c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137

Analysis

max time kernel
149s
max time network
130s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
26-04-2024 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
Size

1.1MB
MD5

06e9d66ce88592ba38ee7edba7bd681d
SHA1

d498efcc14ec363cc04d19db80ff3ac156454ada
SHA256

c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137
SHA512

ae6d3a7c85a2a1ffe05ec4be9a97cf9eea72a0ae8c1e5c5f4a7ea3a4ad91549699c0cd923950600ca2da4f6140b2cf03acdf5917cbedc69feedcba4276845929
SSDEEP

24576:6qDEvCTbMWu7rQYlBQcBiT6rprG8auj2+b+HdiJUX:6TvC/MTQYxsWR7auj2+b+HoJU

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133586261121289824"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3076	chrome.exe
3076	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
3076	chrome.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 3076	840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe	80
PID 840 wrote to memory of 3076	840	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe	80
PID 3076 wrote to memory of 4204	3076	chrome.exe	83
PID 3076 wrote to memory of 4204	3076	chrome.exe	83
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 1236	3076	chrome.exe	84
PID 3076 wrote to memory of 4552	3076	chrome.exe	85
PID 3076 wrote to memory of 4552	3076	chrome.exe	85
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86
PID 3076 wrote to memory of 904	3076	chrome.exe	86

C:\Users\Admin\AppData\Local\Temp\c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
"C:\Users\Admin\AppData\Local\Temp\c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3076
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa262cc40,0x7fffa262cc4c,0x7fffa262cc58
    3⤵
    PID:4204
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,16644289805245873979,5486584695987230292,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1804 /prefetch:2
    3⤵
    PID:1236
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1948,i,16644289805245873979,5486584695987230292,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2044 /prefetch:3
    3⤵
    PID:4552
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2124,i,16644289805245873979,5486584695987230292,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2360 /prefetch:8
    3⤵
    PID:904
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,16644289805245873979,5486584695987230292,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3104 /prefetch:1
    3⤵
    PID:4064
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,16644289805245873979,5486584695987230292,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3236 /prefetch:1
    3⤵
    PID:1496
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3620,i,16644289805245873979,5486584695987230292,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4568 /prefetch:8
    3⤵
    PID:4108
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3640,i,16644289805245873979,5486584695987230292,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4724 /prefetch:1
    3⤵
    PID:2980
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4800,i,16644289805245873979,5486584695987230292,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4868 /prefetch:1
    3⤵
    PID:2096
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=212,i,16644289805245873979,5486584695987230292,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4716 /prefetch:1
    3⤵
    PID:2204
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=1184,i,16644289805245873979,5486584695987230292,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4576 /prefetch:1
    3⤵
    PID:3752
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4664,i,16644289805245873979,5486584695987230292,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4812 /prefetch:8
    3⤵
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:2392
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4736,i,16644289805245873979,5486584695987230292,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4896 /prefetch:1
    3⤵
    PID:4524

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1980

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
41bc45d8b0c9a062bc124e4996cd315c

SHA1
1c15dddcdd5041cb510965edecfe9d5011d44c55

SHA256
268fab1c6215d6784b56bb8ff3599f944ad0413bbacadcd7974e6654f7ae84a0

SHA512
dc306f07bca55cc6cd7d41c127eb5fb663c2884058468f0c3adc104bdf4ee7ca53197f098e4a84aadd07a125d3c09b819f1b8ff3789f508e345e915867f88d4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
03348f29863aa5fa0d38c1ee7c5f2b8b

SHA1
5319deaab2fde41804fffd1653a628cb29bfab3f

SHA256
d7f5f2cd1020e7e0599f3249cc8bb86f1e94c6092cb5e207edccdab6a879461d

SHA512
e59fbcd651a5fe46a04fc72338a2afd37eb1fc5a23c2d809ae192b61f0d5390e9005dc886e77301177065b16b5e9b6e969ab2141a3114bf3ac52fb9d553c0378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c8364bee027be96bdeccad92bf2fde2a

SHA1
ef027f3215ee640094b992a65fd7591e2ba1f5cd

SHA256
fd5abddb004e27ab822af7763978c783d0f611116f42365da07f18505c1ec673

SHA512
d6faf924696574f834219ac2dc59ffa1c8ba1fb433d81b03f88d278b210d8b540cd6349b601b21b0e3e8c9d9bf03eb046533161f88829690c4289c433ab7b8ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a4556afc70ce88eafca91936b3659909

SHA1
9f62e47e3302875f27a037c4b3d0275a900d37b2

SHA256
381cc70bb9379e92159a7a5f160a8bbf12e47c0d319b83ca0bb098c8462fef61

SHA512
ba8bd1bb3e48d9c29fbe35e9667038edef590da48a097babb020600c3aea2a1d6eefe241a3531f35bd5be0d1914e7f366686913cc5f12696363396ef9ebd0b0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4f96b19d185433e90bff81a6b69bc1aa

SHA1
e60f7b2fc19583a569624353aedc94045345d089

SHA256
6fc68974f41d1cad14d16c572382e77cc856c8dc142a91611e2776af3a484d1e

SHA512
4d0beb31ae584560887914beffd52c6243a4467b13b135b15ed437c13ca162684d5ef94033bcdb43d94b477234325bc7e25ad4865d955628ea99090139677deb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d98bc55816b53031259c2f54af2d6411

SHA1
1ef91c98ef9846826e8ecbce35c3cd3e24befaf1

SHA256
86c8f1f87a1b79b3fffb567aa949f39ad06499b1977bc2be74c088362d522fa6

SHA512
142b5440e579a0d96724ee1e70f21919dbbf13fdd5621c31dce2b672ae7e00ec820b6e796885f3a05802ec83f8048ddffdf954583cb56869035c934e9bdb97b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
35df31fe802dd8faf9195914cc0dfcf6

SHA1
2a820c8197eb1a56e72717cf5c80069d78816217

SHA256
74e46fec1c1d11eedc80c3cbf1f8ede0686c759f1f966eb35091637ada0e4be7

SHA512
6eb6b3f3ad3967b969200ac7c0c9558caf3528317111ba122d4a91170e21bfa21e5554464e0fa73e2268061fbbb19b061ec0a66432c135e16ec682d31117b138

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0d6736820208f114a0c4b0fe38eb319e

SHA1
013c3b93bce86066b4f6e3334c6128b3e743c69d

SHA256
265f3e84492316bdd4e8b9a73693473e1deb69ee266047be78ad01bfe6520cbf

SHA512
500ed100b82fae695b6b8fcd644fdd2cdc6c23703acd5b30c9a0968aae1c6dc1081a1539e5cb722e4140f074e9a78d482e0c2f746e1a780a4f4a8b87e72ae72d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e55d768b88b0d4154dd9a68d957ddcb8

SHA1
3c370678bb4a72ba7251b7ad9c89fdee166ba623

SHA256
902324e30dc4a47b9a49bbbf540e70b538855b83cabdfcc9c45a77de824ce810

SHA512
5cd501a3da3a821ef204b150a5b2d53e669c4043569076fdc6583b7e4543a60e704ff0e158f3d295e9cb15b4078e8762d738e3dca804178f7391a4ec184bf3ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
75e7cfeecfcb7815a49905db587bac62

SHA1
907889c6b61a639573b32291d3448d508f34391d

SHA256
04283d19f468c7dc2e595595db5fa6fc3b96897efad6832b6d297c919688b069

SHA512
c417a54d05729e64a374e879e795b5538b8420dd12a37a871b1ef27e8a4e465b990740f400760dbec5ca977a0961f5f9f2cc63ada3e87d79afa74cab909171bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
e4fadb50cf9730628c55110b332f37c4

SHA1
450f700f4a8e4a444a18282aa4d434e75200f06f

SHA256
bc7b05b6895f313554be30044c0ed04e95c132b9fbcbf2bd0dcd2ccb95d4d631

SHA512
bfa32a3d043f4136bc0794b5ba9f2ff3b9b515ad89058f7469933b1620ed71375cd1fe01521dcfc703182204e441c303fca7e0517b64e69b4fcfa17b74f468f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
5673a292db1e32e462d6b90f459a7c6d

SHA1
24285fe8adb86398cfed4e87f66d46fe8f2dbe3c

SHA256
89f6edec6ec50e369048fba997d29b31364b1d1bbd984c3364a8432b6da513f7

SHA512
f0f54e34aa26eefa52bc49b4e2b7a18337cd3921ce965ac16d22757211d0925a3191f20423a134a71b21fe735c8b2f58a9acd5b40141a82884aaee13db87c7f5

Download Submit