3e541100c869dba06ee62252a9661e5a06c2e685a7ddd5288ea1358703412385

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2024, 07:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ReduceMemory.exe
Size

776KB
MD5

0d626331715cc35aa377a8503f85c92a
SHA1

26aad89595f00068151d3676297ceec394e718af
SHA256

3e541100c869dba06ee62252a9661e5a06c2e685a7ddd5288ea1358703412385
SHA512

6dcdc39672dd00873c55753ba02ad05dc61ef028a4de385d5af38f30c4959342ac25f0ae936a19fb29100a49ab379f16f5288578434e1aea83b03e596d999996
SSDEEP

12288:UaWzgMg7v3qnCiHErQohh0F4aCJ8lny7QSpJJ9vZ+dAy2s:LaHMv6C7rjCny7QQx+Is

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133593694761692506"	chrome.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
4548	ReduceMemory.exe
4548	ReduceMemory.exe
4548	ReduceMemory.exe
4548	ReduceMemory.exe
4548	ReduceMemory.exe
4548	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
4468	chrome.exe
4468	chrome.exe
1076	chrome.exe
1076	chrome.exe
1076	chrome.exe
1076	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1892	ReduceMemory.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4548	ReduceMemory.exe
Token: SeAssignPrimaryTokenPrivilege	4548	ReduceMemory.exe
Token: SeIncreaseQuotaPrivilege	4548	ReduceMemory.exe
Token: 0	4548	ReduceMemory.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
1892	ReduceMemory.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4468 wrote to memory of 3128	4468	chrome.exe	103
PID 4468 wrote to memory of 3128	4468	chrome.exe	103
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 4204	4468	chrome.exe	104
PID 4468 wrote to memory of 3624	4468	chrome.exe	105
PID 4468 wrote to memory of 3624	4468	chrome.exe	105
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106
PID 4468 wrote to memory of 4548	4468	chrome.exe	106

C:\Users\Admin\AppData\Local\Temp\ReduceMemory.exe
"C:\Users\Admin\AppData\Local\Temp\ReduceMemory.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4548
- C:\Users\Admin\AppData\Local\Temp\ReduceMemory.exe
  C:\Users\Admin\AppData\Local\Temp\ReduceMemory.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc6e19cc40,0x7ffc6e19cc4c,0x7ffc6e19cc58
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,5397658214161800522,6334420343387851506,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=552,i,5397658214161800522,6334420343387851506,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,5397658214161800522,6334420343387851506,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2288 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,5397658214161800522,6334420343387851506,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,5397658214161800522,6334420343387851506,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3692,i,5397658214161800522,6334420343387851506,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4676,i,5397658214161800522,6334420343387851506,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4552 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,5397658214161800522,6334420343387851506,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3724,i,5397658214161800522,6334420343387851506,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4688,i,5397658214161800522,6334420343387851506,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4724,i,5397658214161800522,6334420343387851506,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=1168,i,5397658214161800522,6334420343387851506,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3280,i,5397658214161800522,6334420343387851506,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3344,i,5397658214161800522,6334420343387851506,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5472,i,5397658214161800522,6334420343387851506,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5388,i,5397658214161800522,6334420343387851506,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5376,i,5397658214161800522,6334420343387851506,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1076

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3640

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\706a12c2-7d62-4db1-821c-8c1e92f15cdd.tmp

Filesize
9KB

MD5
d84f4f5160dd95da8e7943771d27db6b

SHA1
e768b622fd25e4e5dba191c2511af2b4a209fd42

SHA256
801f5a51d939af28578de61024259cba30c25dd5c6a1cd91b68e3aa0fde8b124

SHA512
b560b077da090033337a91a30fa86bf20a97d79ee4ed611739acc74a34ba186ed3aec566ed0e7c0dc445e66abc695aef16e4a08a37d83e935defc4ea11e0a366

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
294c1af60a632b851b511f51573962f5

SHA1
3607371ace104015e6ccee9227111276adbd43c3

SHA256
e27dd233ec5b75019cff5baa3e666bac93381c2f86431235f94af0e51a17f01b

SHA512
1b0c27ca66cc0b867565fbda0f361806fdbb59500b7563752bff5368d6e49c85a28c0604bd0d13cf9233dac8e89dfb000696d673e4739e5c22071676f7843919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
2fcab3457390a28e8af95e52a86fd4ac

SHA1
0a35ce8b646a822d2e6d1f8859524db041a7ca26

SHA256
209a06defdc33a23f28dbe41a9fc2a0ba8eda14d4670a8ad2e114212a3a1b251

SHA512
15d971d3f7a790a8e83a509abe5acda2f496fe1c25030d2b38ee2a2b039694c7bcfbdbcda2ea7abfda071268172ec90216c912ef31f34ae543fc871063309cc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
91844bfbf245fe500b3f9a76b5e1fef0

SHA1
25ea9a3a92c31c3e8776b62b35f2937947918cb9

SHA256
b3ac6120f06ab962427a8c665d7e5332d19a00b1281a9f017f8281c003e62b5b

SHA512
348b0c3e4d776fb1425fe38b1b9326c3b364e75fe90e82b7602135e753d90964c7085072b5c3e05bb48dd3953aa76159a73593acacec83ea48d50b65fbc298bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1964bed27c2cc4f08a8103f96007edd5

SHA1
9299a346d2e8c9f4a0f94905877b8297130d2ba9

SHA256
19f28ecfff083bdce85f41c083f8bf487580902f35aa5644c63404f027242243

SHA512
0392465574346034f06d2e14e824b8d073d37d921c959f792c4d532f0c4c7cd4bd30cc3accde63656a74d0b1f6a4199b2bb227ced7425be1c95711a2563f03c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d376c8ef03c8808acba078a9882104e8

SHA1
b49eff01c6c58aca505353b1a04c6df2cf6ac3f7

SHA256
7abbddac7374cba9f285f8f4d6c7faf434e1b84c741c882c1fe0a8a38cf0eb52

SHA512
264d9fcc8773c8b5ce6a52ca427827b37adce66c9c6ddab829080e4a14f57ebe6ec8fa891c125d5ffab4f04354f30256a747550db13438a2903b0fe9afd25b4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d1d11e68c0587a0e68ac70c1ca3449a0

SHA1
5f4214d6139698fa0a1794328c2cfb54d36bd087

SHA256
82ca5e06a6d3a3e5607ad5447c97521413594aae8b61475a74218671bd3fe5b0

SHA512
69c6b5c156183b7375254cb5f47f15b6d6b18bdb6eb6ed53dfae795cd051d9186c7bc9de0958726ae14aada4cf0e0f30ddf2d03a4893be57ff253f4a341ba092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8b8bc6cedb95edef94325dd920cd00e7

SHA1
325af1e9adf28c621d59d77fffba2a8cd5c8318c

SHA256
6bcd09c596548675b13ec31dbf76f2e60e23cb5068d6012b4cc8b8a54517e46c

SHA512
f1bfbf00701b16618f1da5604aa7d4e1a84b355b8937992c0c97162805bb5566138e4267182ecd6beed0e235cf215b98cc2419a39a018973cd6730afb1251448

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ac11096412c6ec940ba7f483119ae881

SHA1
810071a6d11fb98ed1c6fff07edcea50277c4ba1

SHA256
19c65793ea41c504cc8eb09a46c5e390d0700db6ff22140f99286fb60ad9f0d4

SHA512
a0b9a89acd3bebb06a25cda2ee49ff57cfa0fe0904e97d6a31737cf632d607a0cab63ce03f81c45d9f7d618b683afe325a8b37a96a86f0b6f016afe66d576ef4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
100be5295418115ae547b190f70c132b

SHA1
44d2b81855ddcfeea62f504a91cd17336c4153c0

SHA256
d789fcb9643447914415a54f5ceead82b2f834185694ddd684a6ebb16ddb214a

SHA512
957e5d7dc7d8a5c36ddfdb0882730060a6ee83986fa77b7267dcfdee55ca90597a07c77e243cb9208d5116a5495bcfa57b34f84046bd410dbb0dffff783f5660

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
06399e1602abb6130729014c5db76f24

SHA1
fd194f1e9cf9218b687ef3ec418beb982729cbc4

SHA256
fa34c86ef69de95ebcc94d22b975308869003a66cd8cc6322d72ca828f5d8a3c

SHA512
ab833d34e5d0ad907162e78e93d50d8639c4a9c1552f4184028040eda20f4599bad220fb0274736c3dba823d50612626bdb866ecc0f0427022d227e041f9d166

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
480f72174204e08ef99cfd6f85ea876b

SHA1
a0ff0a6d2f57979e06770c0c54e51c8544c18a18

SHA256
18bd11330cd0b34cced28290c85476e57c480c61c1a11e894abb5bc07419534c

SHA512
d6c24a2c27ef99a7f9da8f4db94b5614a459d0d32a829f90fcb22cfcc292d5646ea5bfb83e536f2d9d81a62bd40d4732d192e242698efae19f49c1701e65e52b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
615530b2aed07e274973dee4710cdca6

SHA1
b0166effa3e74b5d6bc700b8a16a804ff2024984

SHA256
e6ea50b38f103d8fabab836c76bef9aad5a1ebfc090e2ef18845ee7c4ed12c09

SHA512
2cd587d552a7c6f342d875ee8517844f26560611c1f21c1fe4765dc8a2b4058c3b0c990150dab9ab79ed4faf33c14dd1dbd8cd0de7d786954404ebf7f052d3a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e5ccd2d7fa8b9a7a307945db5d592d9a

SHA1
3e8dc0a780945a1223d8e722777474c641d7da7e

SHA256
20ebadf89e1b9348f77a744fdd7f70fa810a0c1c17caf30fad2187f7600c0f6d

SHA512
961876a877ecfe2069257eb382fc6bd6d72abb004af8841e42458f3b2c62c2b17ee900ef49c3438937d16b4f648d559da00bf5f21b4259db7c1d9474ef1be071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ff45bdfa482928269e71643e9b66e410

SHA1
06661b8ce86a03b080f0d798494020bceba4ca5c

SHA256
0f962dffff47466411baab3e7bf98570bd0b361874c6c325cc58a22920de45fd

SHA512
9b8169538509c319d737364a65bb47276e65363949f9a333f447b3080cda531428eaad8d6fb2993de2103acd100294a9d5b2325828c6d6f0774864d59366e620

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f4ac34bfa3fe2bb1db41f952034f7d3c

SHA1
9ec16ae54b31e2a54559e12b8a246d51576e81fe

SHA256
1cbc1bf86c388da0d046e9da63e9c9c07d2a013024be3d3794356bec83ad1ad4

SHA512
5d9f212c102790fadb54dca7202172e748b4514907a95cec3701458439866fdc0eec0833a72c3adff7877f6dc9ce425ff7be671043128e186eab225265124730

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ae33c56c897809b2e683bc660286a4c9

SHA1
ccd02cd4b147e65c9bb0c585543568c7b3eb0e6e

SHA256
fd1b1fb8d07893030dc2341138b411e2d5f0228b74faab3bdebcde43081b5e24

SHA512
3a1048561bcb22534acfc977ccc52c4b1cfe560a35089afdbf57853fbf989060b0dc79ab60bdcc2d81ee99328988499b740fe5a7f47dd65f666e7581140a10e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3222cb7a36b25c5a1ea474a301bd7107

SHA1
d4f15c165b3adb81dfbec53da2055221ba980040

SHA256
044dc4272edf33bf016a8c2b5e0a50a24ec33f9a51848c7685fa66acd2983880

SHA512
8f857d711a4c6aafc0fc1397f95bfba27d71cd973c3d55f855cd9837280448d4f4d70bdbac2c7db6ed404bcb5cd94712633c132764273f80bc3d9792687390eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
54a159980e86beba62b4c6b7b43a1068

SHA1
f283f783037f84b1ac191994077c38cf81c349cb

SHA256
c60beeb817e915f2fc5f7d266bd52b569bcb7f58fd75e1edefc34efa06eadbe6

SHA512
b74b08e9ac7e0b02c4ab138194d15d790c0a5a2c21351dae682178e68b65a0bb11a7c1e6a3002700e6d77db9c746c3ff9078dbf111c4eb57d0321e0695ded447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
27bd5eae77d9da8b349accf2875f85e7

SHA1
b4c861dcb6e331a7600da91da600c3564d500d57

SHA256
2296039898338ce74bc3da23e5428dae64c29a1030371a489dea42d03a7524ed

SHA512
1d3c11b3bc018d6c5fb9d5cf17349629b3ba7d8e4b9cc99388491feade664b6eb7b29a7a71337a8107bc8f89c3dbd156b58ca008b8b488e2f84227352e52ed68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d4b27db46b8d45f28bfa1237d345ce5a

SHA1
16889658288f3d5325182161263a2761f9129609

SHA256
eec338d8dcd6d5dfc7e002c3e0e041afe5be1b10420da14be896161387f9233c

SHA512
370491912532a00dafb69cb3febd0e44de1321386b5f3aec17b8945b06ef814fb654c02be7fd7e14593a95c26da80d797365647860acc3c3041a46f964c79187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
2f949be0a6278bd6b6096fc705ae6add

SHA1
dc74309741368b51a35c7e7181d4c43661e5f679

SHA256
0a8989b3ebd6ad60ba198bfbf867d266eb0a5fc52b327d202c0a60e83889fe25

SHA512
734aa727c89546242dde121265eca93a9d76cbb2e9c36027d6f93c5e3fceef8a6d0185888e0709f75400e9615435436a99a76f8335b04c564e5499ac88eec984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
2c2698036fe42b65e0920213e67e1229

SHA1
17c8704bb529e79fedfd240c38911d1a26961f54

SHA256
8a1aec88fa541432cafa83b017e892da62a0fefc1c2f1910c19553d612b7ad41

SHA512
c7ea9cfac14fc9f150ae9d630f8633150d8af487138102e986853a817002643efe90eff7be670819b24235ab3705c83ba68b14ce1845e829c19d22b9edb5c726

Download Submit
C:\Users\Admin\AppData\Local\Temp\ReduceMemory.ini

Filesize
2KB

MD5
f502a622efdc827bda2847bf008e33a2

SHA1
c129176a1d04c4655375a84212f5896fefc85290

SHA256
269aa0f689894303b9125368a1ca4334b5470607e835b40b67571442a03c2834

SHA512
992b1a4cccdd24583a6d2a51a96c1fde6faa6485b87b8525a7a19fac9ccdb19e74e72aa429f3d95d220b0c2f59334e12b4cce01552091d55739c77ea1481fe0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ealgrfiw.tmp

Filesize
16KB

MD5
16b8b02374f891bf3918b3dc5d455fb9

SHA1
16292a7d65fcc2bc212444688b8f7d5da1f441e2

SHA256
fb7cb0796834815a50e9cc917180ed57c715797af16b9f1d85f5f723f9991e01

SHA512
fb71849c0a3b069a761d0cab918b3e415f43c0aa0b85e9e9633185192020f43bf0bf2c539a2499ec5ebe7f197f8f9d6d83c8ebdc03739d3ec0adeedde049cde3

Download Submit