fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f

Analysis

max time kernel
149s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
28/04/2024, 17:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
Size

1.1MB
MD5

2829f56ca8dc2fe1f85811d65be7ee6f
SHA1

40242445695178ea79232329cb8e85334d154a5b
SHA256

fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f
SHA512

9a3ea4aa52a7af894b75d0c00f0aa2f69028dcf537fa4d9d5ce88067b619b22ba273065ad7b7ed54bc2d76dac330ec651034501d15c9fccd6befa9696a2533c1
SSDEEP

24576:cqDEvCTbMWu7rQYlBQcBiT6rprG8auj2+b+HdiJUX:cTvC/MTQYxsWR7auj2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587976401297523"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1368	chrome.exe
1368	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
1368	chrome.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 1368	4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe	83
PID 4568 wrote to memory of 1368	4568	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe	83
PID 1368 wrote to memory of 3152	1368	chrome.exe	85
PID 1368 wrote to memory of 3152	1368	chrome.exe	85
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3656	1368	chrome.exe	87
PID 1368 wrote to memory of 3076	1368	chrome.exe	88
PID 1368 wrote to memory of 3076	1368	chrome.exe	88
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89
PID 1368 wrote to memory of 620	1368	chrome.exe	89

C:\Users\Admin\AppData\Local\Temp\fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
"C:\Users\Admin\AppData\Local\Temp\fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1368
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa27e8cc40,0x7ffa27e8cc4c,0x7ffa27e8cc58
    3⤵
    PID:3152
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,12522308837776634036,10985482012083063883,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1904 /prefetch:2
    3⤵
    PID:3656
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,12522308837776634036,10985482012083063883,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2068 /prefetch:3
    3⤵
    PID:3076
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,12522308837776634036,10985482012083063883,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2496 /prefetch:8
    3⤵
    PID:620
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,12522308837776634036,10985482012083063883,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3196 /prefetch:1
    3⤵
    PID:2644
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,12522308837776634036,10985482012083063883,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3396 /prefetch:1
    3⤵
    PID:644
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4572,i,12522308837776634036,10985482012083063883,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4584 /prefetch:8
    3⤵
    PID:2524
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4972,i,12522308837776634036,10985482012083063883,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4984 /prefetch:1
    3⤵
    PID:4860
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3412,i,12522308837776634036,10985482012083063883,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3560 /prefetch:1
    3⤵
    PID:3616
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4864,i,12522308837776634036,10985482012083063883,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4680 /prefetch:1
    3⤵
    PID:2084
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=836,i,12522308837776634036,10985482012083063883,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3404 /prefetch:1
    3⤵
    PID:2004
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4740,i,12522308837776634036,10985482012083063883,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4956 /prefetch:8
    3⤵
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:1820
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4892,i,12522308837776634036,10985482012083063883,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4680 /prefetch:1
    3⤵
    PID:4440

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4528

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3ef4517143b15b051ebbc07d0c6fc87c

SHA1
9a12e804d9d6aec1d38544cbbb17d4c5c435f7d4

SHA256
5f1ec78f62f69b08fa6d0272174c2aad682f4abd8f78d148c9a23946afee1721

SHA512
54e8fc6305fd4348ea123b6cffddaff54ee5068a715220c7d323ca10a8d864f06196d88fcd59302f0d32d3567a85190180b42197092b62ede33c566e91c0f64a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f481050396a2aa7cbb8eb1855a637343

SHA1
f3fdb559caa8bd8ecb9452d1cce039b88e59fff6

SHA256
5c514fc76275a8326b281f3347f23b9c8aca9d136730c291f6ddf4dc0cbc086a

SHA512
b65333142dac6ba2399193a370ab72dd7a16e9dc0227e3eea6020769965a759ff39ec6566a40dadca84d7fb89e307c7b7869eb3f3afbb2952ae7870b6b99720d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a507db824f1d8f3fee21f9846934d750

SHA1
693df3efe098d8811f6c55956a7ea153e7ccde9d

SHA256
44052b6bc86f613e61f80111dc508b140fde9975a7c8c974d79fe80b7d5c9776

SHA512
0de15924e86db73422fd9d8ac0cd5bc0fadbc69f9f5185a5ccbc1dae71a453f19f127d81a60f3a2326ce9b34058d659fd09e382cb59e3ced1cb2b75be0bdb5fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bfc157c6056c09454fa7c00517d71139

SHA1
6eb8f4a99e959e64a34bbfe7cd7179559d266023

SHA256
5376ccac3e74d67654a55b0871f1fa9b77be2e8565d46c9fa4c1b531a4e4da92

SHA512
e013978de7e8e5d809a7e7696e6388dab96241d60d6a87326465b7d6ea70c78ca588eb33b579114c8c94fa8888e88c601af039b4bf52d853f0920d369d41669c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1ff96e02a20547b0b40f2b945b9dd941

SHA1
67efe4e232c60570bfc67fa2b95a3846ba83dca1

SHA256
73cafeaae0b009299c7899fc5441b724ad03f1723946d707ca949d5d5d371c8e

SHA512
568ea69313d965a3f093b58323a57c8bfd1b0a19a38fd74a7c7482c9d4f60e6e197dc01b0748495be5219c6d705ab525eb50b04b59c2fbf842a637bf21fa3cfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
afaedd3e661b26c9b8c8c8b557930acf

SHA1
a3b5260af140aa03751387b0b2b30a5d6abb5bed

SHA256
7ef001d9739fc2eac1650e377eaae1962c31101af9c292b4be7e2d737d7175b5

SHA512
f1d8712fde1ecabb5dc252adfac545e81c86d47a124ccbc94b18460b8ab6cd58dc0be56744fa4da4610bc138997e16f6540eea15930828e370135073ad4525d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
92cb149be1fd778f82866baa254503df

SHA1
531fdb60383d749aab93a4997d1e34eaa2a55c54

SHA256
f41e0762812fd124078326353088209d4cea57134c140489a4b8ebe84645b350

SHA512
7f20b7812ee2f998857a30a638cf3f789f87f0ecd467b62a9882718a047f86a441ac5f6040ee71cdd0d516b6ee5f927800cee2df234f161e71b6e8c696751594

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0715f850f5fd33d4689998035b63c66a

SHA1
efbea76d139d0b9694a26e813713a3bf1b7c4cb4

SHA256
b6974ff8260f0c9bc674f5de0481b7b1dd8e01610e84a702fbaefad837a00a17

SHA512
33464a9a5d24cf725d1aa28c48f3c4808e67be07861eb1c0cc3e05cf5eb0c974c64cc5124d84afadd3862615b0633b652dfbb742f94a57ad2b95190501ab367e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
68bdc74765fc48158e59632e2b487288

SHA1
0333ce0934ccf26a22d054f4b0f624e622fde665

SHA256
3ef6f2f5d490d905183ffc28ef7e8fd1e70aa57f2b2fbb7b5793e3a3bb3c7abb

SHA512
1ed46e3f6831b0af5b5e0179ee699c195f8cf90854d67010530db475d250245dbe6d205bc9d166d321da32fc8fc49195fcadaac0749d8126ad82a0eb91e2f19e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
44277d6de1af49a38c02982113979378

SHA1
9fc6bb48f7e42881ba3e896ed0bda76bce4e88f1

SHA256
e2000d02299d50e1624e15f623bace92f809c31c7131596bfc91d640f7944daa

SHA512
bfc108efc899742525ac1d553cd9a2b83fcb7c3526c8851f95f615af9b6b670d3cbcb53e78eb465ce74915131d8efe3de6a1abe578c9c250f0ed2c0d66608eb0

Download Submit