3be19c0573412ad389e2539052171d2123289dafd2bb0e5e1653656370527513

Analysis

max time kernel
149s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2023, 08:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Handle2_diff.png
Size

290KB
MD5

5cbdee853f2ada3e335ec8208d75f2b0
SHA1

13c1f2cf0117ca87def016e57e012db67ee53920
SHA256

3be19c0573412ad389e2539052171d2123289dafd2bb0e5e1653656370527513
SHA512

3d62f47ac928557cdd8dee13f88e700083545fdb0c28a35e32e0f45ed242745064fc07a343a057bc5eaf834c15057066e297d15cbbed5930bdc6bfc668cb00a0
SSDEEP

6144:oDYEH1267ralQA+JShejYTVooDpKBgGyy99AdoHCfiMe3C/ltDD:4YEVNr8QA+0RTeoDgBnvAdoi5HdJ

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133328466419873730"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
2836	chrome.exe
2836	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 60 wrote to memory of 5104	60	chrome.exe	86
PID 60 wrote to memory of 5104	60	chrome.exe	86
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4912	60	chrome.exe	90
PID 60 wrote to memory of 4612	60	chrome.exe	91
PID 60 wrote to memory of 4612	60	chrome.exe	91
PID 60 wrote to memory of 276	60	chrome.exe	92
PID 60 wrote to memory of 276	60	chrome.exe	92
PID 60 wrote to memory of 276	60	chrome.exe	92
PID 60 wrote to memory of 276	60	chrome.exe	92
PID 60 wrote to memory of 276	60	chrome.exe	92
PID 60 wrote to memory of 276	60	chrome.exe	92
PID 60 wrote to memory of 276	60	chrome.exe	92
PID 60 wrote to memory of 276	60	chrome.exe	92
PID 60 wrote to memory of 276	60	chrome.exe	92
PID 60 wrote to memory of 276	60	chrome.exe	92
PID 60 wrote to memory of 276	60	chrome.exe	92
PID 60 wrote to memory of 276	60	chrome.exe	92
PID 60 wrote to memory of 276	60	chrome.exe	92
PID 60 wrote to memory of 276	60	chrome.exe	92
PID 60 wrote to memory of 276	60	chrome.exe	92
PID 60 wrote to memory of 276	60	chrome.exe	92
PID 60 wrote to memory of 276	60	chrome.exe	92
PID 60 wrote to memory of 276	60	chrome.exe	92
PID 60 wrote to memory of 276	60	chrome.exe	92
PID 60 wrote to memory of 276	60	chrome.exe	92
PID 60 wrote to memory of 276	60	chrome.exe	92
PID 60 wrote to memory of 276	60	chrome.exe	92

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Handle2_diff.png
1⤵
PID:3604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1b2f9758,0x7ffc1b2f9768,0x7ffc1b2f9778
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1772,i,1095026796753645456,8360928408464435631,131072 /prefetch:2
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1772,i,1095026796753645456,8360928408464435631,131072 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1772,i,1095026796753645456,8360928408464435631,131072 /prefetch:8
  2⤵
  PID:276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3164 --field-trial-handle=1772,i,1095026796753645456,8360928408464435631,131072 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3292 --field-trial-handle=1772,i,1095026796753645456,8360928408464435631,131072 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4540 --field-trial-handle=1772,i,1095026796753645456,8360928408464435631,131072 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1772,i,1095026796753645456,8360928408464435631,131072 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4812 --field-trial-handle=1772,i,1095026796753645456,8360928408464435631,131072 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1772,i,1095026796753645456,8360928408464435631,131072 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1772,i,1095026796753645456,8360928408464435631,131072 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:4564
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff7b9497688,0x7ff7b9497698,0x7ff7b94976a8
    3⤵
    PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4856 --field-trial-handle=1772,i,1095026796753645456,8360928408464435631,131072 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3324 --field-trial-handle=1772,i,1095026796753645456,8360928408464435631,131072 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3176 --field-trial-handle=1772,i,1095026796753645456,8360928408464435631,131072 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 --field-trial-handle=1772,i,1095026796753645456,8360928408464435631,131072 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1772,i,1095026796753645456,8360928408464435631,131072 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3376 --field-trial-handle=1772,i,1095026796753645456,8360928408464435631,131072 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1128 --field-trial-handle=1772,i,1095026796753645456,8360928408464435631,131072 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5388 --field-trial-handle=1772,i,1095026796753645456,8360928408464435631,131072 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5512 --field-trial-handle=1772,i,1095026796753645456,8360928408464435631,131072 /prefetch:8
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3256 --field-trial-handle=1772,i,1095026796753645456,8360928408464435631,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2836

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:540

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x344 0x340
1⤵
PID:4656

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
81KB

MD5
a38d1905e86044c6a544f9f668b946b2

SHA1
3888146400944266a40bab102ce6e1962ecc32d5

SHA256
e56b416561726d7e04712aed28fc609df3e9c5a497322e98ca5e36ccc9781b81

SHA512
b933d08132d759fbebde5f36a9a0f0e816a5466a64a6c0905ce8e5731070ce3f3d66d541627d3fc23fbeaf371ceb4e622c800e22221f216ed887fd9d2725e608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
69KB

MD5
987edae1041cf0d45c2887f6455cb66a

SHA1
8c467f6d7b8c761acaa50ddf4d30b3c7eac6e0ae

SHA256
b18d4fb20951e267ed35ba9b72a16e300bdfe7286077acb9afbf2e97a4deefe4

SHA512
4d4b2a72f0b25113b079935a186994e9d2cbda85497acb555b7073e395a8eed5eb85743f22cda2c9f6bf6877408d3950da1d15aa6f3ee3a72c23c9b1fc10a76e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
39KB

MD5
8877fbc3201048f22d98ad32e400ca4a

SHA1
993343bbecb3479a01a76d4bd3594d5b73a129bd

SHA256
22f8221159c3f919338da3a842d9a50171ddc5ac805be6239bd63e0db78046af

SHA512
3dfb36cd2d15347eaa3c7ae29bfa6aa61638e9739174f0559a3a0c676108ccc1a6028f58dad093d6b90cac72b4468eb1d88b6414339555c9f872a5638271d9c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
54KB

MD5
a42426e16b23c109b6fb7ff01ad9e504

SHA1
72608dd212f3b1edb485c38f51bb7948dcf215b9

SHA256
f61904d0c586475775ac378934bad2ef9715bde42e2bd3b5e2228b8f14dc513c

SHA512
6f28ebef9066d365613cd50f9f27726166f3e8e1769be2cae56964268d39670a1446a7192810e9abc99bf683d1c368c35ce669b290ad7840970c86a56ad200d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
624KB

MD5
90006ca025b5146026ee05cca4d2bfe5

SHA1
46efc6a4f2421b9c7f7c7caf19268868ad4e55a2

SHA256
a8e51f3168519a79f10c0f9bd6defacd1073c88559fb6b42e7dc6830cf980e32

SHA512
fecbbbfdc00d605141fd9f6c0055f68586b591db42d2181dd4c7b6c42b0cf638d3859055b0f9fea03ce34a70420691215303bc83b23330a760620af7524d8c2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
40KB

MD5
9dec0c4cb193c2749bf8191b784d2352

SHA1
a4fd983254551381afc6d25e216329918c6869c5

SHA256
fdd37933eb89e04c554bb3092b805b27a727230ab1fb1b0e67a2008877e573a0

SHA512
595075df8984a684a4d6c0f7e06858d1ef8fde9f55533c8fe2df580988b4fe43bab3115a90d93ebae21b029ceca4ce6a60e9602f7a0ba606efcafc70a2d77dd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
74KB

MD5
2fe7e2d997aac028ae9919d4a9606f35

SHA1
1a96a59a4c3e1b9dd651322916832e624f50a656

SHA256
96bd81fad1159e190a3c131fbd323bbeab8971d54b1c512051de8b4a619b7443

SHA512
72be44f09a2b4d41807ef7c1983b8021683c5a5760e8319987b0c3b99ee04edcdc12524e2a703a84711284e3d8f3cff57ec5bbf1779704b61b980bcf19c73b1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7c19e5e513323061d328fbc58fbca7cc

SHA1
0da32e069caee4de183fe6bac42a1bd524548439

SHA256
a5da954ede88f2a80c89b6f054dc473abd395f9e737fbaf10ad4046b15b5caf9

SHA512
0ddf5bd9773129c5e297c444b484e7155a1f8f5afd2003f6a64298531df23a9b239da606a252f30432f389ca0e43bc5e2cd6a740aaf4eec918f92bfe87478acb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
906dea571307fdbcc4171ef350f3ea56

SHA1
ee41314412789ab08238c93dc0782b010b5fc8c2

SHA256
b61d60e5ec4a398691294ff648c511a7ec00758173b59835137cca8ece2a2f86

SHA512
2b3bfd2c03dc0447968076a4c8e85b7f4bb3f070b448400c995b8e667e4561e7af5a12ac67ae7a01bd0797e36b08a2ec2d4e8e04eefa2e593bdb866086b94699

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a81410b43a4a033162bca9e6e2a196d8

SHA1
1295067ae33581dbe819bed5dbc90bdd75151756

SHA256
c7348b847441a40111aff5a3c722d54122eedc90f2887b7d7b4953994729511e

SHA512
1063cfc9e4b6715b380b136622319e17ed38c7b789ec9256c7a4c25c6f0714f06d07db135765d42dcd73de5cc69803e8f4ff6807efc69b1938a5c156850346ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c5ed157a45d47a99cc7c4c105fa30c00

SHA1
3381744192027a61715da310990b978e5fe74a3b

SHA256
a4262bb66ae1f0b1aee8cbfcd58f06eb6c95a483e4aa39dbe0fd293f0defebdd

SHA512
387dcf07281d41cb230522e677f28ed7e5137c970397bbe574ce3605aab4cbdc088afc65281bf196ec5401a4d994cc9b50251648c057d1a42a269020099766e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
64f570a29ca7c40b6d840a1d7e5881c3

SHA1
47fa9256506a7dd8d3e1e52d3c483ffe7c4a4e66

SHA256
34e5d750f86ae5518ae1184956e5c855d6e0ad5d2329d8d00808ef81c5023ab7

SHA512
50add963b942133ed8e8a4eb66bffe9f39094919edf7336d701cb44c54349bf1f16ddffd5c728900885eef0cb7788c1ae0edb5fcfdbb2030d5c96c7a14455503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d658258c33fe192ad8fc265311dcf638

SHA1
455751dc4a4286e1e4980f5120a3dd3978b7ace6

SHA256
0d002c3481935885def463717d24550677fe4cfff67b171114ef9fda00773e5a

SHA512
6d7b2a4588dc08cd631c6a64cf8dd8fed2f7202897dbbfe355fe5b5c1da8f6e28b1b51f1fe1318813abbcc6544f2884b9e667e2c45fdab643a7bddb3679111e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
2894d12872c1212d897274cdf3cff75c

SHA1
735b74739d8a2e2f240425688a806dd864f31949

SHA256
8a16a14a65f758dbb98f965efb764d2060438539254f2b201dc37c252cc6263c

SHA512
635c5527862bcfeeafbe1174083563bfe7197cc1a0dd5111440edb2f674b4103b21b5cbf2aaa62b13f7c637f129daf44389446f33256d93387864b2637e03660

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
e427b4d2e046bc6dcf6184e94768a4a4

SHA1
148f2e4b2d62c708182f03158124f73878b1e049

SHA256
f688b0a1bd371f584ecd196b60dbed7495e498191c3f10914b816fc1cc34e932

SHA512
f4a434be6a53058b034c2544c09d7e278a4d342284dc94389844997d3558790620086469d48679498f681be06655229402c5a774653e4d2d53f0022965dc451b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
89c689a5b13a4a0d4e8d18afd0e529e3

SHA1
98b806447bbe26631d928f456625db9e9908615a

SHA256
72128c663e4bdb550de5c486196165f50e501ef5a5c6a7a41a67b9e21206b258

SHA512
bcb041d921e28a3c89772104d8eff58c24d48e2560ba73966f11819cc082066ea3c8a9e35844ba85a6bed0d9fb46abbe52a7d55f024273ad5249bc4026e456b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c02ea2910685e9bcd61d1c5b53228096

SHA1
29888a275af2d8146f2372a5efcbf9f7809bb2e3

SHA256
b632a1dd12021e42972f201a004de415408fa25a63d1d5772ed6f2327cf16c1f

SHA512
ca310549ab7ca7c8d54a701a052214771d5763c5a65a1719e66cdb925efe2f4591dc0dcb2772289be1a7da93929b0eb5ddf77479fecdde233e54f93c054353a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
e29587c1a5daac35dee3f1733f2a66bf

SHA1
f3a5aa6c789f2a21380bbae6a742746f7c5f6d4c

SHA256
3845f9a15ee8f5a90694ed8552ce45bdb302c56a553abd0aa8dd8c542dc38615

SHA512
3c0287c02b332c62c3a676235163b9fe5840e50f73d2c041c6b392e372e095a3b10245d68a8f40ee9af41f15e94747cfbeb87502c878195f2ce3be596c8beb71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
84a4fbf189ab3e22785dd180c9d198ca

SHA1
436831b199026043ce0d77d25d762ffbb9cf1371

SHA256
df70ba3110ad6bc2476bf652b9bd30aadf905c49faffb353c608d12c8cb03247

SHA512
bca990079d6a18e81a17764e797af74a61438be339f8b4c7237082aff91d22d8ca9fe4b50a26b00a392a7b0ef425af122298e6d517770ab27ba589c7d4805616

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5c37938c74e6d7ca286c58b5afc5bbd2

SHA1
57b3246ca0ff8a3a5ea9489d264064ee3da49eb9

SHA256
e9c15a04fd5c1b24d797e3b538d24aa4ee67f5fd592764318d089ef05b4170e3

SHA512
4bfa01d02bf89fa49e7d597d2d647fb417453643dac9c9fccb6d4c162aa8069054a01c8e52bfb8303bf32944dcd28e73b0c5086627b347ff0ebdec1375c3fca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ac07b8d717f7c21e69131d5d0197cd9c

SHA1
93eacffdd7153147e417270837dbd7cab3c63210

SHA256
c0dcfb6e3f4f2f823460777effc520023b08b8ac39fdf90c300fa92b26a231d7

SHA512
ed5f01a479f3846e5336776ebde27748407bb1f67d033068ab1b79b0d4e1984fe631b9105586beeb912efe50cf5f5aed4d20adc66886f36e082171e0e5ef9acd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
480146305e7e68cdb2a2d706520b6547

SHA1
143ebaca6890d0cc69553c53cb47f36e7dda6150

SHA256
90ab7e1abcbdbedd33a8f360b2d051ec45bfbb4c4af97bf93d9894e0f7e8a816

SHA512
95c20a3e2359e0dbe1e861d79ea13fdabf7bcb438c8eb28159ffdcca5c77aa980a40f88910bf9437023d363c5ea3a26a5d5e94e0c5e919cf3fceea514643aebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
269c6e991c7713c66b16b2b276f9eaaf

SHA1
2586faae2d81a1ff7571c91aa731691d30709471

SHA256
07e9dd9a1c9d82249fcef020d3c35a2e379067b5e167cdc2a0d82ff73326bc96

SHA512
cd258dcedce5b7bf84b26dcab5cb16fdf4af31d6b317c15e70889f66f88ca9b749252fefa718ed0e87608d0976ca5d7ad5887f926d7b2360a7d0fec5cb543ac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
19d86a6c52300c3e9868a612b0db6325

SHA1
c30085609087209fcd8e1391de02f57e83366f79

SHA256
b43ab147181ef25a3411678d40eaf535926e0c9ce1529355d359f3f85da8e9de

SHA512
0fee904fbabbc428b1b900a88400a54949e3d41d1526e0aef9495c1d5ab59485710a4be56e8ed3462cd2378ae6fb537a20c57546ff1729c24ffb3d6dbef40997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
4629b28e5600735f97db125e6d48e343

