hxxps://auxingame[.]com/

Analysis

max time kernel
471s
max time network
473s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://auxingame.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133553471106280461"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3424	chrome.exe
3424	chrome.exe
3660	chrome.exe
3660	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3424 wrote to memory of 4952	3424	chrome.exe	87
PID 3424 wrote to memory of 4952	3424	chrome.exe	87
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2964	3424	chrome.exe	90
PID 3424 wrote to memory of 2460	3424	chrome.exe	91
PID 3424 wrote to memory of 2460	3424	chrome.exe	91
PID 3424 wrote to memory of 3468	3424	chrome.exe	92
PID 3424 wrote to memory of 3468	3424	chrome.exe	92
PID 3424 wrote to memory of 3468	3424	chrome.exe	92
PID 3424 wrote to memory of 3468	3424	chrome.exe	92
PID 3424 wrote to memory of 3468	3424	chrome.exe	92
PID 3424 wrote to memory of 3468	3424	chrome.exe	92
PID 3424 wrote to memory of 3468	3424	chrome.exe	92
PID 3424 wrote to memory of 3468	3424	chrome.exe	92
PID 3424 wrote to memory of 3468	3424	chrome.exe	92
PID 3424 wrote to memory of 3468	3424	chrome.exe	92
PID 3424 wrote to memory of 3468	3424	chrome.exe	92
PID 3424 wrote to memory of 3468	3424	chrome.exe	92
PID 3424 wrote to memory of 3468	3424	chrome.exe	92
PID 3424 wrote to memory of 3468	3424	chrome.exe	92
PID 3424 wrote to memory of 3468	3424	chrome.exe	92
PID 3424 wrote to memory of 3468	3424	chrome.exe	92
PID 3424 wrote to memory of 3468	3424	chrome.exe	92
PID 3424 wrote to memory of 3468	3424	chrome.exe	92
PID 3424 wrote to memory of 3468	3424	chrome.exe	92
PID 3424 wrote to memory of 3468	3424	chrome.exe	92
PID 3424 wrote to memory of 3468	3424	chrome.exe	92
PID 3424 wrote to memory of 3468	3424	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://auxingame.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5a8a9758,0x7ffe5a8a9768,0x7ffe5a8a9778
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1924,i,135120479576661592,8226834075436233949,131072 /prefetch:2
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1924,i,135120479576661592,8226834075436233949,131072 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1924,i,135120479576661592,8226834075436233949,131072 /prefetch:8
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1924,i,135120479576661592,8226834075436233949,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1924,i,135120479576661592,8226834075436233949,131072 /prefetch:1
  2⤵
  PID:728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1924,i,135120479576661592,8226834075436233949,131072 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1924,i,135120479576661592,8226834075436233949,131072 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5108 --field-trial-handle=1924,i,135120479576661592,8226834075436233949,131072 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4832 --field-trial-handle=1924,i,135120479576661592,8226834075436233949,131072 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5476 --field-trial-handle=1924,i,135120479576661592,8226834075436233949,131072 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5668 --field-trial-handle=1924,i,135120479576661592,8226834075436233949,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4804 --field-trial-handle=1924,i,135120479576661592,8226834075436233949,131072 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 --field-trial-handle=1924,i,135120479576661592,8226834075436233949,131072 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4480 --field-trial-handle=1924,i,135120479576661592,8226834075436233949,131072 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5416 --field-trial-handle=1924,i,135120479576661592,8226834075436233949,131072 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 --field-trial-handle=1924,i,135120479576661592,8226834075436233949,131072 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5212 --field-trial-handle=1924,i,135120479576661592,8226834075436233949,131072 /prefetch:1
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1924,i,135120479576661592,8226834075436233949,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5260 --field-trial-handle=1924,i,135120479576661592,8226834075436233949,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=748 --field-trial-handle=1924,i,135120479576661592,8226834075436233949,131072 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1924,i,135120479576661592,8226834075436233949,131072 /prefetch:8
  2⤵
  PID:3712

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3660

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
196KB

MD5
813c1b41e435242e7365a4bcd7adcf23

SHA1
2d25e1564eaf93455640413b95646b3f88f9075b

SHA256
70cb2151ee4ef83195855d29819491a23c5eafee2e72b7ffd9041b35363d1542

SHA512
268c4fa1797700a205e37e716c1472592ad6242344645c703ab1ab8d4d68452c3ccce7cdc4d56a0b42d4061bdc793f1c79dffc397f038133387b94b2a1f4051e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
01ef02614cc34c41c40592dbdf9bffc5

SHA1
43e8c49582d3d5c766ba5b488590585523c83627

SHA256
86fae76907f5d4949b8c749aa7bc2b633f9be43b5e8da0b2b5c57f37f6e00513

SHA512
54c0039fefff27732024b92384550d30d9406e46622368cc2b29ba9bb7d306aa898266723d3cb807051630ebddea5c6a1c91036acc83402d406ac292540d2596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
368173f64dcb71ba990233846bbe51d7

SHA1
d2ce0b9f83768c8eb7e574bd602d19766e8f752c

SHA256
4b0221b59e54212830eff6a9c1a9a78db8fbbdee278ab52d0e4f5246aa85d033

SHA512
f739002e0327751c50b4ba9c41b9649b1bd8f7c722352ac6d93d2c00460a63ceb73145a93cc7460715142c58c7f37731f774f861f7a5b0c2e642314005599a89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
e7a921b1d8665197cce9c60c3660eeab

SHA1
56114e7799092b3af5dbd56f3eaef6686ed0798d

SHA256
b5d2b7fbb25e06bf0a1991eb0a0553ae0932f60c70170dc3cb6da91c9e9af081

SHA512
3d2fea8096a09ad6431c76d13e0a03318796bfe84681134de8682c2a9161a033b6175f09dc8bf2db623a31c959557156da5c7ffdf64c4e356ab248ba99dc3695

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a3a0d5ad1f902a125704ef1da0043feb

SHA1
0fbf10a5647ce962c2314d39343506a9cb8c14ef

SHA256
3f0a946256f5cfa6efa1263ddf82807e5a48708c0372d0fe29560fcaa7186bf0

SHA512
19f333407c27fdeae75344c9e3af051612680b3ace24bf71ea72e11605e867e3f933ea57252d89d11e35883ccd6233923fb245e4a6c7a1eebac266ee82938b18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
952167c5c5d18bfc9b2a5a8de2ad582b

SHA1
637b468d0cab3ac8dbddba2a716b41575856f069

SHA256
256a974a10dafa917fb64d110d7393615151e654fb598f44478f42bf509a9a7c

SHA512
550d061adbc917ffd85fc4fd7c1918fe34e0083283ce0f3ffc25217617ab6a636e12ae8431e243ee24bf6df9992cb20416d3d920aec45a1da6b544507c8c49fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b845e25a3840c06b5d26ceb89403cec0

SHA1
4c91478c9ac34f6d328de32679b563ff02ac9a3b

SHA256
89cb69023f971088ba1fdee190907bef2ed5b734e638aeecb8fb01a8ff448f3d

SHA512
d260a968794915be4445d76cba9b74b59b6b48dd108895b1cc7710bb2afba750256637256f0b248249aca42f20dc7bf76c5909c51d98f18dfe9226a0b4585a15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c4ddd72a575eb7011c0f05fec6cd0a56

SHA1
452c1979490e9d24792d6cd41522b5fc5f17fc9c

SHA256
a745f6de455fc2110fd6851b8a5b04e10034f0606d4ac720410ff9f4c76e904d

SHA512
c5033254c4a470e4525b1f4da0e225f3d42550c4af7568392ac30f1b1ef008d2d5242bb77df35bed564647979e9d37f7dab95257c59329bb80dfb9a4ee7b1f91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9dcbc9645c6653c765425528e3d84d97

SHA1
ad44da10faf1615ff12dfb33f1d67b5410f35e14

SHA256
9115390bbd7aafefedfbea8d08b8217da54bffc68230778eca758d10f72bd1ba

SHA512
426aaf7d732890085cfd8bd3c4df2ef261ba29df28523ae1c6ab1904ca7eab8d237e47b573bfac1f421aced1396b57034444817f1aa2a9269f06442418526686

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ab7de5458bbd6cc58b5c8f4420ca1dbc

SHA1
f2e40446b1dc392a9f3371d0e574c459593b188d

SHA256
a3bd50218971413a18eee3e46ab4d46bc99204faa669ff90913db7b927ba6aa4

SHA512
bc8437ce01e05150e2530d0e4a76284bb609b8d87988a97a3107fe1a0e6d46393b4c649e3aae3bbb38a34a06d2c781cd668158ae33259a3431ef0840558630dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
161bd431a8c2d4db0cf70e25220b453f

SHA1
86abf6d7694ae0d6b72cdd636f73bed655c75b23

SHA256
40d1720d9e7b249d1f7a6da9714455cf0ef1efe64c413da698a33d9211e73528

SHA512
4274c9094059fac85106d024adf217805f779649489a191c2e4abf10a30dff688acd1d780e3a07581483b423afe933ddb74814d97d9ec7f60e7593bb48ae55ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0aaf52ac5d10bad68734d8121485db9f

SHA1
4e48c9684bca41b020c80f4bc542dee6ac83a93e

SHA256
6a097d375f1cffb569e55aba98a81ee502f5ee65bd333e55a4ba0a0c6bf0a3d4

SHA512
1d3efa394c4c03e5e978a2a9932360b9602c5597e1ae201640d93d76d319b1afff2088cd99764b7d95b0f7701b4dfb81e5a5e99e15eef637c272e14a8b634cb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
d24bf797a3db619dea108fba8d927185

SHA1
316921e20355c10b60f961fa5caf41e6e5b30b4a

SHA256
f7e1296c20e4926a234cdc3b315fc9b2d1596acee539965a4ef752ab9fd978d7

SHA512
b63875fce720499193b1a308f84a07edf68c399d884b3a2dea81c27788217ee81d6b4e262171caf4a9e7026ce8ff69632d2fdb9523205450e5303a0c40c3f0da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8ed41f88133a870561bfc5b3259eff43

SHA1
c7dab7c5705592c0555f8559c3d75bfbaa25c41e

SHA256
bda30724c9d8b229c92365943bbf1e05086aded8729f1ce70caae45ca1fcccbd

SHA512
386c8831969a355678fc7e9bbcc8bb3a3d833d3865248cef95b1ce79f739b2393aa4bcd3ba5bb972f72cd7e2b150b20fd70b1358a8c9c5645a354f7f7f743c39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c2bf071a07d2069a6129b1f24c04651a

SHA1
d6a9bfd905b679a86cbee8f41f4b59e2e4111fbb

SHA256
bab4b927d821f4c97d7ef0bfc473db18a6e62278972b91d74b77b974c4b2c0de

SHA512
17bdb52ee6138cd683034f949dd590946b29aaa63bf20c749ee0490eb867aee27642be5f4bcfa9af2033803585438528c6b9bc6414e7586e1112d7635602479b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ac50ab6e6870fc7e489b94c5a57b7a38

SHA1
482b36565c2279e32d7932734f5af20e259bf308

SHA256
a38d5483ca675af8d4331dcf07f3c9c00f31245fe62ee6e9f17ae2c714331a3d

SHA512
b8af63af7c45064ef43d1b3356c052b45d75ac7b42f0fac82bf68763ad34ac681f44be8d9b3107df4e0e12aef86285c925f875c12fcc6b630d91dfdfc64c0b00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e1993655fe3ba8502762457dbab9fb9d

SHA1
be7f5dcd43fbbd8c7f0d7d9ec4e45e03d4bc5019

SHA256
26b8c6c9612c04b1e4fa6724f5cffa307f67acb33c7f8ffd7b3dc9c7a881a223

SHA512
71bb1886362faa2aee690780e8df55e9ec8f80e838e088d156ab2961c7219c68c3ecf39456bba274bc7761de6c3119320f4a603d87d7bab26c9cce13a51f8f13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2e38a96214ca1a90748fd03c050511ce

SHA1
79009c5f40f5f426083f3fe1fdb9b52a9e161833

SHA256
a1409ba93445eb331412479eeaddf7608ba19731eb44293c506c25695a178689

SHA512
682b5d20b03ddd04962ed99e17bfed8201566ca3f3de50e3556a92e8bb23633be35501b7ada67588b19a8a92a7c65046cc9b89e3fe25c19fa4a67da452dc5e87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
156640d4520833f78b90f71dcbcc1391

SHA1
2461fd9d1b84b04d8cf80bb90c115cae8d90a551

SHA256
d535ed4b340711115006cef509e7da44b63e4a017e626ece28a99bc954d534e4

SHA512
aa781c5bd03d0c616766ac8b65eb2194df756ddc8dc12b2d7a211bbf39542baf8625df8cff4d6c88fdde5ff2a20ecfeed6c49e74c2ffa035b73a718d28d42364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
da70f1779fc5e5ef01409fee277463ab

SHA1
b95cbbb2499e844f901e760deda084e2c5f54fc9

SHA256
4ce019b1f3ccb78f29fd7421b5348e7b4ff0cbac5e38514ec321bb10b1f64af6

SHA512
97cab2bb13557d1b495aa674389487fba0b92189987c301576aa97c96cbce9f7076000f3c203140352efe1ef354d9352bcda734a9a00bea444570a55ac0e4f91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
cb4d3aca4918315d1f1361518419c10a

SHA1
a4210a02beb7562dfa1f394f3bfed134fa9a24cf

SHA256
ec91fadc2f0f879cd50023d4fb4150df11370321d74e61e4c7a0b6519d3cee35

SHA512
f65b6f8e00a471cfdb748b66e5b485d9d10db16ee3f91edae5b49688f38d028ae75184afcb8c4a96a3ed8f93ab1a1b137b2751808a35f68263b02b3c0fb48424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
450ada28d0a09ce0db5252d0598ee16e

SHA1
33e60310993aea1e3a7269eb9ac90696838a9496

SHA256
67990383e6c054f11c4d5369355c8b5b690925f52afb075cefc27a93c667c952

SHA512
bb04587125d8fc6387250fa1223e76022bb0d120b508c23ea7f68fd9757a6249550e278eea431caaf4ca747a5d8977db84fa1d8490d2465d00d0fb9ad2761c95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
efcfba12f7ffd152c66e7a67ef799888

SHA1
603bd670289e87e0184a8a2419e743b2d5659da4

SHA256
6eb438016e452971cb14bdb78afd2c62faa69d51812d1b89858340c7f4fa22ce

SHA512
4c9fba6755396eeb116b8cb15ecc6e864d0915d2cc10976c37a759f8ddffc4f3dbb631370bec7588eeae37ffbb2b1248d9490e44cd456390f9548e5e7d3e8c2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
e8599bc8c8c729a03d8523dcdbf50aef

SHA1
0465bec96596dc4d05db6d2043787063049ffa74

SHA256
ec1766e7b6d80bd8faa20ad6e9dead583fe46448c1b96235b0925e0c4670a528

SHA512
235c12ec294c18439854a87d46c3d579cdbbae50dd962ca2da7c19f9a03b738c50272fd7040cd8c07b30ea16cf6d44b03fd5fffaff6bb85453419a33b9285288

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
f85b918337aa9b07b657b2665e831f0a

SHA1
ac8292f2dd06134cb95264c1056063f0a17f8567

SHA256
b99cc42151e5550aa493acc5733773ba81c13fee0dd731ca5ba34196f4a1682c

SHA512
f8857b2bccaf8bb517fa70b70c35d5ecf814830ab7fb2650aca523b7e6676105e6b83bca6f3317de0d22d7706b74025e5008268a4793ca30c7ee0dda7eb31a0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
aab30f9479a17e238817acbba6a3b40c

SHA1
e95abd31883ffa57b788dd248f064dd3cdcaf91e

SHA256
dc622a26c4e9a3a3142e22c0c68d32495fe7568a8d2c7c1c0979ac8e6387d0af

SHA512
bb009dee4e435b3c1ae88a1de4464a3651c51ccd193cd3fe7815deea19b83cfb9d792143236311046936b8c8efa70bd17df40ea65dd234e7814565c9e66301d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5903cf.TMP

Filesize
101KB

MD5
867147d61b8ce380d36e73f5ae9fea36

SHA1
7718f01906836cb2088884a8cb60d25419517ccf

SHA256
c716a26d60a27a0f2078dd76e7c94035a177368878da79e6ae680b8233988ad6

SHA512
a0c97aaea3f108057963848194f5473f21d635be1db352969b378f9d72c536078ea877015c283a2f49c4484c7f1962237a1af8036deaeb22c1dbbc661431b54f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit