fb69b67e9eb3fc7ab254d6f93220c5571024b1487f3aafd96d38766bce260410

Analysis

max time kernel
108s
max time network
217s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
27/05/2023, 00:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

676KB
MD5

f65f50769530af4f9fea9bcd803c5e96
SHA1

dd032e739af55ad86f4a5f907842a619d4ee9a3d
SHA256

fb69b67e9eb3fc7ab254d6f93220c5571024b1487f3aafd96d38766bce260410
SHA512

321c2b9289236231ba53d1eca796d5734e758344bffd66a3e75db0ed63d67525648fd177c07f8d432339c7c253049ed016b738507ea854cb96b5348bdb82996f
SSDEEP

3072:NpUXUSSFgKYaSobcrnBrKcknWCDR+Cnz5a2bNsxb53lby4:IESSFgKYaSobcr0c0fDRzcb5Vbt

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1324	chrome.exe
1324	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: 33	2332	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2332	AUDIODG.EXE
Token: 33	2332	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2332	AUDIODG.EXE
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 1484	1324	chrome.exe	28
PID 1324 wrote to memory of 1484	1324	chrome.exe	28
PID 1324 wrote to memory of 1484	1324	chrome.exe	28
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 1152	1324	chrome.exe	30
PID 1324 wrote to memory of 948	1324	chrome.exe	31
PID 1324 wrote to memory of 948	1324	chrome.exe	31
PID 1324 wrote to memory of 948	1324	chrome.exe	31
PID 1324 wrote to memory of 108	1324	chrome.exe	32
PID 1324 wrote to memory of 108	1324	chrome.exe	32
PID 1324 wrote to memory of 108	1324	chrome.exe	32
PID 1324 wrote to memory of 108	1324	chrome.exe	32
PID 1324 wrote to memory of 108	1324	chrome.exe	32
PID 1324 wrote to memory of 108	1324	chrome.exe	32
PID 1324 wrote to memory of 108	1324	chrome.exe	32
PID 1324 wrote to memory of 108	1324	chrome.exe	32
PID 1324 wrote to memory of 108	1324	chrome.exe	32
PID 1324 wrote to memory of 108	1324	chrome.exe	32
PID 1324 wrote to memory of 108	1324	chrome.exe	32
PID 1324 wrote to memory of 108	1324	chrome.exe	32
PID 1324 wrote to memory of 108	1324	chrome.exe	32
PID 1324 wrote to memory of 108	1324	chrome.exe	32
PID 1324 wrote to memory of 108	1324	chrome.exe	32
PID 1324 wrote to memory of 108	1324	chrome.exe	32
PID 1324 wrote to memory of 108	1324	chrome.exe	32
PID 1324 wrote to memory of 108	1324	chrome.exe	32
PID 1324 wrote to memory of 108	1324	chrome.exe	32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef68f9758,0x7fef68f9768,0x7fef68f9778
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1320,i,12027913809493938356,16077807150863271591,131072 /prefetch:2
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1400 --field-trial-handle=1320,i,12027913809493938356,16077807150863271591,131072 /prefetch:8
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1320,i,12027913809493938356,16077807150863271591,131072 /prefetch:8
  2⤵
  PID:108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2172 --field-trial-handle=1320,i,12027913809493938356,16077807150863271591,131072 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2164 --field-trial-handle=1320,i,12027913809493938356,16077807150863271591,131072 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1348 --field-trial-handle=1320,i,12027913809493938356,16077807150863271591,131072 /prefetch:2
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1428 --field-trial-handle=1320,i,12027913809493938356,16077807150863271591,131072 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3804 --field-trial-handle=1320,i,12027913809493938356,16077807150863271591,131072 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2212 --field-trial-handle=1320,i,12027913809493938356,16077807150863271591,131072 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2612 --field-trial-handle=1320,i,12027913809493938356,16077807150863271591,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4004 --field-trial-handle=1320,i,12027913809493938356,16077807150863271591,131072 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4196 --field-trial-handle=1320,i,12027913809493938356,16077807150863271591,131072 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3816 --field-trial-handle=1320,i,12027913809493938356,16077807150863271591,131072 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5112 --field-trial-handle=1320,i,12027913809493938356,16077807150863271591,131072 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4208 --field-trial-handle=1320,i,12027913809493938356,16077807150863271591,131072 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3976 --field-trial-handle=1320,i,12027913809493938356,16077807150863271591,131072 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5208 --field-trial-handle=1320,i,12027913809493938356,16077807150863271591,131072 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5408 --field-trial-handle=1320,i,12027913809493938356,16077807150863271591,131072 /prefetch:1
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1392 --field-trial-handle=1320,i,12027913809493938356,16077807150863271591,131072 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1120 --field-trial-handle=1320,i,12027913809493938356,16077807150863271591,131072 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6412 --field-trial-handle=1320,i,12027913809493938356,16077807150863271591,131072 /prefetch:8
  2⤵
  PID:1656

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1176

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x490
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2332

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-10-1.bdic

Filesize
441KB

MD5
4604e676a0a7d18770853919e24ec465

SHA1
415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

SHA256
a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

SHA512
3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
b5fcc55cffd66f38d548e8b63206c5e6

SHA1
79db08ababfa33a4f644fa8fe337195b5aba44c7

SHA256
7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

SHA512
aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a30ab06e1b855e5daea5c7161b41a13c

SHA1
f74e7d20d2561d5d6b3074c3cb24931ebe949707

SHA256
61cd6d12431e15c62f90f9cc079cde719e567ec7ce206c38acfcfef79499c8ca

SHA512
163869468a1d5a123d350cea96661234c9bcc6c55097d1d34ab4a0c6c34ed338f4f2885cbffc6584efd423b8f0a64d38c580c9ea14d8fad31558e846079776a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ddab63640ddb1ba52f5747ccbb2f411b

SHA1
1c5db985461f0d9870372012b89caecc19342c1b

SHA256
7045177f49ca1e8143f74a5366432b71c8b64329f534ed847fe0c9011a6a9270

SHA512
25cf91fcbf414fa97ee6b9e68f5fe7cc907761f3394f8e05260fc8b09157eed67e2d30ca068f5ec8e4b9e125eb59904b425c1329e0fa421b555c24594eb30107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
20KB

MD5
ca987246bb2377213c1683be092c02f9

SHA1
26a564f6f3ee47c3ae809fe14042c86365bae691

SHA256
ffd96152550b7b20d96e34794f1a7fc32264f3e71a2939d55dfeacc805ae5b7c

SHA512
aaca6700c7144364194e8137f817b62dd41edb0e53cb2661dfee99c8d1c202b4e2200f057f821d6b309474854738beeb915f3f5b8e9c405ec59ca2cf18fbbec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
60KB

MD5
7b039a0fc6d10a67d3a100df58ccbfa9

SHA1
6d0afb2a7329ba0928e8a9ef42438b453aa5afd8

SHA256
0417622e8fe1fe3a6e23ec87b2eb2a16de4939a417a6808f6ddeae7f8b92ee9c

SHA512
e462f3eb10ff85e18f7fd04b38839df137db27d7263f961f02ee47596f63ad6c875ec0504b23f0b18a78a7d4a449fa53bce26ebbad93479edcb84652e08a9ba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
46KB

MD5
f5f2ea695392dee038dd52349380395e

SHA1
70dae35206390628c0c8493c9d467567f84c13d5

SHA256
49666bf71b4dce21a1b881f53b7b2c9f05ab6536d261b29ba26e340663a7216a

SHA512
96e6c2ace5f142856e0a0e25d52869a719dd5c00779ef58c921f7283dfa12e016a9b182018576270ae2cd12058672b8786a1521e46e0b7b24c36436289b8b88f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
20KB

MD5
39307e27138b106e53f1a4af27d63094

SHA1
9c2fbfb3f19bf72a282a101d1c802c287dbb5fab

SHA256
07c09b206faa8934e6b12c518a4f834d8bd5b2bbe92a07a4f169173ab620b464

SHA512
8e48c468cceab8dfb296c62c2fcf4e82adde92fc06e3b14418a4cc08dea5712aaa7f61eb5421b9d5fbc0803b1b8f2b05a344a2e3db7831212af9e2579972bc52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
29KB

MD5
133ffc43d494e552e4fe44f929cf9e15

SHA1
01fd357d7e44a71f68bd84aefa792e232c6202e8

SHA256
e8a8a03031243a5079ebf0c6c2290e960005c63c677264621fb0c2cee992550e

SHA512
20e62007e1747bdec66ca15ea3c34c8bd92b5545c7e41dfde53313b52b021295b805eae519a48e3a9c97b5b2bf5c0db3fe2f6bd045ebb1eed4e5ebb610d721c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
31KB

MD5
7f8a4f124f314e0f1a6d26a2ad2606f9

SHA1
b10bfb19db2d40eb4ac17735c385493e7dd04c48

SHA256
7bb5dd5ba2a9a34556880c1a064625644803bc44e86914e0185ba6004e917676

SHA512
217479bdba2eff0c329faba1f3c90cb287a716d50c1270617231efd40fc554ff9867875582222dbe0120d0f0325730fa4e43ba76683faea1cb8868e10e0f13f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
25KB

MD5
b0edb3e481ea927630c2b57430c860c6

SHA1
8fec1e6cf67df398e4f10cca842b0676ae269068

SHA256
a36a479f1cdfa9d9e52d3c3930d9c42e3e99ed2fede8fec6bad49cf854b5a354

SHA512
e9dcdad341253e2c72830eeb207f608061dddd228c2c66d1c4c7145f34fd2fd319168a72ac62a78c4e18856872fbab809c3f1ca51d7f1ad2c464065d572b0575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
17KB

MD5
62a707260fc6c8d9cee535fbd161fe05

SHA1
2d21e1d7800ae2ab8b0bc00ee538383c799fb16d

SHA256
10522ea2b9e5d5a60b3e0a210ef64580d5e8b3d5e4a19376d01698d5cf214f41

SHA512
acfb5de939bbab077c78c43bf5ff64f1ad5cf9d06eb30838f7d606c97b10253c82de3dbc6bccfdc91823e1a6b4b82ef84b8827135715553d4c6e95500c48f2c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
21KB

MD5
779f5b3fb444f553cef3cc685ce715eb

SHA1
4850022bbefdc70af75cd7d8553062689f89e5e9

SHA256
05cd2a10e8fcaa484a6763e1415b41c93b0b1644f31422e774cd7eb0dceb1f01

SHA512
ea229d09310fb3ffafc03827c630687d3f0666971c30b8fe3cf4cf91f60b900af91f6183b220644c82763b0004361ac1965e90f4f2155ee078f19e692c18ffc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
67KB

MD5
30d68c2089416d2cc695ef1dd123cb78

SHA1
3aef74eddbb0374fe8ec987a338ef35854de480b

SHA256
6c1f9a76598d651690e66acd8158c338051ca7f27ac7b499febf5c5c62b45b26

SHA512
7c7925d4723a0388c0fcf5055c4d54e9686bb926216e3d2009bfb4721cf1212cfcba8420212915ddf8680c0b470f92b6d538ef743d5b7b2f7e30185c790f7b49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

Filesize
18KB

MD5
5fc069829a6b0f3d8966ff7986275373

SHA1
77dfcfce56d7f5d47d3eca6e722ee22c39a174d8

SHA256
778e262725b58eef27338eb08b73e60447d14c742bc5eb3dd421220521422488

SHA512
eb139a8e6ceb81d9ea84fda2b3d891045705ae1d57806eea99903fa46f8207df4fe795f79a31b3faf81701095f5fb2d02913cdb8086a2af47aea6648484c6d0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059

Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
69570437e75c00f30d0e4c303af260fe

SHA1
d5ea0e25d3c83e6226d3e84d2b14a35ea41f6e3b

SHA256
c7742449e189206ebc9365c43a9d4e5f26b738ec79011b6e71f70ad80d82f0f1

SHA512
9939b76bcb1d5c90a589e89d87b6b606d89503f8400a40ac52e2c6e9ea039ba8cb81b925aeabda315ea9bc09c2c256c4cf0319ca8181db9dbcecf25142eb31a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c2e2e46c598d732d089dc916b0d778d4

SHA1
601d53b30a86b580a0d62c5bb7b1e8dbb2b253e1

SHA256
83be2516e8fcba9311f10e39519ece53724bfe9d40d0ce3ef168745352272e7e

SHA512
91c29d544103b73560b38e072caf55c4ace5cf8d4d1640f76a245de28f341f39cca622e68268f65ac974ae4a476f33a297e0d1b209dcc7883e89b3177cd8b5e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
275acb6fdad37cabfb3bf7f9d08ed911

SHA1
1d8b96d646900276686df66969151367067a6515

SHA256
c3155f3e92b2b73e71f651dbb4f2fa4ab4bbc45a6d3df94d69da906c35c03047

SHA512
9d4c944a090d0a64d235fbd4524e25ff32d2725ceb1679677ba854126e43ff0eea1e1ceabba3b8a03d31c98ac1087209116772b16cec5fd3615ab2f8e5180b80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
db36df4a1a506516673f4a635d9503a8

SHA1
6947aaa23c7ec855b6c10f417c27d94ed82e345e

SHA256
e16dfee88d17db559a51ba24e71d8d83eae6d4497a085adb360920fc4696637e

SHA512
4fbdff1a47f2814c7bce5e8a7ea73b825d1928f9a500d5036d85487e947b81d906bddd06015d5757a4669e2a9acb0c38a866767914afb84642c5418b6bf9c34f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
88e759293d1a6981474b31df82321586

SHA1
e3de4c9f14fb69c4bf3c976f5e21cf098f5eb405

SHA256
ced0feadc76eb3a46898d63891d6b2352756deaa587976d7c3b77521811d6682

SHA512
46472570b8c84fd3df4b676597564d68ba2e32074a83f09d882e0485bb60345a8f334d5915b8e560c6cdee6f8b6dca80ab7f549ea969770c0d3aa4de33294759

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
da55c26dc4c7956f38bfb124e6dfc394

SHA1
9ef9ea9bec657b43a4524286490c034da9242c09

SHA256
f1db93e9a002cc7564f237f48500a9b96445fb3fea35539e6595791ddc2b9959

SHA512
e9a9edd1fef1bad9c9f6ccd0e7058938f465d97004c2b16af81c4e3c5a73c06eecd46d740935bf8cd3adee4d7b0dc818f7ff8dd0be324ef0d32c6400a90576ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9b8ce7a027f7aed10a71d2631fc4e722

SHA1
c1ebecf40531f057f6f06c2e41628eba2eac0b44

SHA256
4404f4b509d2a852a510e79e205c729fa866b2f32a23f8ba73c32b5ab21c53e2

SHA512
11a2c1be8295e5bb1be85eb590085f27b6dd6b9ef90abe0cccc0ff4a76761a6f7b42b20ea02464a4e79944459b2b92c7014d638927f94b28b307935cc7ca9af4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5520aa1e7931e8e84715fa484f35bd2b

SHA1
ade43b90f1faa18da4e4c0380a4811cf9f8d26fc

SHA256
6654adac1b1c5e87b645efb2ce651d1afb7ce6cc830980ab463887b88ae8e1b4

SHA512
c73cfcd96366afe6e9d003e98a22e714ec7a084569bb3a0c00efa7c0eef4d5f47520b2cd88f881b7f6c26070a6934a1aa61fb3202b6f89bc31c5a93c43ee6c62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
0355bc0d830c65dbd397bb0b2e022511

SHA1
6daeb0adbfc0cc783feff7cccba24d93fe8708e6

SHA256
3c2097fed052825a997bce99b4dd8a451a5732e34acb505f9d4da85dbfc30063

SHA512
71286daa6be79d5707b3d69b3fe6b54c830bde0278c3faa4b32965a77d2a56af15438e6f7b4e54a820ec412cd12d6b5da88b64551d8a1debc530f0bb45637627

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
52ce93d9d313762de09e70ccd4beae74

SHA1
8ba8c094ebad1b56445ccb51ad7032bb4f4fc424

SHA256
15bbcbacd5420ba5bad88ce55e1a69663d70286c571f0323bd36a249dc131f38

SHA512
8bc35c2e4de0bb2902c27fc639c51242d5c43a4a8da31b4af4fcbf87eff6c95c2a8fc854cec36e9d2cda03a16d43578205425d5b38e912f2a38271c967106d1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
28d5aed6b06491617f549ced245793d2

SHA1
38bb8755f4f62a30768bee208a7003ef33f2f5d1

SHA256
15a2953fa7629a66d5e992e8cf2c361047ec133edce191c9c471329ed9839d18

SHA512
6ee389a727bbd8102b12011ee8a09a67d7e0f03af6f0b6a6443ab15abe88401b5d1a694231308331270252d2418a5bafc91532bbb8c73e077db19df9beba521f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RF6c4bef.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
e6ca25b8dbd47df3f6f2981b7d650fba

SHA1
e6c0991e625deeeddd438be1356013b792ea10e0

SHA256
1516a6a1c44f9a85ba277f8d1e2e5b900d1a2b0053af83fb78ba10d8483678b4

SHA512
b219aa6bf6377f600b6897e8b4c8952dbdbd46ccce9af6c7c5bbb8c3ee9baf087e88646f9839f02716043ad9e4511fc0f1618a7fa84c5dc6701a153c2ea9e2ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
535fd58c868db0a768ed2a3df8f2f6b7

SHA1
083df119a1a11495c9a1273b7aa1dd41ee46cfc5

SHA256
fb6869e795664958f3991cd3c2841053e475037ae753d81fde0393b3849ae147

SHA512
68ea9f249afce8f5f7d3b65e58b31cb4184746e77d04e5ec867959436aade965c213257931011cee8e872246a3f7afec10c34f4de917324d43da3e272c77fc7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
93d133b779b72cdf7a2b78d41f528f0c

SHA1
6a536c81d015a0110e002bfc1b457e34a6d1cba4

SHA256
78fadbcf6052371a79efbd142621636d7567f6ae060e10612c2e7e9aeb93f9e9

SHA512
4c9a627059603570da2fb9fcdd8fc5120aebf20b20e78bec28668e15576840e4cad2dc9462e6822510d4eab6f9b8e7228eac9877817684b20c06093ca1e7edf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c18ae289-89ed-4044-90c8-fe840721b9e2.tmp

Filesize
153KB

MD5
377b466a6f40b293f894e035079db983

SHA1
4b6ba41a882f8e23ba105d8601ccd9a44e68d4d2

SHA256
c6373a1103a50575dee86d0e55b84eb2b786d6f74dc09eb701c7a8f3613bd255

SHA512
04bd43b3a446d06122c881e35c58e41e0a01fa6051b7b8df3aae52ecd4c59fb6fb4a63128069f60cc119951424c4dbe9627fd3a43a2e4eb88eb11a64dffd51a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4201.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar442C.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit