hxxps://www[.]youtube[.]com/redirect?event=comments&redir_token=QUFFLUhqbHpOSEVvRnNYRlV5Znk1ODBOYUZuYi1HR18tUXxBQ3Jtc0tubUFCc1ZnNG1tTVZEbGRkOU90TmMwbnM1WDVzNHpMOUhJYkMtLVJpWUViOXZJR3NyLUJKdHhYbmtMcjdIZFhObUVtOTNkUmxhYS1UeFFqNTFwNnRKdWJJcnp0eThEdWw1Q3Fhemxfb0VIY016LV9kVQ&q=https%3A%2F%2Fbattlylauncher[.]com%2F&stzid=UgyDJPpM-_cAaxx20s14AaABAg

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2023 00:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbHpOSEVvRnNYRlV5Znk1ODBOYUZuYi1HR18tUXxBQ3Jtc0tubUFCc1ZnNG1tTVZEbGRkOU90TmMwbnM1WDVzNHpMOUhJYkMtLVJpWUViOXZJR3NyLUJKdHhYbmtMcjdIZFhObUVtOTNkUmxhYS1UeFFqNTFwNnRKdWJJcnp0eThEdWw1Q3Fhemxfb0VIY016LV9kVQ&q=https%3A%2F%2Fbattlylauncher.com%2F&stzid=UgyDJPpM-_cAaxx20s14AaABAg

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 8 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{DB5F41C9-0C25-4E4E-892F-4213D67F2E7C}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{E27C2C26-13DF-47F9-9413-B7644DB122B3}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{51CCA047-FA21-438E-A4B8-BF909864004A}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{2A7CAEB2-CEEC-4ABF-A292-B2999E403F76}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{FC539297-3622-4133-974C-1894F832F0D9}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{B21B17FD-5E39-484F-B1D3-2088016E5410}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{DEB6D780-C0DC-4E1C-99A7-41869E5AC191}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{67C5E757-5E71-4677-98FE-B4C4C4AA4394}.catalogItem	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133326453452994995"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3259792829-1422303781-2047321929-1000\{41D5582C-6001-4BB6-A7D5-1476811BA9FA}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
5820	chrome.exe
5820	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: 33	3268	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3268	AUDIODG.EXE
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 4404	4908	chrome.exe	82
PID 4908 wrote to memory of 4404	4908	chrome.exe	82
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 644	4908	chrome.exe	83
PID 4908 wrote to memory of 1356	4908	chrome.exe	84
PID 4908 wrote to memory of 1356	4908	chrome.exe	84
PID 4908 wrote to memory of 1152	4908	chrome.exe	85
PID 4908 wrote to memory of 1152	4908	chrome.exe	85
PID 4908 wrote to memory of 1152	4908	chrome.exe	85
PID 4908 wrote to memory of 1152	4908	chrome.exe	85
PID 4908 wrote to memory of 1152	4908	chrome.exe	85
PID 4908 wrote to memory of 1152	4908	chrome.exe	85
PID 4908 wrote to memory of 1152	4908	chrome.exe	85
PID 4908 wrote to memory of 1152	4908	chrome.exe	85
PID 4908 wrote to memory of 1152	4908	chrome.exe	85
PID 4908 wrote to memory of 1152	4908	chrome.exe	85
PID 4908 wrote to memory of 1152	4908	chrome.exe	85
PID 4908 wrote to memory of 1152	4908	chrome.exe	85
PID 4908 wrote to memory of 1152	4908	chrome.exe	85
PID 4908 wrote to memory of 1152	4908	chrome.exe	85
PID 4908 wrote to memory of 1152	4908	chrome.exe	85
PID 4908 wrote to memory of 1152	4908	chrome.exe	85
PID 4908 wrote to memory of 1152	4908	chrome.exe	85
PID 4908 wrote to memory of 1152	4908	chrome.exe	85
PID 4908 wrote to memory of 1152	4908	chrome.exe	85
PID 4908 wrote to memory of 1152	4908	chrome.exe	85
PID 4908 wrote to memory of 1152	4908	chrome.exe	85
PID 4908 wrote to memory of 1152	4908	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbHpOSEVvRnNYRlV5Znk1ODBOYUZuYi1HR18tUXxBQ3Jtc0tubUFCc1ZnNG1tTVZEbGRkOU90TmMwbnM1WDVzNHpMOUhJYkMtLVJpWUViOXZJR3NyLUJKdHhYbmtMcjdIZFhObUVtOTNkUmxhYS1UeFFqNTFwNnRKdWJJcnp0eThEdWw1Q3Fhemxfb0VIY016LV9kVQ&q=https%3A%2F%2Fbattlylauncher.com%2F&stzid=UgyDJPpM-_cAaxx20s14AaABAg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb25099758,0x7ffb25099768,0x7ffb25099778
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1852,i,4579830709325266966,14048777085123486312,131072 /prefetch:2
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1852,i,4579830709325266966,14048777085123486312,131072 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1852,i,4579830709325266966,14048777085123486312,131072 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3192 --field-trial-handle=1852,i,4579830709325266966,14048777085123486312,131072 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1852,i,4579830709325266966,14048777085123486312,131072 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1852,i,4579830709325266966,14048777085123486312,131072 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1852,i,4579830709325266966,14048777085123486312,131072 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1852,i,4579830709325266966,14048777085123486312,131072 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4840 --field-trial-handle=1852,i,4579830709325266966,14048777085123486312,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4904 --field-trial-handle=1852,i,4579830709325266966,14048777085123486312,131072 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5252 --field-trial-handle=1852,i,4579830709325266966,14048777085123486312,131072 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1852,i,4579830709325266966,14048777085123486312,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5352 --field-trial-handle=1852,i,4579830709325266966,14048777085123486312,131072 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=1852,i,4579830709325266966,14048777085123486312,131072 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2816 --field-trial-handle=1852,i,4579830709325266966,14048777085123486312,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5820

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2840

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3ac 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3268

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:2708

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
36405e66b5aa452f392ff1ad7060e2e1

SHA1
6acbf578867f3fa9a7d7bc6ed16cb59e4dd742b7

SHA256
edf4381ed4558d922fe82ae3e0895960ebb413ef4d58b0e1b6c697515e5fd11d

SHA512
edcae71bb2e365b6f000f9f1918e89dc406e145e632b7e5ac781effaf87de001ff61028e59bb143b84f31e65141b21ea8177205a2b76ff1b314cec6af3f97043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
9b8ee4b80d2424f29b86a000c7ee4c8a

SHA1
1705e51acbba16dc73aefa06348881fa7b311f72

SHA256
33ca99c57c4cf6e25f82ed73de963a8a3248d2d8db820aa0ce7990fee41bcabb

SHA512
9b4173ae6844e7eee71f8757eeec8940c1990df8a699e6f0523dd2a645612a9d42cd1624af3876247cc6e9991af62ae6612aa0f6b1a85237d804b031ae694279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
8ce0087b813f2db83243f5d2bdd122c5

SHA1
158d65d20734ae311c9bf9dbacd735d09aee33c4

SHA256
84b947ccd50205ed062650249d4ba31e6e343d0de5ed0d879d612712edce49be

SHA512
e8588ad36dd327ee5131544f17a81e935563e872a53aad61c7e8a8bc94cb75bac10d4b6ad5b3f951d43533d7b1e3dc01f175342bb740ef9d27a5389fbddf6ef9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
e53347f7856c2d890b2b411c6a0a71a0

SHA1
923a9afb65fd35e7d152f8b3599e5a612768007e

SHA256
d9e51b8f61b4bcb34fe32a25f5d060a95aaf17483980070505fefd79ad80f7e3

SHA512
17a75d8e20a0aa0f13d979a93e1cafc7a7aef77670b5f1840028b1810a845b7f35e7e2579b392802e655090c0c3e010b6df996521a5eb9d1548f71cbc92677f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
0eb54783a7d0f716c63e76d4ec44a177

SHA1
956a4e8a4633284c6dedf153d84dd15ade671cd0

SHA256
cb6c72a702bd31a320952396bd7f2c6a76f47e460963fdea7dffac92a1339a0d

SHA512
f12f18440679499e1db7481c4c7f712c8dd4b6fc36e71002a1bacc0708a4199351e35b734cbf11dda72d3e1843c08e05a7e20223f6c714c5d2b761a251cccb78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
a1075163477b6613a612d129afa93d1d

SHA1
87eed6e19de55725a9ed66b1685c357755a7abd0

SHA256
d8725b7c1d2f13164a03681f637a80bb8e2cdabcdb2b3c9871daaa154087290f

SHA512
296bdbbbf6035c625d71215f3861bd37544e11c5506b0bd00770d1fe17757d42db26e17498db4a1221941908fb31009f68b875d5a9b04017e7a9e3ba07512a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
b6e9352668a7794b131a2f51ae00be76

SHA1
f043a5ee34699d21372dc2482b8c109cb4ee5737

SHA256
78b3629d27c785da90bc4892109bb1be70d1b98ad9d8d293c26e1000303f0b72

SHA512
b744c1ba530076c1e6e1dbfff3ef198b6f489f3703b756c8e48902d723a9138cac3c27ec036185ca3f664cc7ece7b1fb2ccecefe81f65c999c8f3fac7afe6c74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
2154a45e05b48def00b16ccc8114c68a

SHA1
e9ad24ef01587b77e24a7f1c66309c1a7be1793a

SHA256
1f6e4006e85738aeb273227d33e3e6f3ab7196c6a8495e2fc01128c8a02d3e81

SHA512
8682cf23804308e6b4dd21e64f9ed22eb8307d149f83fc82cb3323796d6eef9e26eac97bed621c547e802ee058f6c587e0d743b4860ecc4d0ec4e9df614fcccf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
51d8dd07a3660e1cbda08c2de8c5942b

SHA1
bca34eeea3cce532475f5644bf95b60aacc2bbfb

SHA256
933680a5c5fec3883aaa797d0ef1db9c26c7c5e9a18c335f0c3aa3180596e713

SHA512
678891fd5b8ab8be058e5c5e48e2f79137aaf6d221d04f09384e006ad7c7122347d0a08f2e6dd934fdb79ebd784680d1fc29ededeeb6c37d0a615bd95e8e1fb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
819f809cc8fe9c07b520391cfa724a6c

SHA1
cfde551521ed9538752a7ef9141608c29725e659

SHA256
b369afa742d397f5b2d3dac533458c45403b75616cd3b39e9baba0d3c159ea7d

SHA512
d480e305b435c081542c66db10e244de3413a3bff67523632f22e3913622d9a31a4af94ce38916a5cacbd3fdc6c545b846da55dcefdd9a231a54a5a18cf4afd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9b6adf7402e5b0f9d3db06021e109e11

SHA1
f60290f3e896839a67a478a3e9ccfe4698de9d73

SHA256
70cd379d86815a87d5b2ed87db8d31c0191899aa9cf7aae14e2bb31ebdb1d4da

SHA512
0739cd6d1b0a5301144f11dc13b8a3bb8f883332e6a5f5dc0fecf311d5478b9e41e004a9c496597aa679499a10ec07c711d407299197223c286c66ee2d5f09fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
076ef6219bb3e99cc76ef56a4a4e1b81

SHA1
7e26ed8f6f20ff1f293afbb1e00731790d8277ca

SHA256
18bcb9dad932e735af62c1dae496933ffeb3fefbe8ae573337215429347bb801

SHA512
2593bb2d88162263609208cb81133b01f3532555a4781a1b8052e45b9b4c96450035c1424a352a855ff018e381911d826413774e86b7f7c27e76c7daf4e27ff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0028837e-f514-4ae1-8007-5c0293de7613\index-dir\the-real-index

Filesize
2KB

MD5
52bfa50ccc892d938619e0eef5c77775

SHA1
3233f792d6e97bca72f1c0d88c8b1fb2ef9c8d44

SHA256
45c4006d5be88ad3ed16e2b6e80e1a3dd6cf2a701351ea46ee364fd930a149f9

SHA512
586150b6eed58a9b6c1bf8dc24b3a81e767eb46a6a5db497aff7233c0ec5c112946243f441cf11e12ffdb5fe5b9de55cc2931a60050f1bb8a7db676e15ff7224

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0028837e-f514-4ae1-8007-5c0293de7613\index-dir\the-real-index~RFe57c709.TMP

Filesize
48B

MD5
391a51a26f2c457fe358d0b276574822

SHA1
d7c8827a1c389501446747ed8def5d60a8ba3979

SHA256
2d95545cdf3ef27c1e76373c735cf9fc44400f19e3a69e6694dc1e3ce014a996

SHA512
3ae4306c453f65353fed470b59148ae582ddf6d815db17a94bf8e8c29beed1dbaf49703ee490bf43d7957f11f7f3e0c6f6e1c1eac1f923098f86cc9e23f8fa8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e31e5765-c99a-4d04-a5e7-6f86009dceb9\index-dir\the-real-index

Filesize
624B

MD5
c6a0535ecdaa873d9865a1e43a0a720a

SHA1
a5829fbcfde774a9af401d6f449af8ca8f2d650c

SHA256
442bcb95424dac63ce03fbccacc43005f6481d92b4272ede1ef0687aaa4417ad

SHA512
92e9d8b89ab0fc2f0aff93a7498b721a5f75143717e15e5f2eda1621e8703c52b63d05da593b18378f319c6a5e63106f38c23694aa46ce1bd314829e72d0d89e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e31e5765-c99a-4d04-a5e7-6f86009dceb9\index-dir\the-real-index~RFe577b0c.TMP

Filesize
48B

MD5
5117803383c8dbb16897b92c502066a9

SHA1
1a7b189a49c4ef8ba26e91263364c9431f9baa87

SHA256
6625f6849d6635e79556f3fb74be553a5f0797028b64b3d81d4157b89941e04e

SHA512
55ccacb2bf3797ce603bec961fee3bba630bef4911374a3b69637a50e138fe08285f05eb666c0692b98558014e8465441ff276ae2df95a6e9676189d5fc0d98c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
185B

MD5
ffe1a201b327e5c72c47a7a695a7b180

SHA1
e77f387e22f98ec0ae2e1c99be1d92ef87c3af95

SHA256
e5fc172e79af0af9f5d1658b328df38b7733f1b5215659f9cb8cdab77d90d5fc

SHA512
ba8587a701c649acf177200f8949abd31391831cd6a64cac4a2aa86c6ff52abbc0866652b2012d3259530e20173b72bde85875b615a549a107d32e69e1746ecc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
afe45a8d5dc9743b4dfdf62fcfd15fc9

SHA1
63c3dd75abeb275a7dc1d552f85d88c3b1ef71aa

SHA256
54330a4a3b253c07da44d54f328e06d7f0553bdb8057e00bf0b707428100c498

SHA512
5e193a51a3fe1a93984d9f73a2e872128346afab2ec837d56e21fb8b37547fe1179e241e8dfe70fdf3bc23be46738d31af57ad334bbf282dce9b697f49328c09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
4935b010194217685dfe536fc91b1cf2

SHA1
5c10eeff70bd8c7fcde551a3f3cc410f08781e7c

SHA256
c0d8ca83996b7a24fbda7748a63119f2c29d0908d0d1bb01f49c03d34d30cc80

SHA512
cbb1dad6872bc8c4cfc8386c40114c4dc2fe146d2171e724b98970e461c0d52bb439c21186f85e84f3ee019d08626f1ad94579acf905f6a4bea8797ac980061b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
95e98ebd4a15450fc4fc2e495d97a943

SHA1
a3d024a313cc902664a33c203dd6fb151b90692d

SHA256
395a26be711628a103216ee6523c1e8fec3c105963126bc5e9b2bc8f5ca44e89

SHA512
71d53ea7b5936c943962be2ef84e20ed21d190ebc873d1946003f5ef77ae2084be66216afdcd988d81ca2b67ccc86342f3cf9979d43186cbf998cfbfd0a060d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe56e803.TMP

Filesize
119B

MD5
379f7a984a8a38e412a90a0e039cfa88

SHA1
eb1c10256668f1773fd65fece5e3dbffe3826799

SHA256
8805df801a1c21c55cd4c2a139b4474406eefb4fbeb27e83887ba02c2cba7744

SHA512
3b8622e362e2740b424ba1cff2fa3108ba8de8af08441a191fca8406c44852127c1e8a9c1a5ad2a49e9a8aa84c75aa37bce0e9a393a084a0572f3a6619c90945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
415375412eb7efff35f7ec5513fd0c4c

SHA1
87d06a99c2bc8bd887ade3b43c5d1faa86ade320

SHA256
db8d58e41c29b36b3bb2ddf95442100a16a41b4e3d257246a7a1270f3bc0c19c

SHA512
35ef73a3ba05a15ebc4bb160689976388f51046ffc06ea0dbe954503a53590ba0b313e5769f274d0cc1ce4f46a9f0ace3edb240a91a2513f0925b28a0a2314fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe573a88.TMP

Filesize
48B

MD5
65ab9e6e16b6ca182042bfad1fa691da

SHA1
853dc5aada7b8eac34e25e29cc028a6b177f34d2

SHA256
6ce73b129d01e435e43b9d69e568be68f55216ee564e3aa677cc79e008811f5f

SHA512
294866d0f58b350220efc21a6f9d6c3ef4cb03e0f1118f26aea9b8e60d3cfb35bf4cc13b897dd94faa4eae405afb7f695a47caa7542ed3405bde52b0a31ec3e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
e40645e11e6740aa3045912547233d0c

SHA1
d2c6297a126f2d43199de75344798af9a4252aac

SHA256
6137764fb2ef312a774b83aa059bc6ceb7f5476855b4263816f4480c05c57a2f

SHA512
1a4e49b0f4b86a9bd78aff0dfdfb7c90a95aea7aaaffbb178b9902972fa18b03fe89bc0195fd2ed99ccaf80d6b3ac2b2b910e751ac7e233212ea464d38585810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
9cfab0932fe3453ca6be550200ec15b1

SHA1
e95041bb2453a3291350420dcb59d4db7fb3e480

SHA256
66662b665111c96704d99a3560ccf47ce6a5aa049065ad2428612aac0fe6a75a

SHA512
b8b579d8c870724dcf52dcdc04b5aecefca6298766dae8039a28884386808cd01ed98c603dd9af29a7ed4e3d71dc9d095d70f0e20eeb3d9632db39438f8c9926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe579cfb.TMP

Filesize
96KB

MD5
33f091d28c21dd6451ed585af95bc2aa

SHA1
57b5f7989b707878b5fd36cb7045265ef3215231

SHA256
f199d490b2a35b6788679e3740dedb0f5e02eb37a8bb70578a2a97fc02041e4a

SHA512
68a1eaf3992d17d7844d00c4965d48289e63981379d16d497a8de6b361667a7e5a8610ca48d6c8c65e1ca0a4162e43ad202cd8fba639c98015e81601877019de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit