431a7283c83d5c3333c2d474a2e26f4be7d73e1f76950ea061b026fc6b528c19

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
24-10-2023 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
Size

1.3MB
MD5

394e132a70f54821f87fef026de13e13
SHA1

3e65777f8b408aa7969d901070f85c39bb88eb78
SHA256

431a7283c83d5c3333c2d474a2e26f4be7d73e1f76950ea061b026fc6b528c19
SHA512

597d8cbd91558d77f43ede3884adeaee838aa86e87e450189d60167e420077cecb360931a8dd875115f64d73cf0b76d5fe229f29bd796451a5f57dbd4456c7ff
SSDEEP

24576:Iu7l8pLFNR8S5ndckqKqXxgHPmNi4RVXDSVXT5XMW26+HVgya:rS5dcBRhawVkXT5XMHh1g1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133426444860869277"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe

Suspicious use of AdjustPrivilegeToken 37 IoCs

description	pid	Process
Token: SeDebugPrivilege	3184	Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: 33	1360	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1360	AUDIODG.EXE
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3460 wrote to memory of 3420	3460	chrome.exe	98
PID 3460 wrote to memory of 3420	3460	chrome.exe	98
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 1396	3460	chrome.exe	101
PID 3460 wrote to memory of 5044	3460	chrome.exe	100
PID 3460 wrote to memory of 5044	3460	chrome.exe	100
PID 3460 wrote to memory of 2768	3460	chrome.exe	99
PID 3460 wrote to memory of 2768	3460	chrome.exe	99
PID 3460 wrote to memory of 2768	3460	chrome.exe	99
PID 3460 wrote to memory of 2768	3460	chrome.exe	99
PID 3460 wrote to memory of 2768	3460	chrome.exe	99
PID 3460 wrote to memory of 2768	3460	chrome.exe	99
PID 3460 wrote to memory of 2768	3460	chrome.exe	99
PID 3460 wrote to memory of 2768	3460	chrome.exe	99
PID 3460 wrote to memory of 2768	3460	chrome.exe	99
PID 3460 wrote to memory of 2768	3460	chrome.exe	99
PID 3460 wrote to memory of 2768	3460	chrome.exe	99
PID 3460 wrote to memory of 2768	3460	chrome.exe	99
PID 3460 wrote to memory of 2768	3460	chrome.exe	99
PID 3460 wrote to memory of 2768	3460	chrome.exe	99
PID 3460 wrote to memory of 2768	3460	chrome.exe	99
PID 3460 wrote to memory of 2768	3460	chrome.exe	99
PID 3460 wrote to memory of 2768	3460	chrome.exe	99
PID 3460 wrote to memory of 2768	3460	chrome.exe	99
PID 3460 wrote to memory of 2768	3460	chrome.exe	99
PID 3460 wrote to memory of 2768	3460	chrome.exe	99
PID 3460 wrote to memory of 2768	3460	chrome.exe	99
PID 3460 wrote to memory of 2768	3460	chrome.exe	99

C:\Users\Admin\AppData\Local\Temp\Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Back 4 Blood v1.0-v20221214 Plus 15 Trainer.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3184

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffeb1439758,0x7ffeb1439768,0x7ffeb1439778
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1932,i,334735723833305788,10562629731558938157,131072 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1932,i,334735723833305788,10562629731558938157,131072 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1932,i,334735723833305788,10562629731558938157,131072 /prefetch:2
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=1932,i,334735723833305788,10562629731558938157,131072 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1932,i,334735723833305788,10562629731558938157,131072 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4760 --field-trial-handle=1932,i,334735723833305788,10562629731558938157,131072 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4124 --field-trial-handle=1932,i,334735723833305788,10562629731558938157,131072 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4136 --field-trial-handle=1932,i,334735723833305788,10562629731558938157,131072 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1932,i,334735723833305788,10562629731558938157,131072 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 --field-trial-handle=1932,i,334735723833305788,10562629731558938157,131072 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5324 --field-trial-handle=1932,i,334735723833305788,10562629731558938157,131072 /prefetch:1
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5184 --field-trial-handle=1932,i,334735723833305788,10562629731558938157,131072 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3496 --field-trial-handle=1932,i,334735723833305788,10562629731558938157,131072 /prefetch:1
  2⤵
  PID:2704

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2180

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x454 0x418
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
6101c5588015e17ee7d2931f2d6652cc

SHA1
ac9c65f28e1efc7a8a1779be892816c592abef2a

SHA256
9bc7f99c6032605f6e5bf92338bc8663db448ed3a58429f7f89dc2a6a1466cfa

SHA512
358306dfce9c9bf27751f4eed18da957e483de8985aeb5b3ed37484f38a8d7a2cb38cac618b0da97c564261e6866ec595b87c6fa23a4b8550457782eeda524fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1d3f0de67f52b1503919283400466aa8

SHA1
baa1fda2435a18f026f251d616189b7fc967355c

SHA256
fc7ce6fa52f5c9d56382b2960e1edfae3b4f576f4fc0cf90966a6629c8879025

SHA512
65172baa92ce794133fbce603f964a0932fed1e1bc6c983a904a863e55691407791aadebd8fcabad4b329b873ba2c2699bc9e93d06458610d5cacb2cd78ced02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
a09c083d00bf254b93275d460a74a113

SHA1
48df3a8e2d3dd1c8dec8d2d25607bc69802d8845

SHA256
1001815cf33feccc59b3ea26143fcc15ccb91a13cf6e4b25a2e966fbd8bd076c

SHA512
cf63d59885f146d8113a02e703a2c8a6c51bd955950ae8b328192c1321758f877cd2241e234821f285f9ab69ac8b334c44e7cca8fb1ba96dca7210bb458d2e28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
08e0832a4bd389a1bd1dcfd3142e3e80

SHA1
cc8b2b463328ab531ff8e41b9a787704173b81b8

SHA256
615ab38effed28ccb09cfb4f18147ae1b5bbc73ec94609501762bdaf562dd1a4

SHA512
8b63763fdf7a640329db5b5c03541f622002cbed13f8555e71b7eab6c9819f845050171341e348fb8d3208cf038cfafbdd3e6858027428763a8356a0b6b53986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
07b5cbdc167edd91195663aeaa5da617

SHA1
1e086ab6cffb13645edd6bb409cc31dc5bba2cd4

SHA256
a03bcc6a7a7e3feb1182b08573246d3205b7bfecd158680d7bc4f6329d276317

SHA512
1526f18adddfdea2e71db7dd95a1d1532b4a938ba30acc3ae060c46156c9fb4bdac63da56afad0ca2943bafa9b01c48b95e052ce10a2ea90128bc1bc4041a480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e69676c8bc989f8ce4bf64cff30dc40e

SHA1
c970d536b2d64fbfb283c804decb00eea2ce9a36

SHA256
e11c5aaa4ae0eaa859f2a559214f3936e26a094241d76c2a32b6e625792263eb

SHA512
646b262797680a568e6b5c57dd03c452a96d62ac04ec8d543fff2e78b374ffe2d342b8546003a8ac34157b5d15fd096701b9a890c3b17a55dfe4c9d24f3860e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
6cbc0cc4a0a4daf16eb2dab5396ac5f7

SHA1
4cf5916ee4b58fe75aac1b482b30bc65ec50a5a3

SHA256
f213cfdbdb57ee72095219b1d55890cf24b4cb661678beae99904f17b715bdb9

SHA512
30c6451b06811ceee3c22121b08d5732d355dc1bd79cac5ef8f7595dfee3fa890d4546a44878ad9d0f10f769515e7cbe2fd1010786cff9e49f46fac4a608d810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
75a68499bd88def712e380b74776b9a8

SHA1
eb3d9577b3598eb063df1485fb945c5641e410c5

SHA256
497f45adc270fb1a340b97dead204408155863223f854406ab14f6c0a63b01bf

SHA512
3882c239c925070f8fa09797eddef8498bb0e84516aec34645e876419eab88d63c7510f79434d52c9f7d5448acabba2abbf72597ab5bd10d022544c0edd72853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/3184-10-0x0000023F2C810000-0x0000023F2C820000-memory.dmp

Filesize
64KB

Download
memory/3184-12-0x0000023F2C800000-0x0000023F2C80E000-memory.dmp

Filesize
56KB

Download
memory/3184-29-0x0000023F2C810000-0x0000023F2C820000-memory.dmp

Filesize
64KB

Download
memory/3184-30-0x0000023F2C810000-0x0000023F2C820000-memory.dmp

Filesize
64KB

Download
memory/3184-27-0x0000023F2C810000-0x0000023F2C820000-memory.dmp

Filesize
64KB

Download
memory/3184-26-0x0000023F2C810000-0x0000023F2C820000-memory.dmp

Filesize
64KB

Download
memory/3184-25-0x00007FFEB05F0000-0x00007FFEB10B1000-memory.dmp

Filesize
10.8MB

Download
memory/3184-28-0x0000023F2C810000-0x0000023F2C820000-memory.dmp

Filesize
64KB

Download
memory/3184-11-0x0000023F2E160000-0x0000023F2E198000-memory.dmp

Filesize
224KB

Download
memory/3184-2-0x0000023F13C80000-0x0000023F13CB4000-memory.dmp

Filesize
208KB

Download
memory/3184-9-0x0000023F14320000-0x0000023F14328000-memory.dmp

Filesize
32KB

Download
memory/3184-8-0x0000023F2C810000-0x0000023F2C820000-memory.dmp

Filesize
64KB

Download
memory/3184-7-0x0000023F2C810000-0x0000023F2C820000-memory.dmp

Filesize
64KB

Download
memory/3184-6-0x0000023F2C810000-0x0000023F2C820000-memory.dmp

Filesize
64KB

Download
memory/3184-5-0x00007FFEB05F0000-0x00007FFEB10B1000-memory.dmp

Filesize
10.8MB

Download