hxxps://orm[.]dvrdns[.]org

Resubmissions

07-08-2023 08:55

230807-kvqswaee46 1

07-08-2023 08:44

230807-knnd6sed89 1

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2023 08:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://orm.dvrdns.org

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133358721472534307"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3464	chrome.exe
3464	chrome.exe
1376	chrome.exe
1376	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3464 wrote to memory of 3724	3464	chrome.exe	81
PID 3464 wrote to memory of 3724	3464	chrome.exe	81
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4036	3464	chrome.exe	83
PID 3464 wrote to memory of 4252	3464	chrome.exe	84
PID 3464 wrote to memory of 4252	3464	chrome.exe	84
PID 3464 wrote to memory of 4196	3464	chrome.exe	85
PID 3464 wrote to memory of 4196	3464	chrome.exe	85
PID 3464 wrote to memory of 4196	3464	chrome.exe	85
PID 3464 wrote to memory of 4196	3464	chrome.exe	85
PID 3464 wrote to memory of 4196	3464	chrome.exe	85
PID 3464 wrote to memory of 4196	3464	chrome.exe	85
PID 3464 wrote to memory of 4196	3464	chrome.exe	85
PID 3464 wrote to memory of 4196	3464	chrome.exe	85
PID 3464 wrote to memory of 4196	3464	chrome.exe	85
PID 3464 wrote to memory of 4196	3464	chrome.exe	85
PID 3464 wrote to memory of 4196	3464	chrome.exe	85
PID 3464 wrote to memory of 4196	3464	chrome.exe	85
PID 3464 wrote to memory of 4196	3464	chrome.exe	85
PID 3464 wrote to memory of 4196	3464	chrome.exe	85
PID 3464 wrote to memory of 4196	3464	chrome.exe	85
PID 3464 wrote to memory of 4196	3464	chrome.exe	85
PID 3464 wrote to memory of 4196	3464	chrome.exe	85
PID 3464 wrote to memory of 4196	3464	chrome.exe	85
PID 3464 wrote to memory of 4196	3464	chrome.exe	85
PID 3464 wrote to memory of 4196	3464	chrome.exe	85
PID 3464 wrote to memory of 4196	3464	chrome.exe	85
PID 3464 wrote to memory of 4196	3464	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://orm.dvrdns.org
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb8fc9758,0x7ffdb8fc9768,0x7ffdb8fc9778
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1896,i,11511520923122480181,91880461506229278,131072 /prefetch:2
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1896,i,11511520923122480181,91880461506229278,131072 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1896,i,11511520923122480181,91880461506229278,131072 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1896,i,11511520923122480181,91880461506229278,131072 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3156 --field-trial-handle=1896,i,11511520923122480181,91880461506229278,131072 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4532 --field-trial-handle=1896,i,11511520923122480181,91880461506229278,131072 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1896,i,11511520923122480181,91880461506229278,131072 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1896,i,11511520923122480181,91880461506229278,131072 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5216 --field-trial-handle=1896,i,11511520923122480181,91880461506229278,131072 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5392 --field-trial-handle=1896,i,11511520923122480181,91880461506229278,131072 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5612 --field-trial-handle=1896,i,11511520923122480181,91880461506229278,131072 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2152 --field-trial-handle=1896,i,11511520923122480181,91880461506229278,131072 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5828 --field-trial-handle=1896,i,11511520923122480181,91880461506229278,131072 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5272 --field-trial-handle=1896,i,11511520923122480181,91880461506229278,131072 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5856 --field-trial-handle=1896,i,11511520923122480181,91880461506229278,131072 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6016 --field-trial-handle=1896,i,11511520923122480181,91880461506229278,131072 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4440 --field-trial-handle=1896,i,11511520923122480181,91880461506229278,131072 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5244 --field-trial-handle=1896,i,11511520923122480181,91880461506229278,131072 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5756 --field-trial-handle=1896,i,11511520923122480181,91880461506229278,131072 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5780 --field-trial-handle=1896,i,11511520923122480181,91880461506229278,131072 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6076 --field-trial-handle=1896,i,11511520923122480181,91880461506229278,131072 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2680 --field-trial-handle=1896,i,11511520923122480181,91880461506229278,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1376

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
4d9a099da457cc95433d5c34c4047470

SHA1
d8e1eb04facc10beacf6ff7e31215d84b27e5186

SHA256
896f1c194e10aa967f2e1c6af13b19c4be79700b6530bb694d1ef739c2de0b39

SHA512
ac0590689e3bb23d2f08d1eb6b13aeed3249a93aaac9cf149dc132efa3dac0860880e57e78ee8d8a2240f2ede56add3cfb0b5f916d3b8b9f501e11ee553a086e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\8e572101-0d3f-415f-8056-8d622c911471.tmp

Filesize
1KB

MD5
ac46523cab6713b22901b5ecbbb34f3f

SHA1
c52149a77093d21d36e1e601561f41c9a4eb48f1

SHA256
727a5f1227894d388135506748f1b4a9f6c8fd1aa6726ad7a1e056905e759efb

SHA512
28d232698bf4e24fabd3da79aeebf77478553842a5d6929e8138bede9391fedca19d43c91e4ce64a27a0d5c4050cef7173ac1642bbc01ec6e0f87781ab92c7ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
6cb6d700b8614cdbf51e2a12f5ca1e1b

SHA1
e3b9fd5c3e70339f05b88252f04a50fbf0d34f0b

SHA256
f4a0aa0b24b63f7bc03e03dc7f5960546e9b34404ae747eac94dfa86a8ee6602

SHA512
a5fca08b34cc89e80d34b0eadb213ca8360bfaaa88c16422df30fcec919906db20c1de04edfbdaf0d9fea42339711ca2856cff03159d8c4faf10e4aad494f675

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
ca04ef7d1d01edeafb0c90761de2a29d

SHA1
98c1e6ec9e52408a7e3766166192f3365bb1dd8c

SHA256
e01ba480e071ee49a2efb10d2ebeb8a28650f4cac8b6fb581f4e0e1ef8165577

SHA512
4cb6f15052e1a90a6fbf7469423b1bc5ea4d66dcc570d95291f1d0813d6b0565e1677f9870d5bba3edf7c07cd6a1a74cbef4994a524ff82a175d63afb6cc9f71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
553ff4436eb525a1882119a0b79bd10c

SHA1
220c3e78db66c1596f7cb262d63e178faee7b3db

SHA256
7a07893905199ef449fd653aa22b660f95eb4f48e3cfda191622380eaf212c6e

SHA512
91021aca61cb2e44b38d1b88bdd069e379985378314146610ba3835c1ce4dbb0a90e03f809c2f22e6daee4dd626433147d52b16d39da91d70bfbc64f7b8bd6e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8371eb3631ebd4c435e0fa7c2d0a6da2

SHA1
db76501d8aa57516fa073d810f7a24fae6d27ce6

SHA256
380ad105931aaa647c9a44a546253c4e8b0fd950e7a983be6298cd3ab7c059c2

SHA512
2539baf39d94b215f0b424958bdc234ee803287021da34164f0db19584c52276d1894a58da8c66a73c7ce758e0b963d7c631f5c505fc92cc17ec2e039220142a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
48093795ca5daa55e0ecd9a460ddf71e

SHA1
da9da8a7d995411229444ba670ca194657c6339c

SHA256
39c79a3242d064b0daf803f2ec1cbba4ab140ca40668c21296f4287297f33fee

SHA512
569978297b626820645ce6a5a224e1caaa024e9a50c622ed18523650d76711e412977ed92cf0464e536c612c175d3522b8085b8c0f227347bea044cbf4a19e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
75b74f5b10197487b732ab1dfeca1596

SHA1
d2884472d35044f747ff3aa24f8c526f3a9f6cb1

SHA256
ae07f9ea05aa4f2287d24aea94d5f4a854d05e65d5890a7d2a7b551ee926ccf9

SHA512
6f4e2cf93f20691853e05d832297c0926c09fcd5228b797b6ee4cbc0be22e07be9fb3ef0849b35d6e4d6cbe2ea75ef7c507233bab90f9514e28b9fa422e6ea73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3926b299bcc643019426593c1288ce2f

SHA1
13eeb086d87391bf101af03c0bf72e96ba523726

SHA256
e5439a0691d27f90d355f2a789efa8e6b66de5e74201c94736b09bada3ef90a0

SHA512
2a0adff5573b34d5ab97b00ba16d5ec77ef81a0ab0682d768ba6a8693410f235ec2b21b8059833162a7978911b599b30870313aa800b4c431c50a2d047527c61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
794ba1662fd2dadd4f456938985344e2

SHA1
e81a588775edfdebc4fe15230c2db082f8f1384c

SHA256
87b7908da4de262e7d8c6b39a8220716583650a85d106885870eef7d62b62338

SHA512
cbb40642c6cdfbb10b53956286fd6938e897c9f99dda622ddbb3050e205feb0c354427ec122e9616bd11fd81893e4cf34b4100a8bc70411a7a329b07a2eeb3ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
23941fcb5e33819df70a7aa6326f787c

SHA1
fe560cb378a36566684c86a018791922a63d641b

SHA256
a6aa9d199273483347796f814032f7cd810352b61ad5bc7822154b23c0ab6ed9

SHA512
b2ae620f03f79a8b37b4757db0519e505910377c55bb36d136ba1b8e3eb8a52e8c7b8ddc842483593e47b58f79c540a09be4554a352fd50112c0dbc4dbe459c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
bafb697e18ff723d11dd9330450bad1a

SHA1
6ab21b3b597617e58b206e92682b6cb8470e45ea

SHA256
4d1da42ae481f1a9e37e5706bafe799aa0f21bcdae02c89cfeeb9291f25c48d7

SHA512
b592fe7b930d1fb8f64509ef0937a1b1cab7e70bf13e14a1d712437a43a01f8ebbba33053625dfa57d8454ca583d7345ce6547ca787b76e0698b717c2975484e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
174242b00a72245f84de5348e9e687a7

SHA1
0242c32d2a788da32e8ac5660ef9c683bb992dee

SHA256
f7a387114962c071ff62e11f48bf4cc494008c80f472043a033cb4328a7d4d77

SHA512
237e9652611a38b72d7427db9a6c490ecdd3f0c7adaf77154bd12150ebad981116611e58bf2acf42beaba822f2eac4656e5236e13cfc1bad77f4b1f0718e0857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e88b.TMP

Filesize
103KB

MD5
42c11c779d1d9a6700945a5399eec8d5

SHA1
542407411ef1925a9802be921ba3629766c492c4

SHA256
f0c5fd040828c9859cc583eec421a266ec50a8608550b34845f5d58e8fe4d376

SHA512
3fba6b6b30304e5a29057147e1739bd83b6a5f31e295d1adfeb923ebca2216ad7b6ba80064578d20e189844067b3dd7a1dc39ddd6118fbc561bebad34fe2be2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit