a75fed43563d232fff8f856ad773893c365a7b9c02abe2fc5e6c2679dd36ce90

Analysis

max time kernel
1799s
max time network
1766s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21-08-2023 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

headphones-icon-1024x1024-danpcxo2.png
Size

64KB
MD5

c39689da0ebb184bb69c0367a2778914
SHA1

b09754eea3ef0952103971b9ef504eb2ec38f5b0
SHA256

a75fed43563d232fff8f856ad773893c365a7b9c02abe2fc5e6c2679dd36ce90
SHA512

38afe9a35b3df3b894f38be3682822ac81bd147e44b1d91278a5676674f4bd6421030c4742ee2a129ea3b084d9682b2762e8f6eab5bbb8499b20f9da7794fa55
SSDEEP

1536:w+N6Jjwz79SlhRXhDy8FDl3qvYkSmS69L9fU0J4Kz2:w+Z7GTxlaVs6rsm4X

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
87	ipapi.co
88	ipapi.co

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133371027795740495"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4896	chrome.exe
4896	chrome.exe
3252	chrome.exe
3252	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: 33	2828	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2828	AUDIODG.EXE
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4896 wrote to memory of 4032	4896	chrome.exe	91
PID 4896 wrote to memory of 4032	4896	chrome.exe	91
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 1564	4896	chrome.exe	92
PID 4896 wrote to memory of 4372	4896	chrome.exe	93
PID 4896 wrote to memory of 4372	4896	chrome.exe	93
PID 4896 wrote to memory of 2272	4896	chrome.exe	94
PID 4896 wrote to memory of 2272	4896	chrome.exe	94
PID 4896 wrote to memory of 2272	4896	chrome.exe	94
PID 4896 wrote to memory of 2272	4896	chrome.exe	94
PID 4896 wrote to memory of 2272	4896	chrome.exe	94
PID 4896 wrote to memory of 2272	4896	chrome.exe	94
PID 4896 wrote to memory of 2272	4896	chrome.exe	94
PID 4896 wrote to memory of 2272	4896	chrome.exe	94
PID 4896 wrote to memory of 2272	4896	chrome.exe	94
PID 4896 wrote to memory of 2272	4896	chrome.exe	94
PID 4896 wrote to memory of 2272	4896	chrome.exe	94
PID 4896 wrote to memory of 2272	4896	chrome.exe	94
PID 4896 wrote to memory of 2272	4896	chrome.exe	94
PID 4896 wrote to memory of 2272	4896	chrome.exe	94
PID 4896 wrote to memory of 2272	4896	chrome.exe	94
PID 4896 wrote to memory of 2272	4896	chrome.exe	94
PID 4896 wrote to memory of 2272	4896	chrome.exe	94
PID 4896 wrote to memory of 2272	4896	chrome.exe	94
PID 4896 wrote to memory of 2272	4896	chrome.exe	94
PID 4896 wrote to memory of 2272	4896	chrome.exe	94
PID 4896 wrote to memory of 2272	4896	chrome.exe	94
PID 4896 wrote to memory of 2272	4896	chrome.exe	94

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\headphones-icon-1024x1024-danpcxo2.png
1⤵
PID:3304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8497c9758,0x7ff8497c9768,0x7ff8497c9778
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1928,i,11372098091924412345,5528393397067664139,131072 /prefetch:2
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1928,i,11372098091924412345,5528393397067664139,131072 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1928,i,11372098091924412345,5528393397067664139,131072 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1928,i,11372098091924412345,5528393397067664139,131072 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2236 --field-trial-handle=1928,i,11372098091924412345,5528393397067664139,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3828 --field-trial-handle=1928,i,11372098091924412345,5528393397067664139,131072 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1928,i,11372098091924412345,5528393397067664139,131072 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4924 --field-trial-handle=1928,i,11372098091924412345,5528393397067664139,131072 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1928,i,11372098091924412345,5528393397067664139,131072 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5256 --field-trial-handle=1928,i,11372098091924412345,5528393397067664139,131072 /prefetch:8
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1928,i,11372098091924412345,5528393397067664139,131072 /prefetch:8
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:5068
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff75dfe7688,0x7ff75dfe7698,0x7ff75dfe76a8
    3⤵
    PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4992 --field-trial-handle=1928,i,11372098091924412345,5528393397067664139,131072 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5292 --field-trial-handle=1928,i,11372098091924412345,5528393397067664139,131072 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4132 --field-trial-handle=1928,i,11372098091924412345,5528393397067664139,131072 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5364 --field-trial-handle=1928,i,11372098091924412345,5528393397067664139,131072 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4632 --field-trial-handle=1928,i,11372098091924412345,5528393397067664139,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3356 --field-trial-handle=1928,i,11372098091924412345,5528393397067664139,131072 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 --field-trial-handle=1928,i,11372098091924412345,5528393397067664139,131072 /prefetch:8
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=244 --field-trial-handle=1928,i,11372098091924412345,5528393397067664139,131072 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4688 --field-trial-handle=1928,i,11372098091924412345,5528393397067664139,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3252

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1756

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x50c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2828

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
1⤵
PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\54296a03-1ab2-4cc3-a507-62dc9e069dff.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
16972c9fd8f8d2dc2c30eb4f02a0fe5e

SHA1
578a70f7f49d7ed0e221727c8f10723d67ed1ada

SHA256
f958ca0538af5ca52cdc4cabe4f981b5053e1204a7c273b81831823128f5aab7

SHA512
100ae599b0ae5802eeab03bc51a23695e72edc8d9f9f699265f191c423b577f545f789382c980a0f39d0f0ccd8fc04eb27333ede57a9aaa4878f7105ccff69c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c737b1c284e571a510ca4205c0eff55b

SHA1
b71597e31827841822c1eb2f641222bffd9ea94c

SHA256
aad6ed1afb52267afe9e2614f67e9a251af2f0b436d8dca8e9fee5905d1fba47

SHA512
796ef96fb95f410cb5d7a5bdf52ff09ebeade2f845bee41aedfbe8261eb7daa93fcea7e4b57ff81f249b296de1f8a636031f5f37bb7b6d9a874bb4dcfa6f8316

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9c2cac2646bf9df7aeefae1fbb5d5364

SHA1
da999bfedabfd415804994e4698c9cd5e2618a0a

SHA256
73f2f5baecc131125f9962a996fb8e97e665c8dfde3346f95a8933872f6b9b8e

SHA512
0aa50380fedca149df902885a4c2c9d07879be617914d97f511eeeed90bd7614123edbfc38ce458a105d131b80e858ba4edb3d3be5bad348584c2f64f0c5ac2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
bc7d6a8ea5648eaf5ff0fb466396bf5b

SHA1
fb9e2a8fe1c251f45496f4b60d5c8dfddbb601c5

SHA256
87863dbc9b8e8bbe7c27bc50a7943bf0cce6acb245051ee76f5d94e85920f9a0

SHA512
6b404c06a29a49472efd44da1a888f084501ee63c7eb6f887eb921e19fc3efa797201c5cbc7ab51ae48e35ae66f39226d81617e60d39c5fcae76da5093d20813

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
021f3256416b7bd24cff3b62ee532d60

SHA1
c940d3b41e13a52140624693594ffcda8558f6e8

SHA256
28f0630badea08e7b89e0449108b43d4e2e75615b5d87ba9e15c7e506312f27f

SHA512
b8b74302bdde2de80276f70ed71f93031dd5ff3fd9ec1533c33b0705cc2a60e91a49b868cd9abfe4b73f8e4413d0245f74cdeb1811b9628104fbb655edac06d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
351eb8eb9284019fbe1eac2caac5cdc1

SHA1
64c316a6b92bc6d18088c9887ef036f19c02b793

SHA256
66f2d53b9a7911e446fc3cf9cf1b9f40462e84072bf997bf59b3ab4bcccff94b

SHA512
185ff688f8856bcde019df9baa518cbb004fe000d207f8afabc91b693d5f423c7580a991be146f60af05b272496856a9ff57015eff320dfb44c3ab6fefcb6759

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
f0324169d9e4bbd15ec1b3e62c70041d

SHA1
96cf407f567fa1d19760f46997bbd00b7ccfa50c

SHA256
32d14ac3ffccc4e981cf9992cd90152d16f392ee73596b7f57898828b3c35200

SHA512
bbdd7bc550f26b529a7174128e7177642e6ee90ba649daf93a1455a0c5a53fe0f65d805aa7033d9ce4eaf5e79c0508438ec07a324dbaa1cd1f09be7039e9b02e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
daf1460739336ce66e8fd4133eadabd3

SHA1
e3fce8873aecf6e6a7987df1af5f19267a3b34c0

SHA256
68750ba4f7c4511ace0fa9b4cca4aa805e4db6971fafb5c089d7b69d90866d7c

SHA512
1f1d931796b6c865c9ff27c66df222e090858e42d0afa6ff913d8da043f370c2d1267e5e46a372f0dc083f7155ef592a7c480dab5803d3220b221e9e98af68e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fcc6364503ddec0e233094db9deac433

SHA1
28839e35d56badbe6ae539509aa47fab9b672d0f

SHA256
a1d1c84e828398b67cba9d576d7f5ab464ec1f78b8587cf881523b7416f3848b

SHA512
d148746817f93d9bac6976d5f88d33dcebed8f9b98ccbe34c02d2c7c0f53c66c17d36bba67b1e1998c35e05378a8bd570cc91c2ea54410d1cf0b40953ac6744a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
fd41ebbf2781134cd4846cbc498f51c9

SHA1
e1628fe7a71cf45a43aff7180250165af180556c

SHA256
def84233d8591705378792d794eb38558046b40f59486f9980620a1e16f1b082

SHA512
a5b2781044c3c0c1f9c5d2905f6657dd7799a9e7c86675f67f0096f2b2d3c500044a68452a8d300fdeb66c85dd9f932310c41f5ec535692fcd8a9fb6bf57fabc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
176KB

MD5
4d621a04a92bfaf48fdb19709819b7af

SHA1
9781eb81d2069896858b282bab57726629a9706d

SHA256
5e0a84d55d83d52ef17970be9c228bfe5e05144f660cc031a95c8b94c6604ff1

SHA512
0372d92009e6a9650a646b98aff751d92a4f5a0d440f1c0f2aebe5d28cc1b920e865e7b2a7147eefbb1522511bf143f1a81c1ed7b8dc1ce81286ae7ca20a1151

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
0db1a196236ce81ac711c4061815a9d3

SHA1
880914ddc98548b722272be84492c681b448f492

SHA256
eec04152ba54ea4931f9fa81743f5a027f416f9a90ed7b534d3f099d49d82e61

SHA512
9f0561bbe4d1acd93788a84287edb8909acc26afc3c362d895518c6b6480eadd575754580c79e55b9949b8c9c27a408d99f21275a314968bb0d3b8ed36b9f2af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
c28d19480aea9d3ca08d51b00ffdc66a

SHA1
afc6fde6d30bad2c27426b8e4c9af7b875f23b57

SHA256
bd1452393fa07ef624fe964c1eb527599950ac944fbe60d89312952ccbb84770

SHA512
346995b30d6ffaf5a0dcd351284da527ad99ab42357343980c083ccaa204014d68d98ce7758f263db48481ad49ded5460738c545f2769824748b94119eacfe46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583a45.TMP

Filesize
97KB

MD5
6279683fba81c538a0e9e0a2cfa25057

SHA1
1c7711132047c30408edc9bd847da3e3a5237954

SHA256
89d94f1611dc9add932656247b6a4b1ea32e124be41c7a1d3f56969adb4bd597

SHA512
033f2ab06b9dd16aee72def3ab6de7e5f176d037b6563d4975b3e6e3b8010fa9f0463859a6060795fde142282ac8c5dc7a30bc91fe0a86620eb8c7f3256e0650

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_4896_UMDTICIJIRJEPGWT

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit