hxxps://www[.]google[.]com/url?sa=t&source=web&rct=j&opi=89978449&url=hxxps://kimcartoon[.]li/&ved=2ahUKEwiZxNKemJeGAxWgg_0HHbkCA2gQFnoECAcQAQ&usg=AOvVaw3SkHgAjB3ylGggNrL4lMUM

Analysis

max time kernel
303s
max time network
304s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
18-05-2024 12:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://kimcartoon.li/&ved=2ahUKEwiZxNKemJeGAxWgg_0HHbkCA2gQFnoECAcQAQ&usg=AOvVaw3SkHgAjB3ylGggNrL4lMUM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133605085882807400"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2428 chrome.exe
2428 chrome.exe
5600 chrome.exe
5600 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

chrome.exe

pid	process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2428 wrote to memory of 2868	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 2868	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 3904	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 2388	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 2388	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe
PID 2428 wrote to memory of 636	2428	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://kimcartoon.li/&ved=2ahUKEwiZxNKemJeGAxWgg_0HHbkCA2gQFnoECAcQAQ&usg=AOvVaw3SkHgAjB3ylGggNrL4lMUM
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd330ab58,0x7ffcd330ab68,0x7ffcd330ab78
2⤵
PID:2868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:2
2⤵
PID:3904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:8
2⤵
PID:2388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:8
2⤵
PID:636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
2⤵
PID:772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
2⤵
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3580 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
2⤵
PID:1192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4144 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
2⤵
PID:3284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4512 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
2⤵
PID:1044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4616 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
2⤵
PID:4084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:8
2⤵
PID:5400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:8
2⤵
PID:5468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5232 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
2⤵
PID:5484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1872 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
2⤵
PID:5948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4652 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4876 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
2⤵
PID:5216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4828 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:8
2⤵
PID:2416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5384 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
2⤵
PID:2780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5524 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
2⤵
PID:5328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5700 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
2⤵
PID:5700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:8
2⤵
PID:5432

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4240,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4180 /prefetch:8
1⤵
PID:5292

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d0 0x2ec
1⤵
PID:4920

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037
Filesize
68KB

MD5
ddca41bec0f25bddfde656b4febd557a

SHA1
4240c4472d4a6d41341e7e4c1f5179e1fbb9cd53

SHA256
3bc8c9d657c95e6f08ac3fac675f8c4442e1f44af235969ec651faace41827c2

SHA512
565af66d0fb7c701e40b4538ddb3aa020bdeb0c0dc9f0857656082a212b59724c7ad15e9f122c8de387d549489bf97795855c09bb1deac8f9970ba6e1c014460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
d2e267c3c39f39c1e71e22716865001e

SHA1
36daa13a558a49ab740bff33a92f41e1bff9053a

SHA256
bdf996d36bed80c5d3c89c4b10219ae6e92e077fd508439f51a397dda97ef80d

SHA512
183bb10aea1c51f828999cdaddcf37e3624f803ec1f4e9905e1d7639521a1a73d87df75a7033f94dbf1edf3a758996af5ee7c2c3301d39a818a713e7f42722b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
840B

MD5
e0ddf1b7b715316259f8153741d3cab5

SHA1
37b698e5cbb16f14bdda305fc8a2ee512ac1636b

SHA256
b9f622a13de2666d1e5348f608fc0762506192665da6293cfbb1b9d2c118d88d

SHA512
9fbaba9462a03589ea9ce9a13ba51a6aa0cded9fdecbb11f54742958013c1d7b85034442d4d8cb89e9139a17f3d89118d45c729510f36211f434638fd433f9d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
504B

MD5
0e30d064b9d2e5e7b43e1ee5be3d155a

SHA1
7e90c35434b38f14c4560649b778825d66c089e0

SHA256
b1cf817a213be42502f5902878993dafa0767b55592d86ffe9d97515407920bf

SHA512
2fe1c61249bf9b91eb8d219df4964a38e31c87af649f74c909005f1079b806a6cfa27618948c915c7b87401906f65149455dcb0835233ab1bbb3507b1d8d6e2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
b084aa75b48c9751b06523f1a16bc702

SHA1
0746d17a4d02b770614e9ddb8c645bcd6980466c

SHA256
9d9dd56f1bb925610166210882d74a13fcdbd921f6c9ddf22cf3556953f44506

SHA512
c2fec6e6a3befbf4df61031034afa0040644b3081a6700002aeadfb36c9ebf70df39893d42cfff3a2a78831fc90ca7a8f28b30a089e898b0f27de7ba1fd4c9d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
f533c07086400ac133105b4f70b1e149

SHA1
ce8aa64fb4861d890dfae4a439535cf71461cef7

SHA256
61dfcd66038e600b32b8aee0521ee974f3bcdcb9eaf279aeee55bae0f8292dfa

SHA512
dcb3ff628cc596f628080d0ddeab4780ebe24d8d78331a4b5fbd7c6a3932f72f70689e94bf4a3f4eb42289621a74e89c7a65a0e8867db2999f92429f6dc17e84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
b83dcd46e96ec63c726222b1329ec010

SHA1
4def288818b8f92a480fc9188508ad7f37e5d648

SHA256
cd645556d463409b0ae00e0951c3fd65cfb7d73d68f545dc67a1c34b923f50a2

SHA512
a37103e806da1704b792135cf10b18ff8bdcc59438400a59920c3952ff83c2e92761e912947ccd30cffd21c6d8601cf41a78e9269b8fb22f32bcfb42ec63ab35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
0f8a995ce101ea18eaa5c2a9686463db

SHA1
4618e9a4b4251e48375190a149b3ad00bbb173f5

SHA256
d1556a360b96fb67fa3e79cc4e183302e55b734e10f9e33b759010b02ad68b70

SHA512
2ed8ae716d4fd904a5203fc55503c680f00abdc069eb31c339b9191c74a741653cacf70c0dc2fbc3b42702683611fbab3fefca52ecfdb42f77f3c9efaf9a7f9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
a180955cb0545e843925be9e2d0f1327

SHA1
897d07c6fb9e7dd62170b36e6e129000801950b1

SHA256
1f8c387541dd3ca5d7f5c03fa017d56a5bb75af3ae8b26e97a2038244dab4cd3

SHA512
76773e3d3c4f0d29ad056160f71cd3888c31db0e4eba6798c95bcb216899c694b4ab58d3adbcbf9513410c0468f8be34cf4d245f0fcd7bd9da8cb4b0bf2c87de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
da372b3636591f8fd56f19273dc97a93

SHA1
e107b2aa9d2795ba6a1458550b85af747d375c48

SHA256
82712afe87a73d262755fe9102221a040320264e3fef6653da95268c27cfd180

SHA512
1542a92c9c3d6b5f0678bd4be238c1637686732a31b13297a9b8e62dc3bedaa1209d5ad48b40f3c3994c4bc81ed0715e34154405201c78bf64dcfdd9b1e86470

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
8a7bc7abc927d6ddae2487b04848ad17

SHA1
595caba9bd532c28f3d0bda0ebae4a7711cec53b

SHA256
7a217bd733a608b0b94057fc50852e35948784a325da5224c3886f076da67d46

SHA512
a4489006431896d6d427e1c15313ec39d3953b73a3698dd385c57e97fe789e9fc831e037f81be83739bbfd1c93b8ee4649c92c91721f268a224551c9a38ffc0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
27b30b9dbe88256bc3c86b15e583a150

SHA1
96ed5978d7cc632ee848bfd648d69b1abd797303

SHA256
51cbe2ec24c06202959827b0aeaed877d4b17fc687951441ea3b34c18ecfea55

SHA512
260ed15a3c847967c6901f7657cd7ffddb6377620a5c15cf438c5d5cd138f0bb3363c760674c94bf8746df7e880c05aa916002affe740c035a6711732ba9d4ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a31de91224da104f99da0a49baf65965

SHA1
b89e5bd6f838b67b5f1bd290bb127878fc10b0f6

SHA256
950d70e69f9b84ccaf41b9b34fbf954bd04deedf3b685d524485ade933e83f1a

SHA512
f45c44d21fc3a58d3a70439608bc2ba29e6a3513d443141c966a2185532d15394692c1a81a88fd8b72a0b26a500092750c32abd5605974c248fa2e352b991933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b26f95b43a77218db5af1bf11117e785c25f382b\d916eb32-ca75-4836-bb25-67611e421a11\index-dir\the-real-index
Filesize
4KB

MD5
0af8417e3102a904b9cc8268ce817f8a

SHA1
317bb7331588dfba6f782966d365a566a10857c5

SHA256
32430cbad5af3645943339108f89afb865d5b71c8148945be2d1a7ada9a403c5

SHA512
bfbbd787ad35763526f527f554eac38558940e628fa6f3dc799c15c6d64beba9e9914ca4226fe7f0a5b5696a49d210b091eceffde89f7b20c4a48accd1a2487a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b26f95b43a77218db5af1bf11117e785c25f382b\d916eb32-ca75-4836-bb25-67611e421a11\index-dir\the-real-index~RFe5c35ec.TMP
Filesize
48B

MD5
77d32f3e3628dd29e5d3fc3cc6ba8af0

SHA1
646888672921230d9464aecc19d89bf1943ee60c

SHA256
f7c9bbaef3efd082a38f856cdf1e2794052a7be81b4918ec7c9a952f5d5600b7

SHA512
9f589ebe72ac5c744269a0da1ce62e7dce887b7f53e4b104b9fb48ec27bf354e1f12729f855db8f2b5c9c0a619adaf828766582298e15c958d3667a4e5bca93f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b26f95b43a77218db5af1bf11117e785c25f382b\index.txt
Filesize
133B

MD5
834bf39dce0703a04790aba152399b48

SHA1
e7853777dd1c0c5243edac3f254b91ea4af2d6b5

SHA256
1bb3536da2dd139c4acc7c7ec2eeb518a37617e141e160acc890407df15a597c

SHA512
09a8ce30bbf9fd0565ed0f002d1144b14450a97d836ff29772f4f09a4303452bafdbb64ac8ac92595d11199890dc2a4c99585423f53aed07f7be04a64f770c16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b26f95b43a77218db5af1bf11117e785c25f382b\index.txt~RFe5c361b.TMP
Filesize
137B

MD5
d1f9a4a9a982f0e5069918386868bc96

SHA1
74e98747ea7421702c3634f967605ec87ef35154

SHA256
073cdca8a41eedbbc97ddda24f53f9bc9205b6a07909b3182f1fe57c0fdc431e

SHA512
708ef28bb952c0f1c3ebb39ed778d1c6242a7a0a7d78c7a568258b661de97ed0b959beb956bc35a35bbc60ad1d5203b96853581e91ce8fb68df298bea9bd9fc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
4428de6486045af5eba4e78955540cdc

SHA1
79b9d50a0701c5e75c4364c26603477b46877b35

SHA256
a85e4781b1f417f8b35d4202b5e0289196d37b7755c803b8d797d2265805e5b0

SHA512
2fdd65bbf697dbe7cac36d73d59eb346ae70c7b57070fbe3f9115ae0fda1a0eae9f0bafecec45b2e7708867f60d66ecd0d8b4750807474556e492d58a46dd03e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ba4f7.TMP
Filesize
48B

MD5
2da2425137cb94e27433b8f311d84e64

SHA1
c75b9c287c2c72b833c4ed4fb811194230d68000

SHA256
30f7c06ab4360aeec658d34bfaafb97cc844053a319ea52743b256d39e26f8ac

SHA512
a03695fab50b261f0b224219e1f29af073d120a57bd240b3e1737f7aa6e20a402bb5fdc6326e54686ae5c54594dd04eb350cf0dd66203d08b6592e5a051fe214

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
fd58ec7ad33c7d72dd86dc3e6c15a2a1

SHA1
040797dce73f3bbb94966656eb2eb421da92142e

SHA256
a53bd39c93b818ff5dc1293d8e5b422575d58777169c73eb0e57396862f8db19

SHA512
553dfdccb05ba126d061c6c7c50c6fbbdeee90b975694718a4beefab1585518f98948175de71bd7d5be4aadfc14b1ac01fcd90141fb80d82499daa4072ea3166

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
91KB

MD5
c63a8535c9f7cc282739524d151a57e8

SHA1
ece081698f685738fa56f7166c578d9468b8b610

SHA256
c2a9f15183aee5c657f415182ad1646690df66a5553f1b4db5910988701f6ff5

SHA512
46b328e5ae5cc64edddfe0d074cca09c7f68989a2783f7f7d9d8a8850f236ba9507036166a9161b3a4f2363f499051c2d10ea47b5ea6ef4c959a6d3d7c1658bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5bc36c.TMP
Filesize
88KB

MD5
1a9035d7a98d679bda636a112986e0ff

SHA1
82011be26a62879dfb29d94b9679d8217097d2f5

SHA256
92858c07ef9d400dc362d6ea4581efad541606064ee85c21c796399744e83f63

SHA512
03195f8a0802d0342e19d7169d9a44c406feb35d8134c368a12512dbc34a8f8b0d35864c25250aad3be62638e26c7af5ed04cacbc7375fe3c4b0177f76ab723e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b60c6152-dfbe-439a-8bbd-373e42e2d87b.tmp
Filesize
255KB

MD5
f0004cdac9a2ecb631b76e97ef3c430e

SHA1
67afe1af167983c02c6340c2d1808d342c3df909

SHA256
cd3feed46f28c8943e227185fd9b2687d788e56ed00d5827e80b93b82f7a7719

SHA512
277309855ebb87ef931591a4df12b85ca8f60183023f134113ab69fe9ba98e8e1f916a868c117663c89f32fab47605dcd38e36d83e34bbd116b8d29a6bb21f00

Download Submit
\??\pipe\crashpad_2428_TVYNCPECRZZZCIDU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit