772f18c2bd5370c076786a235f16ea34decfd6bb6352b96df0a6f0ed6ca2a9ca

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/08/2024, 06:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dolphSol-Macro-Amraki-Patch/.vscode/settings.json
Size

92B
MD5

8d7cfaf419f64016c2b95cc47105221f
SHA1

5c3651752e2a2448b85665ea47b869b99f34ad6c
SHA256

e7cb6b38d3f0cd2191db59ba9d0c788bc3a56025a0cd0aee6db3a2fb38abb6db
SHA512

10926ea7f1fb796f676de1e78f9a8abc7a6b490bc9617dc07ceaa8178389762d7361b2b7df1c10f806123f0ce4be0fc7a4a57f70921efb2bd9514b4445168868

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676597730174619"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1194130065-3471212556-1656947724-1000\{A7C8C047-10F9-4988-88BB-6FA1F7B13DCD}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5068	chrome.exe
5068	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2768	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: 33	3708	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3708	AUDIODG.EXE
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
2768	OpenWith.exe
2768	OpenWith.exe
2768	OpenWith.exe
2768	OpenWith.exe
2768	OpenWith.exe
2768	OpenWith.exe
2768	OpenWith.exe
2768	OpenWith.exe
2768	OpenWith.exe
2768	OpenWith.exe
2768	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5068 wrote to memory of 1188	5068	chrome.exe	94
PID 5068 wrote to memory of 1188	5068	chrome.exe	94
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 3640	5068	chrome.exe	95
PID 5068 wrote to memory of 468	5068	chrome.exe	96
PID 5068 wrote to memory of 468	5068	chrome.exe	96
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97
PID 5068 wrote to memory of 1020	5068	chrome.exe	97

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\dolphSol-Macro-Amraki-Patch\.vscode\settings.json
1⤵
- Modifies registry class
PID:3548

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa3bcccc40,0x7ffa3bcccc4c,0x7ffa3bcccc58
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,16927906898442378172,2126104491725549978,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,16927906898442378172,2126104491725549978,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,16927906898442378172,2126104491725549978,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2464 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,16927906898442378172,2126104491725549978,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,16927906898442378172,2126104491725549978,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3728,i,16927906898442378172,2126104491725549978,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3732 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,16927906898442378172,2126104491725549978,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5056,i,16927906898442378172,2126104491725549978,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4520,i,16927906898442378172,2126104491725549978,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3180,i,16927906898442378172,2126104491725549978,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5156,i,16927906898442378172,2126104491725549978,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4076 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3360,i,16927906898442378172,2126104491725549978,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4456 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5272,i,16927906898442378172,2126104491725549978,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5296,i,16927906898442378172,2126104491725549978,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5512,i,16927906898442378172,2126104491725549978,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5412,i,16927906898442378172,2126104491725549978,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5348,i,16927906898442378172,2126104491725549978,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5308,i,16927906898442378172,2126104491725549978,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:4488

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3220

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4548

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c 0x2fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
75c47810118c8a991d24ea6ce6208fa8

SHA1
4b4b3e87350f91980c78d707e64726044220efc1

SHA256
f6f97e368c036b2243feee9e1f70f9c9bbb2de11cfe66da6588d85cf2865d44e

SHA512
946084522818cbeb9d40d6ba6fdc454bbf76b5c52e1ecf6b835e0dd8e04a0692b03425af1339e7ffa8c152047a2e8d6704b2096d8011270527cec7d2e9354506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
3b2966a43df1f2cce7f1c20a5c4ef386

SHA1
1627970a1f3ec0d15ddafc078c444ba35489b0f0

SHA256
2c1e8daf0ae4d4068ac14afba427aa6d166d36c922af7055575dc603c4c909a6

SHA512
1becb37c9b7164073464319aa192a50f30ec790d1558aa63e539049e02cdae7dd2af674e3e19cc8fcddecda3155a5eaf3c28495537ab90e09f6eb0a3e25b19e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
11bb39d85229eba5fec6b677f2f8ffca

SHA1
3dd0a05c19afa424c783ec42ad00419b0eb36438

SHA256
81131b919b8542a9bedd8d37054a06b15708b76c1faf55497326eeb8860ec3a7

SHA512
3b8df0d715f7152756a24e4c996449ef09bd5ecf6570b26b1a49ad5cf398ec102e472c409549453215fab9c25f5038501513cd6e5effbbba9dce3d3d9b04bbc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
3f65b92efaea7d0c021be26ce760b4ed

SHA1
8a5e31c4e865706547a7086ffdcc55a5ed049ecf

SHA256
fb8e0c980fdaaa9f3fdc28e058014951b4ead1109cd5bab6a887a39e5cc1d7bf

SHA512
6a6e7554caeb4c7d009c496c1326d7a4b6d3889a2fdd2c7a2563004a2b08a4ab33653e5372b11826bc3bf558bac68ed004d947f8d6c22ad67f20d85b838fa7f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d88c9f211ae0bfdf7d705efa5137f6e3

SHA1
bc2afd8d40e0de765256ee7955d1611726e2ab15

SHA256
d020763e649331caa196f4f2b6438ca76d4fa35012d929ac4f132040e1452f35

SHA512
0b8db03db0c8051146ec45d8cd32f07e733c69512dd3aeeaab9bd5b5e0d76ff0253dd898e7775fc0cbd57ae74c4a6ebf456f848db63160be0713c405e3574a75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
01382875c2e121653dc8f18751adc711

SHA1
e823e01f4eb1439489a3e48573be3b9a7bface3e

SHA256
e7442754115c7e17d36895bd5d89281415f6959f5020d37599c938e2107e6849

SHA512
7d4065699ce6167e0bece64a2c7116762ae89c15e10fc9144512ab55795ccd32b33ea396660d076535a9eb7c87e9ed2145b75d14aaaabbc2cfdeb0360b4dd4c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9bd7408e698797c7d9aa82295052f82f

SHA1
ee970b884b5e94df5e5639523778f9ca1014641d

SHA256
f9149b7036aa03a8e093b9dadfde7a93aee35cc0257bb97ccdabd99852d6222c

SHA512
818c6ed695b91030fa058faf9c359cdacb980063c3582be9d9e498c1c3e5a157d3e5df6a94ca9378e867590afdabb2f02d4bbd170ae9d365e2e2e983c2eec117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4cf11afb70b1bdecb01a6a999a0d03f9

SHA1
c5f6e0a47028036ad892901b7d6994600fe5a2fd

SHA256
594ad3d62145f5d6d7062a622920fc98f9c08b8ae6bcafd0d247b3793fed04cd

SHA512
adebe9a0857c84244ca78ad07582700c64245a786bb93fe44763a262067760dba4d22bc8c098f3035a003dae570d01e01d5b34a2136ed00bdf349f0eaec4d7f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
07cdbaefcc96db6edfc65e626ba26d8e

SHA1
974dfdc4ba688e1ca2b282d785966fa54d1901fe

SHA256
78c838a569cfe1918d700b1708499cf474173dcf6bd177ae94642869b0c9a69e

SHA512
822393a4e402906d1622f5ab5284c77625f8c505af55e82a204f1b79fcc297326b7b8afdaf5429f07d8a8441e187ee806612ae570bfda4756f034d2b754c9e22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e3d91c817c5345e6c5e0059fc875ba7a

SHA1
091b99af8d3ec625449b71d1409a8e6205c734ab

SHA256
e0cd55b5194c5f1e44a1acabbda90c64d694376db31b8ba8404557e3e08d2ff4

SHA512
393d88cd3c14144ce8972eff7f875bb15d296959d901f9b9aad0bf6ae62d63ea89d0d13151406f502a1e23a0cfd774ffab60bbe975adbce089a3b5de2062a287

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cfbb3bac5b52b182c61d9f9edf413e63

SHA1
88f95996b2a5543680935dbdc3f1d8c0acb815b5

SHA256
8fd596134b4af2ac2846c3a0cf0eab5ff7b10969de1cf6bb3a2eb765302cc710

SHA512
b8e79c5f127402ba1608cb7d76ce4c120e15723433f6206fd28b19f1c15bc1cf4517d95dec97a57be1487d2d13d024c770623ecba6273b6e6fd53c1bf27daef6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8587f7ef754573754eeea3f59ebaff21

SHA1
bb201e5bebd65fd9b3354ce68b536bbdf841180c

SHA256
0217726520b551716696f33ae43b74db2bf7e64f900e89994751c8922e9e37c3

SHA512
48f5399dc65cb362d9e503577d701cf3eb4ba11ec8c55b51181647970ecfb809bf93b9478e8c496ec3bb7330a2d252091e94f43f823abd4d3fd6d8bf1f4029e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f29e8dd79b88cf22070615471bdb47d9

SHA1
5512ca651121485d730261cf8094ef4cbf9ba063

SHA256
d59960f201260d7c4c777a694ae9f30b35c1cc8d8bfa3d8eaba1683345a25955

SHA512
55b7b202d4bbbaa551c096865b61e7b5a202970a71aa76adb8601814a49b1e85dca264fadeade641e07939c60ef7dd325163cae106b3eef15cdf12c4d7b2be0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2cec83a6-c8c5-4030-b3a6-5afe018f90ea\index-dir\the-real-index

Filesize
2KB

MD5
fc4eab89a54acf84eb8cc3228b2e331c

SHA1
7649ef344088dc856bf09e7d35cdaec9d41b610f

SHA256
281a5c499bbbbc90418041833b6059668b2c7ceee3ec2ff943b8177e6409a3ee

SHA512
88a077b9f3dd3b9ddb1017307e0f2a70e646b26bb42207396eda8cd7b6a8e79cda406116aa9a1b7625c3495a5a82eaee1e489e73a42c1571b36cc84034d49cbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2cec83a6-c8c5-4030-b3a6-5afe018f90ea\index-dir\the-real-index~RFe5920ad.TMP

Filesize
48B

MD5
ce4bdcb6e42767d1343ce8daced3f1fc

SHA1
85dcb60c4f50947d35d1b8aa8ff6c8bc2ff0e66d

SHA256
e9ae1902bfe3a04eb396b2d5cd1a686508b39341ebefcad5a2699ca8069d3258

SHA512
cf955aa952321790f1c57df6f30fba62e20c68766ec7a028ff516b116b38852e5e89b463f356fc948fffee5fbf5a81893c56ccc7dce1d1ad006e6864d42b45e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
855c52ff3844e53816f258df411a9730

SHA1
0156bd327557d41f08c81129d305858e81f5aa68

SHA256
c631b79ffc696eb737874c720acf8207ed935043a62e56c1df36b92f97f6f865

SHA512
16f2760304b1446cd45d5e9053ca36498bf61059faa74ba3355f8fbc17288ecb92be19e2a8906060bd2187212cbfc636a6914ff74d45588bc48eed2a085023c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
07ced0ada2a54625d26c74b7453d5135

SHA1
d2c70732e8c0f728dc150c6fc6ba4ef24c1753d3

SHA256
8112f2d6e1207feeac6c29db6c3246e70dd55dae2f80ce87103357ffbedce76d

SHA512
a149ca378bb8eea1597a0a84562c539008012fa1a96bebf6859b3863b09413b1f2b92b82c5c285faf74ae36b815423a65f9da345853456b7584a9f06d669fc57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
d369b08966a98a0a989be4244298bbbf

SHA1
631e614be1ac3f01b6d9161389fc45ba232fa00f

SHA256
7f692afa46a91ac6e6552f024bf83cc8437354f2d6252128dfe001708f30a561

SHA512
07dcc921ac933d74bc919a30469a3c8143a4649447e06efa843bc33ebf402a0501227d743964691a8e2eb23c2382738b89cb4db1a82cdce849f3d357a0ae41bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58cc44.TMP

Filesize
119B

MD5
bcab64918307b30cd818a5cfcd6c5e01

SHA1
748e51f36ec838d884f24d8c34bf0f9c3707cc84

SHA256
d77e06062742847a0c7d553c6fabbeacd788dcf3f56c0cb781d8699d0841fbe8

SHA512
12b6fef39d80cbc40bd7b8f59810848dbf96c37e945bb25303877f2bd4a179bc6d5d9f4f38144f71c84028545debea82e2ea4eaa67eb1591f7c8305b519134b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6f408d20f4166553ebf846681b70012c

SHA1
6208218b169936fe62aba3294dc8e88ef7c9250d

SHA256
2a9b34614f8b8a412756631dcc9be343e20d4d124bf1472b1803f4c5d4324cc6

SHA512
c7e9e46870de3ac429557748802f1cac7145d0a6abb5dfa6cf967f961fe112e4471cc4ed42d492750e88359adbf7c45f9e4f5de8fc93083c31086047544ae45e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5068_1599323064\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5068_1599323064\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5068_1801077084\Icons Monochrome\16.png

Filesize
214B

MD5
1b3a4d1adc56ac66cd8b46c98f33e41b

SHA1
de87dc114f12e1865922f89ebc127966b0b9a1b7

SHA256
0fb35eacb91ab06f09431370f330ba290725119417f166facaf5f134499978bd

SHA512
ce89a67b088bae8dcd763f9a9b3655ed90485b24646d93de44533744dfcf947c96571e252d1ad80bdec1530ff2b72b012e8fff7178f1b4e957090f0f4c959e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
80669aa43c79449176a78727739f02b4

SHA1
98d02e7023a51e2fe0a9e902d376eda3f149d2f0

SHA256
af204a2e83619a10a48c94d3a382598da2fcb7a8aa9895591bb281273ff70380

SHA512
365898a7cb48b1eed681f16b1c2bea4b2f789e55310edbb11177bf2cd472b05cc67d691820fe880adaa80566b2e7a7d4f86664c88e934b8cea7552105aac5e73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
047bd6f92b3ccf798604dc9b1e770a7c

SHA1
b229b9922a7345618a0b53a12d5dc89d0c7cb2fa

SHA256
57238838ae1c72046bb9ea763372841051f032c4080de0256d484fdda70244a8

SHA512
e3e39372ba477b2e10f33042bfca8e7f676d1f12c00427086bd02c1bd58181c7e843558697eb7266c628df494090fdd03e3fff0993d00c5b3531b16629b171f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
ba6f4690db4e8120648f900126a60dec

SHA1
f1101c3fdc0ecc378d455504941bb338ac66b941

SHA256
8c324c59c45c9c974563e2da5ac25fd898ba8752198a454c92a165501f213889

SHA512
92e9c1d0be7af38dfee0fad0fc32562633f02a7e37874f9d4cc215d5a10f88100b363a417dfe43208184c22bf6c8d9f2fe92f1d2fe363ac1dbf63e91e54bdb36

Download Submit