48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
27-04-2024 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
Size

1.1MB
MD5

898588129153d037f2bffbd5b868b84e
SHA1

711ceb32086264bd1fe8c83a43c5d928b981f0d3
SHA256

48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd
SHA512

50eb161f5313414360815f8495fa550fe3b22a13dd354d5302fa217abf795695764dcf30c155d3b7cb0c08b159902e00e3c8133b79d9bf0757e19eaa8959a045
SSDEEP

24576:BqDEvCTbMWu7rQYlBQcBiT6rprG8auD2+b+HdiJUX:BTvC/MTQYxsWR7auD2+b+HoJU

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587305261227581"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

4116 chrome.exe
4116 chrome.exe
5064 chrome.exe
5064 chrome.exe
5064 chrome.exe
5064 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

4116 chrome.exe
4116 chrome.exe
4116 chrome.exe
4116 chrome.exe
4116 chrome.exe
4116 chrome.exe
4116 chrome.exe

pid	process
4116	chrome.exe
4116	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe

pid	process
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

Processes:

48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exechrome.exe

pid	process
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4116	chrome.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exechrome.exe

pid	process
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exechrome.exe

description	pid	process	target process
PID 3464 wrote to memory of 4116	3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe	chrome.exe
PID 3464 wrote to memory of 4116	3464	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe	chrome.exe
PID 4116 wrote to memory of 3780	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3780	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 3412	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 2172	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 2172	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe
PID 4116 wrote to memory of 4184	4116	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
"C:\Users\Admin\AppData\Local\Temp\48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4116
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff840b0cc40,0x7ff840b0cc4c,0x7ff840b0cc58
    3⤵
    PID:3780
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2008,i,14213604901381952898,10082584071085628616,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2004 /prefetch:2
    3⤵
    PID:3412
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1816,i,14213604901381952898,10082584071085628616,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2028 /prefetch:3
    3⤵
    PID:2172
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,14213604901381952898,10082584071085628616,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2364 /prefetch:8
    3⤵
    PID:4184
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,14213604901381952898,10082584071085628616,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3116 /prefetch:1
    3⤵
    PID:4988
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,14213604901381952898,10082584071085628616,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3176 /prefetch:1
    3⤵
    PID:3056
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4520,i,14213604901381952898,10082584071085628616,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4532 /prefetch:8
    3⤵
    PID:1580
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4808,i,14213604901381952898,10082584071085628616,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4912 /prefetch:1
    3⤵
    PID:2008
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3280,i,14213604901381952898,10082584071085628616,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4804 /prefetch:1
    3⤵
    PID:616
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3292,i,14213604901381952898,10082584071085628616,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3276 /prefetch:1
    3⤵
    PID:3836
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4996,i,14213604901381952898,10082584071085628616,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4840 /prefetch:1
    3⤵
    PID:4064
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4940,i,14213604901381952898,10082584071085628616,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4704 /prefetch:8
    3⤵
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:5064
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4888,i,14213604901381952898,10082584071085628616,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4856 /prefetch:1
    3⤵
    PID:536

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2884

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b8409f885c53607f8fe9e2d3d9761dcb

SHA1
9bf1ee2b0118005926e3f99713d6055c2a78d85e

SHA256
d1fea893e2be40a3baa8ac271058d822a9028d7ee3d5e8128ccacfe0e382917f

SHA512
64db2aaa5f7129f3ef83773f26eda29366b7d1743186fe055352a9afdfa7777563a2d2805b3a8d9ffc11467d216fc55e36bb31e66d8591f32406caec78fb9e9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1a2874d40841a5449d5c2232a1409fde

SHA1
ba9b5927ac1156e743bc449eee10bf2da0155b1f

SHA256
acc71c9c94e45bce81f1902b832ab85ef36d3cfc7b1ad2715e7ccf1ea90e43d6

SHA512
00d5fe941819966dbdd2cf0c50fcba9e5eaf3eabcf758939f5fdf90919f5281f4c251ce5bfd6ea4089f1fa2265a5d81ace93aacadc5da9b6540bd500555c42e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
af501a3fb7228700242e93676c3e598d

SHA1
d3f17afc5fa0de7ed2dc31a60f564d6fd5e33ce2

SHA256
144c1059cff240fdfa417af2df0b110a0926014588864d210372b073ba8f833e

SHA512
4ae874966f032196a7430503d5e0552f5030e8b9d631be3d9a9a36db54da96b29e1b4bbfa951eaec5e8df96b9c910477781fca8e3f04865955baedfe5e9df9f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
938180d324bf53cb6a497406553b534b

SHA1
b734410eab83a746c0b80b34a61925ff8d5c04cb

SHA256
ea48bc62bdfa2105c46b26671424ea93a886717fc2a8ca32f241656dc19baf98

SHA512
2461b7b18df423dc57b788a773e2404ce7d82852d88688ecd6f4b55eddbbbe9b8caaaea9ffd12e8b44cf061ff85255e535c0dfd84bca58716bec2cb1a2028501

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
135378d83865358b141fe712d6167691

SHA1
ef61f633b7a94dd03acce57b0cab219e57bba6f0

SHA256
5c97825b28524e774185d1cf192926fb2ab4f8c6eacbc0c18baa6bb4ddd3ee49

SHA512
a457e3ebec1dbcade94a004c73877ecb21c89fcf80c6584ab719994f627e9bf5384d6f6d692b86707d475fdb9647563e3a70a803bce3a73ef98dcf9df82dbd6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5512b020de3df5f229acf34b1e1f546

SHA1
1fa59847410640dccd1eb6949e4d50ddb38b3301

SHA256
8e291d5364c50139a3cc8a49da14f58eb201d5488ce195bcec0fb8a456544e08

SHA512
dbbe1df82d3a79eeaed81f241b625af072c0de92875ced49f1c6018ddf591acfba19b553500d7d5f499ddb9717b38e9c469cc2df36faa147749e2deef361ab9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
36dfcb865c28f594cafa1de9d4383448

SHA1
27a1672bcf21ce4b8651d86146acc2055d52571e

SHA256
6a78c77dda9947fe535c6ef36ecbe54baa504e4ccfea381ee6c173d54b1e7980

SHA512
9c8ef21c02bd26171cc6de9a24e2ec6931124627c2090aa89814c5f61ee263497d6a0047c81911da8a250d00bea94e8066edafb820b5f68b02ddd89882080744

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d261fc0fd52acf893a755909c29d6bb2

SHA1
0347a55ba4af6cb3f635596e692bc16b610f8fdd

SHA256
d83eaa05f6c5ebd93dc3a2783e66ce7bb2c7cb695c92a136ae1c689a9f67fd80

SHA512
5edd317eff9351fc8fea95f647e788ba479d3d827940eb6c0d64bbd468ac074979f500b41b4e4f11d7117baa5c25ec9d0dac29dccafdcc2e7c717317b504d608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3dfb7049fae43eb6efe2095e08ffe9c2

SHA1
b22b53d890a188d860904b61e1433589972a4149

SHA256
5df424a67eb8a0381d465ab8faa87e60553cedf5938a0fccabaa6eb3a0b9972e

SHA512
42ceeabe3ee3ed45dbf5814e55ec2e59653bfbcf8105cad1bc84214d04c15b645d72350dd724f193db12505ec25801bd13fe25e7359c3570ad5a0be6a2144d9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
884051e45b5d19bf47ab54aebc9dd8d2

SHA1
be56a8c0aa4ebfd01c06efea2dfb455006dc5ffe

SHA256
ba6d5c5f171dda5ac2944d1387e8e45d553521a032126cd121a868b73c2af474

SHA512
253df4856f7ff7a07251975dd0d1c46a67bfb1825538b9c4594f648ce4b3861a122a6a21423bbd652ee41fc3b50e5376257e17e815990834279def987aac1f02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
da96b673f1935ecd73e4292f7080241c

SHA1
811d5f7b7fbc9df403d398203d580e0156f002c6

SHA256
356f9138bf9b559c7921b4eb6a63460e527b7769dc33d1fe38ff4a0f9647067f

SHA512
808251cde8a503f2966f170560c3b32b5d79b75bb4c5310803d722d75dbaea6fca0d2bc43d37de1610426c345da337d0e387b34302b24c14d2217631a8d1a604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
96138c1f9b5b55059b131c3b3f52ba09

SHA1
9fef0baedbecb662aee557d2be1438b564e91d15

SHA256
3ec7d2d95699168411fbf3c5ae1c0e30e48271f61c43c934a21f7fa1ffa36104

SHA512
a7efc6205305d51d1403a08b4ef4baec0256b563cd5f46930cd513b22916cef0bf95b59fb002fce208cfe654025aaaf84be443414cb9d6867d6c51e8b4cc5b0a

Download Submit
\??\pipe\crashpad_4116_EVQGXASETFCNWCZU

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit