 wrote to memory of 232	3772	chrome.exe	86
PID 3772 wrote to memory of 232	3772	chrome.exe	86
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87
PID 3772 wrote to memory of 4088	3772	chrome.exe	87

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\imgui-features-shadows.rar
1⤵
- Modifies registry class
PID:4192

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffa85b4ab58,0x7ffa85b4ab68,0x7ffa85b4ab78
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:2
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:8
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:1
  2⤵
  PID:328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4236 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:8
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1512 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2732 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4268 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5084 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4952 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:1
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3416 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3376 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4972 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5260 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3252 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3424 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5636 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5864 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 --field-trial-handle=1804,i,13309299696799336353,8109858978305099108,131072 /prefetch:8
  2⤵
  PID:1368

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4196

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E8
1⤵
PID:3812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
66KB

MD5
554f77b905f16d4372214f5e24f5013e

SHA1
de5295e5abeb855d88c66ee2eeddba172035ea9c

SHA256
675656749502ada545899859eaeabf05e7f7b697bab6538e5ef807db4535f126

SHA512
45df3d06129dfb303889c150d6a5eeb75edfe06fe13725fff40fcb186cd54e79702e6c6f54148db2e56ccb6d34b41442d2d3fd4d098d65afca1a72eedc650c2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

Filesize
29KB

MD5
c2f8c8cfde89d4ff2c04044b1d47a8d7

SHA1
448dc96356be2f56a865c319164ac32953f34b6d

SHA256
965f9c4c223b8a185ca22ec36a56b3e0c5e6e29be66870044abacef8d49e4a14

SHA512
5f050b435e51445dfe3f2fde7b815319ef93c2c2f11c67036ac23189d95608ccd884bf676a259f9ef7d0378228911751b9aa0bbcace5ca49a5a98050cbb5b67c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
493fa2e0dc6b7c1b88a47fce64b734ec

SHA1
31a3a9bd05fa5ba274cb5b095a3c4da90d6ea6a3

SHA256
ecef9cc77ae0feafae5299a239bd35e929e6f31c216fbb0f4455a43d77fafb40

SHA512
2b6d7d4c1b5c8722a12b940fb0281b87d77130c7ce97cc735ec485cd9252d2bd5f39bd65c483c4d65a9580bfb8988add7d694297ed97011d50fed77e976d49ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
5348f9a49d372d823145d0b1d4cb1607

SHA1
55b35b51a9fe3e28e3ea23bfca304aef5394043f

SHA256
9c37fbff51c147162f905ea87c4953b3035aaa0fde0b2f76c52b4d2f87cbffa1

SHA512
7931b6678ef47313a2482119906d26968faebb393da753a63a5a0dae62e0df3e88a7220348325ce6ac9ef482eef7d48c5b6aa257db86793523d62096dd7fca69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1bd164a730c17433ff8382882633960b

SHA1
970365c879b7f6f9ee6034c1bb350ad156ecea7e

SHA256
f48369d08c07ecae9ff21e9ff13d8ad20f286ebae1802501d5cd4b884d51309f

SHA512
8c7bc9e3dc118e247a1db8b97171395edde8da74ba915480190ab151feec8acb7ee7bd8e2c2e223da3c41fb1e80ce61e9863a3c2a93c643566a828c7734af4d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
6b7110314c45d4d0871d676014009506

SHA1
2ca8937b015087a99410033b52ac81e7082299ba

SHA256
034f1808de1544d2593ea5423ebde2a301806898e0bc2c6bf854c2db351d416d

SHA512
4a1baa7e8ed9c7693fc65e95602af29700db90bedb904a07105414380408ae62dfcd39eb444247f316a418e6366c7ab21a32bcfd0ea189dba05e4c7712b1e596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d40626b1630bcbddecc75b819ec6e246

SHA1
d56601a38f87a166873e14a6557e3f975ed13bcd

SHA256
a638a18252a8be38bc984e7153d13a6d438a0ffef29b0cf543a071195f0c808a

SHA512
7b428fa4711b150c679dd1de3156b34d6fd974bba972f2cc79b43f05303d24b6446d6ece339a656f7a62bac3aa3cebba81578fb590c8606853a4fb11f347bc64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
94820fcd57e63aeaf781900c46363be6

SHA1
6023e752798ef472502c1a61e5531439dc0d995c

SHA256
ff1e9f4c771bcf3b35977501bf4b9e376b6be2868ca082c303ec6fdc0a81200b

SHA512
3332b169cfc8f84c4006fdc0bfb71fc94abda490316def4a8910d1ec8d5bb0cf811046a021e8abef2dd042fd0ace465a30c2cee09afd25373f06291a77371b4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
42a8061ef2d1d01c16b1e2b6f094acbe

SHA1
7f75b4d3be87bb53b8cd539fb9c234de144fe433

SHA256
83ed9fcb84617b218567a4f990fcf8ae9359d9283c24b42e7a4178be7a100b69

SHA512
0a7d8199b1b6f506ad2b391d36e96ae5365347ae4621533ff0680705d17107d23bb7c7c31f10a5a6b23f98c0cfe9972406d6ed4aa763dcbedfee6dc4154a80bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
9bb0a9ab826897ffe9c99c25334626e6

SHA1
c3889a3c3660c947206c1c7ce17b2a9644a40da9

SHA256
6f1428e172d43d0150469a3e331840b5361f7d8004b8dbb7746f5c03b3e2d760

SHA512
25c916744d1b1af14c4909d52d3126692c0476028eca59564d4a0066db17980fc5536e0d8368ad0076601ab2d2c9dd65faa54be88fa121893fb96fb50235633e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
82d85f7e2043fb83c4e81977742946d9

SHA1
14a4593383967997e85ddd09faa90615523955ba

SHA256
18717c89d612e758dcfea63707e3795b5f5897758fe6f10dda28ccaccf360074

SHA512
fde7248199ed75fc9d5c308448b630ffd1216390385198a48f7e12b48894b254483fbf90dfd7fc298243e92bfd2d4cd0f299f6c1aee2ab24eb475d4bedcd3f9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ea0c23ed81f6b590c3733acea3d9a58e

SHA1
aeb9fd7615ce6cb708ec4280bc22c2b928c58cd4

SHA256
eeb5373d55c84cb8ab74c0fe8549d3533ce1bb3eba8f6942d64842b0f6ef2d8a

SHA512
863e606c4f12fe69fe511152ff0114d1f2a0aabfa0b217074b0d4a70d9340cbe1c87c16ffb8d6155e96fcd1e026eee959b9009037f73515c2ef55edc74475c2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
33d169e0369092a492205fd3605c4362

SHA1
562562884ae314a98acde073f13134c4ebcb8454

SHA256
c53acc438b38ff08466ec43237db4d3153dfd5383521b1a4b81e2dd7144a717c

SHA512
d4052b92ef143d068b24583830ef65d88ab3833e317280e50981168b50c763c26c0b2d5c389c78c9b21cb4fa9b812ca92e0c6c193a046537cfe34668d08f4a32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ae250ceda4e674d44e46685a0cc16767

SHA1
6654936254901797e52aed1589e1900a2d57bd06

SHA256
0c44699133332344d40814f068372c90da214fd2c39b361837b553e65b963ec3

SHA512
d452f67a41bee7828b5ca97a57b7251c7be76d0988032ebe5c5c5ee57ca341b404609e65e38ba2d5ffd23c63405e63d0059760a1eb72faf04ecd6d2d16ba096c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
353a7e70a50064147884c0578d187e10

SHA1
cbdc27632f5c0473af6b9838e44097cccd9c323d

SHA256
e07dc9d381610876571b09314038eb3f6919b9df6d36c1945028d515da04d532

SHA512
9464a30c4a6f1b10dab6167457b6b56c784b9efca58a2e1a9134b4a797bc9f0c31b69fec8e2b5ca761606cd19f0ef344e801658719858b39b5fca96782aed734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
383d023c45e53c2079dc5c8e16d836f4

SHA1
795a7605944feb0f62368441c0bd998f3a574f2f

SHA256
ae4c19de6f479f56f67ea2f2b8daf4e6a262dddf45b6c51c9edcc3820e8e4aa0

SHA512
3013f3dcd97209a9bad87f4877437f9c2df3aee2002a2218b371a44f7c917f90cfbcc1b24e7595a07766736360c39ddd7a97625e40abc401697c2aec564ec965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bda990d609db6af402d5127a556fbd48

SHA1
1d7891a318b22db8b3c01264ccf6c38a3083bb87

SHA256
90b9a93aa5342bfd09158e4c39bd4589aef29e118c367dd87f161c934aa8b981

SHA512
1792c10f357f99be95cbf25cd038099bdd9b0845494f672499a3e5f7847dd1ef48b5a94c3d348d5e77977e047df9ad7587c4e11cb3cc6eae3343f42271c4f52b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
eda73d3e263df3e9ccb824898f26585c

SHA1
b5c3e4f39d2e4f8e43cbdffa744d4158fdccf539

SHA256
77ca6a49362f4b7e3a9226761ca99c9f427048eb077bef044fc3316ccc443980

SHA512
a7baf30103a307f43153a55607d7b1ee1430f18f5ce886b87846fea661b426970fda58b652c8e4dc103a78fe923e0637a1aa30e123e42672704cd02d8fae2e53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8a94ddcd12d4b34f24ed51db81f9663f

SHA1
367a685dab9cb4b46b7b674d17119176e5413c05

SHA256
b6209ce61df290a33f837fe250e0176e6fedebb6b2f10289d05051c6008d036e

SHA512
de1e5531ded3d91433670ac1cbd81e06f2be0644c55c4f2d13de59f26ddd6a47a7cc7f5bb927e9c0a234c783a5be7ce7e732dafd6e7d44dc2856275db9e8ceae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d4dde7809f589f4ed8dc62397f6b325a

SHA1
946df59335e04d727486f69f6bc29708f60b4e84

SHA256
19d253bfc31763e77b5fe770a8dbb5803eab1817dc2c5ee238484eec8b754ffc

SHA512
5a66db9cb12e5dd123b97e9eb545bb290b765a0cf3c558fcfb114c82a3edfa13fa8ad4520ad387592398fac0e6dfb59cb98fe182195b2857a79e4c21f4189aeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
eddf6b98277b48923fc4b774f21e6e0c

SHA1
693bc207cd7a23a57863532ae2648506d28b19c6

SHA256
a025337e2b3d9fab5d8e90d72d7a9c128b6c430010e0e01b99c7d181699b93e7

SHA512
ccd6cf255fe90b74fa666683bd4f8b6c0040acd0a36e71c0193c3af54c7790ca942449c99a228f86a50ba663ae4846b4fdf9408306148fa5d240e50585a6d2c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
87b39149eee0f2c32d80d4bbe2bcbc42

SHA1
e0449a3e83874dd1869ea2f0fa0a84950554edfa

SHA256
76ebee3b9ecc021c6159a276e7e61b41d12e5ebb778b605631a8272fb57bc0e1

SHA512
5462355668eb7a6cbd2fd2f3c1430fdea5774eea6c4499e25c9c84bf86f592440fb5c7525ed31ee303b2c02df5624c7b80848e50602f1783b2b4e66f792d117e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f99f4d7b5283bfb48c2273046b4ebfd0

SHA1
c1f44992533e5393061b5cfb06761a6b9a42be15

SHA256
c13c403680f44b7100836a2c79670872cc0c291be113fb6df1469e0c24f4822d

SHA512
b31bdf1e1c1d089566b7b51c141bf03c2bd8f3db0efe5fb122eef4fb8cd383ee983c729cecc49b03190f1c6d47b97b4698870292fa9fea4810f1cf3ff5661e68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
1fb2ecba904b4bae3cb41cf6cd0d11b8

SHA1
f614a036bc984f30320a90b9cf416fef6da02afa

SHA256
84c3475ffc952a720d0fa3a8c931bd73f7962d4433c48a8e086427779c5295dd

SHA512
2c8c15d6d1f9380e0d2f2c02f1c1b4c22e6705b01e776ee9c9ea258c1dcf62719faaa56230c3217ed5ffa18eccf0c9f6f6503b6c67595a00aed150177c453c7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
834771a2603954f6332c6e2e1f24b5a3

SHA1
527fea7fda335a793102fa31d18d04494b4a0e92

SHA256
499eed1070190b78c51759d117edf0d4a4d3e507a24a3846709428849a22dfce

SHA512
3b03a92927cc146e47ae49f283a9638df245a43864f7fd6d2d3f5ecc80fad82d7be68514366a80db437684304b57816754d8f2bb81fdec8dd26b8d9c483be23b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
a39691a5f56e1932ecda6f14f18a6ceb

SHA1
2e54684ffd7af18718b5b4a4c55da48b2b100548

SHA256
8162830825fa7075413c275cc759e7a0a55fed56b555def8acfdba819019e47b

SHA512
50f36f6edb05005ae0270433bc5f2534dcd2783abdd62efab9b1a7722aab4c6c00d6e0fe39ae40bedc56da9cded4d7ab699d1d18a9e107b47b8259da5d77562e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
83KB

MD5
5d0a3d39d3de24e565bac47a56795168

SHA1
a786812c46660b9bed879e8debeea3967831a5a9

SHA256
5f337fa3d46c32dfbc84dc9b3c816a88a625ea176a4807b55d293db4bcf96b6f

SHA512
00d5d3f0be771ef091d010e820e000f315caa63b8e5de40f02154a70b414a6855921f254cb6b715abf267028a1baf4fe9b0e3ce92a5f3d2a567d8a471979a085

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59f071.TMP

Filesize
83KB

MD5
055a721d860a1e338d513e91d6c335f7

SHA1
ce57707db76f811d662c514f000270763dd23d38

SHA256
ca3ffee405103b1d0f50dc290bab12e0ecaf2b3aecb6dace731bf1afa2e0e9cf

SHA512
7c7321bc919b12f3fc459255338a68aa283c720a604576e414181deefe4f64203153fd91923d69e74f0bd01044b8e8d2bdd628d8ac1fcafda60ae736e5a47ab1

Download Submit