3c2cbcfb0dc0b92e1a0f15e725a1f8c4756a990e298098d94087cdd3fd491758

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-08-2024 18:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Delta.exe
Size

17.0MB
MD5

774ffee84d8e760761b8819edd2bc252
SHA1

74ff2bcc3baf64790181b97dc09ab951d9440379
SHA256

3c2cbcfb0dc0b92e1a0f15e725a1f8c4756a990e298098d94087cdd3fd491758
SHA512

935624fdaa9ae57d4515a456a9383c20240988848046fcab69948450413e573167c0f17a456f0f5120ec13e3215759ad11c4857873900606116c3e495dd69650
SSDEEP

196608:LOM8QZXcqPrn0guhegnueaIN3l4X+yBXeLUpcgwBj9aR:LOM8EmegnBaS1C+yBaUpcgwBj0

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2780	2444	WerFault.exe	81

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Delta.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3184	chrome.exe
3184	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3184 wrote to memory of 4888	3184	chrome.exe	89
PID 3184 wrote to memory of 4888	3184	chrome.exe	89
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 468	3184	chrome.exe	90
PID 3184 wrote to memory of 4968	3184	chrome.exe	91
PID 3184 wrote to memory of 4968	3184	chrome.exe	91
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92
PID 3184 wrote to memory of 2876	3184	chrome.exe	92

C:\Users\Admin\AppData\Local\Temp\Delta.exe
"C:\Users\Admin\AppData\Local\Temp\Delta.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2444
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 1328
  2⤵
  - Program crash
  PID:2780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 2444 -ip 2444
1⤵
PID:2216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9ff13cc40,0x7ff9ff13cc4c,0x7ff9ff13cc58
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,3281998465871257611,16370503779422237879,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1848,i,3281998465871257611,16370503779422237879,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2072 /prefetch:3
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,3281998465871257611,16370503779422237879,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2316 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,3281998465871257611,16370503779422237879,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,3281998465871257611,16370503779422237879,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4532,i,3281998465871257611,16370503779422237879,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,3281998465871257611,16370503779422237879,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4920,i,3281998465871257611,16370503779422237879,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4452,i,3281998465871257611,16370503779422237879,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4868,i,3281998465871257611,16370503779422237879,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5132,i,3281998465871257611,16370503779422237879,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4396,i,3281998465871257611,16370503779422237879,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5124,i,3281998465871257611,16370503779422237879,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3368,i,3281998465871257611,16370503779422237879,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3356,i,3281998465871257611,16370503779422237879,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3360,i,3281998465871257611,16370503779422237879,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2176

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:332

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1276

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x404 0x2f4
1⤵
PID:3440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
34d5f753bb13744c8dbc6fef1a6518f9

SHA1
c7c5d802e1ba258d9dbff7d1c526fbb4de903fcc

SHA256
8932393213556e7c6a68060d76c2b9ceb0cd10dd8b1c5846f15e0d5ccaeca10f

SHA512
ffdec2ef3bc47ad5c889af3d178e8478aafb7a08746e5bc3925ee1553535afe49f2ccc074b5724449f9cae71c5e86fe4dc2310602e20c486dc90fff038cc6e7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
075960f796b1dcc3087e24b98910ce6d

SHA1
f257687673f67d16749f170098b0e9c3de09b2bd

SHA256
37262a766f8f1f0bdb1c6e41e7582a6b736bfb8623ecf6a4c98201200539a507

SHA512
99cfe63de0591331fcc8d4582f15fd46b45433eaba1b726a84110333a9decbacadb293793d3a290ee641c7af422613eaa7ab5b663b2b501a719a19acb2eb69ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
dc62af1700104974c6b3ba17d069a218

SHA1
1b12170e86d6700c9b9c8cf037a271a7a0d899d4

SHA256
81b62a763090b3ff4f0f4b6f536b87d3835fd84b18309e489f5b93b539828c12

SHA512
f0afe6e05da45dd14ff3fa3c2af2fabc040cebfba822249f60a9e562b283fb1667b27c0f102fd5887c3ff82371ff56f25686d7239fdf919ee4fecfefcc91735e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
5c0d80436b45bde16cb39e148530baef

SHA1
acc0ce190ef8d6c0d048579312a204bd0ce60488

SHA256
7de692282d56030477db5a3c0d8135fc57a305e38ad6154c86aa601451c446ae

SHA512
2c135dd56192262af78ef0362de9f4930ad96ad2f3842bfa2faf7ae494b3d1d017dc87137abcc3d757e952d296a841b9ecc85014325bc81e3ac18197e6ca26de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
dac49fde000a7da7ab45dfb20081cd5d

SHA1
5e3941984e3999a2686a55ae2bd711203b376108

SHA256
cb35ac2d52a25fcc9d3c124ea43c140bc2bd710e15633f39e10d5f68d59562dc

SHA512
25703655226d6ca80288c4d5f6dbdae55ece1f42ae9d27eac4734f18b90462a4a29fa56d090da9d3db37075ae0b4cdd7f7f7b316e648cd8a9fc39b0cc3a47ee4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
46e03e4dab511eef2905f4ac20ce8dd4

SHA1
12ab5ab82544a8e251b307c9c39e4eeddcf99004

SHA256
f4ebff55a3243cb9518217a7fae686d8e2cd6a842c02a42a13187a18602b5f89

SHA512
bc7c2bba46a6def1516236cef2191441a44976022e135d0473166ecede5c1b968ff805937476e2141152e1fefd7ebc202374104133381907dcf991144c0aac1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f2a3cd3711bf4d09243a0b7b966d2d39

SHA1
91d7c9f460149f1234e119a256f23d8818534c1f

SHA256
a78aa95782e1d830f7dddd1d56ee1d372b16d2b3b3e0f8a80f83fbe87cfe5d77

SHA512
8ad9b6196520d009e22fcb67e254cf850543f1f5b6ed30a484a519303867e02876bc89c6d07a8632202debf64058f39539b0b3c9dd1d58fc714d5b34a777852e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4180a877c440b2bc0558492863efdaae

SHA1
3f8c7ca76d9e6a103d38027db72d5076802c1655

SHA256
bf323ee3a8826e56a8ba761ce2e4e3fed6fe1eb746f64d56f608a787564d1d9a

SHA512
90438e9d8973d090b1bfae4e3615cc815675924c17d3ac6cdb0ef7fcb2c15d98d25e74e7e6b1ecf8a4ec6ba040173a5642c79075a8d0950d5bf2645b937d6e22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c8b05dfe620634f1381cc7bb375f7744

SHA1
bd049b486a39c1c61e04a185932c62b35f047ff0

SHA256
499e3c0c1254906add86a4effa69876fa25ac02d242a688c4a2f960a64f285d9

SHA512
6e0bdcd932b14f69eb747b5ecfd67e5eb8e14c862f420c0574c22d3d668c5f0d0cd9185837bb9a26bb92b4bf8b8abc4c26af5b643e799c61336136b67ff0c959

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fa2abeba56acc312fd4828b388351efa

SHA1
f082cddc22570be1492364db3e063d440463aad9

SHA256
e5cb9ba9b49ef134b1d7c6983fb1d9704dd66d2e7518cbfe8ed35ae58e7285ab

SHA512
647040ad4ad9e0b4e5df9036c7a0777d6e5f68677d02e15d54be35ddf313ac99df24e53fe18b5ce240b33ae6a341f06cf18e4fd317a41abb0cdb44fabbcd49cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
12c73bc493281d770bd530917cd3b2b8

SHA1
c97efc0f735e4025c1ab195754bc4934c6c1b8f0

SHA256
42e7d37d2f0481c3dbe4f4d388c541d7a45e201c0491bcc743b9035ca190166f

SHA512
f2a725d5299f9f4b758be76b34347097d39f69d5407528dea3400ca1b988de60106c24c828fa494355faa6a730f2549a7024dedb1e823dd7051d1a87029da801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
16f8ff1ef0615dffa0e0e18360c1b929

SHA1
f946887027b54a6ad61d018f9408a07e795014bf

SHA256
375ac1d6c9edcf7c826e5ad7610f6bf338ba8f9d4667e1aa6c5cc6f408bc2a64

SHA512
2921c4b090314a7ba9e3de2d566cb178ba372fe540a1b36eeec73e7129622821036d8a6bd7cbd32413deed4c07d1ea22071fe975b1a490ab839be7d832f1833e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a4d53579b7997b0ad04d481ef77cd72e

SHA1
fd6906596d2eb79a39473f16ecf773daf6a6fce3

SHA256
65d8799c2d0f26d27bc4cd6bb2e36ed4b9dc3aa904fbd5a5b219812deda4434e

SHA512
6eca70a187a28e26af84424cf7810e3a6be5a3b08e61c6362b44b584eb73ddea6cc67332dbf12e1c72debc923a490badf3fbc812476ed477f496ad375c775f8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
74cd4f093650036bc82b5fe91ead84fb

SHA1
160cac07a2fe2ad8d45657380f7c9703d08842df

SHA256
a815c39b6fd7a40d8b3227d9b1e3fa51c0c3fd77d1f226a2ce0793ba3158d007

SHA512
f96c6a702c669fabb9eb8d6a503d785584fbff7a78cb89aa40d748ba4bd378e05864a3c1ffdf03ed0ca5d6bbad5587526c732b3b137df63d61bab7332547ff24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4aec80fb5a723925e9b3cf9670f1c957

SHA1
ad2d5637c850e873a9ee0b7a69a023ca0672afb2

SHA256
ea1b42548861c53ad783d3aa3c3874c65af1e41c8366f576c0a4bb846d960088

SHA512
da5d97d47ded69248d2b7885641b8de1c1f512ec336d7c6296976d0db3cb63f1334fac8bf645969a6fc717c3077979f524508c2b63c446b7a99408577ef32e64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b55d25ddb43e441dfd198814fed99846

SHA1
3e09ca8121d23c0a50e7032f5dca175482f4f0dd

SHA256
b86b778fface61cbd748294218cce4b7c40a76a1ab41beae20919fc61110099d

SHA512
3dce6a28d24fd780721a79e2a85faa65e073d5d38559ec915b4ab4cbf323875517b97a908c2d96eacd0f340b6666d34ba00c61e404aa0a8c49f4f280fc14b054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b43f63e3c55e766794aa9e15df325d42

SHA1
d7f748bbfa1c4101063b06b8567da5503cae86bb

SHA256
bd94a4c75edf2c78da407ef11143882c483aa3b6938381d03f50dd680401003f

SHA512
645b839a9ebffb08f0a494e6526d82ac2595a0a0075e75657a9a6386456d46717524daae37b976918036b68fda1e41e58987a2038241a74ea7406d84d7dcc08a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1d52e71847ca63a57bc52521d7b387ce

SHA1
77d28dac8d98312aff14ebbb08cf68c531c19673

SHA256
1f3490edb54b4bebaa954a4c722c764e860062394b42bcbac1cd8bbdb8592f0e

SHA512
c269ec8080b92c6ab9238413ab05f47b7ba47bd2a820fca98fb330941083d2a21f1aa6bb972401544c87800b601f8274b60ce8be7e15dae60af671a42382f326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
cd2a83e6f3d0d1b8ccf97e46167a4c61

SHA1
870f95386177a6bebbf917e8292fd7bb3488ce09

SHA256
acae41b313f5aa086b43d35ed91a990e1b3a0ff48e6222147d1466b0105a2620

SHA512
0a4733865d333437db44d343ab2c43803bc27381872946fad633c68d57bcb42de0b48aeba6b5cc48c90d1e42329cc753eb461e43a64e1adda3d39aff7bc54fa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
def6973fe0fe696e2286a8dfda99a8d4

SHA1
71798657b979cbe976c1d24082b5ffaba4674916

SHA256
f95c50d4d430bfde533e339bdd8663a46323a48d561896f7b957fcbdb995e222

SHA512
3febbf50c17445165abb578eb843c0f0b7dd64763a8c4a6b1de2e8a3226e69651338a6c3c54727f576d3e6c29ada99eb76bd14b96d85bcaa8ee242a9d131875a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
c52f4be7e143e1cba0e59149cca69d85

SHA1
a6f85ca827ee6bf2b13c57752f8a4a8ad3d3e23a

SHA256
947055e2ac841ebfce0e488ea08158284fd040ebb97288d1dd234d6fc9a2b536

SHA512
f1efa342d80abe60fd1c702703dd19db0e3b2a9e9c86f7f94b5c85a7e4c2492e62a46747bd68cdade5ed2dd0b820da46020cdae410fb566d9d9a131fc2c200dd

Download Submit
memory/2444-4-0x0000000005F00000-0x0000000005F38000-memory.dmp

Filesize
224KB

Download
memory/2444-6-0x0000000074A60000-0x0000000075210000-memory.dmp

Filesize
7.7MB

Download
memory/2444-0-0x0000000074A6E000-0x0000000074A6F000-memory.dmp

Filesize
4KB

Download
memory/2444-5-0x0000000005B50000-0x0000000005B5E000-memory.dmp

Filesize
56KB

Download
memory/2444-3-0x0000000005B40000-0x0000000005B48000-memory.dmp

Filesize
32KB

Download
memory/2444-2-0x0000000074A60000-0x0000000075210000-memory.dmp

Filesize
7.7MB

Download
memory/2444-1-0x0000000000080000-0x0000000001186000-memory.dmp

Filesize
17.0MB

Download