220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c

Analysis

max time kernel
149s
max time network
141s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
03-05-2024 15:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
Size

1.1MB
MD5

8aa07363b8298de6122504353dfddadd
SHA1

174783049aeffde0aa93688253b216711caa52a7
SHA256

220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c
SHA512

04470bc366b5740011dcbe01d6d4f9cef2b594bbd5420ec255496902b2c63286940a70041f5edf2a83a98c63951220863e7ec70d9afaba8e5d7db6a7da9d7931
SSDEEP

24576:fqDEvCTbMWu7rQYlBQcBiT6rprG8auF2+b+HdiJUX:fTvC/MTQYxsWR7auF2+b+HoJU

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133592220292701554"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3364	chrome.exe
3364	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3364	chrome.exe
3364	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3364	chrome.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3400 wrote to memory of 3364	3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe	79
PID 3400 wrote to memory of 3364	3400	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe	79
PID 3364 wrote to memory of 1464	3364	chrome.exe	82
PID 3364 wrote to memory of 1464	3364	chrome.exe	82
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 3360	3364	chrome.exe	83
PID 3364 wrote to memory of 2556	3364	chrome.exe	84
PID 3364 wrote to memory of 2556	3364	chrome.exe	84
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85
PID 3364 wrote to memory of 1072	3364	chrome.exe	85

C:\Users\Admin\AppData\Local\Temp\220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
"C:\Users\Admin\AppData\Local\Temp\220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3364
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b50ecc40,0x7ff8b50ecc4c,0x7ff8b50ecc58
    3⤵
    PID:1464
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,8100585060862965723,5228869048297930344,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1836 /prefetch:2
    3⤵
    PID:3360
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,8100585060862965723,5228869048297930344,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2100 /prefetch:3
    3⤵
    PID:2556
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,8100585060862965723,5228869048297930344,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2156 /prefetch:8
    3⤵
    PID:1072
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2852,i,8100585060862965723,5228869048297930344,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3076 /prefetch:1
    3⤵
    PID:1712
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,8100585060862965723,5228869048297930344,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3244 /prefetch:1
    3⤵
    PID:396
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4536,i,8100585060862965723,5228869048297930344,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4544 /prefetch:8
    3⤵
    PID:3892
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4708,i,8100585060862965723,5228869048297930344,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4724 /prefetch:8
    3⤵
    PID:3724
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=212,i,8100585060862965723,5228869048297930344,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4676 /prefetch:8
    3⤵
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:4504

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4396

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3eb5817d9669356c5f791e866135fdbd

SHA1
4bdb2ff73809246ed07d89e51da02958dc2f382f

SHA256
56aa9b4c2a55da5a298147b45d6c68e985dc0c1b632625b2d6c1123a13f7e615

SHA512
71bad40634b4ec841a66228ef9c2da033d1f32f384f7ac3df3f133c156fd0b73a82727a541a12a4f9d4314232224613bab721471bd9b91971e54c19a705bb542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
bcb99c94252cfcedad0ade6bf63ac7b6

SHA1
121716a4c2d948b1de6dcb04a76c2ec0e38cbaa4

SHA256
532df61b54b649b56928af362d7d70eeb7ab0eb00c98da0298df77728673e923

SHA512
ac794e6feb451d526989ea8b7e9f5f70a329826f7f082a20eb7be155f134799053c6f077ad8b87ecdd74bad6d94f871eb5ebd44d1d488eef37464f69d23079bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
305ec2b9e61f1465c6eb9fe79621a112

SHA1
f07715a8a348c09c3a865e965baeaa504a72026b

SHA256
f868e19c56fe8d453400fa568364a0a9fe22d368f68071cc151b33ea0b7cb1bc

SHA512
bdc3ab295a12e23e0ef4e72b4668c46d4ff4dfdf7f7d92bf12a3d4427ad37bb4a88ecb9262d2880e06b7363c209ad328719a35152ffed8a4a46dc0f0d54c6e84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
1c7284cf9d05fe9f7d95a5462fcbe28a

SHA1
71f1068a976eea1c3e62823e2cbc3ccc7559d586

SHA256
e63bee1d7e05567f4eebbde5921407489eb17374e8b5fc82b9bc53e4a899f98c

SHA512
77042bee14b09e9903720c5fa14cb9c015f3b5fe43a9481b2bdb8d20ce191c938b73147f1bf1c245db9531ab0f8f2dc86fe9ac1da6cd4e66dfd0e1c6e0990feb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
85658acad51abc3180b0077de9544d55

SHA1
65fb854a80e56ea8a3b3a62fd1a23acf786360d5

SHA256
bb15098125b9924eecb29bc58a412491c67fee5579a34cd5baf81982146bdc3e

SHA512
a18a8ccd03cb8d176cc72b5c8eebe3a2df1ce3357cc040cc3959f65737d2fbb70c3a93f455c7a27743f37980d58cb89c6e955482abfe889d1825b01f5405162d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee29e7498768e68dd05fb7c472c44610

SHA1
ab77cc2c4cb8034d8b4dad30dd5dfb8c791115bb

SHA256
df08fe352d7e6244996cbee9e70763d8387ac18ff2aa10db2913c57e71b79a0e

SHA512
7630274e16a8c88b2c34b33b49020dbc4425e7216497c5b96a128bf803534725eac6201a6da183cb11770df7fcf99d23d0275205816188c575aad3e420fd1290

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f725dbb438fcdc0c5a3f54c7209c4943

SHA1
2dd1242571634539e2819510d3eb0c7b01891ad0

SHA256
28c9c2b971bc4305e7794f2fdc3a443f7dde8d90ed2dcdb096eb5d1646a3622d

SHA512
fcd2fca8d6d111e353fd90aecee9a4aa044589d8e98ab135a895328285a012873eb35ce0b555a0acf169713f77088251bc151ae748939cfd3902f937adbfe1a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a7af9ed744cb9f7b19cca3e8d61dfc10

SHA1
c65c06d8af873f82491da8bdd465be6d0a80cafb

SHA256
dde8a6f0ac0aba7d12fc8ec15d33a99d3125a2ae315831f5f1afc6fd633dccbd

SHA512
8795a776189b1671ef7b8e7e46a2580c1d6361166dbcc536a84e1e32f17c1bd98dcd76f2f9c855901cec075529e2f1fd5395be4b9552787c0c32e74d12aab29f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
792282647f0ed9f1e15f71e5020737a4

SHA1
0321a4256c3883a98cbe4b4c833b3653464a4c90

SHA256
62be60328dc5448c6d8dea89c07bddeaebd96f63db138aff55f26a5e0c27d6a6

SHA512
ce3a7d353f206a16e8eeb8b47d588c553da62d82738d71a5eea993403111ef079ef925ee2d74544c7a7e7e957059e8545a08b830752d66c49f51b4ab3dad5dad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d6352baff42b881195a41fceec074fa0

SHA1
b0fb4c329df774f3b2d2b6737dc733e6279e61ea

SHA256
be7cdfe92b4efa0c811c21150ccf9705c0a0e873077ee5144f83af4ef113eecb

SHA512
e8db0c9f73efc528e3d11921885cbf5a1ed28fcf811835ee968f318b4f97c5baac3d3d99595f6ea8b7e304d9fd17250c5139bb441d84f5d6e2907ba763550e87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
49ac368d28cc7e96148fd79cbd55abe3

SHA1
e27bbc613d3c174746b7127b8aef4263720e89ae

SHA256
729942e1d023b19efd2c250db6badfa0862e0111de3d9b66a294f828c54d3dd9

SHA512
ce40f5d8a713e3c40494703f1b74d14303ba96be3eb7005274fffa5f325e875dcf088bc463267b9c639c136157c2397d516a13d5f0090c201a4be9c353774d82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
05fa4586b3a3c92357d16620e6b22bef

SHA1
f1edaf3e4f097d6d041f1f5a8075536d985a099c

SHA256
9aee2c3b9f63d293e924e7d024916b050cd50f601409d5451955fc95a187dbdf

SHA512
13ec27eff660d59bbfdd44c9e573cac236ee1e73265f9c5d2e10509f6a82d09403fc75645b3c71e43522ab8523d46c9a8312e025fe4b003ebd875a177153e2d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
382c3361b772138ba031148b472f90c6

SHA1
6d3971b9df7729eacbd2a75703af3eab4d848ff6

SHA256
37fd97697cc5098b3592e9bdab5b929b0fa3fd95624430fe601497180d31d2f7

SHA512
245b73474675259f46fbfe307912b0ba14530b1976c177cbc99b589fd2c845bde0783b20b6abf4781aaafedacf6a82e18a05edd3456c0804391d7387be7580e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
9e06c3e25f333cd221c4a7c7395cd595

SHA1
be72fb2899602455ee9514f7c0530a074bd5ad35

SHA256
6bd2a78c537ab4476343f0d9317b8e7764fd639dd685e705dc7d413998015e54

SHA512
c9faa62469df76f06fc9f8a129145e3790e9533db7ffdc477a388108cec269910e053e1862d90f4fcc0cdf10707d15c165f49aeb7b58ce48b226de68643228dc

Download Submit