b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e

Analysis

max time kernel
150s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
03-05-2024 12:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
Size

1.1MB
MD5

4f6806e3625ed1d498a008922988d2ee
SHA1

f183965b4ab2910af08d3e68992d1895ec232d41
SHA256

b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e
SHA512

2d6b869c09f2078a7e49aaec77c2a4edfca710527235764f7d3e5dbc9ea14a9f0f0c4cdd9055a5f2d143fa28bd37a17b9872a8dcfe1b2721968b8872db0c46af
SSDEEP

24576:4qDEvCTbMWu7rQYlBQcBiT6rprG8auR2+b+HdiJUX:4TvC/MTQYxsWR7auR2+b+HoJU

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133592142113945448"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3348	chrome.exe
3348	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3348	chrome.exe
3348	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
3348	chrome.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
3348	chrome.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 3348	2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe	79
PID 2956 wrote to memory of 3348	2956	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe	79
PID 3348 wrote to memory of 3740	3348	chrome.exe	82
PID 3348 wrote to memory of 3740	3348	chrome.exe	82
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 3152	3348	chrome.exe	83
PID 3348 wrote to memory of 2740	3348	chrome.exe	84
PID 3348 wrote to memory of 2740	3348	chrome.exe	84
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85
PID 3348 wrote to memory of 3004	3348	chrome.exe	85

C:\Users\Admin\AppData\Local\Temp\b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
"C:\Users\Admin\AppData\Local\Temp\b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3348
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2328cc40,0x7fff2328cc4c,0x7fff2328cc58
    3⤵
    PID:3740
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,561769035742065259,11804710906710283604,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1824 /prefetch:2
    3⤵
    PID:3152
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,561769035742065259,11804710906710283604,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2100 /prefetch:3
    3⤵
    PID:2740
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,561769035742065259,11804710906710283604,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2380 /prefetch:8
    3⤵
    PID:3004
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,561769035742065259,11804710906710283604,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3136 /prefetch:1
    3⤵
    PID:1072
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,561769035742065259,11804710906710283604,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3160 /prefetch:1
    3⤵
    PID:3124
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4412,i,561769035742065259,11804710906710283604,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4568 /prefetch:8
    3⤵
    PID:2288
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4700,i,561769035742065259,11804710906710283604,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4708 /prefetch:8
    3⤵
    PID:3808
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=212,i,561769035742065259,11804710906710283604,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4804 /prefetch:8
    3⤵
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:4952

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3780

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\881336ef-9790-4f72-82cb-10653dcbf23e.tmp

Filesize
9KB

MD5
2cb34638e1e6cb035e28b5667f02f5dc

SHA1
758eba3d384f5f802562342e1e04b1b7070a79e6

SHA256
0baf77f4f5ebee10b7a1c9c2d1c68e1d3578e9ec9c02effc25a8d67804f8755e

SHA512
ba17340c2d62739f6b95bcd0c0ff70268ee76e4ec62a824871dcf91ace948605c6692aa04c004c1e52cc20e114f636b218da7b9508a3edce93eb016d7da2f95f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
217369e47ceb68202e2367cea817beda

SHA1
b0d4f6ef43f66523f5dad4c5931b7fcb8890289a

SHA256
cda9cc1e385c15c65c19d79784efa9f86af76eb485d988c5ce55f5421588963d

SHA512
e6cba52303466d97d66c25522ae00367bdc34542ed812b71e9f4ee23ed97a1cb5fd90dc34423fefdaaa17f11345c08c8e9ae8254d0348229bc1cbb0d42c46609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
79a4bdf622538d896263b0294f704b96

SHA1
23c9039696553731ef971c73b950e27a4623f757

SHA256
96f494703361922339e54d17b1f86ba7d76e2080fd91f29805f8efaa5190b6b8

SHA512
57b683d40c7fb6b29881845a0d2f34f042c291213113e71e537214a4ee0ecd800ea7a64d0d40d2f2910a97865172b540b7910ba6c459bf672af2088f98e39875

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9d36fa5f08faa02d79e3d31310ebed7e

SHA1
b4f38b17b31fb753901801f6e73cfb2853f0cb93

SHA256
6cfe2a15792ef89afa400661417a671792a3a0e6b2ef55fee0d634d08ac4f604

SHA512
53d5eb9074165baaedd4c410a4bad022008f51791eb851f541a5b3186aeb04becc3c5fdba91b0f1f1873edf9c2c302855c7695ddbcc0d53376dcc2f23bdb6b4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
45a2c342cfade32bb81e9b6d0f648283

SHA1
9461e7342b80820bb5f3ae0606bd3448a9e456eb

SHA256
e081fbd19d46e2b248deafbc3d962decb7b52741d584d8ab78555903b1c3ef1c

SHA512
a13b090423293096ef7f2c01f14346e11c23e2d9ecb34aeb5c144e5948067958d3f44522df12c3678c2155647eb27d7bdf365cc60ab7df7b91bf794983f3613c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
ddfc6b52cb751ba682bc28d14c4f57d4

SHA1
111113104281cb71f3a8a7e051677a8ec0872fd4

SHA256
1ac42dcd26d387d8706d6025eb5900972cbf3cca92c63aba53732fcc84de75f5

SHA512
1c195cb23817b3dfca5bece9dc6abf3f7cdf72bf88efdaaaabffd56152f949353ceca792e45ad87a587b1f65d6e2d2f96a1f303032cb432a9047f16a6e97a0fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
085670ca3c58600f9b5702eb22886cd9

SHA1
3bb0ed4b58f636060c826ce0a87f958e4c06c043

SHA256
42cb76c122db0d408d671e658788a5eb04c5e0a6efe2825d5f0280a91f2c1556

SHA512
2219f2136899bdb54cf9941681295fe7ca8086b0c1a697039d927d02234d6cd16f54f731455a9f5464cdeb00fde4fedcdf53fc4f46dedb4b5bab627a454a6767

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2b671556cdf6ccf5e9582226af178bb5

SHA1
6ece101774dc385b54a2ea95e94fdea4aea89f77

SHA256
f2679a7fc29980ad0e9308379f0bcf0aa1e3d5030651a261f6216e4e1ae5c66d

SHA512
c3e9acf9dbc00d60d81f57048a11f17ead59009ae1fe91fb849d971a6e860ff0308b6ec46229eb0735a21cd15987234427da0b7145450bd06a166756ab41f1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
43bf8f6f46d5112f066cfa5f738b6343

SHA1
dd6891c8e8e67e781cc71f67714692bf168fd185

SHA256
35b260386e817a9d25a0e86991092a32294038e78bfa8038107b651dcb228341

SHA512
6f458793ec9c15c9480814ee15f6cfa1ef113b93df7582e866d45327fbaf1d3abafbc3646fe3661056c4b4d54f9239bd6464f28a6f143d293f5d979225e9545f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8264f2a0d10261ddd32204e59ccf7053

SHA1
4897a557a17ffaf6ec4ec2811d69a063a30ba6a7

SHA256
c3ae8bbf759408ab733ff608d8ae28ae87ebf3221ad078033157dfffe6621403

SHA512
f1d9bcd8a8501441893c97fa17628c92b2b6cd212e336954a5d606d5a45add46f8003d9c4dff949fcba5697fa3c19a3b2f2239dcaa132e2a64eae3fde512149f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dc9c8dcd593f187909196d05e8f81d22

SHA1
335f6cc2eaf3f4aab86d85892c64851262ca6723

SHA256
dbc8e4349e7f990e495caf2df344bad7ec796685493e2245085d51ffc42c38c7

SHA512
cdd13e0376ed3c652062a956c9a0ec3226e3fd3a2f7cc023e645a56cf79b5dd502c675bc6014402ec094382689037d83edf0c0173cbb8e5d9d7b6ea6dfa350ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0f28f46e639859c54aa6859093a58271

SHA1
f6e93da04135a165627478ba402a37ea2ef5e261

SHA256
b06d975578f76f5b952d0b7946e0793e12fe9b527756bd32a608c3bc25ec9ec6

SHA512
3d5ec3facc4a02216555ca4d5862924c6d7e732c31ad1a7e94a329bd5a9e183a53cd812863cc15fdb6fb5693e27ebc4c1ed4e9b573937a6f0f7e6645de160aed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
81add3cab29751c866f30d43efe55e95

SHA1
2f93043af900c70cd0151968e33607d43e87160e

SHA256
06c49c22504ee3fdaae830fc6692a0cbd6ca991d7bbcd079509b98a3d4986dce

SHA512
a42a1e3af89422e5e6f3b4ec7d3397677179c7e7192abb4e41762aa1369678bf2df49b0eef6993ec3f7052f7f14da330b2400a7a02474166ab8d34fa5f135af1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
662fc6ec37995044f79c62883a80054e

SHA1
792573be0ec451510b0733a165f464705364cd95

SHA256
119a5c4d338369eeb19503f0b82e312071d792dd8ad7d1f1771cee8b220d334d

SHA512
a6c8946bfea2fcb1c4a4dd6877d86595eab4ca992a2fefae3615ff36cba8a1915582b5315d0b18e32924866de88fea224bcd9511608c0ab8ae0c6714f193b4c7

Download Submit