9bc964d8643b5a4fe8b9706e971cb57534131afaef4b9cf111f81b51bb93f8cd

Analysis

max time kernel
93s
max time network
95s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
05-06-2024 19:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Asphalt 9 Legends.url
Size

223B
MD5

6ae1424d1179c6d8f7ee516d70e896ba
SHA1

a1f2cc5a2991c878d7c014d6a14cb0dd027b0b1e
SHA256

9bc964d8643b5a4fe8b9706e971cb57534131afaef4b9cf111f81b51bb93f8cd
SHA512

fe544098477d45d166bb576d4ede2b8f3f7a99f83d4fd5bb6b5a500eddcef86b8bb9cec9acacb891ceb9a3c75a7010e0532897474b5ae8cee260f9ca4d91bed8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133620906819963710"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "70"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1672260578-815027929-964132517-1000\{CAF971FB-78A0-4F90-AA15-9DE9A8AAA26B}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1992	chrome.exe
1992	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: 33	1036	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1036	AUDIODG.EXE
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1428	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 1932	1992	chrome.exe	84
PID 1992 wrote to memory of 1932	1992	chrome.exe	84
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1508	1992	chrome.exe	85
PID 1992 wrote to memory of 1832	1992	chrome.exe	86
PID 1992 wrote to memory of 1832	1992	chrome.exe	86
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87
PID 1992 wrote to memory of 1360	1992	chrome.exe	87

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Asphalt 9 Legends.url"
1⤵
PID:112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7fff328cab58,0x7fff328cab68,0x7fff328cab78
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1848,i,16147206519698355556,50082185648002495,131072 /prefetch:2
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1848,i,16147206519698355556,50082185648002495,131072 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1848,i,16147206519698355556,50082185648002495,131072 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1848,i,16147206519698355556,50082185648002495,131072 /prefetch:1
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1848,i,16147206519698355556,50082185648002495,131072 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3500 --field-trial-handle=1848,i,16147206519698355556,50082185648002495,131072 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4340 --field-trial-handle=1848,i,16147206519698355556,50082185648002495,131072 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1848,i,16147206519698355556,50082185648002495,131072 /prefetch:8
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1848,i,16147206519698355556,50082185648002495,131072 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1848,i,16147206519698355556,50082185648002495,131072 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1848,i,16147206519698355556,50082185648002495,131072 /prefetch:8
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4872 --field-trial-handle=1848,i,16147206519698355556,50082185648002495,131072 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4092 --field-trial-handle=1848,i,16147206519698355556,50082185648002495,131072 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4040 --field-trial-handle=1848,i,16147206519698355556,50082185648002495,131072 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3232 --field-trial-handle=1848,i,16147206519698355556,50082185648002495,131072 /prefetch:8
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1848,i,16147206519698355556,50082185648002495,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1848,i,16147206519698355556,50082185648002495,131072 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3240 --field-trial-handle=1848,i,16147206519698355556,50082185648002495,131072 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1848,i,16147206519698355556,50082185648002495,131072 /prefetch:8
  2⤵
  PID:2416

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2060

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004D0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1036

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a21055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
90ba955667b77c4d3062aeab91186050

SHA1
b2fa09e2de871bd7b6fb2b197e49ad9fed0c839f

SHA256
aa2435c05872cbd3743da49b188114e60cb654c90d0a679e3bb2952a65fcc80e

SHA512
2f8fed2c086330e6470539c95d2e2f405eef83fc9f5be38fc11057b3aeddbd4e2d0683859f0266643135187889f3fd0beac2e82f7547dc39e94f107a19937b5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
5dd29c5f54dfba6ef0331db00c6f7b2a

SHA1
d22430033503b4b93b5c057914c0b84c656f98fe

SHA256
18058edc7a5c339998f753ed6e31ba596b1a0a6fed6622723337328a3e95091a

SHA512
fdb32d4965ca976c12160fe3c0a0f15c35ecb0bd0a224db8b8d3f1ad7e240290b25f5989f803b200a414e732dfdc6d6f978877772ee603ce65ab3693232ceb34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
45f468f7a6a1a50dfaed656b172d03c1

SHA1
40724216b87657aaa13392422c292585e556174c

SHA256
b4c05b332ad7e6e81c367f82926064da9dec68e07a9dce134055a483af63ae62

SHA512
d9472ceb59db1ae06f2ac03128b328258246ee98066cf2741c4dfc997da6776520c0a22d7f2c2c1681c4e93b48941817b121095718452a0ca504da0b08cbcded

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
b6e7f9b50d0d374b83f8f2e5e626cac8

SHA1
17a1c9220dfab7022d45728da5d6d51204351e4e

SHA256
2cb3001d1141ecda7d27986d10141933a68ee1b5c3849599d9b3986aea89c655

SHA512
1aa837b22a218d1c623cdcd20e3c44143767c551877f8eb11b14df5cd492f4155fd5d7e4513dc0fb3b2122074168bb6b4cef0c7c5bb07b6e026224098a57d091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5984bd58ec3c6c58e3cc2f3f55c6fe60

SHA1
297e4979edfc2553b7d272c5abfb2bf6eb78e656

SHA256
8b76d2f27d932f776c3f6ffb383956452454e710e8c951c747078a825d6ffc1c

SHA512
739e7a95c24bf9e3f10125d09aebdf5c3c6eb553c34d22292a663b4a31934a4e9cb39cee1ced333b24eb114f722c58e5e199fb2dc82ccb9908f027e70999e8ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9c2ce14ae76e7789c2a7c2fb2f082df4

SHA1
8359cbf427e95878adec1383fc3b21de26f8b2df

SHA256
d4d2652bcc03f2a65a6cc6d9d6940fe2fe9a9a6a7f889d29c7646144086ff257

SHA512
c228ecaf4c37efb9e034cd9bc7a99428195eabb557d7333ec01bcdbb6813727e7e6f9956fe654fac482ca6a8e4879130b9cd370009eac46fc7b613ba824885aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6cd156f8a4ae31cc736f988bc0c46265

SHA1
c82b30956a210b15802499237399b92e8bb94786

SHA256
12cf70753e5588c89819157bb09a833ad78fd5b76b22050b954b48a747f4a9a9

SHA512
69ed231ff8208b5ad32eaf5582044b619a5eb0b156386e3b6fdca9357c5c6a320e450709bb8118db047b4df7f98fc8c4c14ab189cb330ab4d074ca3314803846

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
835dc63c47bb0b87fa161e6ee037e4b1

SHA1
7f73bbcec86e187b31e3381976f481094417ddf9

SHA256
afaf11ad2e6437f00b46fb17be895117b37a6261af82457b015b3434e5a82693

SHA512
335b117d994f8d7a19031ab60d07c985126cf420088aa1faa930c770d4e33eb6224b2386cd36836ad05e1e4bd63d67e5b6a5bfd96d8efb5cc5a22ae4060a8829

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
125b240c8cabfffac28d02c95b610980

SHA1
543193a90352495d178a7ef813fee672f52cd057

SHA256
b13e5079eeba31d8c4c7b37523b4b3db319809ee1cede13f32c5ac7291b064bf

SHA512
8e7ed926622ac45723dd60302c4e529b862b3f4acbfe513acfad07556d1aea72cd6b8676f4edd8200ce184240e463cd5de4ca05f1c9a35016e4abd2b82a62c63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\652f9444-350b-4d30-b97d-faa6a3396679\index-dir\the-real-index

Filesize
624B

MD5
1eb2fa4af51753c96554a03584d9863f

SHA1
4ac313a3956ffa3f49c401133a4e704043a30ee2

SHA256
8882c6c24b9be88e85dac46fdd36f7bc8cd01ad2718c0446cf1091da72d134e2

SHA512
ad4a28034e5a10282333d7f8640d4347f6c27da0cf3c99617b2fb2aeadb6535001d83f9ec78ee191ce4dede2c6f50fb3b96d1501e0b3f33bfd100627b0241e5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\652f9444-350b-4d30-b97d-faa6a3396679\index-dir\the-real-index~RFe583fb4.TMP

Filesize
48B

MD5
e62cf4cee3892601e764f90dd8cb44ee

SHA1
97154e1fcb66fe337126bd29e19817d0c932a0fc

SHA256
11236e763c65db520e79d61e4d628bf3cbaa4785ba8b1841d49c9cf153299ebc

SHA512
05168d61e4b6d731fdff699752cfcafb63665fb2f64d60bb50cf6ffcee6bab4b44b9d30c402ca80b33068698cf5a9d5741280b4b89752bd62f5358d79b9134a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a0e7ef23-67d3-47c8-a599-e1fcfaa5ab1b\index-dir\the-real-index

Filesize
2KB

MD5
84236629175973df45c6cbeca7e00327

SHA1
31476eb2473030e9e61a6d25cb1e077e0b460702

SHA256
240803946bbcd404a479cc5a178e895a8597daa6fae7737f59f77394d1f9eb79

SHA512
0814c23a38a86a24ec86407e3aae5b1f076cd33b92a96546b5459a69bf554ae04463ab20fb999b252b2dbdeda81fedaa2fdc757db9d1357af840596cb4813db1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a0e7ef23-67d3-47c8-a599-e1fcfaa5ab1b\index-dir\the-real-index~RFe586d2c.TMP

Filesize
48B

MD5
cb0db67bd687d528e3caf7b788106d9e

SHA1
b5e01bed1cfc5e1ed7cfa241b44c290b9a1dc24f

SHA256
df18894d175c612bd0ee49ea3f7fea4d1359ad1f9ead8bb8477dfb07f0a84c7f

SHA512
092f7e53092f5f42b670a7384d78dda5bba9a1e9d0642853ec53a9c4730b82fefbd5a3e00ede26de3c94adfe8378d76b309f13b8a4d0f79c72b1725ab4657ff6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
5f226fa83b47e2b8bcb33aa6b67e9bdc

SHA1
4a97bdbf01dc4896df1da0e33c37e3326044f52c

SHA256
fc2def464312f3d37cdab49d413700a1b3ed084182e810b6126e41704153099e

SHA512
173096d0ab5c1e5ada5ec33ce07c39f4fc8093701da80d3e464df4a797204f3ecea185702d86a4e81fefc670d7a360da3d721984cb0725b81de533964c748492

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
185B

MD5
37a77839b595ebb780060743487e6c5a

SHA1
ab33c182d469a2bcb9152ed66acd5638ce43b62c

SHA256
774d2f9ad9aa474738f68721acd056e9e875bc7f25e8ebb528ce4264e4518f13

SHA512
1e57bfc7722b3a771effabd894badb661106f181dc8e9e876d540d5527969d69076d94c0fad6299564998188acb3440613cd33dc77e05f697a3f05cffd7af69a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
a98694b9d7b23c5a675b9c597b79ab78

SHA1
f01511d4c7214cb5d49f865ae61c7d88ee762617

SHA256
17e514714a917c2121c3a54c4cc6f55da3220f4629a91b01e539f1c504501285

SHA512
c3f7710d4e11a3e67defcd3050d602b697a2073321b0e32b18d9cc43e017709f8630a00bf30c19327df3c25f736f2144eb4e427ddad54457f526d7cfe5245fb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
aa0c4db1ddb42b1769e2c78ae4362d9d

SHA1
184d6c7ef0fb4563b763c84d43c2fa80a51f9608

SHA256
b9959ee1fa848cb6e75e3f8af6167a22e6a6a58066a7b9484926cef5a7928274

SHA512
8a266881f29796a99f4683140e76e5558da232ba4d587789ef9ff8284f6b700ef2364e00bd63a2e4fc510ed912995fc57acb2da0071024d015f4d154e0def97f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57e6d6.TMP

Filesize
119B

MD5
a46edb4dc8af91f3c422854d1f0881e9

SHA1
750b8f98b1cdec8b56ae38fe10efd0bb8851ab44

SHA256
8a70fe18d4eb85f2aeb63e577bcda52e905204c30e3b4c2af8e1e05e798a7d11

SHA512
43af800cfe0f7a19273d33300974310c02a8765849678222cacd7ff05cfc231b30974b62811a70e370c0a3864d6e158362467e954c596808df825fd6bd2f8ba0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
9e703480be0b8b093e830df00667ca50

SHA1
c212c568d7d1b1ea5bfe4ef9621a8d87b21004a0

SHA256
28dfcaf6907d0bc80d4eacd03e2bacd68a292b5f180be06c8460c4cfd84b8bf5

SHA512
5f468afa60681b1d536a9c950655b9e34876fc884304328764c2f3c3e86b30c341e9f86138aae19dd180c252eafecca9cfb25cf5efcc9da67f7f3ebc80cdb83d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583709.TMP

Filesize
48B

MD5
e182c520b807415b217e0b1b8279a10d

SHA1
8108404a17994025e5b9d0ecc5db1f64ed08197a

SHA256
ef1b3910b059e5c696d6f9daa57fad570f094a8bd047e4af0190ba3d86c37d61

SHA512
04b0540e0ee91dda2261a394eaba5d7268a7b78df70d06013be287c44803b4772c60fa26eb06d16e567c78d31b82b3a29ff6917059b3081cdf5cc1ce0e9bff02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1992_125467227\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1992_125467227\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1992_2000239081\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
974226483d24511f3e185c4bdbcba62b

SHA1
77b3d4b357d8984243d8a7e854344c56b4dd4633

SHA256
8d70ff7f1ca0d36bcc1f276d8cef534e5ce076e1718e1139e1830fd0ef4dcc63

SHA512
774e0168427c8dd1d0b00b3c850f9f84280c84fb18e686367a8e305eda234b0eac4bbe93805f76d44182c41604fc87c0f177459732b61a2122d8ad2c9e0fd2ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
423932b3c1bf688ca9fc06b50c675c08

SHA1
f8e0e01f4908c402eada97f9b81a5f8cfdb7de43

SHA256
2fe2bf3aba0e495350e7909346edff25b7be562889abe5c3ed1bdbd1694ab9d1

SHA512
a5f40a44c8677616fccd42be729291a6a07942ca2647e4ae326bc863cec14f97bccd961457169ed0f4fec2aea21876daf0073e094fac55d6c890cf74ef27d2d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
6aa220e7d6ed48742a6606435db41046

SHA1
3ce85b384d2a5ecdf492213c1b1121a711bc41d6

SHA256
58b3a256e225b3e775a1b0b0eac72a2a11adaf8ae4344e2ee22ef6b1d77dd003

SHA512
50b8c94ef833bc6c82cc1e585f692d6622d98d81472a880db1ce30a29069034cd7744a02d03a49ec153b17abea4c6d5da0321c804d3c2001b48884afd443df7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
86KB

MD5
a0c43b143e25c32e6f85f33b46c01441

SHA1
5f9f96b3516358963914e9d103f0308aec083386

SHA256
8a802f38fe842977a8639bfb48325d83c3130ea9c5fd194850c75357b1ef6f2c

SHA512
7747e5aaf1800c0d1b7d38b3fd72a4a7663c34a5020778ba074a4a11552fb496e2510aada1430d84e0436308b0de5d482990d8b7d2b5ff318dd634eb3df749ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585138.TMP

Filesize
83KB

MD5
6316b59cb4f9893ac52d184492d1f3bc

SHA1
7b049801299cfbc90fbc6ee566a7a130802c2e97

SHA256
026217a5c77d83998065fb0c07845eb0e869e5f7821d4311b606d474cdfc0714

SHA512
385da99dacb91d35c0c029acd5592fff723339c82381e5cff1c08b621acf4e79ffabd292f849273ac8c5f905d0a56e98783585d6b68ae23b3a906ffafcb820f1

Download Submit