hxxps://gh-gaming[.]com/

Analysis

max time kernel
165s
max time network
167s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
31/03/2025, 21:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gh-gaming.com/

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
153	4500	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UpperFilters	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	chrome.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133879297154044816"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
5144	chrome.exe
5144	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 336 wrote to memory of 1348	336	chrome.exe	81
PID 336 wrote to memory of 1348	336	chrome.exe	81
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 560	336	chrome.exe	82
PID 336 wrote to memory of 4500	336	chrome.exe	83
PID 336 wrote to memory of 4500	336	chrome.exe	83
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84
PID 336 wrote to memory of 4028	336	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gh-gaming.com/
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffba936dcf8,0x7ffba936dd04,0x7ffba936dd10
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2000,i,15061252712245984182,16760103449883139033,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2200,i,15061252712245984182,16760103449883139033,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2360,i,15061252712245984182,16760103449883139033,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,15061252712245984182,16760103449883139033,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,15061252712245984182,16760103449883139033,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4308,i,15061252712245984182,16760103449883139033,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4324 /prefetch:2
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4732,i,15061252712245984182,16760103449883139033,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4892,i,15061252712245984182,16760103449883139033,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5476,i,15061252712245984182,16760103449883139033,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5488,i,15061252712245984182,16760103449883139033,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5748,i,15061252712245984182,16760103449883139033,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5780,i,15061252712245984182,16760103449883139033,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5792,i,15061252712245984182,16760103449883139033,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4352,i,15061252712245984182,16760103449883139033,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6168,i,15061252712245984182,16760103449883139033,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5144

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3636

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4dc 0x4ac
1⤵
PID:5480

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\91198ca9-a20f-44c3-bbf4-f3433cbf1c03.tmp

Filesize
11KB

MD5
1baf07aa90a5d6cf5a3f04164a9cec8a

SHA1
59b4c70b5cd92d2c07e7968a6a9c41c61a7e81a7

SHA256
783f9b5c0e6dcaeb81daad840fd2f50f84e287e185f76ba12d5394ee18918c5a

SHA512
3864c3ed6e4be82ed4966ebd43295bede6487098fa739e713a27eb9de9b3f1a6e96ff6ed7351ac5e01152defa65aacd94b39fd981cec49f825f3e9f155b495e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
09f2c770be6298e9390852ce2e4906c5

SHA1
a36b83588d89ea4de287c9ae9d56e808333f31e2

SHA256
4925ca5d97baa0b2dea75375874897f2ab20a067be4d8e90b8e24f08378562b9

SHA512
e926e63b2216ddc019f1ba34cb80c035f482d72c47b73ebf9a7d27af839f0712d7eff8522738c009856b7ea682b78189b68805f2d7b56099afcca8636775c715

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
101KB

MD5
5afc26b6caf8cb38c15d4a5592bb5534

SHA1
4a4cec054dbc98ce92f913b6397ae16db9afdac9

SHA256
c88a975d1bb926e59f2382250fc555ddc9335014094bb3831017fbdc396d6f8f

SHA512
3f37fa689ae83b778e086089d9f78fed9e75b13f29af7d256ab9413ad1069bc82ccd3b900709eb7410dd4286b13daa8fe3ddc9aa6b19d116902b05ffc2f6f46a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
599KB

MD5
4b2c99c6d3b9368968e882a04e849a10

SHA1
d6cb3846452af01b0df1e77d305a134eea20fe83

SHA256
1b0348acbbab88317cc5b81f2bb23d9321957f1ef710cc0559c1f435304c354c

SHA512
bb18efcc82acb80219e1ea9a09ca84da232597774d25ec840c5bd413a58bb6f78d299ab903ce8f11a6c3f3ae6d1c6a7f684f0e8c60e87d7e19ba50c329f60bff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a

Filesize
93KB

MD5
ff06127c6885fbc041e753fad9f2c1ac

SHA1
ff33b7d6404468a8f15dafddb959384f78273564

SHA256
36a39f2a0f5c113f840dab715bce4b9b06f32ed98f2a373f21d5e009774cf2d4

SHA512
734e37e50f0cc6c95001b20d2a6f755fded28f1dae441db49e2717433a5ea17074a35c9a16dfbb5e30dc9fc90dbdfeea7d93e8d697fd88391f710601a0c152c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8add6d56f6c3a12d4bf06c3b01af1ec8

SHA1
3e56a1c83c1a35e73717ed1693a48e3ac7e2ed8b

SHA256
c241295b68935216629231d2691ae4d6bc06f8ef452c986610d7c8efd3707cc4

SHA512
346100d1637ecf7d66652aad14cd8b1719abeb89a9ea106f9884901b92037d171504c28aaed7e8e3837e0d6de9e5809c6ba2d3870fc1cb7c80314e4125242cef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b73eaaaf3f3015761f1e8e572802fea6

SHA1
4e5c087b71fa70fade06968b99deb631fd315136

SHA256
fc6ff72f1d2391645389253501cbc63fba7ad771d56645851d2a5cbaed6a6692

SHA512
ed635b3546274b8f568879bb15fcf3864e11aae736128218f87e0e35b05313ea45f2ac996ec368e63394ec588eea2b6c5978fec9e2e3c34d2ffda8a9464088ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
50c750bd25c34d061546f26a03d93f26

SHA1
80cac13eaf1958ae558e2f79ddf9d4d64556e4ec

SHA256
15fc920eaf2c61618859cef13ea3a8b1c24edf062a5111a1a3ba8a6c957ef173

SHA512
3fa71f4de0a6c4602391308c5d66555bd944b761185edabc3800040c68b6505851bb46ee60314323ca4c69455597cb613439833e33d4025b356b66800c756305

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
237ac15ab3319bbe61982f48a77db1df

SHA1
a98efbe03927cd611ec62de08f8620fc8c804a99

SHA256
9139910ef7d6a8458d0495fe69079aff270b3f147881479c6267217e334c00c3

SHA512
ebbb99294dc9b7851c3c8e521f7d04d7a85b1a6990020310ec3661e77b8b898bceb5744aa7f7ba4982d62dc40e59481e9b755d5a6380f09751af8d8cd0e9d539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
acdef5987eb29b0e248df4940b56e409

SHA1
b7b4acd7fd631fe3b3a80e69f104a3aaff768542

SHA256
30a0bfc63939a5c6f9aa4cb0671ef3fe6d189430cc8acf8a8c0cf1b87ea7b83d

SHA512
54a4d72c5311a16db9065884f91a183fd8b00d36ef0229f14b52816bf7c18d339fe53d923e3525908c753ea804ea3fafadafabb01d6002f25591d101f2ef3c1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
2bf09e2dfae9e5f1ba49c795d93920c4

SHA1
04c96291e78f7c1317ca3a2d6f6fa7c908726c2f

SHA256
203807f54112b9771dcfd4e260038b79c8c7b27f26f8f3163b15e44c416b74a6

SHA512
00da2237f071c6aef9ff48a8412fec04811fd9dd85618e896d8714cd401c57ed2fa7abfe005df04e05cb764acc31b79e02ae04bd7d0a35fd02ad100d4d15f55f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e4d6951f509fac04771a22faf1ecc2e6

SHA1
9665305f5a68f4712edde605b80bbaabf96177de

SHA256
314b20823d7e9bd530c4d27f862fef5b8f03b0bb2b167d06ca1204a290182080

SHA512
3d93cfbfafa0eaef0ff6ad0f3f7a1b70efa89f8178dc4a1960e97e03d29016a01d2a74c95e5cdc02042321b6ffb80a8b05568b38114e8e8ce087c11bf622e521

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ca12955da322f8f1f12761ac8c95b138

SHA1
6870b2c62b7b24ea926d24050555161131502b01

SHA256
1c067eb4d0d804d5d03e8cca10e99b719e4d991d46910c7abda4f992eff11092

SHA512
94fbd5805d8393061b215daa1e60158d8b373eed2eabca6ec41e251ef6e8f664777b13dfc9d9b2336da92816d34e5ec916d9ce58b1a96028cea705d126f61c53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
5b7e2ec8dc829a98b23b2c28346b79d4

SHA1
792d18c16ef10f651f06eea5f7d0df5d1759e1bf

SHA256
8630849c2dba410b330ffce79a6261728f43f13cec42350a54524e0c01c794ea

SHA512
8c258c2208ee28d5d2beb9fa0ba8ae041e4bd3cf1f295708691478a7d7766540afcc659de8ee8e4a9c5da413bd5c0428e1c2c3fa3d258e2528bb797f4dc6d33a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bb58f8c201223b4af632b1c2e39ff176

SHA1
b19052d744a5e84fb0f26145d8917892dee66078

SHA256
4fabf9e2ad4a521b3a22ac89298561e20193effd08565b50f4a560305bd08228

SHA512
5187caeca2f21c46cb8cfb0cc4e48ce81f50f01f4309506f8a01e910300b3a1a2d52deecc6518ac62e7524673b575c8dd1554469a74bedaee65645d6f7bb754e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4ce244e85a784817d1dc45fd05b507fc

SHA1
9b72b213a87f216e95632f79d6bc89f2a079abc5

SHA256
1e64ccc121562e5bfa9089e6bef95b319659e49f68ea3f9eac6c95caa8b9441d

SHA512
4f65b8ebe53ada76e8294bad73cc79d60c14f3fa98f1813cbcb23997b55060289fb43be7dc17dd8157b32a03e7271c77a4bf2eb6348f5624caef62bec338a905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
d7c5717ca93ab85840f81269befee7cc

SHA1
9e6cdaf868a8202e525d8c091dc4b361717230b7

SHA256
3aa33ff1e781f36fcfa9ec154b1093222eab4c40ac4cc5a9fecf3cc8bb92672f

SHA512
2ebd8a75be5955eee8a10f6fbd6f7ceed18a5f37b6bc8d760aa7796d9ff08dae74ef83636c23800bf336b8e22b9d1cc8df8a6260ea46d5bbbac05ead6c0f7437

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
d533f92abe401491a6b2f8400f8c16df

SHA1
bce23cad587acd35ae67e4ed5bb782704135fd9f

SHA256
cf863894f52070c92790572cdbc964c710d98ed181a0fe1ee3574c7bb1806073

SHA512
78570924e58076a9479262c871fcd612e43ebd5d500d727efeffc3cd7875beb45cab599de2003163d88edc13b07c18e0f8465be39fa4876d6293350cb5b99980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4b645cdc8fec000d70f46d9ce4c01759

SHA1
f67336c103ff27bfd94ba4ac9e2a6a5844d257b4

SHA256
41acb0d3f881bee6397b9fd4fad70759b0651f964970ba46b5fa45a1d503429c

SHA512
dc694dd45ec111971b579398975f03dffcdfed3d5bc85817b25c715cb400011a15b002a0b9a7be1bd4997a65149e9e59c373f7d0b408bc8e81f9bb7cb85b2ec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b8469d4794c4569204ca8af549b0c0c0

SHA1
d33a31fce1084b1d4a254ec3573d3acfcf4c1d6e

SHA256
3716a9d245ad9185cbc05dc231e96801a023e097313e204809d4474eea5e9774

SHA512
fa1db6846603e3e819ea50992cfebfd42c6d9e76452e759aae5ee12537f23ac6e7a150ca3d0a92765efe00b1017f2bb822037613741ea2d3593dfb87d2c79dd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9e8dfef619e0f4b5d08c7e8d861a56d2

SHA1
7c7d21eda3931b8ab8d9d50e558f9d66e12d350b

SHA256
351abfaa31369db74a7f9b090cf1a913a69a51801e005e892d44feea5b8437df

SHA512
4bc524234766593dd6af35c23d47d2c01b01dcb6ab26810643643c9c4c161fdd37f2ba439c1844ba0dfa7f5963600623eb0dd9c9622800cafa546b4fee6c35b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cb5e.TMP

Filesize
48B

MD5
8fb1ac0685346193430c0f10b73e79d9

SHA1
11a6f11de8a9caf0ff97b6005f453c538cae9f68

SHA256
6950debad43f306afe81d1209e01f8d2aebd384f67a1eda8ec049f132fe9509b

SHA512
08aa692193d71bd4aeea6aa42144315b9a25d620ae677c571ab9c4961224b644e13932692ecd92dcfa93bf1aabdd7687830fa275d2b4711c6dbeb21c6ab1384d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
ae5347c0efed23f28d8324f902ee8a50

SHA1
63521819fb61847fee9e5841c3645146d3bf6c2e

SHA256
d05fb346fc795d301d97f04ddd3a474961929df1b3e606fd341f73fd15077178

SHA512
437fa78cee4f5e8ffaf84e7571a2b603f50c4e9a43ccd0f47122a68d10dd0c771d3fe82f0fbc0d6278284959db55acee38a997143bb26e2413b711506acdff2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
70743e28f31fcb467a132fbbfca4d71a

SHA1
4d7e35ceaccd690558ebbd4364d5e4c98c332234

SHA256
d01e09eeab52a019fde1bbc0f59c4a74549d0380a246810d5a790cca35a24445

SHA512
7d421606671cddda84a1b64732fd8dd3449787b9d1b270f08ca7c5cb963af0c76f13d35f5acbc481061e73afd65e00347fafb9bab5ba38ba9edfe0c4321a76bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
703fb337d9bb337a7ae5023b0254c869

SHA1
23ec1d89c24d3a9f6ab0a3f38bb1312c9b253a5a

SHA256
22db7da18a98a7fd3747ad77ffc374bea48260b8d5dc563adecf7e6e50e7b274

SHA512
f8bd4275bb2c471a6d5bde01b40b1c82406d4d46cb87de3bdc28b60acfe8a57cb0310ba0fca02706d04b3e8bad90a38ae948ddc32405c9b2b518a2f5e407b6f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
367a033999f0f5ae9c63264344f1679c

SHA1
bbe59bd1460e7451a668a2147622594a32a40506

SHA256
6b476a298e7e5b7c471a2904d60d9efb0eadbfc6868acf1ea3593a4273a993ca

SHA512
98b31f3f468b0ea239bca7e4b86748368695eb93f4c9ba808380fb0528d059056735c58d2c68baff054d8ab8c4f9f2bd706ae31e9b627322c1cca7e685d15199

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a3385323-325f-43ab-a3cb-d03cfce62909.tmp

Filesize
81KB

MD5
a2caff4d9f7ac09b9295bd0cdfde886a

SHA1
0af14546019934d75f3d64fd693aa838e40f88a4

SHA256
3eeb71d5aa5cdd1d7eb6f93715e3845ff1422963afb1b8c0f81fc001d38c6056

SHA512
059ea3ff12633104c87fcce28294321a290c3eee5681bd3dc2b479ca0dedca54b65005c5ee9ac926cc950f7692aa3c8bf09bd0da3a4451568458cc5c3c86b5ca

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit