hxxps://s[.]tf4srv[.]com/cimp[.]php?data=TVRjeU1qVTJOemN4Tm53eVpHRTNZekkyTlRnM05ETm1abVZtTldNNE1XSTJOR0prTlRFM05USmxNUS0tfC9saWJyYXJ5LzEyMzY2LzNlY2JlOWFiZTAxM2NkYzNjYjRjMGY4MjMxNWZkM2FlNGY3MDRkNTUuanBnfGh0dHBzfDE3Ny43My40My4yMjB8QlJBfDQxfHh2aWRlb3MuY29tfDEyMzY2fDR8NHwxNHwzOXwzNTk0NHwyMjg4NzR8NDB8M3wwfDB8NDYzOTI1MzJ8MzQ5NjYzM3wyLjMyfDEwMHxVU0R8VVNEfDF8MXwyMXw5MDB4MjUwfDY5fEJSQXx8fDR8MXx8NjZhYzRjMjNiMjMzZjUuNjkzNDU3MDQxNzk1ODQxNjkwfDE3MjFjZTk2OGEyNmMzOGY1NDRlNGZkYTUwYTg4OTdifDF8MHx4dmlkZW9zLmNvbXwwfDB8MHwwfDF8MHxleGNoYW5nZV9iYW5uZXJ8MHwwfDM0NDg0MzN8LTF8MHwzNDY2OTk4fHx8M3wxNDQwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMjguMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMjguMHx8MjR8MzB8MHwxfDB8fHwwfDB8MHwwfDB8MHwwfDB8MHwwfDY4fDB8MHwwfDB8MXwwfE9LfGUyYjY1NTY1NTg0OWNkZThhZWM5ZGJmNTZlYjE0MGFi&dbt=e2e_66ac4c2465cf34[.]58022302

Analysis

max time kernel
146s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240730-en
resource tags

arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system
submitted
02/08/2024, 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://s.tf4srv.com/cimp.php?data=TVRjeU1qVTJOemN4Tm53eVpHRTNZekkyTlRnM05ETm1abVZtTldNNE1XSTJOR0prTlRFM05USmxNUS0tfC9saWJyYXJ5LzEyMzY2LzNlY2JlOWFiZTAxM2NkYzNjYjRjMGY4MjMxNWZkM2FlNGY3MDRkNTUuanBnfGh0dHBzfDE3Ny43My40My4yMjB8QlJBfDQxfHh2aWRlb3MuY29tfDEyMzY2fDR8NHwxNHwzOXwzNTk0NHwyMjg4NzR8NDB8M3wwfDB8NDYzOTI1MzJ8MzQ5NjYzM3wyLjMyfDEwMHxVU0R8VVNEfDF8MXwyMXw5MDB4MjUwfDY5fEJSQXx8fDR8MXx8NjZhYzRjMjNiMjMzZjUuNjkzNDU3MDQxNzk1ODQxNjkwfDE3MjFjZTk2OGEyNmMzOGY1NDRlNGZkYTUwYTg4OTdifDF8MHx4dmlkZW9zLmNvbXwwfDB8MHwwfDF8MHxleGNoYW5nZV9iYW5uZXJ8MHwwfDM0NDg0MzN8LTF8MHwzNDY2OTk4fHx8M3wxNDQwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMjguMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMjguMHx8MjR8MzB8MHwxfDB8fHwwfDB8MHwwfDB8MHwwfDB8MHwwfDY4fDB8MHwwfDB8MXwwfE9LfGUyYjY1NTY1NTg0OWNkZThhZWM5ZGJmNTZlYjE0MGFi&dbt=e2e_66ac4c2465cf34.58022302

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133670413693335202"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2924	chrome.exe
2924	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 3616	2924	chrome.exe	78
PID 2924 wrote to memory of 3616	2924	chrome.exe	78
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 3228	2924	chrome.exe	79
PID 2924 wrote to memory of 1128	2924	chrome.exe	80
PID 2924 wrote to memory of 1128	2924	chrome.exe	80
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81
PID 2924 wrote to memory of 2008	2924	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://s.tf4srv.com/cimp.php?data=TVRjeU1qVTJOemN4Tm53eVpHRTNZekkyTlRnM05ETm1abVZtTldNNE1XSTJOR0prTlRFM05USmxNUS0tfC9saWJyYXJ5LzEyMzY2LzNlY2JlOWFiZTAxM2NkYzNjYjRjMGY4MjMxNWZkM2FlNGY3MDRkNTUuanBnfGh0dHBzfDE3Ny43My40My4yMjB8QlJBfDQxfHh2aWRlb3MuY29tfDEyMzY2fDR8NHwxNHwzOXwzNTk0NHwyMjg4NzR8NDB8M3wwfDB8NDYzOTI1MzJ8MzQ5NjYzM3wyLjMyfDEwMHxVU0R8VVNEfDF8MXwyMXw5MDB4MjUwfDY5fEJSQXx8fDR8MXx8NjZhYzRjMjNiMjMzZjUuNjkzNDU3MDQxNzk1ODQxNjkwfDE3MjFjZTk2OGEyNmMzOGY1NDRlNGZkYTUwYTg4OTdifDF8MHx4dmlkZW9zLmNvbXwwfDB8MHwwfDF8MHxleGNoYW5nZV9iYW5uZXJ8MHwwfDM0NDg0MzN8LTF8MHwzNDY2OTk4fHx8M3wxNDQwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMjguMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMjguMHx8MjR8MzB8MHwxfDB8fHwwfDB8MHwwfDB8MHwwfDB8MHwwfDY4fDB8MHwwfDB8MXwwfE9LfGUyYjY1NTY1NTg0OWNkZThhZWM5ZGJmNTZlYjE0MGFi&dbt=e2e_66ac4c2465cf34.58022302
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffc1a38cc40,0x7ffc1a38cc4c,0x7ffc1a38cc58
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,5503810166340966134,11726977073751291823,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1812,i,5503810166340966134,11726977073751291823,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1652 /prefetch:3
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,5503810166340966134,11726977073751291823,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2420 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,5503810166340966134,11726977073751291823,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,5503810166340966134,11726977073751291823,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4408,i,5503810166340966134,11726977073751291823,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3252,i,5503810166340966134,11726977073751291823,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4652 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4660,i,5503810166340966134,11726977073751291823,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4300 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4988,i,5503810166340966134,11726977073751291823,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5264,i,5503810166340966134,11726977073751291823,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5064,i,5503810166340966134,11726977073751291823,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5408,i,5503810166340966134,11726977073751291823,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5300,i,5503810166340966134,11726977073751291823,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=976,i,5503810166340966134,11726977073751291823,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=736 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3036

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3624

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5076

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004CC
1⤵
PID:2072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
190KB

MD5
a9f8a9877c91768b627b54a6f361ab80

SHA1
e8992dc55d6c40278a7ccfe73edc0d419612bd3b

SHA256
dd7dbdd2a7ebf994e53928df2065551564814f72544ea6b810b2f01540271c12

SHA512
ca59ebb1545b58171030d37725660beddd5b03fc390eb076ebb8eca9a346026d2d179437efe8102f7f7d85848896ee2ddc98ee98a2819a9db783e1f1313af129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
29KB

MD5
83d976611d0235c4fbcb7921bac8fa54

SHA1
9bbd17b01f3c6e95edfbc08cbe48127c5dd1d06c

SHA256
de6313e51819132b0520ca3d869b166beb58e7d5a4fe5d64d29d13b1e86b1301

SHA512
2481e17675b1fa5b582657384c1656096dd4a3e007edd77f5a491e6731a0736700a10a7d29c51f00765d49beb4d5373f520bbc675c7872e82eb9178f2a47a580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
453KB

MD5
3a3f46e7349bc35395e7424b31fb94a8

SHA1
3b8e00e5c11a0ce1c86f54e4218a28ecdf2156cf

SHA256
c445ee37cd4836a87d5706d57772fdb54825261122354c5a645f124b4ad70a14

SHA512
cc921dc82ee1e1e97f7e1c0ae04cd4a7185510917f3e1776a7660da17ac21ce38d0823d5a953a2501cb676c3c43649a6fea27adeba94e945c389c859ac057134

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
42KB

MD5
59ce6f8786ca4f1e500913628d3989a4

SHA1
ba267b89d0c8a97415543944f7545cfa6f008424

SHA256
88cec93c73c76450b3eaa29e9bb2329075d4a439e752e532f1618229a41da45d

SHA512
19ac248b973405e88ec9927f6ff6c3cd8e98133fabf0f96f870e250bc1b8bfec483fa25a4582e725b86e94a2a7e6083bebb0e4dd85b11b71923fe1deebd5e17c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
95KB

MD5
14b4c4a3dff671838c793dd6ba191cc3

SHA1
5f5b43f81dfca58d791b0a7e8ecdf917bdaff3dd

SHA256
9d05375e1aac65df6b5c0b025ee36c15b85a02e28fdfe6d22532da1c94bdc626

SHA512
1b8a831747577db6ebdae7160470df39b77cdfd3697de79ed85cd41a5c7c44cb0b884df9937f0798e1cba50df81f49db819b5244d0439d13df8481c3d60ecf79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c6420565d2b9635b72fbc29d0d1af268

SHA1
5c7b537d676d9e414c11c4267cfa3b8989bcfb1e

SHA256
0a2affd25814f33aa5f5b482570f8448e4f6243dce7aaa6bc7c3a8a42e6d4f43

SHA512
d79f84be47b492e2824a28c542491075930026d9454efc02291dfec9b070c4c177b9f55ae2bed525aaae9888f8030b0686b06d74d2db352b08eb8128ff8fe814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
ea2d08c33fa37e81fdedc5804b98a105

SHA1
aad29667d51a5de91e2ee9c567d4364f84c2b57b

SHA256
0d1d0f50fe29acda72a7ed7e9e39a5fe1e56198bb131d700d17ca51382d2ee4c

SHA512
2f4154cb7f54cae2664a7248826a9383b7a2bc424f502f41cbbfb7074bc59d5127d5cab253ae18bccef491c7636527983c1f9f2f508811bbd3a996792afc9951

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\35d15403-ecb8-4318-8d94-9bff78721bf6.tmp

Filesize
356B

MD5
51c1873fbd2a5be6444be51c10d836c2

SHA1
1724bbf2d08d0837fbfba6873a96c87f5232acbb

SHA256
7e236278e9616a5958e84e7b22260347dd54964790f2e993d78508a0e9dc11a9

SHA512
5f91dacc7b7ff56ce1efe71e54e555362ce2141a719db62450325a465f0c08e96fcfb77ed6aaa4f2234f26a52748ba57b2abce8ca3fcb3577e16963daf86c7fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1e1ce6791610ba124775e3b6cc1e572d

SHA1
651cf4da1d4c7b0775c804176536e860f1d7eedb

SHA256
b80dbbde40e6e5fe88161e40311324ed88509e0e515b1dacda25ea53c479a97c

SHA512
3b7059539d365f9f594d981357708cea661f412d87b8ba400fefd2d6385766abb85280f3a6f7b0e5c06e8cb3e89b8eafd0f17e2d2c670fd937d96aadcebde4dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
6be9e228f6c1801de58a3ec0b5172093

SHA1
f9571b932ec811219bb8fe07e10b1f65fe7ed7b9

SHA256
8de9b4d4def66fde58c31a56dc96f4c9cfea9671cd85b25c5cfc9e671a84a13b

SHA512
b5f3371a33ac4770453775bea9cbf0be2454747b005d19c99460aedfa26599ee62bf903f35db051c9cdd945344dfdbd9b5982b187043c1d599271277179d1ebc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e080ce4310dbcfa64e1a1a6a1c9b2fa2

SHA1
6d15c40d882d771c88f43b6b7aaa77ff11579b50

SHA256
51a208b5c731fcc7551f77a59f32cea8a4a1baf4887437015f04bf0de9f6ddd9

SHA512
3d8d7d4a2c2be40dc4937490d4afe48dc8da80643717a5c42e3b2c1fa727afb01729f66fbd0540163860b0ef4dad85cd14a6a8fe994ebfdb9d4952f827842e04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
de468f1b12a641a9ca10ca78934b850f

SHA1
1c1392073f2e6549ee4c52d967d7ae979e4d20d5

SHA256
a22beec000853a7e0c6957337997e45bc68acf2929a448ad426ed61b94737b0f

SHA512
13355a7d8897d12be531299af1128f20916390b4de9733fbb59d1609de6db2d89310f27a3fe65136885ccdac05c847f1bc4b922cf2cf96c2ee70f30ce585d053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8635d102b452ec8038df8c78002ffaae

SHA1
e34392bc0b92ffc27a46dd086b5626d275f8a05e

SHA256
c8abf745416e10c7c38a1b84bb2017e45d1c1cd89aace5d7628492a3715f9e1c

SHA512
4a49e9568611a9daaaab2e83d852c4a801dadacd7c8d884e2c4eb0bcf4dec9ab81e8238a7d8f85e35781b18e4bfe2dfa88774af0cd5b8acfcdd4121271ceb840

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1e4ac25f87888f94fdd295dcb9689542

SHA1
304db8e7989e19446c6466076de78d1c1e5f8427

SHA256
77d130b817621e41028a3c944bc066cea2ba9e840a83ba784187ebb1e30c86e5

SHA512
64ddb6f1124da70ce048135f7972a2c042aba73a856935e4b55bb41403396dde8a760323e662ccef504f3660812846160bc5dbd16d039fa74dd6690c92f01588

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
27eb949c9d0df4dd6ad4616a71092954

SHA1
fffa4050a2e318a994747ada9628b44ff7363613

SHA256
158bc9723fd7a3fc1464ccbfd89d52be4ddc5deea5eb1307becba9acc45c4fa7

SHA512
a8cccc5a7ab5db87e22c2bc81988ac77e05e6f9ba096d2c2771d8602865606c3dcf18e4f94ba00ab2a31b32c15571a7b1847cfadf6273b812dd7565d4591cdb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
28debd2f9ecf563d5d5146e09f93f944

SHA1
d436f256e14d2c6c27f8599b701ff097ce2f901e

SHA256
86c5a161bf391d534d28a85c21d7564113df1118a2f23bcfa927e73c52bfccee

SHA512
6503ed916572c1786ef606f00367aefce077205bc1b963350d3b5ed85180ad7f15add67c2e30bde9e2fd095b91c8b1bc3c14795a6659603d1937a8c702ec7d0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8a3ac4c56d5b61c9524265a134696ebe

SHA1
0cdb5ca63e61212094a721b81ba97e89768da61e

SHA256
7cfd2a0f81de73f0dfd33adc83691a99539e80892a686d9f0ff10098a26f748d

SHA512
5bbc5b7cc0ae3bd5406714e37e58605b3a7ee83050b288886ea17c8c2ba89ffe40ea0101e2fd189f2672fe734dfa7383c22690cd413e28c95f8ec794f93609ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
da501282f5efa893ba2e17f08e1db1ae

SHA1
4f9bb51cde62de01dfbb1894615c578b9169246e

SHA256
1fbf7ac016ff88aff94a4a7b63b5a3cdb9ad1d41eb6ccd47b74e33caa0206a92

SHA512
a0bf2316c8c91d511d035be0ae47e8d2cdb981949782c705a852445efa3b3f8e2c41eae796b6f53e5dcfbe86dab4ffba02e610a1a6951ffe4b50122df0596f62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
955e45ead8b86558590bd42eaa78acb8

SHA1
360d59836569cdd82ffe1c9bbb262017c69f0c52

SHA256
63c8f718d0b2de9ffda0d60c180794437af2c8005903a159c4bfe9fd84b83ae5

SHA512
9ba8e78c53633123f9fd45462cc930e1f8170e5c32bb9fe446f194bf74857b43794073d81d4eded1e6026c18af5b716683327062ee4eb6ce4e3cc537052a89d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
29918c42b846b544d897653dda73a60f

SHA1
87522ebd9a65e63ff755106ab0c63ed1c3994e25

SHA256
81e1d19d4b892719aa3e491870e56a83c2db8e97956ae60ed8fffcf0af824ae6

SHA512
63b5966be48aacaa4bf952e029b7b5e05560d0d924e812e81b35f4431ab819129e61463e7e1b23cc845e43a84d8201fedf2ac35516c919e7c3656e0fb56428ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f080180ca1b51257a5588c3733b0c902

SHA1
e0b33dd41a24144ed29039ea642b0eefb12751fc

SHA256
642208308489a483cb480056613ddab1768af88bfd5056e0047eab5fbd5441b6

SHA512
976627ba8882145ee38212e72da54c37534dfc6f072f781e2d786246db7fba4ea8d966bad5db1d10cc625c1751583c739903d54e7804fd3b22f91d35ce74d083

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
671177821ab904efbe2c92c20f4acbd2

SHA1
53da6888f47eff05d054d65eae855201edca1329

SHA256
8e5ae93976e2ac1be71e8d6a63f26997c34636299d339a52c6d106bf14e8a44c

SHA512
e5a1efc1c3088907c51910b35a7465139c6129e3054637497e1fa75b4ed0d2c4a538ef2b81d877f508a4e9163c659f76d141e03c0eabba6c4def258623c579ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
89275d85763dd6c7cbcf8c5a38dabbf9

SHA1
ab4d49201e59f4a0cfef2a2f57a10a0acdc31863

SHA256
5efb6905cda0838bdcd8c0758404dbc30ba7184b36b6344c122d94527faf93d7

SHA512
f150b9d1f7457602309a6187aadb6bc9c45acadf6fae7d1f06c1f4e5ac98b98841e7b14a0299c6755904f24cc60c2b05c86917821517771142a3cacd4efcb34b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
b26255f2bde232336496faff132098a2

SHA1
b0bc2148257550b17ea9dc995a1b5fa75ec262eb

SHA256
7c9a00f9c996d5bd203388b822768658ca89a1cec90ecc8e780dce4dcaac921f

SHA512
05486c1ffa854582b8ee920e11dd0ff7663d161ea0464fb7e0df9eaaae788555ca4e6d248037430676c61e134d6725d6ea6c80a7befa346ca0858f42f60c5b55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
481b11d9ad991d9cf52b70007da475be

SHA1
7ac8573a10863ef7e12e82fe266fa2b4dee84baa

SHA256
b202a58f79fe4bae47c6cbd7c674146547a5b156232e641090b3b0d112b8df55

SHA512
3f4b6468dbf26605ee34fc68dd3b3fdfe8fd908ed5bb4fd14fd5969384c4beaaabc7bfd5fefd36832f9af0a698ed01b0da3c8a4533d4d588ec685a597e5c3610

Download Submit