0d59eb046597f72cccac82e7380761f83b20bb578458202e730fbe266d76a1f1

Analysis

max time kernel
150s
max time network
151s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
20-05-2023 00:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

idk.png
Size

297KB
MD5

d8342f42a040123ca864cb3f0dab53d1
SHA1

d0fa56a51e5516de367e9ee9d61862f501642721
SHA256

0d59eb046597f72cccac82e7380761f83b20bb578458202e730fbe266d76a1f1
SHA512

22b3ba7365241f19051ac2ed3bbb59226489ed791f6e438be4e04d0308923b455c2f1671ca3b8850911b49a86ef40b9bbfc3498407c5875d135063d01fa67cb3
SSDEEP

6144:/+nII3T2BiiUPRS+zKOX4kXyEA1vpDxHMQAuyMl3KSiki7Pe9GjPiVQwd984Ly2:/hI30iT5S+zKOXrXQpMjuNvX9GrQQ4BV

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133290235802330140"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: 33	224	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	224	AUDIODG.EXE
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 3648	1360	chrome.exe	70
PID 1360 wrote to memory of 3648	1360	chrome.exe	70
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1308	1360	chrome.exe	73
PID 1360 wrote to memory of 1932	1360	chrome.exe	72
PID 1360 wrote to memory of 1932	1360	chrome.exe	72
PID 1360 wrote to memory of 3488	1360	chrome.exe	74
PID 1360 wrote to memory of 3488	1360	chrome.exe	74
PID 1360 wrote to memory of 3488	1360	chrome.exe	74
PID 1360 wrote to memory of 3488	1360	chrome.exe	74
PID 1360 wrote to memory of 3488	1360	chrome.exe	74
PID 1360 wrote to memory of 3488	1360	chrome.exe	74
PID 1360 wrote to memory of 3488	1360	chrome.exe	74
PID 1360 wrote to memory of 3488	1360	chrome.exe	74
PID 1360 wrote to memory of 3488	1360	chrome.exe	74
PID 1360 wrote to memory of 3488	1360	chrome.exe	74
PID 1360 wrote to memory of 3488	1360	chrome.exe	74
PID 1360 wrote to memory of 3488	1360	chrome.exe	74
PID 1360 wrote to memory of 3488	1360	chrome.exe	74
PID 1360 wrote to memory of 3488	1360	chrome.exe	74
PID 1360 wrote to memory of 3488	1360	chrome.exe	74
PID 1360 wrote to memory of 3488	1360	chrome.exe	74
PID 1360 wrote to memory of 3488	1360	chrome.exe	74
PID 1360 wrote to memory of 3488	1360	chrome.exe	74
PID 1360 wrote to memory of 3488	1360	chrome.exe	74
PID 1360 wrote to memory of 3488	1360	chrome.exe	74
PID 1360 wrote to memory of 3488	1360	chrome.exe	74
PID 1360 wrote to memory of 3488	1360	chrome.exe	74

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\idk.png
1⤵
PID:4056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc76c99758,0x7ffc76c99768,0x7ffc76c99778
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=1848,i,16636047246743844432,16742290522563918717,131072 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1848,i,16636047246743844432,16742290522563918717,131072 /prefetch:2
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2036 --field-trial-handle=1848,i,16636047246743844432,16742290522563918717,131072 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1848,i,16636047246743844432,16742290522563918717,131072 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1848,i,16636047246743844432,16742290522563918717,131072 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4436 --field-trial-handle=1848,i,16636047246743844432,16742290522563918717,131072 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4548 --field-trial-handle=1848,i,16636047246743844432,16742290522563918717,131072 /prefetch:8
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1848,i,16636047246743844432,16742290522563918717,131072 /prefetch:8
  2⤵
  PID:460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4728 --field-trial-handle=1848,i,16636047246743844432,16742290522563918717,131072 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1848,i,16636047246743844432,16742290522563918717,131072 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1848,i,16636047246743844432,16742290522563918717,131072 /prefetch:8
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5084 --field-trial-handle=1848,i,16636047246743844432,16742290522563918717,131072 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2960 --field-trial-handle=1848,i,16636047246743844432,16742290522563918717,131072 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3124 --field-trial-handle=1848,i,16636047246743844432,16742290522563918717,131072 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3040 --field-trial-handle=1848,i,16636047246743844432,16742290522563918717,131072 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5392 --field-trial-handle=1848,i,16636047246743844432,16742290522563918717,131072 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 --field-trial-handle=1848,i,16636047246743844432,16742290522563918717,131072 /prefetch:8
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4264 --field-trial-handle=1848,i,16636047246743844432,16742290522563918717,131072 /prefetch:8
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4364 --field-trial-handle=1848,i,16636047246743844432,16742290522563918717,131072 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1116 --field-trial-handle=1848,i,16636047246743844432,16742290522563918717,131072 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=1848,i,16636047246743844432,16742290522563918717,131072 /prefetch:8
  2⤵
  PID:4308

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4076

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x328
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:224

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
37KB

MD5
519005befdbc6eedc73862996b59a9f7

SHA1
e9bad4dc75c55f583747dbc4abd80a95d5796528

SHA256
603abe3532b1cc1eb1c3da44f3679804dd463d07d4430d55c630aba986b17c44

SHA512
b210b12a78c6134d66b14f46f924ebc95328c10f92bfed22a361b2554eca21ee7892f7d9718ae7415074d753026682903beba2bd40b35a4eeb60bf186dcdf589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
47KB

MD5
70388d1d15f80f0ddbe58dd2a9095949

SHA1
1f6a1d916905e2dd0347b22085cc1da0fb646a5e

SHA256
395c789048e6fbf5c98ba7562a8b8265885ddd0eec339de55173ab83d3aee618

SHA512
8bdbd091852af9cbca6f9e1c69727a067361c2718cf575f7c543e88bef92da71979ff073d8071386ecfc6be3d7d5ad53253da7f5a830fdeff5ecf6a2b6f43843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8de58645acce9882615bc0a3775d1413

SHA1
b8986d44633f93105991dfe6953bede5736e5a2a

SHA256
b6c61c417c686b551b7be818aba9dd43bbc4422a24a72748d2c5623b5094d637

SHA512
3a5576e2c0ea792ec3c85b88f149c734b9149f8e2952914bb68bb8297da9eb81c05e4d3ff124673a66c346be51f6a36479acf751fdec17792524cbaf4d2b932a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
efea75e1989de090d800580f06f4be68

SHA1
afcd0fba4f326a1595ed18ab4afdd827cfd96201

SHA256
67eda3e4f19a62fa6c9f7e350a87f8ec3a866c70a7d417e31672a114a23a7014

SHA512
9f94f350577630c749baac8ae6cf02b2391e99c5bf28d01717b9e10ba8c68acf34a4e6620b464ea060e8f1f2c62341a2a5f6c4cf73f4c2cb8c685fd7ec6184c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
0c40b5f953d2e8850ae20ffd63ae2ea4

SHA1
3371d2a443acb1da7673f3a84a0f4b019e7eda88

SHA256
678bb72057ad536aae66c377ad01c8a6defdb92459ea8351ba6812112c2f905b

SHA512
f77894b48a53936fe2604f5587e52ecbcc130eb09e6d1362c7a94832952e5484d62c47c100ee2a30f6eab46f2cdcbf6342ba805b7d23b28a87f98b8d4d010026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
f70a0479faa605bd27431e22f4617b33

SHA1
94509931b320920ce1d3513c4962f5d347c6949f

SHA256
55d1268207b3e20a91bd55c9dddf153d3ac6bb1a4fb06826c301452149a7f463

SHA512
194d4bb78ae248efbe536a19efd2c4f928b0f21b290f66d6b3754650cc1eee3eb1322ecc631c20bf3e4963c4bd34bc85088ed1d2ca6c55874e6ba9022822f2e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
875B

MD5
5f7cd6a77151cb03516a53170e4b1eab

SHA1
71a83111c0d438bb317b54924fd571c765055493

SHA256
4989cf027dfb9d020ab0cccd5e42e6050a686538bc2c7acd5e6fc74500c08e0f

SHA512
56193239908b216eaf1eb787994fa937c6f17ec79531922ada3463de1e2becf4471feb3b37e848f9a1864aa230724ac7884a6d39e2cd554e3013a517f80ecb95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dadac1e395327b788fe535fba2686603

SHA1
8a7ded72e2a5f2474b12c6b4175f1452febbdd9e

SHA256
233b25231e6631094d262e46433853414b60b4586a2a13fbb570292db16a79cd

SHA512
28cadbc80e04106151e3ad88f0639e18b9d92ce7d696a6655e6d77f01c75ffa1a94764304e5c203ede17c2d81765b27230899020ce8c1103067e4d1733898141

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4d89d759d0e6404ced51c04d1f312e51

SHA1
d6a6ea56911e805f496305e35b6e8c7e7646eb01

SHA256
830f148738e426ababf786d78a69cb89909f23f57a4a00c35c6a9040a56b9958

SHA512
004ada28a8248d200bef0947b87344915e81d973faaaee067ce0a2d1939b823e4790e84271a6df5043ff05d1df83a9fdc181483553030e67ebf27f56d2cd31ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e3cec550c4ff6791fd6d76c20596cb9e

SHA1
6e54afe28dbdd1f2bdc6a3863ad238097302667c

SHA256
aa0cbb21ec1b9624cbf16c5effcdcfb2cb467273a9f2378beea3bcba439e665d

SHA512
d1ea983398a75c6d756610eec24456c796ab32cf6a315071e84c05d12622afb98c27cb95864d520c8f340a7c1cc8d762b9efa586c105162b2aabb7e4a4a2b550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c71c39d7a777df045248ac9e42e9192c

SHA1
c2594e84d5e1ce61007fee619c87fe3be2aa82dd

SHA256
daf28dd464d7cf9d979e799c5208474f4a0d6a8e4d561e9fe60468dae5e8adf6

SHA512
00edaaed36f05eadc96c25bb1f91aac40ef2c54630cb3100bdc4e68c7ff237771331920b362b189c6ec5cd850b72daf73ab2073bd72ba1819e9291f7ae5fb529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d48dbf4d-dc8d-42e5-83fb-df75f13e4790\cddb2e2bea1a9f8f_0

Filesize
2KB

MD5
43f4fd5c78e4b285a6038e27cab7da16

SHA1
1d17a4957d504dfc18160f24c20ab9beccca8abc

SHA256
8ab29cdf67623fa5ef79e6ba3f686a5493514f26ba8aa1924aec3e45d9ccff15

SHA512
ea159a305771fc0ea1494798b5c5dd79c1675e7e4eb460a4749d423a3ca077b92dc119b99bc4f1f230d6ee19124120f1b69e1d94b0f869c64bed2a3547b6fb36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d48dbf4d-dc8d-42e5-83fb-df75f13e4790\index-dir\the-real-index

Filesize
624B

MD5
d6bc2fdd4039d129509d472f3439c441

SHA1
efe3acf97abd6fb3895c7fe35d68c622fcd629c7

SHA256
f84b7a56eba7d33558380cc1090df1afe8ed168e740e5ca57812bb721b5831ff

SHA512
f6e22ed2f0f403492b00f0861b4a3a740a2dcb2c4d6cdfbd6c10e5b351f8b225f6d6809f1c77e931687f2cfc107fb5cdb058c4b4414afb8850f081b7bb5180da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d48dbf4d-dc8d-42e5-83fb-df75f13e4790\index-dir\the-real-index~RFe578702.TMP

Filesize
48B

MD5
d8b0c30217bdcd08e601cfcd1344dcbc

SHA1
a4d2df79fbfbb312b494eb18ce8d7bd9b31e932e

SHA256
4d2303fd1063aa91813f7eae4c12aa0e21d51cf4bca592b2b2d243455912cd05

SHA512
8585b0a9f6a1b153027551f648e75cff190b81a48c35dcd34a2c66e410adba81d04a81e998a014a697bf23e5db75a083ec6b97f619cdb91178ac6b4dac78a32d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
129B

MD5
f0ccf58efb75715cf4fc2ab793d4dee6

SHA1
f62baf06af2868e2cfc084ac1ee8714ca1a3a596

SHA256
636eb874429709b4ced7164087f4b442597cdcf51df4fabd565984ca0d0bb8b1

SHA512
304f10f540b7a245fcc386ca1ff00bcc05a7d9f1ceee37fde1756814339d29febb67f8bc430fe23f747dc1d93a78ee3f45f0e32f62ddaf5159e9196e9745d5de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
125B

MD5
3996f54d9e08907341b1af698d83db86

SHA1
03485ad30c81bfd0a6761e77a5e5782b4c2da913

SHA256
5ba20adc4eb6b1ef98bcd027e6444ff9daf993fe0de022e0326d7f40a57ee220

SHA512
bc820edcee9858a7e4dc43bd748c27a3df312845bddc09877408a02cd4dee2d32b46dea6d2940c82d65889edaa94fa55baa669daed5b1940fbf9600e2f231fac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe572839.TMP

Filesize
120B

MD5
0232c473e3b4209c52e3eac80f4e6379

SHA1
d6da0e6c01c5fc88db481730654d03442aa13be9

SHA256
a93f22c084be52775884f33294e28dec0c047ce37377f2b0d70d76bdffa4235c

SHA512
650d645b6c616030732959f3bc5459f2e603facde45d6657af59b6f424fb82e754801ef45f90e090b065f982d27fcdb34eb99f2c7c87fcde6e1b4f167301270a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
91adc252a62085d5c4d44cc33d5ddb42

SHA1
cfa88a4a464669a864a385a872fa8d1d638eaaac

SHA256
7859dd0d8363c8ef4e2dbf7bff13574c41dd7c05916116ad50a20de990cab951

SHA512
be5d9e49d51b5039f7ddcccb8f3d1f7be3e02e5a84851b798bebf9591e7f379aefe5e5259d28e170f58b8ee785562dd66ab89d0d5012892d7dab47fe2c16c17a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe577d9c.TMP

Filesize
48B

MD5
263b8108eb3e8e55627c74a3333249e1

SHA1
4cbddb79f40ac2f6825cf44281033cc48940ffaf

SHA256
af8ce1fa71ac45816fe2baa05b7e483d5b1188cbe0dab310fa569043b107768d

SHA512
8bfd6c5faf5e088cc8ff3afee815a48d89153692c373a21433b7f34302a73618a7cc7fed8cbfda959fa75ff115325bd30a445b1778f9503e0dbbb75cd5fdae7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1360_1848952023\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
6a40fc287cdb5d21b2003a124c70d3ae

SHA1
be80fe4cd07e7cc892a0aafc4c4c6c6a34e6310f

SHA256
c704e0b99bb9ecbf2c710ff1776f0ecde3a9f213401af1d66c277bf5798e3d2c

SHA512
0cbd9733b289d351c0e51a16d65363f71de6eb62e3e17152627dc106e39403e64e0b31bc6cea10fd0118ed7aa521d2aed09dca13be97cf109032c33a43a2e565

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
284a1e3995b483c30164d9c08531d67b

SHA1
3e1ea526f5a1c006feb32a3ff3b4d2fa064aa3d4

SHA256
13950de8ceeb2ef0e94c89aa9089570658cd6775049b0f8554438d1691f06a4d

SHA512
b25f32bb74bdc9db7309675875291672da09e56700b96b20558f751cfb86dca088b252babdc2590c0ab2f388deed07bffacf377507a35c3255b6bef7a1559abd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
35bf65b544a1beb597181339338cbea1

SHA1
3d77fdc181a4735919891af8c0d0114cdadcda82

SHA256
1c8a9622dddd937560a38dae49996903133807ad4bb9a61d04ccf60fb6056b9d

SHA512
1a772fce1959c8914d4f79568ae453d2627c566ae2e17e2d691400172fe377d41c61e6dfd7172e003955241ad5ff059fd8e43f049539686587dd34f043588fb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
b429b2dc24994915332d8ab35d4b7e96

SHA1
99c1a6319d41bf68200a242fe3bbcc72281d0102

SHA256
5d96e6568f971a43a9c35e65ffa2ee4aec3ed4424b2a9fdb6c1a9c3a0655cccb

SHA512
bd5d2f1a2f06a5b48d7338cae1355b3196534e134c8916c91c533cba1521e5b3e0aaebdc52bd39d9dc6560994faaad0aa2aaa4bc8c0e0eabf988c59be63a5f10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57fd0d.TMP

Filesize
93KB

MD5
cf95c49eb183281dec8c11c2a9ada612

SHA1
c1bd95d99c4db74914e293bbbdbbf8387a388d2b

SHA256
75d84327de92ffa92d2332da4e3a6cfe0ea2f9c0ac731376c712b8654332094a

SHA512
c03b94a1fa1f854eb74bd9ae2d22c97209d8bff3f7d8c89a755496d284c5a7cced68eebeda2584b4597a4aa851d9722a335ecfb425b81d3d98f39e1141dc751d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit