9a49e549788b99a09fe040b0fda93df2eeeb8f7865acd278bb47768afca4669f

Analysis

max time kernel
1799s
max time network
1720s
platform
windows10-1703_x64
resource
win10-20231023-en
resource tags

arch:x64arch:x86image:win10-20231023-enlocale:en-usos:windows10-1703-x64system
submitted
17-11-2023 06:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

unnamed (2).jpg
Size

62KB
MD5

786e68b489925632cb21ee9c8e48fd7c
SHA1

b2bd12fee090c632302c689121b1824c395ad539
SHA256

9a49e549788b99a09fe040b0fda93df2eeeb8f7865acd278bb47768afca4669f
SHA512

ff4a02c0dfeb31c3795c46f683565bc58d4ec75b1955651e5c27991ff0fac04f4ff0deeeaaf1575883bde5e33b735d922f38c6bbce744377aebe04df20bf0209
SSDEEP

1536:YFQRVVzH//HLVDnW5XpWAUZ68kuTplLD7CjZph:j1zH//dW5ZlUZ6OTGB

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133446763434945904"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2220	chrome.exe
2220	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 5108	2784	chrome.exe	74
PID 2784 wrote to memory of 5108	2784	chrome.exe	74
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4176	2784	chrome.exe	76
PID 2784 wrote to memory of 4988	2784	chrome.exe	77
PID 2784 wrote to memory of 4988	2784	chrome.exe	77
PID 2784 wrote to memory of 5112	2784	chrome.exe	78
PID 2784 wrote to memory of 5112	2784	chrome.exe	78
PID 2784 wrote to memory of 5112	2784	chrome.exe	78
PID 2784 wrote to memory of 5112	2784	chrome.exe	78
PID 2784 wrote to memory of 5112	2784	chrome.exe	78
PID 2784 wrote to memory of 5112	2784	chrome.exe	78
PID 2784 wrote to memory of 5112	2784	chrome.exe	78
PID 2784 wrote to memory of 5112	2784	chrome.exe	78
PID 2784 wrote to memory of 5112	2784	chrome.exe	78
PID 2784 wrote to memory of 5112	2784	chrome.exe	78
PID 2784 wrote to memory of 5112	2784	chrome.exe	78
PID 2784 wrote to memory of 5112	2784	chrome.exe	78
PID 2784 wrote to memory of 5112	2784	chrome.exe	78
PID 2784 wrote to memory of 5112	2784	chrome.exe	78
PID 2784 wrote to memory of 5112	2784	chrome.exe	78
PID 2784 wrote to memory of 5112	2784	chrome.exe	78
PID 2784 wrote to memory of 5112	2784	chrome.exe	78
PID 2784 wrote to memory of 5112	2784	chrome.exe	78
PID 2784 wrote to memory of 5112	2784	chrome.exe	78
PID 2784 wrote to memory of 5112	2784	chrome.exe	78
PID 2784 wrote to memory of 5112	2784	chrome.exe	78
PID 2784 wrote to memory of 5112	2784	chrome.exe	78

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\unnamed (2).jpg"
1⤵
PID:3816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xe0,0xe4,0xe8,0xbc,0xec,0x7ffd61149758,0x7ffd61149768,0x7ffd61149778
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1828,i,9739026410207127411,17918458945231358544,131072 /prefetch:2
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1828,i,9739026410207127411,17918458945231358544,131072 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1828,i,9739026410207127411,17918458945231358544,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1828,i,9739026410207127411,17918458945231358544,131072 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1828,i,9739026410207127411,17918458945231358544,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4524 --field-trial-handle=1828,i,9739026410207127411,17918458945231358544,131072 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1828,i,9739026410207127411,17918458945231358544,131072 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4812 --field-trial-handle=1828,i,9739026410207127411,17918458945231358544,131072 /prefetch:8
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1828,i,9739026410207127411,17918458945231358544,131072 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1828,i,9739026410207127411,17918458945231358544,131072 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2348
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0xbc,0x258,0x7ff71e517688,0x7ff71e517698,0x7ff71e5176a8
    3⤵
    PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3884 --field-trial-handle=1828,i,9739026410207127411,17918458945231358544,131072 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4848 --field-trial-handle=1828,i,9739026410207127411,17918458945231358544,131072 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1828,i,9739026410207127411,17918458945231358544,131072 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5000 --field-trial-handle=1828,i,9739026410207127411,17918458945231358544,131072 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3124 --field-trial-handle=1828,i,9739026410207127411,17918458945231358544,131072 /prefetch:8
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5228 --field-trial-handle=1828,i,9739026410207127411,17918458945231358544,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2220

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2568

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x350
1⤵
PID:192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
27KB

MD5
e602fda52746996daf660aca56ce0924

SHA1
a24455a5cff44aee8435efba6b2cf14d1726f843

SHA256
1a6c02433739cd140a55cdd1c17df8d8e780eadaed24d27dcfe143fbcf28500f

SHA512
c82e46f054f3393a30ccc8569235f029eb004bc765556a3dd5392529f7dd2dcd37cf16c70cc8df23e7952b2535d77424a0358208550bce8876ca04dc89d93df3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
391KB

MD5
648c3d64100097b7eeb320f018139b5a

SHA1
9b9d5c75bf93b1a50fab09a5be7d7453a5ca79bd

SHA256
3256b09569494ce49ff2a2a2576c6c834dd841898f28a4c2a5a47a58cc155570

SHA512
33b615b4139df4f10de5049650a48ae8889b229dfb8725bff43318e718127c156f7c995e6041f3e76be7238defc8c7ee461b30248bee420641089c34b69f104b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
2c78fac0f4b0f41b8edaca8fed22b7b3

SHA1
76b18a1a70f40acd1ef089a38bb3b9235624448f

SHA256
134b445408d196a8764ae7fe45b409284b2c28bb9e5427737fa091131e109132

SHA512
4007e5ca0337f62573ac7c0b6b98ef7797da681f844f6067236a9aa9f5aecfaa87ffb3cc2561b8c6a9e8bec74c53be55d64f9f410b4fd4cc12b2160cc565504a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7a2f6062d9a378b4b840e99202bba6a8

SHA1
dbacf2d2997812a5f1cfac4efa8c3ff8c6e34f8b

SHA256
ba15c5abeff8349e02f807b3bbdea034217dcc929295da9dfd441b6c5c048961

SHA512
fec90be2acf5b5266f05efeee7c3f27f45fe5b19e5965068f00f5073777122eabb098877eca1df409a83be79a75e787b240cc2bf99db3616fdef527da3dede47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
80238af70b0a2a554acb1959a6348291

SHA1
6c8af39329de6aa6c2bfa348ced928211350fd8b

SHA256
65392de4a4f835e713d48033a75fea7af26b4e459176cb98649a0c380e077252

SHA512
01714816a92840f4d83536ce492dbe53883c95351be20bb9bcb185ac276645f923df757dcaa2dfb795fcf5740e64b9b3feecd313c70a045e36407e1f2fce6c08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6df423e7f551234460d5b328bb727675

SHA1
33fbdc59e058f8b682d3783d20ec21e159144397

SHA256
3963034fd26e49c580ff3a79ca61de66abbb0c96312c3a4fd0b6979573a63190

SHA512
142cfef941d3ef21304fb5526e5026c94d20e64c61cec6a31fdd294751860297d8009e60151006d506fcd3e627ab92a9dd98172844aaf3a9b227c28c27bde087

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
b3f3046fe16a5eaeef8ce8de1edf37d9

SHA1
f4261e068eccceecef39e83713e92945357736af

SHA256
ca6082f1ca7be7438769cf691795bb7c55037357f2e796eb5901fae3ecdac152

SHA512
82f76c4b9cf3e28cfb56a5968a01e5f077c2206e65d7b99b7ca2a9c62ccd9231e44510897a94afb03b8ebf4361ea5a1220c33667bb65ad733a31b330bb7d2db0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
66118a3c2ca8ef9f49726f30412f0597

SHA1
1a585ee5552b6b7483571990cf476bc7d4e5b452

SHA256
abfde40e04c8ae83ec2e757a577139beff88775351215979f8c5fa9ff52785c8

SHA512
f6cb4b0a906a2278d015c5b151c4dd8b66ee0783913473f3ba89b3e6ba83368adf16086b6a7857155ae34443e292b63840acd95f2472fb56cfc0cdfb753d6771

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0a413ef7c614fdc8006e36d18e612ff5

SHA1
cf75a9108e26281d85704b16a00167e2c144ec43

SHA256
2c8cb694e1b135d5f7f6c3a3a542cdaeeee1ffff33c7ebb799bd210688363e4d

SHA512
e5ce46f87be9765856e7f0cbf3eec6c4038e8c609088bd32deacdebfa03b99f4305833b0c852afe59525edce8ca37f0f439a3b8f83873e171df4a98d38a7f605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d5e9fe43df0ffc8236e3e4c2c9fc067f

SHA1
448c20717826c512eb93dd7d2f35da005c6ff38f

SHA256
dc43a70d8b5f0cc32aaf543538402665671ff7dc904490802867e64d22c90ade

SHA512
1d9b8f306797adc595dd48e396db50d69e01db9e6002ba347fe1aa7473f4e5b58789566c188247e74a88d92a96652e8009521590103ddac2fd4e8fa239ec4d17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
eb9505ff4a6c1a1261e0c1d0f3fe8525

SHA1
99d6943fd0758470930be7a43a47358b814125c3

SHA256
93c15d47246f227f2f6a6b7ec86ad0b8e553d4c4e85eaa1242b771a188744746

SHA512
7f2a482826aa7cf46fadda595e01d2d1cf00d78c9145ca32b423bafc4f5241770da89de9060ad37aeaf4d6130e99e10a9af6eb380b11333ffc270a5d504ad1b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f25c414c0d18ea0e5527fb30e50a4665

SHA1
aa373a37beddaf093cad90f5f0c019e5cff0eccd

SHA256
c9dad5563fc07b8d8d70e0e247d2169ffb9e2fd4c7168f9778cad3fb3487280b

SHA512
dedc52e267853784534496ae7f6e63374ba579884d6f607de04c81e30711d3fabffda234736f738e417013d232f298ea21064f8db6b74056d2350334456d3295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
34239ebe5865e37930167215baac908a

SHA1
12a72ae67577282713d3165853caea98dd679f83

SHA256
9e56832491b2b980df7ccc9f9a03369e6348e30509684f135413c41d8dd38b46

SHA512
e1a1d2a9709306c2ea992b25dc764d7fb15081c01f1e08d25068ddce7fde03fbde8529f881d3c8abb683672edfd797d8064419dd2317727e4f5baccd3e848e3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
8d5929d8ce980735634fc4fceb381e26

SHA1
c6e293a888dbab1bba26c3d21fc206a133ab18d4

SHA256
1ce59f546d720ad4b9f3c4881e5e487910969455ba93137f86d84da816895afc

SHA512
9a3a7dea790b25e7f935d93fd712e61f1359acabc13336806f027a068dc4d31351160246e9da46266cea222a5f4456b641653cbda004e5db3672b080fc0a1806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
97aa033e32abcc1a5b2519fbf388ab16

SHA1
202f6015a68e310de12e57e1b78d33cfd0f591fe

SHA256
0a73049ce412d64ef104ec7b7630abb52b211664b4c8ecfac2f63385ef9f6e6d

SHA512
b35f973f9db70489082a3bcd69fc2c95f09737bcfb8c2961174c6032ee0b48cb8d1974c6304eb8a3fcc9007683473f6bd4ef136416bb435ed371fb7380ef242f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe628557.TMP

Filesize
93KB

MD5
4ea4aad1c27589105df6cf71a03faa0a

SHA1
9a62455ada97dbc102999a67ee4d4866f40228e8

SHA256
0d177b0fb3672ff467eb6a07af2582372fbd2cb5fa206325b5e6490ed5771a34

SHA512
b14d99c88c831bdf0808decc8cc2c5be28e199beb788f6ba75005db9b5d7175e458e4c8de3bb782d0a4c66ae657034ece8143ccabc4421a4b839cc3aa297878f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fcd1cdce-a26b-4bea-8261-10e7119f66a3.tmp

Filesize
97KB

MD5
58fa5a0726962dbb52e9280e0b4ee18e

SHA1
9fd3550632a44bd53331b4d5e078d9f6ee7094e5

SHA256
01ba871305eff10a4ecc4f435b0fe5768abdd3d5267f9a33ee439e089b9c3eb9

SHA512
be8de3dc6edcae4d208466b9074ecd71668d3dadedaccc6ad2168185c3415d111cd41a6fa8e889a2586f5a7ee67496c3cf779e934ebdcdb6500aad8b6a98f2a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit