hxxp://www[.]theannoyingsite[.]com

Analysis

max time kernel
62s
max time network
298s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
20/11/2024, 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.theannoyingsite.com

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UpperFilters	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133765859098222227"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-870806430-2618236806-3023919190-1000\{0EA4A878-A59A-4D5E-9E39-D7EB362A988C}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4596	chrome.exe
4596	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3748	CredentialUIBroker.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4596 wrote to memory of 2428	4596	chrome.exe	82
PID 4596 wrote to memory of 2428	4596	chrome.exe	82
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 2568	4596	chrome.exe	83
PID 4596 wrote to memory of 1600	4596	chrome.exe	84
PID 4596 wrote to memory of 1600	4596	chrome.exe	84
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85
PID 4596 wrote to memory of 3896	4596	chrome.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.theannoyingsite.com
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff8817acc40,0x7ff8817acc4c,0x7ff8817acc58
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,12227073512508999630,16979634427803912284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,12227073512508999630,16979634427803912284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,12227073512508999630,16979634427803912284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2440 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,12227073512508999630,16979634427803912284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3068,i,12227073512508999630,16979634427803912284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3056,i,12227073512508999630,16979634427803912284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4484,i,12227073512508999630,16979634427803912284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3808 /prefetch:8
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4792,i,12227073512508999630,16979634427803912284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5868,i,12227073512508999630,16979634427803912284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=6064,i,12227073512508999630,16979634427803912284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=6104,i,12227073512508999630,16979634427803912284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=6348,i,12227073512508999630,16979634427803912284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5928,i,12227073512508999630,16979634427803912284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6828 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6972,i,12227073512508999630,16979634427803912284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6988 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=7052,i,12227073512508999630,16979634427803912284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5964,i,12227073512508999630,16979634427803912284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=7300 /prefetch:8
  2⤵
  PID:2216

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1116

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x4f4
1⤵
PID:4760

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3124

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8c161acd91e36dfed2cf633dacdeda51

SHA1
24b4803fe74447c1d12175703fb8771e68bc594c

SHA256
4bafe9cd660cc7c0582817f615f3afde19ad3aeac0823f8b76c73b884870735a

SHA512
3f0a52aec66215196a0903da67b830af1eb490d088b7e59f929370a05bd6aeb939ab8428bb71d4d9adb668c9ce8810528b2d7fa11166806e40f779e0284d8ff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
1024KB

MD5
457e51aeaed0b8bad8b81f00300d2bbd

SHA1
c2e86671082458550a42b7b7c975f7c3eca820b0

SHA256
7e080d6e99c2281dbb6cf48976001e3e7409342d142987b9f369a8b5e88c4238

SHA512
425ae5a85fd78903d37a923b7ad5394d0e2ee59138bf5b7bfdefbcc1cd773ea86a3733f7fff795061899e686b2308e03a16991fa3dcdda2247170591affe03c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
86168a4b4ca06fe6b9c7f9091163cde3

SHA1
c1c750306f4c17e7841c301829b79682ace597d3

SHA256
7f4f16d06626df31e3533a9a8e7b62f9a0f66425cfa0ce44872603e7669e0e62

SHA512
44779c3b6e04ffc1435faae7e9fc4564ea4779562ffafc608a9fda208466e04981998622f7dbe9f817b415f9268cc00cfe8985a690e21a05878fd6ab79802b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
aabd829cacb1b883f503d0251262976e

SHA1
7b13ceec9ca84b61fbccbc621459df76c6922ff6

SHA256
3045ffe56dd58e2bca5969117c3172820a82c8d43e16477978cfe79611444c1c

SHA512
98c7be8eaed21c1bffab5fcdfbf3f1e728cc18e5deab06152fae7b0261223de117c890216e845e5e3f29418f90ffb83fac7443fb1a64896c6a83c1976704d4c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
0c0a002c582568c8e5ed5a512b85a20f

SHA1
5e91e54b255b8999107fced1b03c9bd78e7fea37

SHA256
61cf0f385c3fd21fbe2c6469d8b06a6520a1871a86b8b79d0e50f40891f1c1cb

SHA512
cd53378c8240f24f308c3d6c6518d547607fe6726db514e35156d83d712f5e910a6127652228afc6df217dd3ea81396060102398ee111c569396de26b274bbf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
3fbe17ef69226a9f7c246f3bbf0a7075

SHA1
49f6422438c43159091f89ad3a763aef57fa83ca

SHA256
a81e361764c2f7f84a93d14eb269d9f7398b8388ccc2b41e9fd353eb84eebdb1

SHA512
3e094dcf7f8f98c346ffd32898b30b1db1c79ce9c1f8d852164ad8c3690ac7bfe36da2d9a72f3f0941c647cd3cdbba129387593fdfb25d2986d16f8a0355ca31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
35a503146bc3aef05528846514ea05a9

SHA1
a5845680cb50fe1617d402f05fea285468c7875c

SHA256
e09f1162560b5f95c0fd2b7b5b8bd9895b226144c501cde74bcfb79754e70bec

SHA512
c4f3cfc7d37012ddaa7967eceaffd6b652c30f7ebde2de5e419cb4b0704d70a760d7f061fc8d462dd696fa15dcc545df8c39fa730e8e134723a44c453d2754fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ea170fa0fa0db8206e0388abfd57f53c

SHA1
87304dc1e26cea3d63b4f787cd51192ac04d1638

SHA256
524e5841aeab654739db5ea62db63862e37ea803aa5ee02f4ca11a40cdc4878c

SHA512
c8a43d9851e0b80468837913f9631796880013d68b739e31c1fa058ac969ca3c2672749d68bd44e1b2f024f06a7c786eb0db9c41e86ed660c6dd324246de6ec1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a961e96963df0dde7eeee775cbf00008

SHA1
c82531dd07bfa74555d2f6e11c0a6ccca9033f04

SHA256
716d750c30baff46c8403f65d3a95f3587147ea18f82cff98158763a7fd94eaf

SHA512
213a0e8e9d2ab026824692c3f374aa51ac2a86b6793e2313bc38cf5ffbef5047992afb430b222dd75671512d851344191c089a00fbb9cdf449fcfe99b56801f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e036c28e74b50ac0217438236af08808

SHA1
20c92fef055075ea6489e88450e112590e2a8580

SHA256
3ab862ea669d3d43cf7ef7bfd419a509e1ed8049895fe821c9a7f5c6f3ff3abf

SHA512
2faa9be0dd3de82b8f172f492eb27bcf65598878e82949e04334a10c0372ca935d91f712bf02adbd0076ebb3a988b4cd2dc47d001402a3aa9b6dd8c01855cab9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
84c3a49c0a04628fa3264c9d01f24383

SHA1
6d2882329be916901d872bab4231bcb3b76769ad

SHA256
ce1e69407af10143622a078bfbd0a6528e429a31a7d125ce9f421ed7f511624e

SHA512
3d292200d3cb0fdd9aac75c7430e67ab9b3017316bba0fb9d5ad637fccfc54bfbc759773f293d20f4e2425cdcf58aa0fc7abcca7641ac433db7ed8c92ceea953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2c98b6b94d682a83a7cb72203c69b1cf

SHA1
47198e6f217ef4a3aac701636ae5ef37c609f8ed

SHA256
a30557ef153ce52aba6cb0e9c71b075bf34cf046a2fadf5cc021c2b42cb8b160

SHA512
1cc9fbe1ab53cc2035adc64474cdd776c4794ebfc85bf3a6361146efc29d5f98fcc77668c109e30554f729357b89e89c70cad2995fbeb136f172887db1ccd674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
02db9e8ff5822b2840a6eb07c9889910

SHA1
98b2bd464ddd86f0c0b6a75c7632d868dd129cfb

SHA256
c368a72ecc6599d449c9c19af5111f3c150693bafc4178b1de769e8f9f67c77c

SHA512
ac92493969a88f3ae13505cc31461bbefb16ed2034235b385a0e7a208725022182c6df4b37101e39727bba6508a1b3c0682f05eed6e75ef6070c3ddf740c6c04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
243ce3d8d00dcdf070ab3b6f34d58ee6

SHA1
cd692fc6072ea22456259b0ff54b3a2c429e3213

SHA256
b9aa5b1ef745f7f51bfedaca95c354efc543809997e460308bc136af01748931

SHA512
e7b35fbf4debc2c54b36c63ba6a9abe02a99455902d893dcb031e48e75e298c080c8934b356b673b6d2edc1390182683cf4c291235750d63542695568e093acf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b340b974747b675f1643ecc446cd27d6

SHA1
5f78d06cb4ae6bde8eeacbacbfbd1497e43f03a6

SHA256
aceaaae2f729d67591a3e918a449cedd4a281b14258605891251616a4eca8551

SHA512
1140a659c503de186c9d6fd64a0b91f82f1b75f1086b6ae03b9564eff3cab357e14b1ce0040af3ca42498c23bb3aecfebef3836fbb5f2a627c912f99a5880828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
28a523a6811357d4fa19fd47bbd55cd5

SHA1
d9c71d254d18cad11fd70314549554b653071618

SHA256
c14ab4f96ea83405c0293beb68470d4c311cb0b88912fcd0694eaec6cdce996a

SHA512
e4a8d20967405f74bf2d7cc1add7f4bf5d3a4ba30569b7fc584d75ac7ace7d8053d848388fb4bfeff4c03491fc3af32756809a37673b5bf92fec37d05fa1559e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b0ca7e92f3e6b7e6f6fbad84c4d2de5b

SHA1
f74a83269e9917df34327c8f058d2dfdc56497c8

SHA256
b673f59480c23955ec8f74cc2ad3cc26a07e1d8f93269844636a4801b0aa318d

SHA512
8d0368ed1da363a3d7b970520ab0918637d49cd5800355ed4c3126748049a522c6cba588bbea0ce3666cdc2d087ae1822c0fff75b190e74cf67fa43629b4a19c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
01e207f5beb95d8c9df7849b1a1a28a1

SHA1
64c90c220f02bd3e2be6181a05d9cee997075806

SHA256
c4f9b3f40146b4ff856b0d8551043abd4ffc04c21208e88e594123fc811edc9d

SHA512
cea2d6ccf4ae37ffae8f1872ebd9dfa8b22a40cf42c4f30eb9600f98891ec92bc283aae769d26319c77d250b749c8b97a3f469bd824318818fdd19d4d0818de7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7ffd3cb8e95f6af96c77d7b7b198bdb9

SHA1
8511aa3b1ff4542643d2b37d6d8ef0acebe67b55

SHA256
23ea333b4bf4cab44f7d7cf3c6a50b89f82b16f91653fb4ea7b593ce1cbc168a

SHA512
c6f4916e5f251398ee06bc44e298e550ecf4aaa44c4385f4cf153c0dd8201d98cd021e34fb22f73fc0c2d507879d16d08b19712424560724f09519e4e1fecf2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8410414a16c4130a69a037e45dcd3fd2

SHA1
fe5d00f8011a2e3fd2f1ac93125e5eb060ddf65a

SHA256
0b25a3e651acd7f1609eef1357124b6a3f48a0ae5d581a30dfa5ae6920444eb9

SHA512
d52e13e8d0acf8780f7beb29c1a7fa67ed9bc3e7030e10873228cc2929656291f85297920aa97ad629653e8d982eab2272bcc56d3dacdde19ed73d12e8527604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb63aea23e5529ea206546933f951c4b

SHA1
60dc3a6900e5e8b7e0ca2d4183a0d0885e5a9ec0

SHA256
735b04f4f9e999d3d38daeeb3ed0ca894518380148dd676b1b0ab301e39504b5

SHA512
0e2170f5dddd2536625498c102c4ea359d7a4474190b4a44e80ce2200a6ed2fa7ee0e426bb8f3388ad77e95c3ca173c54ae748dbfc53c3445656b96e9d273f03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a35eb6642c9b67493e4dff67f57888f1

SHA1
89feeee88c96f193c7224c77e77264bde35ec603

SHA256
00057236643eb12d164ad236f437d0e3a8d0e73c96b985844cd6e3101c571745

SHA512
9c785333d2b4e8a61e5e617bd481c48b58b04dc974a2f9804cf8e8280cbbff717006f51a1981f758300de167cb1e1d98ca024ef4a6305da26fe7c3480b6ed440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fcb406c317b74731b08d2eccecced9a6

SHA1
c4a32d3309ff8f345e174bb59e370685fee9c536

SHA256
59b70894074d116f6c2888866eff4af51347b808635150cc039ed09594d490a0

SHA512
58c61196341bb1a7c7dbdc2c1cc71f1085c33623c2c74756368a2059b21d176b46db23b0757c861fd973f3044cf804940daa2891fb34d7f375b1fbebc4666f72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e5c8ab8d46ac5d16ae296235ed49ae1d

SHA1
0e9b44984c3ec3e93563febf88791c5908d3181c

SHA256
d374374312f04d7b83a733652a4dee302af5b26587cf5c759e04f465672c3739

SHA512
87c3c4152894d1262f85beacf9f793a64d277fbc48759861c40de04cf0c445e9a10a5312824ed509d660f9e90e3338d434a91a0b786cc4b19d60bd4261b4289b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4beb1b78f8fec67dc837c78d158096b9

SHA1
b08ed99f69a10ba77a0f3add3abdc20058d41157

SHA256
2a9ca7e77f718cd6c01c956480e365d2be5d7a6afcc2195022e2fbf8a2c72819

SHA512
48aaf877de030b3dd5af9a735d77540183360acb39618ee4fe66bc36af387a2934bdcd248b1e63835bff3700ab6e6811cd5b263872d1682b191d57c707abf04f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d0d27ca4-da31-4a31-95aa-fd159becbb22.tmp

Filesize
9KB

MD5
99c8850fccee66d8f558eb2c9a2830c4

SHA1
67f3475b73c98efedf0f352e9cb6f148a9b4608e

SHA256
0e0e31330c8358947db72cb9655033688a1b203d5d2cc8e04f4999740391392d

SHA512
f37d820cca605443b75f41386d36d703af908ff6bddb1e4bb37c9b3a7cd7ae440891c80f3cae19a0d8f566bae51c6bfa9f8a1af4e833b2406f0afd648f610c6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
32b3cf4e160b74a6c051aa886338d036

SHA1
f540a3e0a18273ecfbbd8c089620f607f98fde1d

SHA256
cf82160b64ded292b72b88f141ac01d3aa372fcfefc5c2802c37ca50f7f17231

SHA512
a037546793505b9ecb295e0ace28ec3c8ad5d682ae9e659ca57fe3ed6b66c65964189cd55da19317c0c1777fe6bb081e6562be9cd771db8979187c0407138fb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
05e9326bdeecb60585c4dffe26498c03

SHA1
6650d953820ed0d7e37b448d40e44ce840e5b4fd

SHA256
14842d9c2b3ef9f8f162d225626e51110c40ee523b8cf34485e199a5a9c1d5e4

SHA512
94246cd9e1ff57d00e68b871f8bd90bd544997ea3879a284a6cf340df3def6f7512e236111fff9f97eb8782c24d47422a48bf8a9517b945b22be2e6c17cc4795

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
9ab6be4622262ba96c010e90b8913036

SHA1
3dd28b0b7b145d0ffe202021e602d6f3815754ba

SHA256
9a53bcfcfef5c8125c30b91ea72182a6eab466fa3712d4ce9fa1a8b94d98fafc

SHA512
f217869d5d97fea646ba6aa27202f0bf664f14fc58e757b1f45468af91c2411ac43b971e9be7fc03d90434c1b9d4c5cf59bd93e1c199b96302d96212fd39784f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin

Filesize
414KB

MD5
ab79489e9704fc9cc9d8bee4f8e17ec5

SHA1
b2e19a89b43d537bb5b02ee9ca2418f027259c1e

SHA256
4d71760d6f3159849068b635ab4c39b9b747d899f03670533971a62d262c264e

SHA512
60d11ee023b9a045c4b59b88311f001fcf4856e27837a1ffd6ecab0203e5199ee077d85c5217e0f0b94e0bff93b14c3680816b6fbf9d42ee2eff5c23d9a13edd

Download Submit