21200f7df367cdf3d49eaf02938e47c00030deeb68e196540bededcac589b985

Analysis

max time kernel
150s
max time network
152s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
19-08-2024 18:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup
Size

170KB
MD5

d33d0c8e6e16b14c1fc179f74ed60a24
SHA1

d913f0300a8072f8aeff6c85afbbae0a2cc21f1d
SHA256

21200f7df367cdf3d49eaf02938e47c00030deeb68e196540bededcac589b985
SHA512

c43da46e123f063043b370cd2b1a74b90c8b76c0a48b8f1021b4a382227020d5cbc73e86230a171287aef577fd84d5581560d25bb112ee5b8bb2a0a3ce03f5ca
SSDEEP

3072:oTxwh+Srhnl1fT2kLfz6/X6OOKeWR+JCT/xzNGXFsZUlr1gee2IGCgVmf9J+7oZ3:4eo713uokeOvHS1d1+sNs8wbiWQa9+vz

Score

6^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
47	camo.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133685665772785625"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
4720	chrome.exe
4720	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1464	osk.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe
Token: SeShutdownPrivilege	344	chrome.exe
Token: SeCreatePagefilePrivilege	344	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe
344	chrome.exe

Suspicious use of SetWindowsHookEx 36 IoCs

pid	Process
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe
1464	osk.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 344 wrote to memory of 2160	344	chrome.exe	74
PID 344 wrote to memory of 2160	344	chrome.exe	74
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 208	344	chrome.exe	76
PID 344 wrote to memory of 472	344	chrome.exe	77
PID 344 wrote to memory of 472	344	chrome.exe	77
PID 344 wrote to memory of 2780	344	chrome.exe	78
PID 344 wrote to memory of 2780	344	chrome.exe	78
PID 344 wrote to memory of 2780	344	chrome.exe	78
PID 344 wrote to memory of 2780	344	chrome.exe	78
PID 344 wrote to memory of 2780	344	chrome.exe	78
PID 344 wrote to memory of 2780	344	chrome.exe	78
PID 344 wrote to memory of 2780	344	chrome.exe	78
PID 344 wrote to memory of 2780	344	chrome.exe	78
PID 344 wrote to memory of 2780	344	chrome.exe	78
PID 344 wrote to memory of 2780	344	chrome.exe	78
PID 344 wrote to memory of 2780	344	chrome.exe	78
PID 344 wrote to memory of 2780	344	chrome.exe	78
PID 344 wrote to memory of 2780	344	chrome.exe	78
PID 344 wrote to memory of 2780	344	chrome.exe	78
PID 344 wrote to memory of 2780	344	chrome.exe	78
PID 344 wrote to memory of 2780	344	chrome.exe	78
PID 344 wrote to memory of 2780	344	chrome.exe	78
PID 344 wrote to memory of 2780	344	chrome.exe	78
PID 344 wrote to memory of 2780	344	chrome.exe	78
PID 344 wrote to memory of 2780	344	chrome.exe	78
PID 344 wrote to memory of 2780	344	chrome.exe	78
PID 344 wrote to memory of 2780	344	chrome.exe	78

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Setup
1⤵
PID:3760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8638d9758,0x7ff8638d9768,0x7ff8638d9778
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1808,i,16042236790781862215,3437565729170133901,131072 /prefetch:2
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1808,i,16042236790781862215,3437565729170133901,131072 /prefetch:8
  2⤵
  PID:472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1808,i,16042236790781862215,3437565729170133901,131072 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1808,i,16042236790781862215,3437565729170133901,131072 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1808,i,16042236790781862215,3437565729170133901,131072 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4456 --field-trial-handle=1808,i,16042236790781862215,3437565729170133901,131072 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1808,i,16042236790781862215,3437565729170133901,131072 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1808,i,16042236790781862215,3437565729170133901,131072 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1716 --field-trial-handle=1808,i,16042236790781862215,3437565729170133901,131072 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 --field-trial-handle=1808,i,16042236790781862215,3437565729170133901,131072 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=1808,i,16042236790781862215,3437565729170133901,131072 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1744 --field-trial-handle=1808,i,16042236790781862215,3437565729170133901,131072 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1056 --field-trial-handle=1808,i,16042236790781862215,3437565729170133901,131072 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3152 --field-trial-handle=1808,i,16042236790781862215,3437565729170133901,131072 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 --field-trial-handle=1808,i,16042236790781862215,3437565729170133901,131072 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 --field-trial-handle=1808,i,16042236790781862215,3437565729170133901,131072 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1808,i,16042236790781862215,3437565729170133901,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4720

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4352

C:\Windows\system32\osk.exe
"C:\Windows\system32\osk.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1464

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x434
1⤵
PID:3560

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
403880440097c5de583fa111427a6cd7

SHA1
d3dd1b1d12929f840305c32e006064983336b626

SHA256
b32ab3fa72d8742acb04231899c34c9992ad32a46cb340ffea2c3cae400b7715

SHA512
fdcf2a94422c97a4a8501c1bf6b3508e95ec681513d35dc5b895669c7385645a169f701868640d0618a14dbf14eb759807d99b9fca1b72127e93a7d564c61262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fd74578bf361159925ae7d0431e0cb67

SHA1
0b97578fe47973df45e425bef08b6398275cf803

SHA256
c264b479d583375ef1cdfabd1aa97ad7b84c453d61deee0482e6dfd976e10022

SHA512
a154a82f98924f8f65ee313a2f64f7c8b20bd96f5347175b72156a729afd7aff4b87f16972ffac0ffc1fecd1b892813148d345540b0542c6e309c839facb0fd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ec06fafa7c2bc65d43a05ef07f71690c

SHA1
63dcea0fb1dd116f71b6fa60417ce3d4005995ce

SHA256
73bb81e057f4e5e3d695b5a9953760c4b6f3de1375f84daf3649d656f94671f7

SHA512
b1ec589af98f420c59d21c459189375b1d63fcfc479a17578ed882ce4865b1a12d98da142c027da03e192e871ad39e47a8a8ecd37aa455131f1acc891556ef31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4f0dd0239102cbb55c9d8ccc3f3c9b1c

SHA1
595cc095136bb1fdce01c399a3e40dc4333331b7

SHA256
0f163cae4134b6a25c6c02d6e2334f345262a4557ede6c18684178c87ebea9a1

SHA512
05cb87fd6a464d41d23f63db98b25d3bc241a7ac5db56f7ce700bc6d0d3b282379b5017ba181d9cf36e681b37c57a2bd9db928ad9a8ba0f42bee6bf6aee4f6cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f2414f2f615470a6e41b34a9e2012e07

SHA1
8fee0d0eefe839210b8f4d8a1634db419327cb4a

SHA256
a2af4cebddf3076d084a89616bc2f3937cb5f9456f177512c85256c35a79b2e6

SHA512
e71b329a976d5850860e19e7d857b7476b8287267a940f70183b314f4561b1f506218b8f9ba1335c06b9db3ab2cbca44098dc8cd2121080b1f610ba61ad1a303

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fdc43c8bacfbca21cc9f37d0cd526c68

SHA1
1d1f2bca8f85271b2667b987f69b0fc8247c5cec

SHA256
07f1e74e604c2fd3f0ad97778a5d49d32e414a20c729382b665c99b9ebefd626

SHA512
b70e356dbe5314afc75b9632a6f183b83edd7ea464a0f88988bcd4d48aac2c73e6ac1c1fdcf15a836ed017f7b1215a89a992e2fbdf31793425aa71fd2e9c47f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b82e17587d4026e38a2ac3e48834f681

SHA1
7259bb8391b0f032a145eb35791957c0c818caa7

SHA256
2161664eb0af490a7e4fa4d2fc363e1f4f530ffc649615264c734e5ee45223a1

SHA512
e623cf12a563c0c5e47b84b5b1184dda03980ea5d468a908e4cc9900657b8ac2825749dd1ad0ee3a14bd684d801cd3106b5d807e0e170b954afee564422a698d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9fa7abc6558c099e9e5d8f2570e5af82

SHA1
bb70db11da2ed4bc7c25041c54162fa8b6d1f6fb

SHA256
e425e92c878911a4f26a91b736e653fcc715a94347e4304cfcb8f71f3d402009

SHA512
bd46d4309a6dacf7f4f3918fd58fcd9c272eaa02cc4a4b2c7ad8d639203850f9f141b6c631a0b6c05eb4b6b503835742454f21378d0666a252c776ff31d03102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
204B

MD5
e83bd59f0ae0981fd729d2b5afb4ea04

SHA1
023b8237287cfc83dcd4ca67609cc47f33c29c71

SHA256
9e8e63a1da8e0bb77aa3abaf1da48550c6c5aa7316ef418eabef253b217bd394

SHA512
393ab84f51529f59711779ea7c762748694a839e5990d9fff595d3d8821f52366e0e12b1fed2889e8832e55707e1f9ca7f21d717766ad0b3168f991de7391f86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f52a53018cdc39a60e49fb196e318f29

SHA1
92bf79b408a909e661d90a98fa2c26bf231e2921

SHA256
eb6f9ea72232718aa9ed9683d09b01f0581071da702ad0d56033a20dc1c82039

SHA512
adcf2bc0547764303d3bb9aeaf5eeb2a41dfaaa95d264f81c61d894fb5504b0b5618394ff6c2181856c38c826ff0876470532a34e47732d8e4acf5c16870f33f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
71599e09248331a787457e21389759d1

SHA1
22ccc2b56763d51b1426bb154d3452b80d4674d3

SHA256
fb0b0258f023a11e95f0abdb9bf1ae5ed2e79afb6296148ebdb621b8141aff52

SHA512
220181411df6c3d00d349cda4c24fd4fc79c9e377484955a3fd10636875f73ea70aea7b3fedf54cfcd4723b784cce5307ab978c415263ee410adc74938423298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
36baad158922fc1d23d26670b22aa41c

SHA1
fa06c08bfadfcada88e1704794cb03fd11c33543

SHA256
2d49fc8953b7f82f327516028a361bf87c1098e287680b7725dd7eb114aed811

SHA512
4f1e655e6b9de1e4e6ce4fb24f21f033e81331d0154252f8749dc242c2e14d3757fc0dccaf9ed4740ffff7cc991a673e182eb1ed1adf4b085e4ad52a425e6a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c27a712a49458a411c987676c258d43c

SHA1
19c1742d7eb8a9b56ea0fbef32da1a138678e6f0

SHA256
27e8de85d15c13ea25487b920acf061b4d829d611187fcea881a93654dce7aba

SHA512
0ec76ae72d0ae83a14e9510ad80c386270a667cbbcbdbbf572e5d29cb86ec6e96ccdf6e3eee87602c8ad0257c00e5febab186d3a6c291772ab1cf7b988a76366

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4178c872d167c7d51afb35ad32bc78c5

SHA1
24e62afc22482d5fb07582d89444ef36a1439f70

SHA256
8035e629ebf6f98abe16a48605e74097cdfc8dad1c92da5aa2705c5fc3e3b75c

SHA512
848e878eb9d153023783fd21c28a5287375755eac8d028a397134a4f507144bfdb0a7eae54daa4d007759f22dd09ce6e4e0b2ba36e8fd39d670f54b837f292e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9a5157d49a78cff0d62053a37a1cab47

SHA1
de052d188c192cbbb6caebcae02d74f7ee84d04f

SHA256
cdfdbfa89ce261a25d384d10dd07dd43579e933a80b6fcf435a8d285dcf563b0

SHA512
ec9d7e9a53d28653f0d1871764aab476354a8aaeebd8616984fc1acb52d35d4084861d401bf04ddd92b74d77ccca753de8c5a95ec7c633b187ec0d8a85c50cc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
40d28eebb45c0fe935c6f48fd8b297f9

SHA1
3cb61654744f134223298dee6584f06d3fc100ea

SHA256
83ded2439c5888e56d8a91f7cbaf34ee92f9d9729426f00c1beddebd88ddc424

SHA512
d5e347e5c2bc21d9cb63b4c1e349dbc3a33676d9da77a31629445213cfe75d895150fa48a62bd5b06ab8588f2159da6b3c2dc90aaad8b40f538edbb6425c262c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\eff6a0f9-3181-4262-a38a-a962604556b4.tmp

Filesize
5KB

MD5
135e68cafbcc9d21de5722b4be5564dc

SHA1
dd1c1ba4a348602d70e57c90df9c89a592c1ee18

SHA256
927b5c3fc35ffda4d357edfb7503d18e527c927a23a9f696e5faa799bd563c0e

SHA512
4c7ad71358c04bf53a82a402a9d94f56c7aa9e7b4e60001b887e9fa804ec727c09566acd8971eeaa374f462c654fefab60f3699f61e33af4619b5425d0b7ffa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
311KB

MD5
f0baf92f7bb473620b736e6f84de6c4c

SHA1
b74bf48a6b2ddc8e0f0b77a3a67e494fbacfb9ea

SHA256
1824e1191b7e1f9a0f1b85f175d63e201849a18bf1d9c87b5c5a4cbc205a5ec8

SHA512
095a59d048cdb57c0999ecbdaafe45b608ad4cea02c3d049cd4a67a1fabb6809d98e91d58dd5b3d7647d9bfc2675d17d9cf42906aa30a06793e77fbdc3961167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
331KB

MD5
97f3e18ef2d5d9aeb0f2a580cc398dac

SHA1
b311cd4a30ede1173acaa1f50548a6669a1125ef

SHA256
eafaf4e94678b8fd36c9a6d91a122fcb65fe595d6d86a926c50549b801f8fdde

SHA512
4c5651dd9f668ed192440793a28a42e452da5f4ae9672e117565615aecb01783e870dd86f497e049d604ae049c04f061a59a4eb04cb6fa67e96c94210646602c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
5f28a85d66878136d116ab9e8356ec40

SHA1
48a968be17f982e2d1d2e32aa1a09582f96702b0

SHA256
980d184d9a18023f11f649f04a93c4e97ff0bb9b641e8897069db6f956b546ea

SHA512
0fb8f1622b2563e4873e1ba9a6a902b359547c04350843b2c28c8440cfee0910b2e855c4041d8b08025ec7a1318a278fca898ff92104c1ca239272d99117e984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
330KB

MD5
42488e2bc6cbfe7ab849f8ea9965fa13

SHA1
0cbbdbb71121b6b10922e0e4065d1f1e7796c0b5

SHA256
9ef252d64fd9e39428035d7ca99a43e5bd126cde1312f5d0dad0a2c8a2dee34e

SHA512
c5cdfbf2d9f6f15c47efcdf0ed90c9fe19b4328bee5fecab835a8bcdbd82281c5cba7cc9497b287fe85b32430ce5871047b8b006b7ed705ea90e170e6da4bfc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
311KB

MD5
bc96b7be3a8f6c3942e59c70c26f6a4d

SHA1
35413f24b86bae9f9783e6c9a9d1cf21e73cec0f

SHA256
73424c09d03150d8b0ddd53e577f019f6982b96c336b194c78d85b4b77f9f98c

SHA512
51cd33f4805ebcfd0db0bdf0f0d23dc1c86fb1e7407739005e82844e9bb1dc65bf6f1dd3232af947c89186dcce0f62a5d0797f8a5536853ca506d07d5102dff7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
e7f6deb1440d534c35cdf3b32628dbf6

SHA1
b0c3fe967ed5ffeb08344530929642b03fdcaf75

SHA256
812dd6a93d2d4959b316cb6bed507f1576993f5cd2d7fe856235ffd01dee7559

SHA512
74de8bf07d2d3136540ee81fe88e06c19743b09f4d3ca6da5966f6851d36c837131b27acde9ea0ede9e543e0733c2c202d33fed4845b05cfcf4a6195b66ff5ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
f17319524f2614e188831935d4478b18

SHA1
0f1664afa716969d387692fdd2ccb281a11ceeda

SHA256
bde6b183096dddfa853e12d9c34f63e79da6521699432d69c2582f97d489f916

SHA512
d9adb861d391eb583c18af44c64df6cef2d36deb4086034275695c38b5b07d28b3abfa9ebecaf12bfdcb5d4661497ea52316effc908b37b0a6149d6369adeeaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
ee5365983a9838edc8bb553570339858

SHA1
d3154d0aec224a3f4d4ccccf861b115306bc5cc9

SHA256
b2f7bc6fbd4ef6b495c07faa47a3ccb12d421ad7890329a34283280ce7b3229a

SHA512
dffb85f6538f8df5b6bb5640bd08c080d5489fae885d14055a87fef04c657700d46e36d7cf7d263fa546b6f4c92a72434ac441d51cc909bd37b25e0462038661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c138.TMP

Filesize
93KB

MD5
9350d8d04cfa2d5f2a9cd2f1b96d92f6

SHA1
9905af4dc14fc8650d35463f5195c77efea7d092

SHA256
1005f6df25332ac0a7da948bab95bad5f6b0b939462cb111e0a7206b587d2d67

SHA512
a4337b4a5ee547066c80deef0774b663efe64171c930185c2f98537fc2e7ae5c31122c84fe8b29243ded3a77eb0b4948a53e4eb73476a7d7da0663f58935748a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit