060f3f02a4b6acb763c8811cd8edf1216ee63e64a3e6fd233fc7a914a93a0424

Analysis

max time kernel
299s
max time network
297s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 17:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

лысому.txt
Size

68B
MD5

73d740966f50dbacc22f6c9cb5b0c7af
SHA1

ade86ed3952482ab238d52a962129054ea04cb03
SHA256

060f3f02a4b6acb763c8811cd8edf1216ee63e64a3e6fd233fc7a914a93a0424
SHA512

97e3d6a27970c0aac4e7023f2aedfe332d12c72dd4c04c1cda40a82e60a8c0e14827bddcfad0fe9d001fe7ceae5eec8e1b755ee1c21aa03d71368171715729b2

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133651072146972614"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-464762018-485119342-1613148473-1000\{1C7B2322-32F5-4B1D-B87B-007BC367F6DE}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2480	chrome.exe
2480	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 456	2480	chrome.exe	93
PID 2480 wrote to memory of 456	2480	chrome.exe	93
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 3804	2480	chrome.exe	94
PID 2480 wrote to memory of 4328	2480	chrome.exe	95
PID 2480 wrote to memory of 4328	2480	chrome.exe	95
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96
PID 2480 wrote to memory of 3380	2480	chrome.exe	96

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\лысому.txt
1⤵
PID:2836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbbb6ccc40,0x7ffbbb6ccc4c,0x7ffbbb6ccc58
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2120,i,7895377824201408660,2008939538831464517,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1828,i,7895377824201408660,2008939538831464517,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1872,i,7895377824201408660,2008939538831464517,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2236 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,7895377824201408660,2008939538831464517,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,7895377824201408660,2008939538831464517,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3716,i,7895377824201408660,2008939538831464517,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4388,i,7895377824201408660,2008939538831464517,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3540,i,7895377824201408660,2008939538831464517,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5056,i,7895377824201408660,2008939538831464517,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5220,i,7895377824201408660,2008939538831464517,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3548 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:336
- - C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff6944c4698,0x7ff6944c46a4,0x7ff6944c46b0
    3⤵
    - Drops file in Program Files directory
    PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5148,i,7895377824201408660,2008939538831464517,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5240,i,7895377824201408660,2008939538831464517,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5324,i,7895377824201408660,2008939538831464517,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4888,i,7895377824201408660,2008939538831464517,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5088,i,7895377824201408660,2008939538831464517,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5040,i,7895377824201408660,2008939538831464517,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5304,i,7895377824201408660,2008939538831464517,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5988,i,7895377824201408660,2008939538831464517,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5004

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:348

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
27KB

MD5
3fce6d5b3d4b76b72b94c2e0d1efbe65

SHA1
6c163b30831da62de321172e9a6f21acac390250

SHA256
67f85c13036db035cf5932e02bde49c52ce3841dc59700442841c7fa191d2c1c

SHA512
90b5cc12377ee87e6e3f4cb1ac370461f7cc1853ce270ee1fba01052bdc82294e88166ded32753b5188988463dda1a9a4382f0591fe1efa8c4807056da5ec619

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
714KB

MD5
3276774fa45f61943003fde414757d08

SHA1
06d396445b66f1269d1849af3af7b0ccd16fdde5

SHA256
5000a23b1e4e7718437ddbf508478e536f978ff3d3a83eb70711a350ce688623

SHA512
e7b2080fa3907832b747d68c9cb74e11b7a2cd9ffca65ff373303b4811ddfc2d58a1674d90435b28c9c46ca5ef682f5e35a5c81cd6b7b33b67de7103d755ea89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
30KB

MD5
18caf280a24a22b4c75f908590c924b2

SHA1
de4d2333bfb1e18f885652ef3517f7a47924c411

SHA256
735044f6b671211dc1d831782b44b0644cc29274f13ded3a09fd8d8ae4a4c43f

SHA512
dd6cd487078a5666b403aa266f69a65341e59bac796a71bc3b5e374f258c71c5781313275edcf278dc2e2f789f2b2ddf1ade2ca7878d786664e7ab0afd3d1523

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
17KB

MD5
e2f189f4ebce06e978d0bd0a93e15282

SHA1
86f54b675f6ccaa7a7f82794db31003e71161f45

SHA256
14ec96ef9863e4d9b53916ccc5857b5a53c3fe4dc76789c04a2f23573ba8ae29

SHA512
77808acace240f7b67d38fd9111cc222d4ad1cf3ec4ee12ed9d7494400495c061529d39539b9ebe29917d75841988f00bd20ab9ee4ab26abb04d8279c6c155c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
53KB

MD5
ebee194a9b773f166dc16096f8614aaa

SHA1
9d6a893af295c90e9e9792d7e54a80034192255b

SHA256
00f90db31f42975fcdc5fa1f70660568be68792ec11be2aac36362f435a6e555

SHA512
b1e67f381c8266ff60e09cccba6cb17fe0df4cc8d373e15f20f14b6e8c2f6bab4c0e91163e57c3c2f4593ac23512a43b2129caba1945870be4493d1def2ddcd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
36KB

MD5
200cd59ecd27d6747d525cf933aae56c

SHA1
8f955527e5a43b96861b9d5d450de693e92e8b40

SHA256
da0f26a52f95585a84691188652b1529705fd7996913d07035e28313ae9d715c

SHA512
b7f7022c9de36743b7fe0d855d52def6b152860cc442f50ffca7f7142749c88661710456c26783219e08fc65711dee66775d792cdd929ee6fe6a048e1630c8e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
42KB

MD5
93b6f18ec99bcb7c3fa7ea570a75e240

SHA1
60b9e3062fe532cbc18b897fac542c56a03544c7

SHA256
43693f7bdd6146e783fab3f75ba0a51aa3cf9530adbf790dbd686fc8a17aa3db

SHA512
ac1a9398b74eb75ac4d52b9a9054a1add5a836f2572b99307851a0bb6d93288a13199e06e5df4f1391209403bf775c9235a679bd081ca7f62b7752ed0fa691c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
0885981fc6406b108bcdb5602d07bb2f

SHA1
8edc9a1c8763fb990ddda695a068875a97e1ebb8

SHA256
5169e3b249af19d0555af85666c847cd0c6c81020e6a7f59475523e7fde0b0e6

SHA512
432923a6aec4e0791a2f8cdd24a7dfbb723c5c83c7022c4097b87ba94433cf59878268e623629c5672bfcbb270e81d36d61343e4444585160b81feb64bd1d864

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
41a23340388259fc6d98c0860d5abfad

SHA1
9c952fb958baa6e1661138bc2cbab209356f311b

SHA256
6da441e21c8de4bb4757cd2b95c5bd38d6718fff5ba8075f7279efb90bb0c733

SHA512
a1c6e9ef1cf2ff3fde9b90d1e7c23d353d22f1cdfe31772f63bebdc709bc35ad4afc91eda63103d430eef8dedaa37116deb1476267093bb5927c066e0abd3d34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
338d639363ba8d02eaa357f5c0b470d4

SHA1
cea7628848540b019cc423df7f65f40fb88e2c1f

SHA256
1753b1d20116f19db489efe2e5c7de376b97ba577b2655d7155730a75bd7ceac

SHA512
589b2a42ee9689184c6b54169a6b0abe1522f173df47670ac9e91b095541eb923a3d027e1e71b8f1fb34eab2d252bbc234ab1c84c52f4f6dccaaea0daa7d70d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9db73da96a256fa251522e511ad90cca

SHA1
7faea25d6646d8613d318a0eead7d814d6ca7f53

SHA256
833b562a2e404461071f1680846f410cc942cec2a4a216986fc0c9f99eca92bb

SHA512
86eb0df4fce1419ed28b462d03fa340445680cd6699d1a53d7d77ec46ccdb743cd4e7b655220ca5d5f0591acb2ff6114791de8efac02590debd422a2e53a74b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a24ec4ab1cf6ee95e4d7898860180e0a

SHA1
23d47c73a1036adc2956da8011dc3f8293970f9f

SHA256
3d087b77d46d06770ac44881673f7f5fdcf25c735d4f1e20c43d7977ac7bc7ca

SHA512
0193c7ca90b89d4a9c4a3eb2744f466270fb6078884bd4e1b36e357a2384574e10dadc55bb89d6ffcca198e8bfb3998cd4c65826e59987c038a7fb1acf667ee8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e480c5e96144aee96b56de7d5ece88dc

SHA1
0be7e15d1ea0a0d90eebaacd661d82fab6253107

SHA256
643583c7a11c2e8a86a3e8dc4e1f4b832854e54eb9dc64f57c4c6f65ba25fbd8

SHA512
51af39800d6ffbeda586dbfda4a99f1074b5839286f7f898d1cef64db2ddf7382fac1967707a552a48fc22f2748314520b205b94624d8244e5b4b0871c407672

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a6ba858ad022a9e8263094ab4ec7a759

SHA1
b89f2dd86d210f3a23238dc4dcc9268b1120f94f

SHA256
cf93b9a1228f83d7f927d050cc2c28f3d3b5da05b8c3d0388a5c1860c9904df4

SHA512
fef92d00e8bcc14bee3d36e0cd214986b0470460b619a5b5762c68f841c5b45019a87d1e210e96ea988e4618d66a8ce4464256b7aaec99657b23b3f8efa1e69d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
dae93c8107eee1f9de6819395fb4e36a

SHA1
ba622546580a11d2f25b56497d5ad89273aaaba7

SHA256
9e1ff7cf7e9bc87c2d0a033147dbb6823f0e1e0b3d0104ec8c174b7646930063

SHA512
8c3ec4d839f340f065ba75a4f0072fa340fc699ab1137304bf0f4ddc8cb642c3e799a05f83b0cd7b224600759bf9daa90cb9f8cb7a14508cf7a70ddea64b5d9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
a44f9b8ad9b8476ee21c966c769ca58e

SHA1
99bd0fd5d5d5af44a30406da231da5cd179bd632

SHA256
fdc0956ec954e866a22d648983061613c548d43504b7207d423aed232596a90d

SHA512
9bde4e0d9987959e9760dc174a34771ac8d2d48e255a901fd9de22476c1740d26f65d2cf0c843c8ab7c827d6f76f5348ecf71b955809305a05704f8c3f7c5da4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d896f6a8a83ca4b270c24975f1555fe4

SHA1
a0d65af0885d47026d590e5076160f81de701f26

SHA256
68aa0f6436345682eec607f083b0d0f62a34b4f9fba0e85fddf7c8678ca12c95

SHA512
b2e9e6f807ae2aec184352e2dafd2e5ed0dbfac4459b90f615b35b3bcecccf1835ab0a5fb6c826a7f1f095f938d9e5a97d7db57a045ef0767e0329c42ce01e7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
02572afb8fb23638b8ed0f4a89df94a1

SHA1
d7c4b849c8af4705dd9569fcfe17001dafb1df84

SHA256
7161382f199db1dc21114c76c88a73ac926da851d8c2a668d1445373b5cee835

SHA512
3f5d32c08508a8715fe5db68bee078523621e8cedafe3755aed455fa0a7c75c1a16ff2e91dfeed991e47344f4883b9ffda5a7d16e4cf7e5b37bb73c6f64786dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1a5f7ec1d9c8b2514cf19a18be208aa8

SHA1
c66c85900b492ae7283c833f7251ba237ad76b94

SHA256
bfb1c6bb24cff1eef0d76de6af6ecb25304cd1c72e32777e3eb837d9339d14b0

SHA512
9d5ae70ab4545993e0a833889830701a351d9b2386c9a2ddcc57a000e67a55c2fc908beeb11703515a13f1fb66944f8c7a3c68fdc11c4b6f46debc083d486d1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d9820b3d3f3cc31831a88da9db656293

SHA1
2ec483320b0b83724580e0ee21642b8c7075f0b9

SHA256
757e07663261fa267140f967836aa1b59509e0073861890aa4eda403ca6bdb64

SHA512
56814966d150924b12f219919ee486f4720b8e0867681aeedf59f9e0d9a29b45598ba19949bf57900a900b93cf702eec79de2507ba419a2fb37444d497f9b71e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
631de53f201ae08017ad57d3993e9f07

SHA1
9c7ccb1e28b5ab7f0b0c06792687e2d44c6256c0

SHA256
ecbdf2e7dafb9c287b29aee8283b5284b313e161a47ba9581bb66e920d46a135

SHA512
315ad143d5cc006e56ff57824ededabc1b31ec70cb3b584baba42f02dba3d4cc6da9e626bc94f825f1518d806639a2ad063d886537409be9fe46dc653addaf25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2dc224b14236ba8c6f92426754710124

SHA1
21c97331758ca03bd9ad6a8fce9d82867b9e6b5a

SHA256
459c0007f598e5bb3df03497c4d09f6e0bcb8ca738bd1f5ed839b199b4ae2d56

SHA512
a461d80b8134735145e6a94bdd4e68579fb5105a68aa6b43fec93b918a8a9ec2acbe44fe489a42a28c712550ab1b8d53465aca1fe81900faa1a11aeb8d7fc241

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cec950f7b5bcb65d4ad96ee2762408a1

SHA1
0d261da5bdaf5942adf8371e298f5caf76fe2af1

SHA256
9bb172d8071f41f156233475d114f32d5204f1cee72f8e6c35136a8171608f4f

SHA512
6b02c8e454cb3a1eeff450b5a260f633f9ca2be06d5c87bc61a6cda89b7a0cd12eb823aae10c3b61f9c179f49d80a67d71f81afe16cc98f702f9070fdc1ea124

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
27d877b6bcb5c461a980df50887da240

SHA1
988c69a62f30848819ae6adf561a720b6632d5fe

SHA256
38014199a59e8342ed9418ab004f3aa7480eeb8aaac0dc06074d69b9725f4532

SHA512
20336ee31ba747b2a851f7b29ee85fbfa2a7fe2fe28b248b1e7e08caa6f5a03c257e6237325946730b816ac4195425d06e8b3d7cad9b0702d04ea35e3db691d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e78b20dcf3eacaa78a8a744f512a38f2

SHA1
0cf62d11b1beca23f759f6eee84cb21dae214fb8

SHA256
a8167dcf2dbf9aa56995702512a5c238a896c11a6cbb8a6cb871d61e48d9f59e

SHA512
5715cc06a58e60fdad0c7607f9e8763bb6cadc369f7c2f824c0330b27e3fffc467d5ff808df4a8a8e716fb2f0703199be095187af49d65b57fd3eae50ae0202b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
69a37300916d83e6322de78736596d8f

SHA1
55f57c4c1a258bee9e1109294b1f0fa4b31f8b6c

SHA256
19a5cbaf520059d2634fdc3a36fa02a7c02fa3428ac59be87cd47ae80ff082a1

SHA512
905977ead7d471ae3005b889bb47566ab21600745c4eba7f387853184d48f18b816f863076ec16319837283ca9a08a7c534e96588a7fff0a7cde5b338912a4c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d38eec92b76e7e143bb56a4a9077db33

SHA1
f3f3990d47d3e56fc041af757ad26247a70bb6e1

SHA256
15abc809d44f152d3514fdc58aee1b07c3117e06fe9ffeec574138c64de4ab2b

SHA512
610d132e70c5d4e314530d566db35d8b437b4080148900d93779ba7680f0cda895fead94d13325201c1f1eff647791e07c5147631c0709429502420026b24bae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5bd631a909af60ec9081e96d9bd3ba06

SHA1
d85c2c335a6a1238e4ea3c12cef4e958e3380f69

SHA256
6dd2ea383273d458f1892f220ff59ae0199541920e359b76452986075f98da1b

SHA512
cf67454ed6770c63f9fd02895122b867e7ec10a20f4a6cb97e0245801d7d4f461edc318c4c000943c621f0a529da3f43cfa8b2edfe9c1068c782dfea7bef5a65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
87021d741c8a7138e78bd300dc3c291d

SHA1
c94eb5588b4a2b0b08a17f730592ddcb03686ce5

SHA256
525156b8ade3b3b8533f7dc29feedf66ff2ac6d81590d5117cff810568caaae6

SHA512
87fc8ce7467da9172fafc8f2e27cc20531d2c44feccb0f922c8f7738ac726d86e61b517f4386aaa099cf0dd632d0bd095b87a4b151a8b4c606f2443bb2cb43d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
fb11c0b763bb78c61a02bad1420d1af3

SHA1
8ce4a2db18c1a54a433f2896f341e30729b40111

SHA256
a0e065eb6b34e8cf82387c617a4e6dc15bd274a1adff566286723337be834193

SHA512
3b2f10e4227daeb2c01e231534b0ead05671294876e7361080fbd460ffd831464b64065b64303ff49f6940238de82b7331b1cf64900c2fe74559dd840720e283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
a069453db0a9d3a36f47469c3d82ee81

SHA1
6d94ccf58a5d3ce717c917678e7c99351277775c

SHA256
73ebbfb1f0bf17309630e8adfecd153ff3159a9c37d6926f604174fbb744eb61

SHA512
31025d741631556ce25a6b39593c090e167b07979878f55440657c7c8f71f42e471dc4b421b2693acbc3b788cb50eeaf3000f2143c9be27dda91d7f971375fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
be9dfd3c90ab7557977983def97fd841

SHA1
58940349010fd16da3f5c87811a974d8a5b74761

SHA256
fa41de1aa0cbfda0ca7ad5a9f1874308fdbd031d7cee31a759ec73f014ac8614

SHA512
883e4ce909d5ee464024700b7acfb85acba01af294f95aa526e28fbae77aa7049aca6b30d7d3ae9044fbe65c91375386c4362da5f4efc9ad9f73fd26eb53547a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
b50c06061061d6b0ba981e801af5f06d

SHA1
9cb489ef179ae1c7987491de1a5cab3f3de30bcc

SHA256
10c15ec1faf53013093f79958760cdf9a0af7fc303ed5cbde9639a461cbca1a8

SHA512
ac7c5a26b22894a6ba868a4bc7083c65c0d693a61006ed5dbd43c98f545037016ebbaa8f034136a8875e48e63ef48d7b9ae64786af7eb3030c48d1f64a1b727a

Download Submit