hxxps://ddec1-0-en-ctp[.]trendmicro[.]com/wis/clicktime/v1/query?url=https%3a%2f%2ftrack[.]goto[.]com%2fNjc3LVhOVS0yMDMAAAGMyzUX3OWZaOM7gBxw%5fy%5fhMFgezVKYWDpN1tCzj4m2%5f81M07Sv%5f1cvDJSrwx2gknm5LGvrRmw%3d&umid=48fb432e-0d25-481f-ac9a-f15744531931&auth=65a620fa4b6e2edf0405a6ed61dc7465231096cd-f89d64aa2ed5c5fa2e78f75f2b4dbc11fcb7c895

Analysis

max time kernel
149s
max time network
156s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
07/07/2023, 08:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2ftrack.goto.com%2fNjc3LVhOVS0yMDMAAAGMyzUX3OWZaOM7gBxw%5fy%5fhMFgezVKYWDpN1tCzj4m2%5f81M07Sv%5f1cvDJSrwx2gknm5LGvrRmw%3d&umid=48fb432e-0d25-481f-ac9a-f15744531931&auth=65a620fa4b6e2edf0405a6ed61dc7465231096cd-f89d64aa2ed5c5fa2e78f75f2b4dbc11fcb7c895

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133331917016371687"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3996	chrome.exe
3996	chrome.exe
4228	chrome.exe
4228	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: 33	2136	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2136	AUDIODG.EXE
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 3404	3996	chrome.exe	56
PID 3996 wrote to memory of 3404	3996	chrome.exe	56
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 1220	3996	chrome.exe	73
PID 3996 wrote to memory of 4112	3996	chrome.exe	72
PID 3996 wrote to memory of 4112	3996	chrome.exe	72
PID 3996 wrote to memory of 2284	3996	chrome.exe	74
PID 3996 wrote to memory of 2284	3996	chrome.exe	74
PID 3996 wrote to memory of 2284	3996	chrome.exe	74
PID 3996 wrote to memory of 2284	3996	chrome.exe	74
PID 3996 wrote to memory of 2284	3996	chrome.exe	74
PID 3996 wrote to memory of 2284	3996	chrome.exe	74
PID 3996 wrote to memory of 2284	3996	chrome.exe	74
PID 3996 wrote to memory of 2284	3996	chrome.exe	74
PID 3996 wrote to memory of 2284	3996	chrome.exe	74
PID 3996 wrote to memory of 2284	3996	chrome.exe	74
PID 3996 wrote to memory of 2284	3996	chrome.exe	74
PID 3996 wrote to memory of 2284	3996	chrome.exe	74
PID 3996 wrote to memory of 2284	3996	chrome.exe	74
PID 3996 wrote to memory of 2284	3996	chrome.exe	74
PID 3996 wrote to memory of 2284	3996	chrome.exe	74
PID 3996 wrote to memory of 2284	3996	chrome.exe	74
PID 3996 wrote to memory of 2284	3996	chrome.exe	74
PID 3996 wrote to memory of 2284	3996	chrome.exe	74
PID 3996 wrote to memory of 2284	3996	chrome.exe	74
PID 3996 wrote to memory of 2284	3996	chrome.exe	74
PID 3996 wrote to memory of 2284	3996	chrome.exe	74
PID 3996 wrote to memory of 2284	3996	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2ftrack.goto.com%2fNjc3LVhOVS0yMDMAAAGMyzUX3OWZaOM7gBxw%5fy%5fhMFgezVKYWDpN1tCzj4m2%5f81M07Sv%5f1cvDJSrwx2gknm5LGvrRmw%3d&umid=48fb432e-0d25-481f-ac9a-f15744531931&auth=65a620fa4b6e2edf0405a6ed61dc7465231096cd-f89d64aa2ed5c5fa2e78f75f2b4dbc11fcb7c895
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb9ea99758,0x7ffb9ea99768,0x7ffb9ea99778
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=1764,i,15806723420478085471,4056898151378377950,131072 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1764,i,15806723420478085471,4056898151378377950,131072 /prefetch:2
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1764,i,15806723420478085471,4056898151378377950,131072 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1764,i,15806723420478085471,4056898151378377950,131072 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1764,i,15806723420478085471,4056898151378377950,131072 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3364 --field-trial-handle=1764,i,15806723420478085471,4056898151378377950,131072 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3192 --field-trial-handle=1764,i,15806723420478085471,4056898151378377950,131072 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4628 --field-trial-handle=1764,i,15806723420478085471,4056898151378377950,131072 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1764,i,15806723420478085471,4056898151378377950,131072 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1764,i,15806723420478085471,4056898151378377950,131072 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5252 --field-trial-handle=1764,i,15806723420478085471,4056898151378377950,131072 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4948 --field-trial-handle=1764,i,15806723420478085471,4056898151378377950,131072 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5356 --field-trial-handle=1764,i,15806723420478085471,4056898151378377950,131072 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5812 --field-trial-handle=1764,i,15806723420478085471,4056898151378377950,131072 /prefetch:1
  2⤵
  PID:304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5972 --field-trial-handle=1764,i,15806723420478085471,4056898151378377950,131072 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6192 --field-trial-handle=1764,i,15806723420478085471,4056898151378377950,131072 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3168 --field-trial-handle=1764,i,15806723420478085471,4056898151378377950,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4228

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1180

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2136

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5ef348e2-cbf6-4270-97f5-972f611e7c23.tmp

Filesize
6KB

MD5
46f0525240e5e109d8070f3203fd3ed4

SHA1
a204ea5d2897757b323fce467c41870bfe1af111

SHA256
a395d1dfbb4dc4c19bfdf7f4d6a0249807129536b7895419b851a6b4214bccbe

SHA512
c68cade156985b819911f012fc2ebc35a367a09866f52a655baf5327bb2479a62c70e4b90d5baef7ee81936b86e937b6594396b0cabb0d0b2cd0c2e494663b55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7544bbcd6046266be4d1bada3a3514d8

SHA1
173612f9effe13baef992e4b250b036c6abbd2d3

SHA256
6854d7af3726f5a4423e535d45c030aed7a7f86c95c11ad2dc6cbd05956f5de1

SHA512
fa02d30e5fec2120f0a5c34ab3105e33954de294ac01b6d96aa93b42093fb97d0ee31ecdb09a091c42e99fb804a995b568badf9fca1e924c01dea548450c2ddf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
18c34e3468f8e0282f05122707aacf43

SHA1
1cdbd794d137baded9f71d093a843de3a0efe2ec

SHA256
ec01b7670d0ddd7c6c04fd9660d3eba53b0ab5055c67173578d7204a84805ead

SHA512
4565ef2a9fa121633196ae94d959b8b6a76a78ee01b180a3b6060da2bd66dd1b2ce2e8c3c57cac3d1528fdcd0442ec55282015b428eb80d1a3bb9754ed4ed080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
ae06e28c957efcf6c5624433c3700093

SHA1
5dbfdd54d5a8481954bbcfa7268bb87c3afb5df1

SHA256
d6cf158b0fa6e5c078cbe712a77e3c029e9c03c54ced7af645ea993078e23840

SHA512
09d5d441c9021a85ab1e71ca8212138d1f57186f9cd1f4d78708fa13025a2bde0ed47a03bea78c8e4b189c392bc66381e85d66568a047a23310b98b3b63a4851

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d8a9837ecdcb852b35b24e96ec9c2100

SHA1
c0aa51d2f2cd2224b4206b870175bad3494d8f58

SHA256
2f21b42deb43d99d7990f435d9dc1aeb9b1bc0c637ab82b7f70466cb08142b2f

SHA512
0764fe5e07a890738543d0de2aa16be7e0e90dbd2b60ea18484e53705345cc74492d055b4a2fa20947eec31dc400a15ba6b2f63e2b1fbf33e3fa71a2e1c3538c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
3024a0d0e2fae7be79cb9ea16b8d1670

SHA1
0a07ff18c2dfcb87a2588cd8c7b147c958acf898

SHA256
cac86e582bc98bfd5a527dfafcee1d41e7d958823a6cadce3141184816c2c80c

SHA512
2499ea14854a0e878578e1e7f058a54ab06fe6923a951bd2c5eb3c9f4908a46f81482141467c8218dea3abade4e1ef2181202599c7efa670f924e4ed5055725a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
17cd087ca264e66c90612a0d606867c7

SHA1
223be951cd549772074ab86b2bdaf4b34aec6e42

SHA256
a642e8e938f657fdbf75cb8ebc9b1dad8881599e9ff3383cc09a4b6d35bed05a

SHA512
650a71d606cb267ebd1bf9a12f068ee1a2d7b56bc6809229b3d686d5305fe2b4aa12b69460f0cfece278d4bf27bbb7da68988b19e2abd470c3451d9eb1eab020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\20274f4c931449e4374b8b12a14da38e9af25691\index.txt

Filesize
182B

MD5
f7808f8dbd633ab9c45d0fb04008213b

SHA1
9119b4120c2b6a97fca0ff170687b01015c9c1f6

SHA256
dc69b335ad3b6db3ca74bd70bd15a5044088c66245bd024191a25ebd093b3376

SHA512
e9f05de286ae7bc0ac763cf1f2f952320e2c7ace981ad8ecac00e82b13e61945885812e5fd40a506df5dd873912a0cc24145a632b33cf70ad0d7834945cc39a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\20274f4c931449e4374b8b12a14da38e9af25691\index.txt

Filesize
175B

MD5
c4ab82db926875e825559ed17aed3b39

SHA1
a4f00f38fbd2437204ea5af28cd5cf53cf48b612

SHA256
f4c2a59fc8fef604ca0ad65ddedce5dbbb7eafca05707f45dd353e6442a7e807

SHA512
c31ffba216793dd61e03a677d80f6963c63701a4d29ec67a81d4bbe985e768ffce8ec56ca78642c470a4c89a5c9e856749eda87e7684d08e6ad440f205bd5f64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\20274f4c931449e4374b8b12a14da38e9af25691\index.txt~RFe58076d.TMP

Filesize
123B

MD5
42b68c89666c63c8adab881ee1899729

SHA1
5e8aae9f627c9cfda4148fba0658a916a81f6632

SHA256
16916f7f2894af21cd40c01e563f172386d7cb0d1d84729c83c13145ff2868a9

SHA512
29c630e67cd428690aa4b55d3fc27e7e308f4163d41b15b9eca138836dfbcc624d52ece7135eb55cf86bbfa2dfad96347e494d4fd9efd48c911a57e5c70ee005

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
2f24b1dd202788863a35f4c04e09e050

SHA1
2ba6b1dbb24af69c04ea6e49f199832ea3f4801f

SHA256
53ebf6d893ffa0460c3f7dcc0054adc75a2adc37e08a29eebadedb0d662793aa

SHA512
5391b06358af5264aab4de8c5d9e0f79b0528ef11ef87892c16df8a94cce14f586f47edb8d716196fc26388b61dd6f083e6e39c83690cf9e713883280727653d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
ca1405672be6e9dd597fed5e5b47a7ba

SHA1
d4a12da84e63a79d88b30860dcdb0ea77e57652a

SHA256
e14ac157865fdf8c8ed67d466638afc75549e78906b521f65a081a13096f3fea

SHA512
f81aad7978df921692475078c4bfcc8da6ebc5314e68f11aeecf4364dabc836a62fefeee72c24565ba93257af6dbada34a34bf5f8229bebbef003474eeec3612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit