4bc2777fd318ac54bf804e80305e8bc1ff44321d9934158e2c5df6228fff59a8

Analysis

max time kernel
140s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2024, 14:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

UnityPlayer.png
Size

7KB
MD5

41cfe8ef3a4062b8dd517f433fdb5e19
SHA1

331fc6d382d7925ef9b64b3a031f8f3151bfdc59
SHA256

4bc2777fd318ac54bf804e80305e8bc1ff44321d9934158e2c5df6228fff59a8
SHA512

be03991d90566a122da9025444a847c583f77847ab393b7854b1fc693eb10bf2863a6f8f3eeccad902339180bddd466e5694997f46482fde254a5ab07ddd8614
SSDEEP

192:WSc4KCjtGdGBvU7renaCfKYFQIKm5vYSwJZGz+xHhq1:5fKbsBvU7renPFQItqSwJZYSHh8

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
72	discord.com
79	discord.com
80	discord.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133733914233723933"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-940901362-3608833189-1915618603-1000\{8ADAB015-59A3-4EB7-AC55-DBE4D45EA145}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4088	chrome.exe
4088	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: 33	2248	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2248	AUDIODG.EXE
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3820	CredentialUIBroker.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4088 wrote to memory of 4972	4088	chrome.exe	92
PID 4088 wrote to memory of 4972	4088	chrome.exe	92
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 4852	4088	chrome.exe	93
PID 4088 wrote to memory of 3556	4088	chrome.exe	94
PID 4088 wrote to memory of 3556	4088	chrome.exe	94
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95
PID 4088 wrote to memory of 1544	4088	chrome.exe	95

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\UnityPlayer.png
1⤵
PID:4464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd8e27cc40,0x7ffd8e27cc4c,0x7ffd8e27cc58
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,8036083347335542300,5789804309302379821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1828,i,8036083347335542300,5789804309302379821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2024 /prefetch:3
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1832,i,8036083347335542300,5789804309302379821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2316 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,8036083347335542300,5789804309302379821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,8036083347335542300,5789804309302379821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3724,i,8036083347335542300,5789804309302379821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4548,i,8036083347335542300,5789804309302379821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4684,i,8036083347335542300,5789804309302379821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4976,i,8036083347335542300,5789804309302379821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4884,i,8036083347335542300,5789804309302379821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:4304
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff6ea1a4698,0x7ff6ea1a46a4,0x7ff6ea1a46b0
    3⤵
    - Drops file in Program Files directory
    PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4664,i,8036083347335542300,5789804309302379821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3160,i,8036083347335542300,5789804309302379821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4908,i,8036083347335542300,5789804309302379821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5572,i,8036083347335542300,5789804309302379821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3408,i,8036083347335542300,5789804309302379821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5592,i,8036083347335542300,5789804309302379821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4672,i,8036083347335542300,5789804309302379821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3400 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3552,i,8036083347335542300,5789804309302379821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=240,i,8036083347335542300,5789804309302379821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5524,i,8036083347335542300,5789804309302379821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:1724

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4440

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4752

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x344 0x508
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2248

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3820

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2a5eaffe3d1983b0fe80cfd83010f66c

SHA1
c3071b46a32a88bfbca0e2c6d8d5cfff5d3c400b

SHA256
cee89af2f7856e0c1ec7af5055362338c15c6e59829f0303f013f56da5eeca02

SHA512
9e4ca8f67cbc3444046e8149dd7e3b151029f3cd26c3e9b685abc6d3db39adbed96f1c2d2e3fc9c04ba69b5433b7d41f4617935a1a32d2a21eeba231ca92bf67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

Filesize
38KB

MD5
ff5eccde83f118cea0224ebbb9dc3179

SHA1
0ad305614c46bdb6b7bb3445c2430e12aecee879

SHA256
13da02ce62b1a388a7c8d6f3bd286fe774ee2b91ac63d281523e80b2a8a063bc

SHA512
03dc88f429dd72d9433605c7c0f5659ad8d72f222da0bb6bf03b46f4a509b17ec2181af5db180c2f6d11c02f39a871c651be82e28fb5859037e1bbf6a7a20f6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005d

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
73e287e2bc2ec5afbf8d0c95abfea00c

SHA1
7888aaf513057a4c67e6ddab33e36f61376f9341

SHA256
c5333207a537339024f02c604de5c7bdbda41431fd25e98a07c1bae4b6cdee4d

SHA512
44da55fb3a961bea2844c9766ce679b6541d0cc9c7995599883518dadb3b812b0ae979163dc5f15e75ed2e8f29915c8263aa14760d15413bc59f47e6e30186bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
56859be2b28d0a020c053bf1db86f965

SHA1
585f4e7737ce41ca82a9319955c13c9831b1cea0

SHA256
25f6901476b299b91081b9a8458f6bf8b3409d30a56721cde5bf8f47a404da18

SHA512
64a3cd0ef4ebb7f0b48e5c3f37d5c3c273c47195b20b05f17dab1cfa553a941396b6efc7f16c8a646a04311adda96fc70d6fc4994e15ca3029005dfddbcb8415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
a6eda0b2488bf60e324e34d6ff1df8ea

SHA1
4682fb16495dffe38c6613bdcb3d08bc8b2bb370

SHA256
dbcd314fc3b882149890619c3a38d37d6d037f87725ed847fa537ee02702fc51

SHA512
af4769183c814e2fcac746360a1f0d5b7db9842a185ac4ea67f7891e3d555f74a992237f5ad58f03f0ac48d48a4cf523af498b6d7e343485bac08553e5c3b657

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
25268dcb022710ae35233769da3476b2

SHA1
702f5364d04f6abf39dd506f1d5404cb2d70925e

SHA256
ce9f5edc35ac55575daa8bc58f03ed34fde59b9bfdae79e8802a56f0c7fe384f

SHA512
4b47a18e29e73cff70cf751ae5a570805bb7708a33a8779b6994628ed9f12154037b56e1219a46b72a2375678a4e8615c40b2041dbd30395ebbc41ca310d8b34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
7fac170cca91672433f70713e4861c1a

SHA1
ac82f76c8f27c8ad39c86fa8fe0abf621ec129c8

SHA256
5cdf9715319e13ece55b981ee46d90488f4a04ec0aba3b0cfb879ac9953684cd

SHA512
85a2e3fcedbd6ba1073e014738b5bac9c53e66b0fc414f2c963800af9ee23a01c12ff1152be7c1fad48125a62de9b134ee51db4dc5e26128f5f40bb1698a1a2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f0d0d35198946c55d3c4858cb6ef53a9

SHA1
08723427f5c49cc1dc5e879a334b5a58d4d52407

SHA256
3858370ce46e4fa29c6035105ad68233b1ece52f629e2a27d5e1d2e6bd589e60

SHA512
71f8fc63282c1f86329c397e729ae4c31335de5f5b4d132ce9823713238574171f68078708cd88715070393811ba48bbfa77cd22cc88a7df9f1bc87f96273e6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9f32a2f56c18b6ab24fcf90bab382b43

SHA1
9d35f4d05218382f5d10171fc97a176f9b293e23

SHA256
e9c8a13d50ab286b9a0f398be98f1cc72575acf20bc01b60949309a3a42ed4df

SHA512
4c088f01d0e2872e5627850db1b4899ae64e6f970e445e0123f0ad7a2d66b306f5fc6b68be56391330d6d2e94bc608e855dff46e808d1c12c981b408e4dcb34d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
ee21cbc5089f2b336f4660458de35199

SHA1
2b668dc7443f58458e23f2758ae4d89ea70819ce

SHA256
5a9d464f859ff8b1a918d9bb3511483a20dae97815bbf84ed5a6e0bf660fa948

SHA512
099312e71883ac5ffa86854fff07195e84633877a225f35bbb5a7efe6995f492c99732c968e99a466c5af5f614387eaeaa4e6f0876e585965a779b8303ce2428

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bfbd0d3f9fc45b9fc2c18e8047700cff

SHA1
478e5a46a956cd9500af1cd54d053b76c9366296

SHA256
d7dc42fd17d01c2fc9b52aedeb53d43051a92fdb34d7d36987aec9ca4fbe3d1b

SHA512
e6cd2ffb3dfb4c2d1d12d36d8a7cb22df98752da26e83834572cdec74a3a0e15436de37da8ce565cd731c7489b8708af2b8434c69a3eed7e7161e6aa6d47f401

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
55d05c4663f14230649dc440f0557ace

SHA1
5e1c28b34a90adfe2b36db4e0e73c82ea4c38387

SHA256
3a480c60f19e0f0bba9fae00d6c1c259b3859b5d9b15b556ac931768583380f9

SHA512
f378852cddef3478b327fb9b75faa847af79b6aad133c46a4e90f6d925ad15befdb0b43e3c78089c7be52bb6ea84b8573e76883a96308eb1399f1d037944c686

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
80145cf8cded142b62c5b2e41e83005d

SHA1
7acec79996a3f7b971a2f74a8592de15b84dbd7d

SHA256
a4829fb3fbc48f5c34c4f40c0ede0082b64a48de9862a05cbed29b3c1fd35b07

SHA512
4b1897c78ced278b7456ff5dac7027229cfad83737c71b057ca728e5aae63826e96fb172c0466e65c254e2bd66be8e41dbcc873086eecdb1b621246e790e0773

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
34ca5101dec56ec6cbedd1c60d025d8d

SHA1
1f7b95bef1b046a1047d1a835deadd149c51524e

SHA256
0caf6b2f03426ccfc1c8dea49d5c6610f778c421b39a5dda846448924e7bfa14

SHA512
a36cc58fb308b63b5f0d51475a60d70aca5f5937c1ea9653f5680926c7cef09d1ffec19db9de5cc713e8f08323e94afe4c9fee8503d2e9c0f648f630e2e9587b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
890b5852abed3c3f4b09b103a35c63bb

SHA1
17c13173a26458cce877e166b3ff826a37c30648

SHA256
54a5fea8bcbcc7eea3e403c982da37aebf10c22931f4fe4e1abb7a744869563c

SHA512
bd016ff5b75bd12fbe9f60bd6abae7dce58143255db71003c3e1513889c58ea32140781601b19396f1be35fe67585cdbb07de5e6e08440d2d34573c610e49d2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b013dcf7a0b41fae1a9e5b26354b9908

SHA1
b0a5d8ae1b3a825286d6e5e436035b5c38581d44

SHA256
897c3d77f1f11e001b6ba648b349a63869596a1145cb04d3225be71589722b24

SHA512
f3d7195f0bc8d63f45a066069bf798bfa3e9d2496daee44bc0dde0efa3562959c74888ab6046177fdb674d0da31141256b3f23fc16dfa5a9189126413dedd9cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b4c513ac04658945d25997a54835ed39

SHA1
220a646dfa017cad53ad3b758ba0d214164096bd

SHA256
018f2c6bee90a46396cca49ba9e258bf70e0d7ae5e57308c225bdaad591c86e1

SHA512
1d5fd9608d926fab9af63b4778ae318c1f7c3fc95bb45989bb02184e7477c6a23d36d154eb3d6ff810613e7ebcec4e1b9bd7a1776a7689b0ef64fb55104236ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7350c825b45b4592799cf9615c422601

SHA1
c1d0bf7dc1f19d17e2d8d5924e5525a14af3010f

SHA256
5b812e3b3cc80b1bbe05b6a22907330d54b617d9c03dee8b277768d2fe0503a5

SHA512
5f72f18764d1b8c78e5892eb7ad067509483a6eebf4b3de08a72ad7bfa35b33838101f6b87dd7ebbaf016601a4e78ec0bf1300323601eb1066f954779e6aad20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e3214c72a8ab48924761df5645a35d75

SHA1
7c9899705ab5a0938d5f9390c9fbdea45112ebf4

SHA256
4d15df6e71b6e448e62f56cf3fcce03f447279abac62c79f92aef8cb6fc954f9

SHA512
ee9bbd74d209e4349d07b7e7c5428b6f66988bd61dfc1b7c1f5f4b4ab4f3538115ba824f18f625ea3051f095d841bcc624b72e858bfbb1049b47f45b0b52bfa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d55af2121ed686aebfe0b4dc1e97633c

SHA1
f36000a02961c295f9829a2883981522a19e0176

SHA256
8c94af9c4bef024101b70d596e8c98fce6d863fdbc12df2905479acdf7d7ac38

SHA512
b6641c1c033ae2c2579c471306e39f5716d6aa24c19e5c1633c176323df04dd3223a72950dd179dd9fa2a3280e5ac8a5e29c6329a217a9533d0a62f630078a5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2af2f8d06d94729b248631a82fb7d499

SHA1
ecb18e9d1f39349f7d16a448a0e50ecdfc89a334

SHA256
93c4a1b9dc6c1b8a7d03462d2322c5abb0a24826bb20af3f9bb83a53a0f12aa5

SHA512
ca52153d5d6a4e257b319fdbd95b36738d2f656db3476e814a8942cc6c342f64cc01f9e42ab41810ed3a95709669be55d359fb1e27e74ea75cca730743155fb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b45d702a3124def5045d46b7979377b0

SHA1
fcd96ce78b4ccdb40ab911820230f3058a4454ab

SHA256
bb5abe0464b00069bb8a140f0cc444d29cf2fbcc6c7d71c1d713068c6e7d44bd

SHA512
8f546b7eeebf33312331e761bc57ef554e8ff42edd846a2218b3f8c699d1df91b32bf779a7f46f93a943fe295b5aa86d7044209443ca017f13ed29c581c2b8c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c8741dd02513134b118e37b72210d2fb

SHA1
a51a4288540b7b7f18b9e70e87a678243bf9952d

SHA256
ef562166544bc782f0058686d5d594d4b1e5b599a91a0172d017a261a20d8851

SHA512
e0e240ed12dfc7e3e87f682a472dcb81cd968eeb924f7b542e1075d5640db97d7e8a68abb69d07ffeb04a0d62e275d816686a0d8358e5859f4d955fce097f3c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
c93f20dd12b7c346f4b89ec924894fc5

SHA1
32d8e44e72d75b73cb91e3941bab0fcb739590d9

SHA256
8509a4dfdb1f963f1da6e575adea3a2300aa530470f9e57ea76475eeab436baf

SHA512
f6183d77c2e83d3569a7d461f92bb5700e65ec96da52ebb97c70f9c81f493018ccf25f414d60a4dedffb9f479f6f5b8a64b6fb11c57ba3660523fc1947f8ea5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
4b68c779771e3fe98027d1866c97e2e4

SHA1
c3fe56808ae8f1d639dd5d418d759cd6c20a27b9

SHA256
5c8ea750a6dcd4cc7f1abb212984f7f89adc03514fa21e42409990d8a0c24f3a

SHA512
3780b2093908c56c260c4e25d67850d8444f70595379e04c25a415e7004f729261cdd219450af43a059d1ad41b0808feccae18045cbdc348f9ecb60f1da12a93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
702a5ceea29473ecfb5a982c97c0fb43

SHA1
edaa268b7eade60f3b4f5f4c6974b0edff5d3462

SHA256
b0324236612104e3182cd9b6869e940f4566c4de8dbd03db7a6f0ab8f638b2ba

SHA512
8c690e1cddedc9abb5275eddf2e1eede941a47c69a745434475edff5c7bccef75a5965af1a6178703414704019272092b0a7f7cf536c9a9b517081c377670de3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
2e3c462341d7e6e3b7fde2683676f90a

SHA1
0805ac71fb1d345d998ffc5afc0a0c7c271b94d1

SHA256
91305d0e8651b32a9471739a43251b756a6e113e0da97580d37411689ea73ed9

SHA512
5bf0d7649064605569e3dd939ba7f5f1a2cf74abcf3f3f7ba694e8c78ee7da46b5ee4c754aafbca46075867a810938da9a14160ea3faa81221ed8465fcda87d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
adf7f0f667a80d8dcc21e642f3203574

SHA1
e2dd30b914c4dd2a38f0a9100ce0b2c2d56305bc

SHA256
c1ec282738faf201cc21c744fb3d7348bc638c9a7378aeca0cf177b490ca5a50

SHA512
b45a2359a2bdb67fbf5ada3c31414a885284f9c990e893c15da9a710d21e9f633362961baa7ca330d20a0357f2651ea85645f3837f5494c6f0d61397f8a4acda

Download Submit