hxxps://www[.]googleadservices[.]com/pagead/aclk?sa=L&ai=DChcSEwj8n8-i_vn_AhVP6NUKHVG2CJIYABAAGgJ3cw&ohost=www[.]google[.]com&cid=CAASJeRoBnJdP00OStTHNt-qfGPOMuSH5LtrAMIvaKiPVoq-2Eu8BnQ&sig=AOD64_1Nq6i1N0xUAiRtHzxg8kVgLJdApA&q&adurl&ved=2ahUKEwjG0Mii_vn_AhVq_bsIHewMBKQQ0Qx6BAgGEAE

Analysis

max time kernel
150s
max time network
156s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
06/07/2023, 11:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwj8n8-i_vn_AhVP6NUKHVG2CJIYABAAGgJ3cw&ohost=www.google.com&cid=CAASJeRoBnJdP00OStTHNt-qfGPOMuSH5LtrAMIvaKiPVoq-2Eu8BnQ&sig=AOD64_1Nq6i1N0xUAiRtHzxg8kVgLJdApA&q&adurl&ved=2ahUKEwjG0Mii_vn_AhVq_bsIHewMBKQQ0Qx6BAgGEAE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133331168697675950"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3416	chrome.exe
3416	chrome.exe
660	chrome.exe
660	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: 33	4588	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4588	AUDIODG.EXE
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3416 wrote to memory of 8	3416	chrome.exe	67
PID 3416 wrote to memory of 8	3416	chrome.exe	67
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 792	3416	chrome.exe	72
PID 3416 wrote to memory of 3772	3416	chrome.exe	74
PID 3416 wrote to memory of 3772	3416	chrome.exe	74
PID 3416 wrote to memory of 5092	3416	chrome.exe	73
PID 3416 wrote to memory of 5092	3416	chrome.exe	73
PID 3416 wrote to memory of 5092	3416	chrome.exe	73
PID 3416 wrote to memory of 5092	3416	chrome.exe	73
PID 3416 wrote to memory of 5092	3416	chrome.exe	73
PID 3416 wrote to memory of 5092	3416	chrome.exe	73
PID 3416 wrote to memory of 5092	3416	chrome.exe	73
PID 3416 wrote to memory of 5092	3416	chrome.exe	73
PID 3416 wrote to memory of 5092	3416	chrome.exe	73
PID 3416 wrote to memory of 5092	3416	chrome.exe	73
PID 3416 wrote to memory of 5092	3416	chrome.exe	73
PID 3416 wrote to memory of 5092	3416	chrome.exe	73
PID 3416 wrote to memory of 5092	3416	chrome.exe	73
PID 3416 wrote to memory of 5092	3416	chrome.exe	73
PID 3416 wrote to memory of 5092	3416	chrome.exe	73
PID 3416 wrote to memory of 5092	3416	chrome.exe	73
PID 3416 wrote to memory of 5092	3416	chrome.exe	73
PID 3416 wrote to memory of 5092	3416	chrome.exe	73
PID 3416 wrote to memory of 5092	3416	chrome.exe	73
PID 3416 wrote to memory of 5092	3416	chrome.exe	73
PID 3416 wrote to memory of 5092	3416	chrome.exe	73
PID 3416 wrote to memory of 5092	3416	chrome.exe	73

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwj8n8-i_vn_AhVP6NUKHVG2CJIYABAAGgJ3cw&ohost=www.google.com&cid=CAASJeRoBnJdP00OStTHNt-qfGPOMuSH5LtrAMIvaKiPVoq-2Eu8BnQ&sig=AOD64_1Nq6i1N0xUAiRtHzxg8kVgLJdApA&q&adurl&ved=2ahUKEwjG0Mii_vn_AhVq_bsIHewMBKQQ0Qx6BAgGEAE
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa7ebe9758,0x7ffa7ebe9768,0x7ffa7ebe9778
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1752,i,866150218002742540,8924943775023315599,131072 /prefetch:2
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1752,i,866150218002742540,8924943775023315599,131072 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1752,i,866150218002742540,8924943775023315599,131072 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=1752,i,866150218002742540,8924943775023315599,131072 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2936 --field-trial-handle=1752,i,866150218002742540,8924943775023315599,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4360 --field-trial-handle=1752,i,866150218002742540,8924943775023315599,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3160 --field-trial-handle=1752,i,866150218002742540,8924943775023315599,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4472 --field-trial-handle=1752,i,866150218002742540,8924943775023315599,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4896 --field-trial-handle=1752,i,866150218002742540,8924943775023315599,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5112 --field-trial-handle=1752,i,866150218002742540,8924943775023315599,131072 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5316 --field-trial-handle=1752,i,866150218002742540,8924943775023315599,131072 /prefetch:1
  2⤵
  PID:168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5628 --field-trial-handle=1752,i,866150218002742540,8924943775023315599,131072 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5832 --field-trial-handle=1752,i,866150218002742540,8924943775023315599,131072 /prefetch:8
  2⤵
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6292 --field-trial-handle=1752,i,866150218002742540,8924943775023315599,131072 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6376 --field-trial-handle=1752,i,866150218002742540,8924943775023315599,131072 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1752,i,866150218002742540,8924943775023315599,131072 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4600 --field-trial-handle=1752,i,866150218002742540,8924943775023315599,131072 /prefetch:1
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2596 --field-trial-handle=1752,i,866150218002742540,8924943775023315599,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:660

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3804

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3b4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4588

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a3d4fe6693dc8c1a2e0e2ca92b712d7d

SHA1
ba3a38697543d2aeb50936f79a0914a0ef84ea10

SHA256
9658512bae9a4d4d2621fc90c1ac273c7af0ad3d1a84860e4ce1afec3fb6bd45

SHA512
8031b1beac769080afba3c86cbf49832b98b494aa6fd47f94340133b668cecfb18f34e11c27fbcc4ea22b0a25048e1c7baa32054c5f2bab81f683de757035c97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
71a14bd39f1eaad6a70cfc4b8685a55a

SHA1
18e9b44526269b6c62ac1e0f3fde7f5699211adb

SHA256
b01100d5b79994762a1188c6c7470f729856072752484cb10c6c471a01da6dd0

SHA512
7e8324189585250d834604290a6b5ea01c364bca96c24b2aec51a079b78e524b4d2f87c8fff92fb47ce4185af4dd8d28a8b76d9388a7dacca6f1636608539ef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
d2750797af6f63059dfe75ebb8523d7b

SHA1
78c1a71a72664bb8dcb6a4a8ee8c2d473ba009dc

SHA256
729ac62d4cbf70ad16b2ecfe3941091ec1ed7da0b374829539ceb2f196c54aef

SHA512
4d82650666226988cd8a3b1d4ac48c63fd14634af9342d9a1a7879b0e10e240ba35d3c87f7ad03d24f21a1f924ad2a1c9413c460f5d5892943896af75f64546a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
d5d738c2f19cc865a669b58d13446502

SHA1
b258c8d241b844d8010e3a243948dc2e325e7234

SHA256
da8e108730f54cd51e91d36d0c95e52147e1056d5d4e69ecbe6a26a2db67ebc6

SHA512
a180d1d35dcef80e1385355343aaea914df215da13db168404246f56f5e816f1abb513453205f12393e253982951e79ae56123e8ba88396fd16e4aa90afc8f61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
51127d08993a4db85f5d234cb8fd8eca

SHA1
be5a6dcf1a8580f33e55f7ca6fd609785aa7770f

SHA256
ea80c7585b2756e5a4b634b9185f7ff9176ae6e01e9c14a4d52138fb64d3deb2

SHA512
f9b09334afdc9f24aa07cefe1cabf70573d55f5d5ef586c3b4d56a03cdac24298ef039f26fbec169e654edd50b67626dc0dd85f9e457dfaa4feb38566578f796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
b5ccb7abba1fa7be879941742a713146

SHA1
ce5506c043c4658edb3cdbb3a9a135f9116edd9b

SHA256
09f4dae87c5e42f62af2a532d559bac39b7630e349f8484462ce3ffa0d1ec3e0

SHA512
096720c283e0b459899a8a422e971adc1054f2bd91fc34d07a81d5f8fa278fc2a5bebcebecc64c6532c0423c9b70eb9c639cec10f80cc320455eb1c060253983

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
88931e91fb0e3c7653ca265cb37219a0

SHA1
7ed67874cc2b7571410c75d5a9cd2ca56e4bf9fc

SHA256
4713ee1bc5adcd33d709ac7aa9af875bb0f4f98aa7a89f63f418fd4bba09192c

SHA512
ab2c688186037438f3aa4d5f6d2814961f71d8a6ff3707a67bee8188c1928da8b0f5ca35642f5878d63922d60f1643e9b083d5712869b15ee502ee3a3d0a60bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d8a90f6456c82676d0bbfe0363ad9fdd

SHA1
2da55013677af00a03751ce0d94b375cab8426ce

SHA256
63b97a66230867f5b2c4175a2685c39fb3b9ba579e1dd30e3d328a9fb2c4a2d6

SHA512
3b0523d6e9229e0b39f139e86028b0df3d78d80ff2f16afc62a07b5cf7bb32e71bdc89598d5e776fd584968da2487c8e85bc2631e55bc63e46a22841967c30f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bbe57ae0b8e4e01e5751fc49fb00beb7

SHA1
2cc2982c6039c789fded9e14c6de3694fbf9569c

SHA256
461cca771cf4b46855583263ccaa88aebbed6358399407d913803c76d5aeb2a4

SHA512
8284af38799e1d841abd7d36ae5bdfddb7a3172db0cc80e04aba0855525b3c01dc9a91780940066043943a3efda14bbd26a22a764a00b31cd43782d6cdd00a88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
72be599f83792ae4564b16a6df34eb19

SHA1
6ec21a6743937c73c8688572411bfa78057cca8b

SHA256
f76b029982b52a7fe8c286ca18686ce672c71615b25b06275ee829f4fce5a9f3

SHA512
e36ff0c2f8725f438e1b55703a070ef5a32acd2226e33e98a078f349d1db978d1a5b35a0aa412e1fd875c1092168d91c225b1746f7b4f599952a2baa8714b6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
1cccffa161902b6a3f1a97007d5c7a69

SHA1
53711bc751c6d5d65b8824d49f97553be170dc43

SHA256
ae59222c900c786dabe0bdcfd38d4318d450e99a011aedb9425a0186fd061588

SHA512
5344bd704501198cc7417ba85d02ed1c330ef6e67203eb74f585025d26462656f24c4b3cde6a7acfbc8bc0baa44be3a25426a918ec3cba144e32017c2823a232

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
171KB

MD5
d63a97a709279edb829c3e0a2114d998

SHA1
35d23ff19e3c6ba57c24f334238bbd7278911f9d

SHA256
bd289aea9ab4c43ec56ef6cf5bde600ad0ef05c0bce780b9f79a9549d1de291f

SHA512
60533a7736e656c006d8d7a7f3c8d1e181d76e37c495b8339d9617f299cbf02c79f2f0f1f5e51105771e875b4122894440b7f085ac427799857611b2902f06cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit