2363deeda82488c8a655dcae25aa8c14fb11eab2bcd5ff1aec2d076c1659808d

Analysis

max time kernel
913s
max time network
1610s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
15/11/2023, 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16772166547892.jpg
Size

1.3MB
MD5

6fa770f74bf4bd04120acdfc1a996f10
SHA1

75efffa05e14607cf20a5dadea10703468377548
SHA256

2363deeda82488c8a655dcae25aa8c14fb11eab2bcd5ff1aec2d076c1659808d
SHA512

ef056f4ac1748451b0f53390d17606dcd0528f9fdb32a4677a47fc314b3867c85c3c7eebe915c4bf8b0eafb397a5ffa117aea8f4b8a860e54635c6eae17fbc12
SSDEEP

24576:0Zc6dz3ttL9QYlGT/j6htVxtKDrYrVEv9+tUbMyeifiFLPuBs4gT:0O6l3vKzTbctdK/Sq9+UMgkuByT

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133445485666121475"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4788	chrome.exe
4788	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: 33	3896	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3896	AUDIODG.EXE
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 328	4788	chrome.exe	74
PID 4788 wrote to memory of 328	4788	chrome.exe	74
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4084	4788	chrome.exe	77
PID 4788 wrote to memory of 4988	4788	chrome.exe	76
PID 4788 wrote to memory of 4988	4788	chrome.exe	76
PID 4788 wrote to memory of 1168	4788	chrome.exe	78
PID 4788 wrote to memory of 1168	4788	chrome.exe	78
PID 4788 wrote to memory of 1168	4788	chrome.exe	78
PID 4788 wrote to memory of 1168	4788	chrome.exe	78
PID 4788 wrote to memory of 1168	4788	chrome.exe	78
PID 4788 wrote to memory of 1168	4788	chrome.exe	78
PID 4788 wrote to memory of 1168	4788	chrome.exe	78
PID 4788 wrote to memory of 1168	4788	chrome.exe	78
PID 4788 wrote to memory of 1168	4788	chrome.exe	78
PID 4788 wrote to memory of 1168	4788	chrome.exe	78
PID 4788 wrote to memory of 1168	4788	chrome.exe	78
PID 4788 wrote to memory of 1168	4788	chrome.exe	78
PID 4788 wrote to memory of 1168	4788	chrome.exe	78
PID 4788 wrote to memory of 1168	4788	chrome.exe	78
PID 4788 wrote to memory of 1168	4788	chrome.exe	78
PID 4788 wrote to memory of 1168	4788	chrome.exe	78
PID 4788 wrote to memory of 1168	4788	chrome.exe	78
PID 4788 wrote to memory of 1168	4788	chrome.exe	78
PID 4788 wrote to memory of 1168	4788	chrome.exe	78
PID 4788 wrote to memory of 1168	4788	chrome.exe	78
PID 4788 wrote to memory of 1168	4788	chrome.exe	78
PID 4788 wrote to memory of 1168	4788	chrome.exe	78

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\16772166547892.jpg
1⤵
PID:1880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8779b9758,0x7ff8779b9768,0x7ff8779b9778
  2⤵
  PID:328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1856,i,14348498459578944450,7277017543056609214,131072 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1856,i,14348498459578944450,7277017543056609214,131072 /prefetch:2
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1856,i,14348498459578944450,7277017543056609214,131072 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1856,i,14348498459578944450,7277017543056609214,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1856,i,14348498459578944450,7277017543056609214,131072 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4500 --field-trial-handle=1856,i,14348498459578944450,7277017543056609214,131072 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1856,i,14348498459578944450,7277017543056609214,131072 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3848 --field-trial-handle=1856,i,14348498459578944450,7277017543056609214,131072 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1856,i,14348498459578944450,7277017543056609214,131072 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1856,i,14348498459578944450,7277017543056609214,131072 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:4156
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7b9807688,0x7ff7b9807698,0x7ff7b98076a8
    3⤵
    PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4988 --field-trial-handle=1856,i,14348498459578944450,7277017543056609214,131072 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5196 --field-trial-handle=1856,i,14348498459578944450,7277017543056609214,131072 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3744 --field-trial-handle=1856,i,14348498459578944450,7277017543056609214,131072 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5604 --field-trial-handle=1856,i,14348498459578944450,7277017543056609214,131072 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5988 --field-trial-handle=1856,i,14348498459578944450,7277017543056609214,131072 /prefetch:8
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5888 --field-trial-handle=1856,i,14348498459578944450,7277017543056609214,131072 /prefetch:8
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 --field-trial-handle=1856,i,14348498459578944450,7277017543056609214,131072 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5312 --field-trial-handle=1856,i,14348498459578944450,7277017543056609214,131072 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 --field-trial-handle=1856,i,14348498459578944450,7277017543056609214,131072 /prefetch:8
  2⤵
  PID:4784

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4164

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
22KB

MD5
9f1c899a371951195b4dedabf8fc4588

SHA1
7abeeee04287a2633f5d2fa32d09c4c12e76051b

SHA256
ba60b39bc10f6abd7f7a3a2a9bae5c83a0a6f7787e60115d0e8b4e17578c35f7

SHA512
86e75284beaff4727fae0a46bd8c3a8b4a7c95eceaf45845d5c3c2806139d739c983205b9163e515f6158aa7c3c901554109c92a7acc2c0077b1d22c003dba54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
196KB

MD5
6062c0182edb244839cbc649c13d94dd

SHA1
087883c559941f59e687a44a27a531b85e358bb7

SHA256
19f5057bd2f541af876d18021f159e827db8c103c8391ac7d37c130de8bb763a

SHA512
23582c6e9fb9580efcd31957857ffa9c714bbac2c76dd2668171393f6bd15e2c9c33921289f376ff36c25b86172fe9762edec81e40ca45241fb1a931bdacc23d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
1.4MB

MD5
72bb906d17db2fecce5a7931f5e6fd0b

SHA1
9d8f9288460678c2ded04569e68eb8a717590cab

SHA256
bfab4d50109ebabc4703c622f78c44e5d015110a6bd7d297009dcf4020d1b4de

SHA512
801f48bbb13a407ac8d13927ee716ba03a7f4c2ce39ce2320e79d27d7615a06a1e637c09b34bf08d9a650de2fc60ffc0dbea172ce575b2208a661a8d1f3538a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
5a98381acec19c5177b013e8f831750d

SHA1
36e03ee5593c3aec1bc29e4231906d8ca9089b56

SHA256
2e24461c080c16169bef4abde5c87f27184d64edae754b9392ebe99d00d7c423

SHA512
fd59936935c3830769d182775c41337059696a0d8cd92d34907659b4d9b2eaf83db61641239689523c345efd123411b5203599088df5663d63ff28ec9d90997f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
9c7581ae16083ed7d096ee279909e509

SHA1
8e41959f2435520d9d7ebeb460d8e33315da3194

SHA256
db9c507534e4feda92b2c77717e564b35c08fd69a09a84d19182bdb07b544d1f

SHA512
f987d02d7c47cfe919f14054f053b08cf940b0ec00010dd54caefe6e33e6629215248caf1b3407c40fb1de853e2187a2d06fdd3536daa5543d500ed045046b7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
c378ebb6ac4bb34f7f11cef0c14f0250

SHA1
0dcacadcc4f74035c173bd4ca5d7a9f9da8ca4b0

SHA256
7c7cc809d022598264e1322afd84942dd27e70806a3f7fcf3e65b56309dd113e

SHA512
5066bc2e235472054378d345f16c7ed5f2149da7bda0ea2352c8b63de4566f20491f739c2af3aec97aa11428249005fc8fd29f541f6e8fb78a508c7bafcd4667

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
a1ca99502c6fdb2a65bcfb99a0d749b3

SHA1
c1a26c674a4290a842137ccdb2a2e8a7bfb2e807

SHA256
c1df7dec9758d13d75bdb4079b19ba576e48d9bfccaa0f7cb73c9ceeb7e5689c

SHA512
3a06b4b502f4a477fb962d20d32b4cb8c93c79a2cbb9b1eb3d144226c34435d02bb1692b60613366630486f004d63c747b26268a667289e8c4da3ea6b09853db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
a11b89b53e81ba5faa4b3af890dbfe99

SHA1
f4595dfdfa99619a8fcaec22d76bb43add188cfa

SHA256
dbc85bdbfd321df391879383209a8d6f381d020b352faaa17a0a24ee666deb7f

SHA512
9f0ffaf68e719cd098bf0ba85e1ccfda73128a30aaa2a9c52ca7d8d444c8fac9356287032ecb429f156c276d767027482144fb861b48aad529496a4f85781f6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
9cae05f1ed56126e731c674bba056fed

SHA1
1ef0d6f3022a50bc25ee623c3459336077c7d99b

SHA256
1319170c976a05f72b650a5753e77d78a859d962b47faa4eccd87d2f6821bae1

SHA512
c65b1e8a0cedc9b1d79ae3ebec559445ffb739e4d1130c875ea4da4bb21378740dab7fb3165052be3a965d1cb82bc0f3d2bb6ee31e9299e84d91fd66595fde80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3176d015586bfcfada722f8f59c38fff

SHA1
9173ed1647fd77f9eb797d637bd73816b2516ae3

SHA256
212d3ac132f175aaaf3ca65fd3e176375cedf7bc97cd27e26b75ccce98c0bb3d

SHA512
07c13b04a65da658b09ac5bceca768789440d19dd44b9def91fdc884385e3c2545e02f74c866a3635a8ec3c5effd3e1e1c57205e97ece307998be5c6a87276ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
250d5139d3b392c471306c39723e01ba

SHA1
a52aa61585bb81feed88783f78a45a60ae056279

SHA256
6b0ebe67f768c6a7debb90f7aa00c18feec622f7673b6a13f25ace6277b2b528

SHA512
0feac82b9914d461d9fa6896c647350fd265536f1782215801aab60ea152d47857a918384bf32938685f5fd2fa4e3bab7da3b0f205bd8baaad3eb5a4cd90dc9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e66823a259d92349ebf27b2cef5dceb9

SHA1
bbe585cb9d510dd68867a92b25357c56a8d2f54a

SHA256
ef6a5487c89c55c09fed554eba3f7927b70ec655fb278cd197c827416eddafe7

SHA512
c16ad0e301124f01ba610c1058edb77415e6cab6d8fa6e6251a9172bf44e8320da614c95ac43cb869c7d9a764dbceaacc9eae1824cdec51b9336e954157a5307

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8343ebe7ef7ce5accac7d6d69a3e8725

SHA1
db7d661a1f06848737af4d5e4fda4113d26f4b09

SHA256
df0c27897ff0384f7eff6f555afef514a3df10cd645f9d9d39036cf9da53fc37

SHA512
bb0ffccf12f984bf1d4490740a42aac3512cce2749fa10fa9c43b747d051bae9c63e08971732ec42165b56cd72d26fdf048eea978703a887cdc976e583aae22b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\152d8ad2-1eec-4dae-8330-9247b8d739d6\index-dir\the-real-index

Filesize
2KB

MD5
8153ec102e8fb638a6d2cca67961add8

SHA1
2a80b30802b53a7c4eab91c90b8fe89924660785

SHA256
0764664e1dd0b24a8b524adc5f88d8b40f6f70cf2b49b57a28b92231e42ec137

SHA512
bc49e9fb97fdb608f8bef39458deb3c325ef2d2fe6147bae53d5f132bfbb4aff0fcd88b2116cff8be0c10d3bb72084f89abd32105ac03557c1fa3acb8b2c1270

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\152d8ad2-1eec-4dae-8330-9247b8d739d6\index-dir\the-real-index~RFe58970b.TMP

Filesize
48B

MD5
71cb2281a1c9cd2ce988d79b77a3d21a

SHA1
d0562544d6e8afc349b1d86e6e270a8464ba5983

SHA256
403a4d27b010611118a3cf2a00701ee7c08058f288ffe9da93581547a20c3123

SHA512
1a9b7240b2eee67909db101724640fd8b40e853d004f24fe1c26935b6591efd743702d1bf93e9eac83f59fb3ad44caa0ea3a0eda120aa6c94600c66d736a7263

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\57d79bdf-e7d4-468c-8fbf-8dee8f2c5c30\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\57d79bdf-e7d4-468c-8fbf-8dee8f2c5c30\index-dir\the-real-index

Filesize
624B

MD5
657486b0d307581e5da8b5fc14d6b6eb

SHA1
c22401fef6b943c69c697140df15ad92848f9699

SHA256
643b8810e209e334514394a6aa83a554e1d0e0671c0224f4cfe67a1db97cf23e

SHA512
913a76d93e5c5be11b3d4b461b5235dad8615dc3b5e9d7de9d27ce24b42028659cfa7d7bd1875e14106094a4eb5cb5bdb68305bd7de7df14d9f1aa9dbebfc918

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\57d79bdf-e7d4-468c-8fbf-8dee8f2c5c30\index-dir\the-real-index~RFe58a0ee.TMP

Filesize
48B

MD5
03c97e19035e6cade418291f87ba3d47

SHA1
da8cf5b69ca70d34c9da74ef143c13d3055bcda4

SHA256
6a9a569aa738b9d88c8b51ad5b03f386e103e663a4aa36356557b00aa8fcc98e

SHA512
24743bcbfb91b42fbc757a729b27faeeaa254b19daeccef9f496c1302ac347564183dba47f4b15ebe67167c5f3113f5c6d325b0a25df8d9e10966f8426b0f2ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
9a6854ea6c178f0384143dee101fc4d4

SHA1
2c11b96c15a162c9cd86fec6a57b7c0c92306d84

SHA256
14295537f01dbac5796e348a3ceee6c2fb2468337cd2a7374985a36cc6e735e1

SHA512
c429cdd6ed081617bbc48a63af4142641b4b907c26fab136b26b788fc45ea10d0669a6a385a7b8dcf4aca05a269fde3d2d7f3faa81f54fe085f8b69a5d16e9b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
9d031a755fe5238403d588a17bc1f30e

SHA1
ce996321862b9566b50740d307cf68e0ac2711d7

SHA256
c2f97c6c85638cefc9ebef893bdb41303d505461192168ecba108d6f2cfb381d

SHA512
61e61ab7f808fc3ea9c6708101ee9114823705beb294117ef8a04abf147eedfd7bd68b152bba1f711a570736a7512c03709a49b3ab380c936ae2e02d0fb2974c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
186B

MD5
6ee5f8744cc17ac1cc25dea80b334b4f

SHA1
cf0766d216bf77314e3193dda2797eda08cfdbfb

SHA256
3d0de7fb09c09e2acf7a26ab756c887e47aa865d4e92021a9bebe715fedd9646

SHA512
99b72dd4d3e4d68bd29c59f9ac1d468f75f9d04b0d947cfe70de238f437de0ae4bf13604548313df2e4ec1b1550602a2e896d8473fccff86b23a744c94262945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
dda8e50bdb29225a4bf220ba5e80b8b2

SHA1
1b1c16e9833623ffbef3e317376f76448864d153

SHA256
e9e357e9f18fd8d008ec39bba9d4008fb8437647a14485f7291cbf01de6332dc

SHA512
d70754c67d610c182fe2c88dd7cc9314c19579ac60cc067068cdc3cd5f5a879614ebf266d8509b8f924c5350f6ea9e7edd0addfbe8e8bed451f7a64b9b5e91cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
bbdf11ccef35274658ccba0369bdf84c

SHA1
110bd67997a008ce0e741371893799a5a9102065

SHA256
520c13f6470da98699ac375d7210f8e4b7a4fa53ae849236c190e84f998a3e1c

SHA512
2b736c194054dc04f6f558bbbfbdfc37257578af145bd422ac29bfb308083fa425d1172e5574715cbf61f35449d6f4f04354ca85cc044aa33de0f9afe98d9135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe582a95.TMP

Filesize
119B

MD5
8c21c50ef09f8c0d0b6216492c3e63ea

SHA1
d780a5530e2ecdd059b3becbf0d2a41f60434f24

SHA256
69f802e346539ddbad4e1d21a204c5649b625720831c11b373b6bd3146b5c585

SHA512
a45187956d3bba8d1cf43d39361ff2cf7c4645cb0c38caed65d9a1ab48b41d5079eac71db59d1c963e3b9578bf10c8ecd1690b4d037cfacdc10c6b424241db5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
51dfa8a8efee642b2accb1856ad461ec

SHA1
cac1024011fbc1f6affe3d0a160382101a4fcbbc

SHA256
4cbffff5f002b792551709df21659c19ad02bb35a44e5859eb77c38ae693d67c

SHA512
353dea690540a79fd22adb259529e025b05fc319863ea07bceb9beb02e8122c31e446e2a3fabebc90bb5d81f2a248ee00e08abe0597feda90cef75f1f4c1a2c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5883a2.TMP

Filesize
48B

MD5
2768d982577e55b7abb86d14523be97f

SHA1
cc7afc97cd1ba75a674c42c2a79de34cc89cc767

SHA256
3d899382d291fedc4acfb45c2a3f742b2e5bbad3fca7f3dcebdcdad0a730b8be

SHA512
45f79812dd5db2da92e0ac063c8c9d17cce22fa6c9882f224da15315e084e432d7845fd1bc338715b87cfc4dc6c7513324590ae81227c72107965f414e5aae0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
218KB

MD5
235ad2e5d981401d92cd806a5c57b04d

SHA1
3b7887923bbbaae0e0207e356bbd226d63686dcd

SHA256
d38a9019a2c46623dbf1cb8868cdba60a0b14a905e87a4def6fedfb997398310

SHA512
eb16a13010f1c280d832fdc1a9517f47c87b3f60ac0397987f48dd43478224c0464cd12a42aa3f3fd5eb9023eb7dcdc1e22b0e5fc0d595828991b359b6a9a760

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
218KB

MD5
c26889624b05ce9bed709259c557c2a5

SHA1
713fcb65e8df76c0d41cebfc9114085954bf6d57

SHA256
b1e6a611c0905f9771aebd1f32c6d7f2bcd52633b5fb4187ebb2e90ff88be282

SHA512
97ec7494bc18429d9cb24bbdceb1c7684757b8ce2ae663dae7599ea7d43e981badc1ac29b74e4e60c0abf624da5dbe37eedfd537608f283306d3ca307cc7972d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
95KB

MD5
65b12e2e7a15502fbe54b9635649cc1c

SHA1
afa5d988a106fe104dd320ab5e3e94c88fab1005

SHA256
f14941c151c0dac2b6de64896c79aa76d3a1eaf020d1650475b6b2a34a338d89

SHA512
8fa061ea00be7defebcf028b03c643fb5eb95c4223bb4e54089c39ea584db26ee2b59bfe486a5cb9afc057744fcb7c39986a7628bfc4d71a27efb84c6614f754

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5893b0.TMP

Filesize
93KB

MD5
653f43e9b17db836878e6fa622b52b39

SHA1
14540837247d7f1aa575b0b1afc2b4a3075489a5

SHA256
c896074a5c4f2b712a662634e0f59ab9069457498745d669634b7e0cebdf2b90

SHA512
6e7b1c5e3923e46a896d7dad800bedbc61efe771a1a82da49840e54be1bd08866a0b2c2ad79e65e76bb850e88d54d6d1c01f668abfd465181580b6b460d332d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit