a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d

Analysis

max time kernel
150s
max time network
147s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
08/05/2024, 12:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
Size

1.1MB
MD5

e5ac1cd3611039e9a9fdcd1b0e867ccb
SHA1

345a4c6d7130d010ec5cedde5da8ed7c36901a86
SHA256

a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d
SHA512

06972592bd26951c1850269ac3039099c3dcc5e8a9291daed72030e7fa96ea4a3d19b249674b96bf6ff48f3d7ce00cf2d2c0c25be9c71862aa26baca7021092c
SSDEEP

24576:tqDEvCTbMWu7rQYlBQcBiT6rprG8auv2+b+HdiJUX:tTvC/MTQYxsWR7auv2+b+HoJU

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133596467627275505"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2112	chrome.exe
2112	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2112	chrome.exe
2112	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
2112	chrome.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 784 wrote to memory of 2112	784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe	80
PID 784 wrote to memory of 2112	784	a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe	80
PID 2112 wrote to memory of 2464	2112	chrome.exe	83
PID 2112 wrote to memory of 2464	2112	chrome.exe	83
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 3480	2112	chrome.exe	85
PID 2112 wrote to memory of 1484	2112	chrome.exe	86
PID 2112 wrote to memory of 1484	2112	chrome.exe	86
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87
PID 2112 wrote to memory of 4460	2112	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
"C:\Users\Admin\AppData\Local\Temp\a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2112
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffe7cb0cc40,0x7ffe7cb0cc4c,0x7ffe7cb0cc58
    3⤵
    PID:2464
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,10246003584820274532,6947543827742832809,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1820 /prefetch:2
    3⤵
    PID:3480
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2052,i,10246003584820274532,6947543827742832809,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2328 /prefetch:3
    3⤵
    PID:1484
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2084,i,10246003584820274532,6947543827742832809,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2388 /prefetch:8
    3⤵
    PID:4460
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,10246003584820274532,6947543827742832809,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3124 /prefetch:1
    3⤵
    PID:388
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,10246003584820274532,6947543827742832809,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3264 /prefetch:1
    3⤵
    PID:4548
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4424,i,10246003584820274532,6947543827742832809,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4568 /prefetch:8
    3⤵
    PID:2968
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3580,i,10246003584820274532,6947543827742832809,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4692 /prefetch:8
    3⤵
    PID:1368
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=228,i,10246003584820274532,6947543827742832809,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1108 /prefetch:8
    3⤵
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:2348

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4656

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
6fea7f6c47dc1703afe0763075971338

SHA1
fccd44b49f145e228366375b7a161adac6767130

SHA256
a302068294c936df58472372e19d16b3640800ebf6e996ccde97e1e7c05d771e

SHA512
9d59a0001ae31c8d2591ffc2cc3fea271e04c4d0a7360f8f985a0c74f790cfdea95dc877f8fd557f2b234cfc12295e272dc7ffc79a9746868db7da42a94bf33d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
fcbf5fe8d5069e808fb47b224270bc95

SHA1
9de3fbdb3f420a629271bd22b6bed6e105449d53

SHA256
cc193b214087d727564b2080590dc5d4c48cf0f0b7da21bcee2c414c53b05c3f

SHA512
8f2a1db1b990553d6fe62d5e23698013311fdbfa1bbe39a092815826b6ebd22d48b37998fe5e305e8e5c2d389e4aca4cd8a3655cc480681533d703c8c6c68ead

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
abb74859bbc6f395bc3a4a886b714243

SHA1
15eca654dfff7ee7d7a567e5bd18ebf68237cd52

SHA256
f1c828b9b36abb6ab1487e0b4e34da040c7d9ee5af91d74df78a22a3baddb74c

SHA512
797699ec3e23ec4209f86f933a63360c311b78281b3e12824d9c03cb26fd6df4f7d6fd7afdfb6120ea29f9341275f37d3ee6096d265ae64c378bb27dd6ce9caf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
79266572643e95422036c60b12a6416c

SHA1
4b9630d953322aef2f74795621682ef2c0f681ba

SHA256
31f9532861c36bc2cf1fb28e27900f23c6022c10a64e74add7c3681daf48cda0

SHA512
9a39b11ddcf1f3d696224531eba681f56e4120e705beea16db3aeddc8e67b072e5f0e591d4f653326c2db8204275ec7f1363658dec38ba120a0a930529528f7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
6385cdb52d5cab51f9f8a345611b40de

SHA1
77d9d2e545510c5271fbaf7a15d945148d6a553d

SHA256
d3f6d6fd78d0639460559a90b2849f318a77257969f18b27459c02a7acd9ca11

SHA512
5ea4c1876f269809276fbbfb8a12a2796ca909148bb275109807d38d9c063e39dbb89260762c31af099ee04a5228e5ed70fe66b8af1da01e88ee4abf091a80b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a06aedf84dc34aa6b6c8223dc4ac3ab8

SHA1
547263358607f891220989f91bf8a0d5a02d0f05

SHA256
66424a8621b572ac4c8ae85a67cd77bf2bdef57030580958dcc640397337c1c9

SHA512
4888683e80f03a32950d48d312ea1dde11b09f90855cee4156379000922c94644f0af296d053e813a5ae054d009c88dcbde889a3bdd7a031461bbfafe45157df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9097f76842d9979479c44b9ac0085f8f

SHA1
6c073664d4850b8c619afc628b148818fc50219d

SHA256
ee7bbf200d18e356e8992fe9977600aa38aed2f7075884588f1d752f016b0e62

SHA512
3804c52af627a59f130ba9cad380b12aa76f6139302c2159ff9fbca19b4957e2b30ebe8d7a0f696e9aae6daf1374de52c0fd54c05033e26a9b6e5e454f1d5a5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c250a03e2ef6b83bfdead87f3bebcb7

SHA1
8a3aa3e00b7fe6b328bbcb8039bef8a55ac9d19b

SHA256
30268bd36268dd7531ee73e027820d0a53bf63cf34b5d48382de724a0c584df9

SHA512
fedf18f42f91411f5f923c8c1624f9e756b900989a02479f6841947b52c7244c46cdab8f20feafd2f8a48cf92e1d06b8d1ffc94ad817cd543b6fafdf7dfcf357

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2b3fb5640e9adef07d7b1d9f4ea7a441

SHA1
649df99cfa40594a577ed3ac2ef764ba310c272a

SHA256
f114b6b2ba1e63e7c0b3ece2cfb24bd191c15a35b0c154d35fef2eb9120b1a77

SHA512
b76d11cc063d7b4306115d10778ea4415a1af451b6001b4cbdbe718ae6c6ba8d90365a8e666acfd7bba0a5f69b1c38b8e6574475beb3574ba8bf2e9785c54667

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
526717a9f55e5ff65b401bc5bf641526

SHA1
3b05fd6b859af952a06dc9c45c41dbea877be016

SHA256
49028bcd0fa8152195fe2fb50c21ccbdab8c9ef1311f9e9bbf157d7869fae328

SHA512
0baa4d8f24d123a6ec613961c9dd7eeaf7f9c2cfc671a53a9986a1e647f13795697f6f1fd0050e32ba785230acb3234652e8d9010d3a20a4a8f7e08ddc1e1110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b2133caa-8657-432f-936b-919f38d7cb6c.tmp

Filesize
9KB

MD5
f503d2c8e09b0126ba90c8b98f2c8ae9

SHA1
cb47bd704f12da258966fec050866f15f3bf851d

SHA256
57762e885b7f7da7bfb127566b0fff31b1b7a9e63a20702547fc122f501feb4c

SHA512
8eaa36e6b69f65696f66d70b0916d129ee8a434483d7ead4b9dadd280f36424bc6f41651e8ef9e8b56490c8acf9477aac640b76f819b1cb055f6c926dbda5cf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fccdbe71-369b-4630-ba9d-427abeddc31e.tmp

Filesize
9KB

MD5
d1e2f3bb86cb6d3d15c776b3ffdf2827

SHA1
0934c2bcf1d2394b8cbad4f0e5f69436a60ad7fc

SHA256
598de18be7e93ab814e120c7d688049184141b5ecb88071411d3322a193d11d8

SHA512
029e611edcd111b0364fba794a7d35b94b519c0f7216d66f3dbf9cdf0702216c28b15ef1fcf72601144c97c51398be78d43bc2db071789b94f6e143cfe6ab1e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
ef7a59b5f7986d6f78aebc3bd109d3d4

SHA1
fbe189b350ad157d20044224358760f4d5899813

SHA256
c33177aea568ecfd24b217b3c9d0ab571e8028adbbdc07b7bd71338cfab80284

SHA512
13a52a0b11b8a171d1ff2c4f60439882bd06950cffe3a669cfb68a7dcab90ea77188734f17cbdd5faa2e361a51921023488bc2682a49df6e6a87c25e43357110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
5836aa69d7aa14d6449d3986b2feb464

SHA1
7298d71e05ac23b01acd22201d261eb8cade655c

SHA256
0aa68c58e4cd438b64128dac8489f045206993911959e67732dc9c2e0ae15514

SHA512
a02dd9dc4914b83c930496bc90cf963853d33e6ad184a1f951d1a6a850b7f2d36b7893cad2d56fc56602d83008f7e0f1e7d4738d70bb170447ea60f9fe20c771

Download Submit