hxxps://stock-images[.]0o[.]si/?p#/old-man-tries-to-climb-ladder-falls-down

Analysis

max time kernel
101s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2023 09:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://stock-images.0o.si/?p#/old-man-tries-to-climb-ladder-falls-down

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133236955907712106"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4428	chrome.exe
4428	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: 33	412	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	412	AUDIODG.EXE
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4428 wrote to memory of 1268	4428	chrome.exe	86
PID 4428 wrote to memory of 1268	4428	chrome.exe	86
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 2384	4428	chrome.exe	87
PID 4428 wrote to memory of 1016	4428	chrome.exe	88
PID 4428 wrote to memory of 1016	4428	chrome.exe	88
PID 4428 wrote to memory of 220	4428	chrome.exe	89
PID 4428 wrote to memory of 220	4428	chrome.exe	89
PID 4428 wrote to memory of 220	4428	chrome.exe	89
PID 4428 wrote to memory of 220	4428	chrome.exe	89
PID 4428 wrote to memory of 220	4428	chrome.exe	89
PID 4428 wrote to memory of 220	4428	chrome.exe	89
PID 4428 wrote to memory of 220	4428	chrome.exe	89
PID 4428 wrote to memory of 220	4428	chrome.exe	89
PID 4428 wrote to memory of 220	4428	chrome.exe	89
PID 4428 wrote to memory of 220	4428	chrome.exe	89
PID 4428 wrote to memory of 220	4428	chrome.exe	89
PID 4428 wrote to memory of 220	4428	chrome.exe	89
PID 4428 wrote to memory of 220	4428	chrome.exe	89
PID 4428 wrote to memory of 220	4428	chrome.exe	89
PID 4428 wrote to memory of 220	4428	chrome.exe	89
PID 4428 wrote to memory of 220	4428	chrome.exe	89
PID 4428 wrote to memory of 220	4428	chrome.exe	89
PID 4428 wrote to memory of 220	4428	chrome.exe	89
PID 4428 wrote to memory of 220	4428	chrome.exe	89
PID 4428 wrote to memory of 220	4428	chrome.exe	89
PID 4428 wrote to memory of 220	4428	chrome.exe	89
PID 4428 wrote to memory of 220	4428	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://stock-images.0o.si/?p#/old-man-tries-to-climb-ladder-falls-down
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc489f9758,0x7ffc489f9768,0x7ffc489f9778
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:2
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:8
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4888 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5340 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5236 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5392 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5580 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:8
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5684 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5668 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5948 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6056 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:8
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2688 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=976 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=980 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5516 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1016 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5928 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2800 --field-trial-handle=1868,i,5403034023164144832,15731930979596765750,131072 /prefetch:1
  2⤵
  PID:1264

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3060

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2c8 0x33c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:412

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9f70bc2c-e096-4cfe-8abe-553ced5a6ea2.tmp

Filesize
6KB

MD5
83a3f642a3a1a5b09e138590e2867cc2

SHA1
92bf5dbda3ca664b77447d289d9b444f912f051d

SHA256
97c7f99689756b1e726bc592561b12a8e328e6f6d1fdeecc3c0f2e62f836c995

SHA512
de535895316ca7ff6f3d6092c7ecffdd03c25233a8b2e31da2005cb0f5265099515d5beb3ea5597bd01de28f8990aaa5dc1b9a54353368842d41a192fdd2c537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
1024KB

MD5
150576beeba5b2e08f1139769ca71418

SHA1
71adae2728522008ef4978b1a1e443106f8be756

SHA256
ce941e869d41168d3c1f820f9f84e7619d687be232f6b254b1fad5642e441056

SHA512
6d53173123029893914975e734fd5214821b7e07d8fb22a76dd02974ab9a58f1ed0ba30c128013401acedbbe0765aeca249edf7c083fb608bd5428a2a8443b96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
232KB

MD5
1dd1d08f5687daf9805cd298b4ea4b33

SHA1
d07cfb632cb1a099dd8d8684d2b304080b02676f

SHA256
907d7cef6bc9c369e541c1c34f1e6b142a18a47390efa002b809a3f662686b66

SHA512
fe6b5050de48382fdd58c02c2cf31fd3d7796286eb594f637ff2548327211b177fcc33318590d976efa2919e1a1418589c00d6f009119db93eaccfb21acb58f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
515d982d133ec99ad3b2bdbad0ae3e0c

SHA1
25ea9174b47a1280e52e7a1d26f69b785bfa1bae

SHA256
3f3a0945ae9b986d69915fb912341b0971bbefbae6aceff3ab230aa337abf3ad

SHA512
711904cd520105a740a0622f24a894075a27e322d4064330e562a208fcbce95531046da8f79c42c4c9dcb2f63215687548098fb5c833faff87b85871fd27c8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
2a88d86178df3712de05f8860dd1c5ed

SHA1
82908750fff6fdf827265de844c872c85aef8ac8

SHA256
5ab505c94b31fd3552b71218fc8ac4c78410e71d16ece9049b4646b95dc59639

SHA512
e4e256ae88dbc48ddac6840c5c44059de650a5da3961e0fcddc2e284f26850a11d309c39f90a8122ed510b1573434ed4915d31aaee8184159704194275e79c93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
93eb544ef3ee2caae91ef54bf5f1f11f

SHA1
c8a0b55db1ef4fc50c79de6d956ba3d93ec63632

SHA256
c86f6a924f03d1d13d2ad7de6b2234f514ea78692ae02bcd79578195fb38fe42

SHA512
9c6eb80b92668c796a7188704033093556ad94b6f9d9c98c9b609b11c6bd97c89ee09f600a1f97632e03aa4664e276db3ca691faa455d249d1f34d197971c332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c1e50d6c664e114162bfd8152e1c631b

SHA1
86e23f391cd39ea33fdef3a7bf09579e2f827446

SHA256
05d686c730aacad8f712d7324f201d6b567a83b893eb6c79aebb2cdd7bbdb7be

SHA512
23ec562a2bc725f886b20160b0abe0af3871b78ab0d227af4c88463d397412e761a9c0ea28bf24022ce22ca12421e683b81f4f0dc8dadaf04bd41929f51d5db3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4ae286b6101f260e9166316128429fb4

SHA1
7d901293d36a7f818d3d27507624c3c3fc5c2bf9

SHA256
081b0148ae52afb1f21d4d58e3b27a29cb319a309f1f988ad243784d18d90c5e

SHA512
14b1241a97f40fb7c631a4baf99db1d500e03f742b8e6d2f5114b83430c0e22d6a47faa70a205c7ad7c12de9dd931b1f87af6357cf042f1b9f5e2ae2ae81598d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
65dbcc5445d4eb4ece28dc7b478e1040

SHA1
b75232efc4555464f8ecaae9e131549dda4822bc

SHA256
04e86e724dabf73bdb180039dfb1739ae3df591fb7495c7e5cd6267af79f3f5c

SHA512
cc7a0573fcf50cfb2d1e7c682a2995254f7a7bccb5192b55a419701b50dbc0cbd0b730517fd47704de4343bcbc8e93d063d5b66aa735b08452ecaafc0ac27c90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e38bc7bc925b85a81c506f195ebd2490

SHA1
c863ec379a70e579118c20f0aa8c1c36028ac25e

SHA256
1e94974af91981c192d264cba130fb1e6dadc197adea174eff31b583fd57fdb1

SHA512
3f33bdc534f7b3c330d119217b678058ef678adb1159e0591a407ce953f765c8ae7c4fa0640222557ff38f6d5ad87f341218b05c33078a92241e74a3acfea137

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0c21ade9ef3a7d9f955dd8752172d657

SHA1
9a46ceabd083b831be39821dc801f5f52b0e317e

SHA256
7aa4893d0cda5d4e4116ac31e51b3a5d637c82ca44ff58af749b6b767b86b905

SHA512
09f57cecb065912c7ca17fde8a57b8da6e2de2c7a242a27ef43278b8aabf8975175f9793de9eb35a43f0ab6ee59c3c72286ffe4577865bc7227ffa002392ed11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
dc7573d29e9f7e7506333afb3c86e755

SHA1
7f9b1d82477658d303d2ff470dc65abe7dabc018

SHA256
d3b918f99fe076b902829538f8d7a3ca1e65028f6e66e16e8b36557b44f740cb

SHA512
321a0ddfd1101cf6cfd8e39a6cc36f0030c0b6ff1268c7db6328f7896c05f286531941fbfd9a88a7a515d91b02ecf5bb75d445427f7314a81ae482e0050beb64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
eb4ca1b957fc3140e83a7d699ecae3ef

SHA1
0d4d86f20fd571a6ea639f7c9039d63835ff3cb7

SHA256
b199c7c7412170e7f846a451a7a920e1348044bc26802552637e70b663465cec

SHA512
45fa14bae54bfeacd52717118012b9bb2e82fe732cc0aa0ca12c8b8a9db3ab6c1e089a792cc2e1b29396b6247c66dc0bf902f2dd7686a1498b5ffebe590bf904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
05ed976da6c6672112d95a487a997e75

SHA1
a86ae62fab8955b28ecc412b154a4540095c8974

SHA256
ed0888c4dc2c79f5bf75ab36277617e92c65804868760e118036f56577d5e8cf

SHA512
7cae57a780bfeacbdb9b033ee928b5e195d4bf714b8c2517158091a8ecd9d8a12e4c1017ed3c6f5fd1402161fd1bb8a458e5300818f8be683e48e141c422839e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
6f4dbcf754d3d35be42c5c9445ec6ae3

SHA1
c0c22012b608a543de39e690ba7681734442c8fe

SHA256
73c450f17f49d8d7fc0c82a5ebc441d6cf782e9a7a444f6a1ed1317dff00c258

SHA512
35a913100859e7790eee02c6124767bbaf98c2d08dccb950dcbec466972aa605b5412f8b3d7d3edb9d4ff418d7366eb25d07153fdddb487d92fa33d1cefa04ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe570e87.TMP

Filesize
101KB

MD5
9e1fe3db1909afcfb901cd9691057224

SHA1
1c3f32b4fbfa6251b3aa11ae6b1ced9aec1194a1

SHA256
7bc2d49fd6ceca558c81f98a29994cfbb8579fb0d1e1680290df791c07e912c4

SHA512
80ee32bf9c3475462ce3199648a9d6e79062d740a85a4bd0d23941ef94c5ec2c87847dd8e42f6754f3cdb9d38ececd2d4bf78679e499f0928b6c5fc8d7d0b73a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit