c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
26-04-2024 18:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
Size

1.1MB
MD5

56329843c9b863dbd1d491a1877e7019
SHA1

0ffe21c1abdf513b2446e88985a198b328f05ceb
SHA256

c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0
SHA512

84ae37a9af289d01483107d9558b063531445ca9fc2bfb80c3e79487e28dd4bacab2979b5054aa1af8a0e57b5a56dab0821ec04f35371c849a445a863b85c803
SSDEEP

24576:+qDEvCTbMWu7rQYlBQcBiT6rprG8aut2+b+HdiJUX:+TvC/MTQYxsWR7aut2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000\Control Panel\International\Geo\Nation	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133586312095099798"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4844	chrome.exe
4844	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
4844	chrome.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 4844	1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe	85
PID 1524 wrote to memory of 4844	1524	c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe	85
PID 4844 wrote to memory of 1220	4844	chrome.exe	87
PID 4844 wrote to memory of 1220	4844	chrome.exe	87
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 3676	4844	chrome.exe	88
PID 4844 wrote to memory of 1828	4844	chrome.exe	89
PID 4844 wrote to memory of 1828	4844	chrome.exe	89
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90
PID 4844 wrote to memory of 3408	4844	chrome.exe	90

C:\Users\Admin\AppData\Local\Temp\c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe
"C:\Users\Admin\AppData\Local\Temp\c4eacb34ed8be1ba356c0582a3307e35643ff203826f18381facf23b82073fb0.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4844
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff031acc40,0x7fff031acc4c,0x7fff031acc58
    3⤵
    PID:1220
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,8546678541835934491,2770088932558133305,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1940 /prefetch:2
    3⤵
    PID:3676
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1840,i,8546678541835934491,2770088932558133305,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2176 /prefetch:3
    3⤵
    PID:1828
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,8546678541835934491,2770088932558133305,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2452 /prefetch:8
    3⤵
    PID:3408
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,8546678541835934491,2770088932558133305,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3156 /prefetch:1
    3⤵
    PID:1500
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,8546678541835934491,2770088932558133305,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3200 /prefetch:1
    3⤵
    PID:4116
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4588,i,8546678541835934491,2770088932558133305,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4596 /prefetch:8
    3⤵
    PID:4448
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4992,i,8546678541835934491,2770088932558133305,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4904 /prefetch:1
    3⤵
    PID:1820
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3304,i,8546678541835934491,2770088932558133305,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3316 /prefetch:1
    3⤵
    PID:1628
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5024,i,8546678541835934491,2770088932558133305,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3180 /prefetch:1
    3⤵
    PID:3820
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4052,i,8546678541835934491,2770088932558133305,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4872 /prefetch:8
    3⤵
    - Modifies registry class
    PID:5016
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4904,i,8546678541835934491,2770088932558133305,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4964 /prefetch:1
    3⤵
    PID:3536
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5020,i,8546678541835934491,2770088932558133305,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5008 /prefetch:8
    3⤵
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:2820
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3412,i,8546678541835934491,2770088932558133305,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4880 /prefetch:1
    3⤵
    PID:1304

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2212

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
96cc46adb52b4eca6a17ac6adcd98536

SHA1
34f032cba3480a80610619d09c4ddf8d11e0cdea

SHA256
149744b31c818b1b38a4d112f5a4317c2ec1f370b3a0af164ac8036a5f003425

SHA512
efb084d3f3e4b0414379d814ddd240bc25592e683b163a6a747ae1de9ac292e692e5097266bdd31577da12412ce20a5df910b3a2e37f563ae138569274cba2bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d325c1b6fe623515a50444344b68f4b5

SHA1
ec8571e759704ed5ec6fdaeadb7cdb7444024e96

SHA256
f06de64cd679cb3d96b25c08db98f92d3a37a8bc7a153e1a4a668636df917129

SHA512
ef7e90d63c71fe74d462c8bbe4899c9bf4b7d9ed6436440d434715156a06e4ec9a1cd14b1599734aa417e7beda286d918ef7c3ef50e2038996ec8722ae7dcede

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3904442ae83c8a82dbbec293a1a1bc32

SHA1
678cb9c7c40807ad73d5086d97c6736b2d7d997e

SHA256
8e7846597d30b231133d82bcecd6b444c077a1db6c3ff90865f7069ce5dedd18

SHA512
4f79583df4c424c3b45c8ccff51c6e84bdecda2983642b2f4a5ec0044ed1b8cdc1c0cf8d0259bf722a23c7867f1e6cb17ef4791ee9b9776eb8f3e471fc6a2efd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a7dc9eb50b99794c6f061807bc25b283

SHA1
d497d2be090964a20b4d1c78534a1b2f05c2de80

SHA256
15920f613f9f6c85bcb6bd259a5aa2b32cbdd1ecffe44da265b9caeadd0c0402

SHA512
2cb10370adc28fdff1675874a85d7ddafa08dfd6a60405454a730ade6ac8c72679d7d906e3ee25d488d5f277ad28f10539ed9cb33c2013f5ee221b18a2d418ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4cdd077f850cd92e4c3ae035e254c815

SHA1
efff32da4c015f245836bfc1bb6ab054f80b7280

SHA256
9c5efbc290dccc1b726c18ef0d5b0fd3ee9e7eb75f12efd11cce4e2d474750de

SHA512
f2371e63d9c37ca0a13bf780a71dbaef37afe11133bcd6b972ac1619d7d079730566f8fec851084ae79f0bddadd6fd126241254dce588fe8a5d060ea3c21e511

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be48047ca1129ea9cd6cb69286ff1bc6

SHA1
38ebbdaaa10236170463a33a9b147fc53e70a052

SHA256
c712b84669f365e94acd85b41921d10794b422f5eef505f5eb5a4d87097c2234

SHA512
cc0f2dd4ad7efdb0057dfdcc91bb6ae78a76ad9f8751f4cdacf4f7b1e7df44cfe3669ce3e579d9130d32625da11b8ab526a564f12456415fb047176a06b8583d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5a9c553b1461ff7c0ebd884440ca2ddf

SHA1
9c85b7ca574f773b0c4dff6a509cb45f3245a4fa

SHA256
fab7230c6f0fb253edf61ebbad8f7c81286b88fbd2490937a9147d210fed0bdd

SHA512
59ce93212f0ca6ff2a3e6102fd6080ce8ce11e3315990c8cd2c0049656ded85e9243eae5233b2bf5c110b493108bbf7650bced2a98cfd968034954a15045470b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
e3c7fa328b8c4af516e446ba4d96f00f

SHA1
c98466687bae005dd33917f23342abdafd876ed4

SHA256
6f789bc108a6ce7e3bfca65cd07fd9c18a1326dbe9f2ae1f8c4eec95f0199341

SHA512
9a0b85b874a3f2dcf1ee40efa8675075242e00a60afe02ddbaf5891ad16fb816c17aa7d5cdadf5538cffd31361d275706f84157ac3da201bbd1bee7975d37531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
7f0d6c8d51bfe6dedc38a83c650da571

SHA1
0e4874c11ba8705f39b36d8dba4dce629fb2000c

SHA256
53963f3e682fd4038f0f8a4ae0f7a85e663d409062e1b82e74e8fe223e033c83

SHA512
6c32dfc3ca6a38a87efdaaad45dc9c2de122ec92d07ed3ab16d2c6019c978b26ae8b155bd7cddca260f5517736c58757a756f5be993f64071abc1d714b79c6ab

Download Submit