b46ce5e37a3a0de709e057b3f3629182570068340cef8a1c1d2aeaa65dc35174

Resubmissions

08/06/2024, 16:30

240608-tz8nxsdc8v 8

08/06/2024, 16:18

240608-tscmxadb9t 5

08/06/2024, 02:27

240608-cxkqmsff7v 5

Analysis

max time kernel
211s
max time network
212s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 16:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DisplyyMapper.exe
Size

13.6MB
MD5

69ecc872198af00462376f967c35dccd
SHA1

fb974099b3e01f541659895fe50221c760a5f381
SHA256

b46ce5e37a3a0de709e057b3f3629182570068340cef8a1c1d2aeaa65dc35174
SHA512

cd874c72f8a414d473a7f51953ad96cf9fff29c9ba46281eb12f1c261af712243695c0b3f2dca1c634984347368f7e0e6cd69ef4686c0432ef9b753547279ba0
SSDEEP

196608:bybt7UZOGLHah64d9cD498zVztRLKSaqmD39fZFS4z+D63tkV46SlmBGcmpr:b2QOoHaht9598zpttm5xA4WUw46SEmR

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2508	SeroXen_Removal_Tool.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133623378940470694"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe
536	DisplyyMapper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3248 wrote to memory of 1576	3248	chrome.exe	95
PID 3248 wrote to memory of 1576	3248	chrome.exe	95
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2596	3248	chrome.exe	97
PID 3248 wrote to memory of 2332	3248	chrome.exe	98
PID 3248 wrote to memory of 2332	3248	chrome.exe	98
PID 3248 wrote to memory of 1600	3248	chrome.exe	99
PID 3248 wrote to memory of 1600	3248	chrome.exe	99
PID 3248 wrote to memory of 1600	3248	chrome.exe	99
PID 3248 wrote to memory of 1600	3248	chrome.exe	99
PID 3248 wrote to memory of 1600	3248	chrome.exe	99
PID 3248 wrote to memory of 1600	3248	chrome.exe	99
PID 3248 wrote to memory of 1600	3248	chrome.exe	99
PID 3248 wrote to memory of 1600	3248	chrome.exe	99
PID 3248 wrote to memory of 1600	3248	chrome.exe	99
PID 3248 wrote to memory of 1600	3248	chrome.exe	99
PID 3248 wrote to memory of 1600	3248	chrome.exe	99
PID 3248 wrote to memory of 1600	3248	chrome.exe	99
PID 3248 wrote to memory of 1600	3248	chrome.exe	99
PID 3248 wrote to memory of 1600	3248	chrome.exe	99
PID 3248 wrote to memory of 1600	3248	chrome.exe	99
PID 3248 wrote to memory of 1600	3248	chrome.exe	99
PID 3248 wrote to memory of 1600	3248	chrome.exe	99
PID 3248 wrote to memory of 1600	3248	chrome.exe	99
PID 3248 wrote to memory of 1600	3248	chrome.exe	99
PID 3248 wrote to memory of 1600	3248	chrome.exe	99
PID 3248 wrote to memory of 1600	3248	chrome.exe	99
PID 3248 wrote to memory of 1600	3248	chrome.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\DisplyyMapper.exe
"C:\Users\Admin\AppData\Local\Temp\DisplyyMapper.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff82df59758,0x7ff82df59768,0x7ff82df59778
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:2
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2280 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4596 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3792 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4908 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4816 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:8
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5540 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3896 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4984 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2624 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4780 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5652 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:8
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5224 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3440 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:8
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3512 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4896 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:8
  2⤵
  PID:572
- C:\Users\Admin\Downloads\SeroXen_Removal_Tool.exe
  "C:\Users\Admin\Downloads\SeroXen_Removal_Tool.exe"
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4688 --field-trial-handle=1920,i,4870242193291825854,12616015546976286595,131072 /prefetch:2
  2⤵
  PID:4836

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5012 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
efc4f8ac211e4dc66abb99d86364bc4c

SHA1
b0af295d44ace9effe48481ebc554703d32c467c

SHA256
e13dd6f3cf82eb55fb6f2277cf6fac67db2fa0a9054fc3c10855323d31305c0d

SHA512
18d9f67c23eecd7b702a1ce45827fcdb4393869fdc459607cdf956a3b7cf0e33df0341e55e0dfebaa6ffbfc32e45f1ceabd188b0acad90af617053c225c7d11a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ecf14da65756fa418412efb50ffa78ae

SHA1
60a67e34488cf5a107a31f7430b5e01ae2327e55

SHA256
721198db1f432fdc71425801d6fae44c77a4c7ea128376a6ddd3534e1f19fbd4

SHA512
aed43af6b4f14c7519089b620a8f3dc8bd399807cd894e39ecbac8d727893687af678c94d5c2dc35c2b423cb95ea7c1d57e8c4a35d60d6271239d6d07517ffdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1a529ca6f78bb0e571bd99a73121e835

SHA1
be1c97f7a3725e1570bbf03460eb694fe9a5c58b

SHA256
0ca6f8c8955425f2276da0893105799de242346cc0b6d9dd036f2d5d1fe7c0fb

SHA512
d4c1c4f20697ed92981b51c64b6404af832148c5b493c0dc2363d17b7907636e5844ccb31856b4f738bd976c49d7c6ae5a45e893e7593bd18fe47b6748443358

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5230b3502e80f04cd2f266416d091d31

SHA1
a163a5d924d0fb528f83a0c96d1644278827c5e9

SHA256
ccb073176f1f3a463b1006844021777a74889799d3e0cbbef71d325f9e92e97e

SHA512
d1b4a3a8ebae53abb5f568a664db53f82374cf5e95adae7284fccc91443c88d7be012a35aaec9560f8de055d44e7ecf98992680ceeee194ef6c512a5328eab95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
796b844816183d47ae53d76c36e09ec0

SHA1
59ba8faaaf188dad7390650611f47f146aae926e

SHA256
1c91f311a95eb857334d17cd42bf6d63f22d287a8368621979c6995274db2870

SHA512
d205b935fdf66a760523e93bc6a2be089fb7e721961d17e234e6209b2a183af52531dfd31c335803c89552288259d4be0a3c1860eb569ea9ed358e8843dc843f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ddb6554bc28f2d66891614e474a1920c

SHA1
227da9846aed014d67ac9cfc1508afdb80ae26c4

SHA256
8d71e835b82f5fd2e8e9868015a57646024e06b754597c68245905dcf5b4ef62

SHA512
16033418f9ea2583efa14ddc044f0e62e20130ae3aad8080f95d541d185792b4f062b42d217efb7854db418dc30dd40644ea572d2d666a605443109fd9d00ad4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
2852fa0d9baff33478cf7ed75f55540c

SHA1
cb2e5cd183e0d48bd860e2798ba0044c8bded46a

SHA256
d0e7eaa9911acfde0055549fd36d5046a1a0e42d7105daf4cee2bd17f2114798

SHA512
9c522c9841fe62f0f41691c130e9e6e3068e893b3340580e8d60ac2dddfa5e6227332f48e48290a86c3e7389bb3051f8c7d828bd83a8cea48a2647311114eb79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
1d9cf0a7c191dcb08f817f745dcdf2a9

SHA1
1327c62046aea573ce19d599d14b306f37826edc

SHA256
1d8842bbfe6c654acb76f5410be873ff748fb841e7cda4d1e636f9768aeadb4e

SHA512
333b281cc382f45dd0972fadd406cc317dad2a09d6c0cf3ece10f16c27f8213928c6f4e0ab3ef930baa88165c22d241e28cb1a88a499ff57a83624b3e2e5923c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
0ce6742b2742956b17ce159ad924942b

SHA1
d997225b807c900b43c892e9ec9ba3e9dd03ec59

SHA256
1f8a3a86ae81ce70eb278ef2d0ae90eca7d2a3c11b03a3116a040f38e4b73dd3

SHA512
fbbea38cfe32ff58b57c92f0cd04714050191e04e34da96df0b41b575ec65185df9436a301ea5324e6e89879bdb4a49e3f4967b87f1e09fa2064a6950e10069e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
52d6dd9a9a4bdf2ddbef17ab226d3a8a

SHA1
10513f7c46502a15130bfc90e44f16bee0abf658

SHA256
41ad9004d8375c4e8fa2aaebdac1f32af4a523c9abde968a4837fd6f970e10c2

SHA512
58a208cf5bfb7a57999c58f54aebda209a6c56a4c582fa3b67dfb6a39c4dac61bdbe4eb0f93a94720df3de814766f69871bb9ecabf0bc45747d47d355c254c9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
aeb0e7a2a2a82cdd7db02e4e3ed04aff

SHA1
bc6854745dd26d0600ee2c8d9a1a3454f77dbac9

SHA256
e0214d510d087b7c86eb8e8cd6a77df3fd803e2e72024d5fe8f81f49e36da19a

SHA512
519c390770476f5dc816c7a1049080cc5898556bb1f99a38e9b8b6ce1abc7a1339f0e45566776d0ccd7ecfec09c43625e0f685800bfec5c879a2a1035040475c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3be0e4bf28f0cfd11d82529bce319ed2

SHA1
1ecb933dd8551e440c704687a508a10ce2508c37

SHA256
6ec01662582ccedd1dd3104f7d3b357e08b5a01e144b36872ee88c6351ff7c22

SHA512
913a7f6981d59d75face9cb8b82d24e9e20943ad02dcb0b00aeccb54dbfb7dc54a9ab3451e6af6637fd9a8107fad5fb8b36ec8de961c32e04989295287e82a0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bf3803382989e417bb85ae5cc66682c5

SHA1
be87fbfa6afc9a669bbaf5f9db60b519150c5bbb

SHA256
ae959ebc3478599177c6ac0ade0abc3e9abb1d4006aeba109b295b6fb8003832

SHA512
874b88537536dcf70ae63b5e893cf22a8329addcae2df79c411b9553d365f344299d5c149f849cda48548414dbfdc6929a33f369b2882027b1e5d06960180662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4ae5a1174711ea260f8a4661b686dcf8

SHA1
25e89a476e68b9544be9af077bcbf78b7fbcb1dd

SHA256
388c67238893c5bc15f64faefee3fd839e848767180f9b9d79e7caec089176e7

SHA512
d32870c5525f5b593eccb0f04b8287e127878e5fe2f434f55ba94b0e2d45f1a82ac724850bc7a6e6781e84ae37c75b9c2eab7041463e7465a08754bd38ecff15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
89a8d30d33bf8d059ae1ea16dc9de5b9

SHA1
90821fb4a7a089661d48b9cc06d4bba59cdfb54d

SHA256
219f29bc91c746e0e08cdaa0ef3ef6b82bc49294bb6006e13af31c5cc7fe3a0e

SHA512
65d4bd401f424715362eff5899993b43281e6bf45b6f902e20702161b02f1eadee4d7b4105fb85e1ee93601d977b9688cc535e4baa5cb0c3cbb17dd4563e0e97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a437715d95f2ae4a5ca21d0bf11400d1

SHA1
846e2e27db3d5100487e38cd4fab36915ff06fe3

SHA256
80d8b7bcf78870eaf97794a470d8ac1f2a89ba3f4079800754db1758159cd215

SHA512
86ee1e027343c05211ef46432a322e4079e2f0c9514fde1ebf759d9693202066c40569cc0143ee9ab2a5da6d58123e06da16f37159933815769772ead976da7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d389d868ab07fb56fa867f700bce6f90

SHA1
79de54b590cad3c309379a23311746fdefd15a61

SHA256
8eac1fedec1cc5334b462253887249d81bcb705c1a35790c8d59136f7a36c129

SHA512
714e474c8e1c93754aab3426ff2eb4d60eccf269ed1532ef50dca50728403ca3472ab30589add144db065302f4d5bf38b0bc3d537d124a6ed65c5d04ef20203e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bab443447785e421b22d8122b72f49aa

SHA1
5e63c9aaf7e4ebd1df46cc30039f43ad3b8f82ac

SHA256
cd5fc892860de2c233fa245c9fa0594be32bd699d219234ab42975873ee64ce3

SHA512
d8db7215cf42f26e08f707bc59319ed46b04e327a76b69af70198010082c741795c0a6deff494ca4c6c21adbf07926c3cb4f21d5b535f456d08b0e3367730c2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
7d3c1ee8d4d27dc407ed03b3277835e1

SHA1
10a5c5d129f5dc972f74a952ffc3b9a4d48299be

SHA256
25c5e54407b33fed8f617013e08a4a0772b438b16abcad0eb797794980bb966e

SHA512
8501386787066bee02b71933787a688ecba4520c799d4216c32c4f39ab01fdbdb56beefdbc23d0015d67160e65d3d5ca74ae9dcb23524ac7d693fa9e8cc9d86c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
b0736c21fea184e74c28e13f6a8b64db

SHA1
814e7b6c7c8e07948630123851ade50debd6d836

SHA256
8574d1838044820c84931cf6e3d153e9850ae6b95c5474190cd3dcf485d18652

SHA512
70598a013e916d84e79a2b66b4f62ba0e31bf5af7e9847a4eb4e43f095e2ca45ef6d553c3ba1e1e8fecdcf241ed619a34f73a6a485eb0c0c256974a538242a3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
93af2a04abc71c622c77b9d560f9151f

SHA1
c622ab0877014897bd9dc33b26c8d38d0f6d68a3

SHA256
c82acd6a843f0d1eab2ea0818a8bfaed249c7a993728b8661dcbfe65be464820

SHA512
c45c0c82202f6fcf9f5a626181e1287440a6900dc0c2e591485386d211c8e19daddb39036deb9b867c8a0e61a805055f3d43aba29495007a63b157dc266ca73d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5981b9.TMP

Filesize
98KB

MD5
c70b5cd01bf35fa402cc52fb425f3728

SHA1
0b472d062edbd509c90ee2af65d5a7c6d3745874

SHA256
dc0b2f7e9386073f1567ddb2e53b623afa56e4b41c43edd99c7a4c1b5a37b8e3

SHA512
c4297b9af0f6fc7383675a47cf762733b684ecd0e413bd07e18c76034668add8b48f923e46f8f7e8b6a412a21fd31976305491001fd148991f512e6b80efc3af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\SeroXen_Removal_Tool.exe

Filesize
216KB

MD5
575a7e2ff2808608d7400d31ca28da63

SHA1
9e2de0e2c1e5718fff49dca300364d222105d952

SHA256
f6479b5750d5768b4c6bfa7d5b7b7d463ab2904b1db8daf52d03de032742e313

SHA512
61c43c1d7a938a06f1ba47f98832eb1559691167dc064966dbed868e5857b507022481bd6f84474ab488f68d9c88ecff87d0f35450f9042f569f75a9073d49ef

Download Submit
memory/536-4-0x0000000140000000-0x00000001415D0000-memory.dmp

Filesize
21.8MB

Download
memory/536-0-0x000000014000B000-0x000000014082C000-memory.dmp

Filesize
8.1MB

Download
memory/536-166-0x000000014000B000-0x000000014082C000-memory.dmp

Filesize
8.1MB

Download
memory/536-171-0x0000000140000000-0x00000001415D0000-memory.dmp

Filesize
21.8MB

Download
memory/536-1-0x00007FF84DDB0000-0x00007FF84DDB2000-memory.dmp

Filesize
8KB

Download
memory/536-3-0x0000000140000000-0x00000001415D0000-memory.dmp

Filesize
21.8MB

Download
memory/536-2-0x00007FF84DDC0000-0x00007FF84DDC2000-memory.dmp

Filesize
8KB

Download
memory/2508-401-0x00000232AD140000-0x00000232AD17C000-memory.dmp

Filesize
240KB

Download
memory/2508-400-0x00007FF82AFE3000-0x00007FF82AFE5000-memory.dmp

Filesize
8KB

Download
memory/2508-402-0x00000232C7590000-0x00000232C75E8000-memory.dmp

Filesize
352KB

Download
memory/2508-403-0x00007FF82AFE0000-0x00007FF82BAA1000-memory.dmp

Filesize
10.8MB

Download
memory/2508-432-0x00007FF82AFE0000-0x00007FF82BAA1000-memory.dmp

Filesize
10.8MB

Download