184d3c1062644d530bc3d68ef924984809365952cbc5b75ff0de20a870959e0f

Analysis

max time kernel
150s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
13-06-2024 09:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Skins/Mond/@Resources/Addons/RainRGB4.exe
Size

1.2MB
MD5

3612d6168b8c5f7c5eeea57d22e916d3
SHA1

39c43a417616d61d24f376a64fd4404427944830
SHA256

e4814bac41a57772534536f484bf0d527a555a3c22b53f70c92e35ca664f1cfb
SHA512

a8a47297498591995eb3918743537d735384b1ac661b651821bfa8b6eb907dd1af0d56282cf4a4b7a7b5176d7ba53f36a966fd5450883485b2fc769510b12622
SSDEEP

24576:9tb20pkaCqT5TBWgNQ7au4/M0xEeLmXfHeYU/6A:uVg5tQ7au4FCegfHo5

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627443467224326"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3464	chrome.exe
3464	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3464 wrote to memory of 1416	3464	chrome.exe	80
PID 3464 wrote to memory of 1416	3464	chrome.exe	80
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 4860	3464	chrome.exe	81
PID 3464 wrote to memory of 2272	3464	chrome.exe	82
PID 3464 wrote to memory of 2272	3464	chrome.exe	82
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83
PID 3464 wrote to memory of 244	3464	chrome.exe	83

C:\Users\Admin\AppData\Local\Temp\Skins\Mond\@Resources\Addons\RainRGB4.exe
"C:\Users\Admin\AppData\Local\Temp\Skins\Mond\@Resources\Addons\RainRGB4.exe"
1⤵
PID:2684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff84226cc40,0x7ff84226cc4c,0x7ff84226cc58
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,3651498457960750093,4676135554329104649,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1856,i,3651498457960750093,4676135554329104649,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,3651498457960750093,4676135554329104649,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2168 /prefetch:8
  2⤵
  PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,3651498457960750093,4676135554329104649,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,3651498457960750093,4676135554329104649,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4412,i,3651498457960750093,4676135554329104649,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4720,i,3651498457960750093,4676135554329104649,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4960,i,3651498457960750093,4676135554329104649,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3116,i,3651498457960750093,4676135554329104649,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4740,i,3651498457960750093,4676135554329104649,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3452,i,3651498457960750093,4676135554329104649,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5292,i,3651498457960750093,4676135554329104649,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4424 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5264,i,3651498457960750093,4676135554329104649,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3424,i,3651498457960750093,4676135554329104649,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5220,i,3651498457960750093,4676135554329104649,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5168,i,3651498457960750093,4676135554329104649,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5420,i,3651498457960750093,4676135554329104649,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4928,i,3651498457960750093,4676135554329104649,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:872

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3080

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5080

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
77d8ec9fa571ba2fb7cd92488c386eea

SHA1
84cdb6934b9c8bc5698a91bd6654a0a68c7eb0da

SHA256
896d02adf61b89a81edf7c0f9e21a521f393d1ac1c1ca25c1297e7c41d520f9b

SHA512
1f2ed3bb9e4ebd897d0e56c2cb0f03bb016e61136a54082bafd27fea62fa87907929540406b60f3685279002ef85a1952015b6109ef83219fa48857542cd7236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
37390c3251a158b1c278cf36f186d2ec

SHA1
c450f7ea5aaa53ceff5b332e797eb0812be41514

SHA256
6c5c37749f43481fcf34f2659952e4c6b794e76dba6612c4ad0b9ebe77a09e0f

SHA512
9fe4cb575e41e7f25686cc0995ef11654d0c5b7358c536dd38f9208130a5511734fd3bc6d933aeb31b454b3e6cdb8bd449378572b8436b5a0b12f842f8dc902c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
39983902db09b33b65200a17b4fef13f

SHA1
d3883bf03cb35b8f277347c8238c36acc96d17e9

SHA256
268db35008511dba30e6da4aeecb1c2d94a92ff021dfa47990994870939ceb85

SHA512
0d5a68a9efb44c6902a5fe902f9f9f9b8be3050457531cc1a7619b3047db49a7de2db8200c5faafa66b85cf79f545ee558cf7fbc514db0e0ff6e927c322c2101

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0608cb4787f18cc3dbe4a3fff262059d

SHA1
0a9fb210a2a2e785fb634735eb39087078131e77

SHA256
de1fe0e181094e396e739b640b21dfbf661f8f51605b2fc165be102b9a21b7d0

SHA512
a4e433cbdf30277835b70f8fe89f40bb4900d494470588bcf9cc9452cbd6da5615f04e5e04afb75737a43e040351ff88d2bb0cdd5a5d621d3cdd76b46009dc06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f7c475254403f5e76eb0fa8cdd13ae0

SHA1
90f4fbc322be26b7448729ee6f913a20ae6734a5

SHA256
472a3e1f4e5cca04d5ee1f820185a2fc6f8cb8b9e679e8b544e44164efbadda1

SHA512
514a64c3b561bc63f5c40d5711e9daa4ff67b13c5fbf94deb4a2b4271bb3ed0584a2137dba1d5fac820fc8332e60582f60f03b38e9a6cf93d50ee141e668fed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9a7fdd16db310a21b2a9073017313e1b

SHA1
25b32eba6610e5d6b07d5f724ed3948d8faba6de

SHA256
14d138f7edf05b9a6ed8f9f491f706949fe5ad28e074247269a4be19a46dc160

SHA512
e9a863f2b9213a6bdf08ca951736d51396a8ce9c722dbc96b5fe25a42ed3915ee0ccdfc0da54a52103f4e4988d028b631cefee7d0d8e70e03deb38006ede6e1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9b812a14660a4a41064ec401da3dbcb8

SHA1
04c66588aed5b6d42a5798393112291665f0676c

SHA256
ffbf98ca532ac1f4cdcd9167c1d9fe214a4ab324674c7be8627d164d74a81ea6

SHA512
677c988620c7c4e971d5eda5201f75fa7a92f213b07437ab865c9f665956ea89b592c944dfa49cfd09096b7570ce6840150ccfba3b49f5675a39c4533f3ea385

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
02c99d8c52e5c2369243cc1cba6210b7

SHA1
ee0829450948c1815ad010777e6aedf6b77075c5

SHA256
6d49b6330f19c8ba0b9247ced1c0f8a1dae05c42ed2f04b5608402ed28d304e0

SHA512
6fabb71dfd592b1dbf28dbfb111b4a428b860e1e9cbdd84e30183487f7c2a2dedad8c5428b5423ee85339107d06245f2e9655a1e424b21e1574cffc1b7edb4cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7be4231008f1da4bee39b06c486f3a69

SHA1
374a2c49b97690d0c465ab94382ee42b477c447c

SHA256
282e812ade67c2b526edcd98149a5354fc856e4ed96f76a7a5c30b5a82884e2b

SHA512
89e49319adb199c2cf13892ba00d4cbb4473e0f6465f4a04e21b9ff27460b695af3affa098f2f1ed1c0b64bdb3e4fe059fbdd8c0e9bc4926aab9b41c213b7ca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ea7a3bd2167e1d7554367b410f421d41

SHA1
305f856a93fab4909625fbf5cd5ca779b963ee2a

SHA256
883440ba8a040954f841a52e9ef1323349f3073a39eaaffb19303ce633fe85ba

SHA512
a09d789877723d3ab2b25bfd0a40e6bda070c2075182eade433f1af2a4410c87ea1a0c8de9aead18603477296f8498cc97944202239f886938bdd4e91f19db8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a8a4379c-2deb-46c2-bb0b-d008f97e7cce.tmp

Filesize
9KB

MD5
342f89306443e166da0330b24a02515f

SHA1
358d6352ec77f6cbb13bd52c39db7525eaacd097

SHA256
6e7a5a75bfd2e98fd1cde7f7cc4a52d13d6a6a99bf68196d701d6ade5b4074a8

SHA512
386db1274dd3f03500deaedce586800a8dedab8e4544188c68aa7a286c83f0b0f94cab637e1f5e61cd2c61274aeea2584de0b6fcac889c1b0f971a38ecff4d38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
5d232515329c97ed59236188eec4d1d4

SHA1
ea1bae41d0653f2efe71845ec3f6b6cd4b08a980

SHA256
42d06237a2fec0b57a7c7c2014de705ab0df079c3303292096a0dc02eadfc2a6

SHA512
d9b69e900bafcb07d472715a028903dd52dde845418f571359ad60883cfb4c2a3be6ecb544a528ab8e2ca28a660e6542e75bccd7f583e8c24221a13aab6de53b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
8a4fc81427bb038b5294c7b96f455320

SHA1
d451d28a4e5d8b13fc1b3c7dc717df5801b46d08

SHA256
b9045619eea27e55d517caa3e0b42c8f6816823aa8c6e518caabc008e6076ebe

SHA512
f95435d9b19deb789b0c2cac87456689dce2488c3631f831f626a7f5ba1e4bbd88dc7b1872117cbf75d8079faa8307d3233815e10e801adb181809fd3579fe43

Download Submit