hxxp://google[.]com

Analysis

max time kernel
126s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2024, 18:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676158952322546"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3148	chrome.exe
3148	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3148 wrote to memory of 656	3148	chrome.exe	83
PID 3148 wrote to memory of 656	3148	chrome.exe	83
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 696	3148	chrome.exe	84
PID 3148 wrote to memory of 1064	3148	chrome.exe	85
PID 3148 wrote to memory of 1064	3148	chrome.exe	85
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86
PID 3148 wrote to memory of 2016	3148	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe7fdbcc40,0x7ffe7fdbcc4c,0x7ffe7fdbcc58
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,3338238436811404912,4165128426414420900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2028,i,3338238436811404912,4165128426414420900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,3338238436811404912,4165128426414420900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,3338238436811404912,4165128426414420900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,3338238436811404912,4165128426414420900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3996,i,3338238436811404912,4165128426414420900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4132,i,3338238436811404912,4165128426414420900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3792,i,3338238436811404912,4165128426414420900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4984,i,3338238436811404912,4165128426414420900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5020,i,3338238436811404912,4165128426414420900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3076 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5408,i,3338238436811404912,4165128426414420900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5104,i,3338238436811404912,4165128426414420900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5024,i,3338238436811404912,4165128426414420900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=724 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3228,i,3338238436811404912,4165128426414420900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3668,i,3338238436811404912,4165128426414420900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5072,i,3338238436811404912,4165128426414420900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5488,i,3338238436811404912,4165128426414420900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5720,i,3338238436811404912,4165128426414420900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5028,i,3338238436811404912,4165128426414420900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4496,i,3338238436811404912,4165128426414420900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4408 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5664,i,3338238436811404912,4165128426414420900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5876,i,3338238436811404912,4165128426414420900,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3688

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4564

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
181B

MD5
f539ffb0d615c371b5d51c67d06f1b4c

SHA1
8ab89b89656700a1cccbee42135ac522ab21aa94

SHA256
48fd98eb1148f5af67f738c089670ff256143e56247307b3b2b99d0699164eaf

SHA512
7ef024b5a52491a1b73375dc2688929ec5cc45d69df540a115b374c24b8cddc2fc3225500df539efad1b99852c9403b5db8a6c7283b0a5712ac5b73c6d165006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
737bd4437267dd6d8ed67326d8878f84

SHA1
9191ffbba18b07eebf51d29eaf6a935b60671fb6

SHA256
f539495276d474208109975043fb2152f2c1e895d9fca9a6d8a809722ac9ccf2

SHA512
a7b94f48cb6f7c893a3eed889df7cab287b62309c3af6578fe0cbf891f1d2077f08956d457069d4d67f254c8ec1b59828e0585648c70ba2856a2f23de5e52a76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
2df54036f5baaf6d81ef902dc27e7218

SHA1
f68836fa64336af85c06046b95bb287a2275ed96

SHA256
f6347e0498ed264035f5d5461187a1847f24a232acd275e80a153492f3af14c8

SHA512
87be5fc9ea4b1452f2bd810a61d9c55782af25ab867702399e364d50abc6f56e151bbdccd8bb6222d9eb777154ebd9ecf0cca35f9b9401991fd4ff4eacd53346

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
c144f12c98466363579a88d7ca256d85

SHA1
c8ec86a537ac68ae5b49431629e774be8c590c97

SHA256
ea0ca0150e7eeb67421eec26a9301e77973c5ccb6dfd6af5edf56754fef111f0

SHA512
e74e41147b4b0893845f7cc9998fbb23aa3072ce25f2e5d6c36000fe4458924bcd97e42832a237a1b88dd208eca90d4fa9c772539185ea422b34a5ea03d3c25b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
d68b892fc1a14ecdde49d2ab910a3e5f

SHA1
22b4cb55df7a9d0b195e287a7d01597eebb1e299

SHA256
7c1734b1944c9160c7ae17f63ad4c3ad2977c2d08dccce2d84a6ce107bcce58c

SHA512
eaa07765faaf3ee481adc4dafdc735b71b80e3d8fe2425c2d4d6667921b7e9d5c3dbcaeb38fa9b486f1f75d6c5f8b7b954890cff18ec2429f6721f7b40c0f70c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
19f5d2962678fbd05918ebb3874b7041

SHA1
855a2b938d079606d1bf461d2e9396ee9b3c7bcf

SHA256
5303515cb2e556fbc56bad460cef6e73944dca17a32b3147e5b60dcfab2bb431

SHA512
49c5b92d27b5d12d145858dc4b579b5d53ed20ca6b5a4073398d1efd43829079cc8f2b9576535c912a8fd6296e283eabfc4e41e4e0e28ca35ce2d0b5e05c97a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
84B

MD5
32b9dc9cc81d0682e78627c873fdd651

SHA1
46c486386d3e153c3e9b11d54cb52cf0064b71cf

SHA256
712196693e3527ac1131831f1a2108b6c0e5c68967b26d51a452611cdfb86e0c

SHA512
f18bc37f8b72411548da247aa1394cc5ac03c3bbd98e82eb8ba290ef239ef5b8625cf4835bd41ce7c52766d0bc3bfe9150dd22dbf62f0f05992ddde5fbfdc811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
4055e19509dc24abc5e2bf87da681529

SHA1
0a0369ae8176865ebf01173efd19919bc43c3bcd

SHA256
8e9bec501d492dd2a8b5f4ea11001c3e2b7dfe7dad89fb561465f395ea3ed203

SHA512
948dfeabf9098255266ec996a9fac63d12db24439c2e07f491227333905043ab9929302d80015f12c07a6122772fe6b304d340b44ecfce1b747acdc49344cbdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
1a58a53bc26ff355d40c40ae578da5ee

SHA1
fe9d5c7e8d7c6b834f8fdf740dba5042246ac4e1

SHA256
9c15a98212c07f9ad40d356874f9afdada54329065401d6de8c7d54706d1a2e0

SHA512
dc47e919a7020596131b4eba5fa82bbfbe594803291f48188e53ee9eb5d372a7f344e0a09e9c17d6a2cce044879114289a92a0db1336971528276bc11df953c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
188B

MD5
c0259a5bbccaa34b285d27344c5d4175

SHA1
60398c3267aa4fd030a918f8bc2b0ac94611a255

SHA256
e3e4c0b11ed619a729922a1abc6f326d136ee5221102f6d4f60095d2e6822838

SHA512
ef8a3817c4a9b9109d051eeb04140edde8ce958f581ad61172bb2681a16290797bb96ce89cc99f855fde0281a6e50074b7ecac9e1bb24887689e3e35e9fd12a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e565d0ae9b042c1370f2b2fd22b0321e

SHA1
f8aa59e337e8854853d848588385a76a471fd600

SHA256
1620a48823c69becc851c595500d23dee5533c2b1c5145accccefcb53d5d42b2

SHA512
ce201087e4c0b29563b906287c6308c642c8c3eac28ad0b0bdeeadeef739dacf537e3d345191408994c713bb180f4bde24a21e187d908a7935fe5b9f176b75e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
15195b688fe0610feed9d9cb0bb1b628

SHA1
c57e9f6971e86256f9a16235319c7193e55abca5

SHA256
d8785d937afcb8a8a0de91a1eada38a0337e9427850849fa94f3b751d08703de

SHA512
283293c6195a1bc8a38d08528266361c5622ca985928849223450bd2825225560e637a8b5554e3ab3bea16e75d82bfcc54630a092efab8ffe67bac409368a1f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4870a8581f2009e0dc84e0d50441e7e2

SHA1
88ff3c2d2660b768a77201cb0daae0d5879a4b2e

SHA256
ba282f01c5735b163aaf34c783a85fbda89ce7d8986c9512524d7729bd247759

SHA512
78c8ac96321ecaac8bd91d6c09052443ff0027189d4e493743f2de2413383f14e300b2615c4d268f8ca0845590840cf65e6239c6b85e413fdff4bb62a90656ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2b906b66929f252b010c6a2d791d541e

SHA1
be8284861259b28e9db213614c0a219a86315ee9

SHA256
03c96173f579740e7b2a0ff1cb2106d96f216f7b90c9d051afcc2cfdd75e50ca

SHA512
6622405e14cd28d092e7e9bf07c6530d216d71005ecd61f2a8863f9c20debee881e3a75a4f06af894859aef0bcd3ba5a0288df6d4aac7cb6789f91b71e48facb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ad8d3984bbb4bd6eb82f0b64a03984bd

SHA1
a79b7648a3bcf21e87df4fa9bd949e25f6b2ac72

SHA256
782ee0c6f9ba824d3abc456437dfc755e0fc04812571b84d29450746f001d8f9

SHA512
c3ff4efa65bcedc8f86caabfb40c132aa2e88e4ef70ef00b62c9d9735cebd356c32bde687a8d701df8b6b768d385e12e047edab244628b7c0854a4ecb4dfd129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9c5f417913b0d4125d671343c343146b

SHA1
40c7644c086c02c87ca6af47b6b6ad1543102063

SHA256
1817fa54d5410433c02482944d8082e5c6b0c355464a3ae4a57d8ffe3b2f6675

SHA512
6df6caf718a4e28a8593fd6dcb47256124604c665f11a652c8c418a8f331776ac6f5d8a9e296e97af32da1828f95bc074354b4c48df3bbdf05e47e0efbfb5ce4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d0d35913dff015c6aa852f5f9a40fb62

SHA1
e57c209b95b3c6e2b03e0593566165fee2076d5c

SHA256
af6579812a599038cb0bad2f81c2e0a0eb5e03347ccaa9e572f8eb499392bbff

SHA512
361e143853dadbe2071bf3811b68a479d39eededd0c6cb1a5b419f0a39a2475e4dbcb76b7f0e6a070c92acd7aa5a9ee94ea170002fe412101da0083c7ddde5e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
609dce2fad17df3097ad47b673f20715

SHA1
6b9ebfe80d539511171e36ed31dc64fe069bd214

SHA256
be77ab4f53e7e1bad9ec7089980d777f80ca0a151205a09d6e0c9279a5da89a9

SHA512
00e2843e68a86724547f6bd51358008084ed4f49ddf0acf30c65b429dd9f810cf55b5d756be1373b3a8f39647e074ea18984c4b7f22cd9689b42b3858ec22e30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
34d3e9516eb8e515a0d6f5e65ab1e8ca

SHA1
a56879ecda2a6cca85e5c6bffd1dc18c8d75a03a

SHA256
d9375ef27c1114f9d25b9d2b70dac1df23fc46947ffcc620ce9e6d482190a1c9

SHA512
1b4be7be3fe7ea84564bb205bcae63dd2f663dd79de89252c4e8a40aa357c3fabfdf3e1084d33ed1ed28b2120c7465c164b45de2f044e7d725bbcd7a6d8b1099

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b3727473af970baeaec53b835c0e490c

SHA1
3314420eb5ae6c27797fefdae8f2c48b71a2d506

SHA256
a335d53202ee49bd22041f0eafcd01b5e5bb8772b1dea2a7bbd2e501c66c8e41

SHA512
fc5641af53276c3d029b21b067f1566d9e7cf1265bf8abe1fdb2505f20010accb35a16d76cb80dfb6ce6d81818a5548f3707be526b758e248f308784349b414a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
894e9e6470f7003d877d5cb31f3046e6

SHA1
7d6183d030a902c6aaa4e94c020d6f053db00e52

SHA256
7070bf0aafa5c926f798c0102127fdc3a9e8b970b925fd95c706bfa2cc828452

SHA512
973fa6253273eb23c863fc2c70fe6efdd5336b36a7a410fd7ad08b85b2104a0c715ef6f85214fc09b359ce98d45bf4620e614f6ddf712d0daac6295562c540c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
a1a621938f778097d240db7288b99e38

SHA1
a0f69349de0ee2a55f685ade2d7aebc09cc72bb2

SHA256
8c08da8c04496e8b34824f21c79d63f2ca2d9bd1d412965559ea9a4a9dc9738b

SHA512
04ed1154ace8e8a765a7d05af022ba3d3cb78e97524cb7593387a25661113b0b94eeb7c0d11a792f5062c8a93b275e137af4397eb77e0abc9b3f30c55e2adc07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
6ef90f47a9078429ac2d2c3bd58bad26

SHA1
8f2dee9c3dd1f08ca66f898fd5c824d94895f037

SHA256
dea3cfef0ff999e9ad69ea05003da816e8f5e46fc7aa0927c4ab522983d4380d

SHA512
6df2f4188db717aedf817a17e947c83e0dc6688c3b995cb54acc6af936ce4874828d0ba0cf49f844e430912be2ebd1d042386a9f6846e64a4f2fd233398050aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
a04a699c2113258632193caaa45c6d4f

SHA1
7cd38aacba0606af2cad8716bb8e85bf7c2559ff

SHA256
7703d4a353b9430e5bd12106e2be853d799fec7ee442c2a0c1571cf7e3c23c45

SHA512
592ab497bd15ec1d247a9f11b845038d9212df47861cdf972781fdb124d8dc2b69d9a63c9f0d6bc7942ab98026913d2ff46f61f29586e38e78b7d3f0a6a16947

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
a7948513cb7cf65ef20794209a5cf7a6

SHA1
bc97ae1b217b2d48d0c302e1faf6d3e32991c19f

SHA256
f6af3e9a06cebf00f4b1ff5ac33bfe182de5b23cb2b417afeb2d4622ba39e336

SHA512
6338f7c8e0dc1aed7124013e61ce150c07c8518c11e66734efad8fece437074ced04e2a55d590d5b9568cee272a094cdc0d06f151b17a9687d229e4befe0c907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
35a0475aa589ba1c89a5fb820d9b7494

SHA1
e690a81a039bbbf8263db7de0045cd93913ca790

SHA256
5e6db9b8df47ab859f6f72b4c9b05bf6c73bb9df9404b1603f94c4b40a52d56e

SHA512
8195f7e6ef487913b4855cf88c7ccc747662da2b9f7f94d1509d79a6a8b066071c4b457d74dd59ebe3c1ac1e567dc8d74b460539aad654bbe001fc24dcb949be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
fb57dcd7ab71bacf36cf2f887dda7ad4

SHA1
d385249f59364f7ce60e35531aea8459435b79b7

SHA256
92f4abf2c0510e4ab4170b2d9fb1cde0ea6f911001b248ed88118b740f0ea1de

SHA512
1aaeb490eac852926538922393dc302d8b64aa1004d0f5964ab8df64863f876680e72033912376f7a922c9bd9cc08d6b3f3bcbdb196a25d4c648386a6393df98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
bfeb7d2dc267ee901b2c4ec7f86bb872

SHA1
77b4647b94c1094d1e4cc924f7e9509fa00ec8a3

SHA256
a47596daa6793befa5b4160240e594c45a4d20fd937569c59a679b32eef68b7f

SHA512
44fed76fa04aff2f338dd0a593e78cd21d962892cdb7eaebd0498d2d6045b63c644214c8d0bc1e59cab675180e6f9cd1067abe70ce58a41206401eac2f56c322

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
4KB

MD5
b1ed1be2f4f79e4803b622a112f8856d

SHA1
d655ad69a56bed009ad68e23f3e0c820ccd6dcd9

SHA256
a6c66e361335f2e5e246b347b19e382e421e25d5ee958eaed186723c8edb8c55

SHA512
897a7f48bc438e944d7bc5cdc1613131e36d807d94df0f5e42ca0b167aa286d2d28d8e72f984b0bc528bdbdc5c9d3d91a0996ef61f8f20d1a1c6d6493dbba23c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
4KB

MD5
20edf68dd078a8178983fdd946b19aa6

SHA1
18f0bf7b3fc1b97499abdd488a36e77fb6f8b0ec

SHA256
40dc209f44460cd153c67f34ed7eb52fce49ce21c86a35151d67f577e19d7d84

SHA512
ea7bfc195a17abfdc5d9eb317b63568ca16df3a3d57b17602dd3b9df399a30c775e9e1d0e0d5ec68243364dfa303985b31febbb513cdaba21502e97c24c9c11d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
273d70bfb3a8b632c26533534aba9272

SHA1
fcd7a16dcc166817a0d5b3fcf5eb1e3e8aabade9

SHA256
2e509a133e7f6a1045fbfe53c8cf71983ad364b037dc54beac4f432d33490cfa

SHA512
d79158a1df2a4e0c45d72868ea385b5765a83be8a1f71de3470e59094996c657414176207937b4a87c2a1596dcb5b8075931a0f30c81e7e8568878688f1befad

Download Submit