SHA1
6418c35ce6ad7db596345814d6684fafcc8eca48

SHA256
5a0350b38206286e4ea0b8809346b196c27d04ca11af172704934bf485a1bd08

SHA512
2baa60074ceee4ffb6cbb8b4dc1b01a5ed60e400769c2e5d31a0f6db3bf30d5c3bb7fe5747bf7fb8bb38aa48ace4fec164a4b2f0fc517de9b89844df42f6a702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
b4ef02f4aba953ff26cde618eedce3cc

SHA1
cc5348251acf7d09fafbf83af2e5e4b52c006198

SHA256
c57dedd5531f8d70cb0e75f1904ca4ca0af730aa8dadb47360f1deceff0ddcfc

SHA512
c9fa937ce84457edcffd8392c8a46857781ac455d4cccbfab871f79f23438b3836d3a13f91287e7016bb74b0c1113ee25e9b98c935e33572fc2fcfc6d7d6a290

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
192KB

MD5
792576bbc03c0ec149368d49d41dc1d4

SHA1
8c63b6b67e08480b141d6429d12fd708daa73eb9

SHA256
e4c95d83e1bf9632cab6f9998f66230c4fc7fc048a76a46768d5788aa619eb10

SHA512
90c0243743ec2dba3d19aa00f5b74160e751b6ef65912e50bf1c6cc26ede91c8a6d2815986c0f856ebbec51fe78c144c65e9d3862f96255fe3c5790397eaf452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
88KB

MD5
a1ad171e54b0cdbbbbded1e70da4b7b4

SHA1
f42731cb5add42289ce7adfb282ed3558ad41eac

SHA256
48b04f54e8cc68e37579c6f6932f02a28e07ca643ee5c4688e406ad276909536

SHA512
70c74c128648e63d80d665f734f2660605ffb995f18ddecdc0e7b4080ebdf7e42be77f73cb9e72c1f530dbfddd1ba87f9f1d6943457386da55a5a6d0545ff8df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
d639a5eb8fafc2fabc445d83c41628ba

SHA1
571ebadc3afd36e8c3790998ba9c49eb80e519ab

SHA256
acf89be663f741dd98d44a0b0471755299c3c6609b21947a125c799d43096c34

SHA512
22c8e758ca089a3c06ee4a1278f597acfd02e263fda4fc3f3cfe2ecedc4fabce17186f93ace03331451c1e75911bb8c1eac0a809562bcc4e005caeb440fe3e73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
e6cb3dba8271343152eaa5e94cfe7853

SHA1
19e4e49b5c62743ad522cae145a7ea3506eac8ec

SHA256
828a73fab5bd3388a4a06110acb731e1e55eeffcc4849ef1d4060de428685e0b

SHA512
70a6f0646deb6cbc9a8a33e34fa9d905e7e443645ab1351e0428378ed23c656a7a700c0c584cd6c19ae5187c0fa3bca4cc2c849f70168415c9371aeef272dd42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
59e84c496ba65d53a24b1474da06dba0

SHA1
9ed3840a0d203ab88c03a0bd1db3b46f0885a141

SHA256
82148825de49d5dd83616598018dd57fa34ee1abc792b6fa497487e4fd791a78

SHA512
e0973db00c8e1f4938728571f9b8e78d22a2abda76ba0fd79b133fe9c4ecfb0a1457e4ab30c0ea6bcbb31bb8ec24a18a78055d462c88d935971e3e8d3676eb1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57bbbe.TMP

Filesize
98KB

MD5
dcd0590b71bbbabe3b80c4691b1918ed

SHA1
8b50155ef2552e91fdafba4687b0f6762fd55dc6

SHA256
d18fb225a129bc1fd20b284a163ba112dc73fcd7e228e6893cefdd5fca8c2f44

SHA512
78ab7f74e7267101ad2a47d212b4136fc018bb9418ecb5b0a7a0f3c0972a61332695a298ef7894311591b9e55a2fac59fc2d18da50bbbd8a5857b4993c53447f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit