Analysis
-
max time kernel
139s -
max time network
139s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
21-08-2024 18:33
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://GETSOLARA.DEV
Resource
win11-20240802-en
General
-
Target
http://GETSOLARA.DEV
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 53 api.ipify.org 3 api.ipify.org -
Drops file in System32 directory 2 IoCs
Processes:
chrome.exedescription ioc process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF chrome.exe -
Drops file in Windows directory 1 IoCs
Processes:
chrome.exedescription ioc process File opened for modification C:\Windows\SystemTemp chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133687389960305836" chrome.exe -
Modifies registry class 1 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2842058299-443432012-2465494467-1000\{C87EA832-0319-450B-B2B3-D180B646FE29} chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
chrome.exechrome.exepid process 248 chrome.exe 248 chrome.exe 4116 chrome.exe 4116 chrome.exe 4116 chrome.exe 4116 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
Processes:
chrome.exepid process 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe Token: SeShutdownPrivilege 248 chrome.exe Token: SeCreatePagefilePrivilege 248 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
chrome.exepid process 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe 248 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 248 wrote to memory of 4296 248 chrome.exe chrome.exe PID 248 wrote to memory of 4296 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 5112 248 chrome.exe chrome.exe PID 248 wrote to memory of 1932 248 chrome.exe chrome.exe PID 248 wrote to memory of 1932 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe PID 248 wrote to memory of 1388 248 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://GETSOLARA.DEV1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:248 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde889cc40,0x7ffde889cc4c,0x7ffde889cc582⤵PID:4296
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1928 /prefetch:22⤵PID:5112
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1744,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2128 /prefetch:32⤵PID:1932
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2184 /prefetch:82⤵PID:1388
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2992,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3008 /prefetch:12⤵PID:1464
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3024,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3052 /prefetch:12⤵PID:4596
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2988,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4056 /prefetch:12⤵PID:4208
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4664,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4668 /prefetch:82⤵PID:1336
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4864,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4868 /prefetch:12⤵PID:924
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4060,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:4060
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4424,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5084 /prefetch:12⤵PID:4348
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4580,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4480 /prefetch:12⤵PID:744
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5296,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:1192
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3496,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5284 /prefetch:82⤵PID:3872
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5436,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5592 /prefetch:82⤵
- Modifies registry class
PID:4176 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5700,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5692 /prefetch:12⤵PID:3748
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5868,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5864 /prefetch:12⤵PID:3620
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4852,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6104 /prefetch:12⤵PID:3724
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5252,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5340 /prefetch:12⤵PID:1400
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6164,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6160 /prefetch:12⤵PID:4748
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4248,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5224 /prefetch:12⤵PID:3932
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4808,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6152 /prefetch:12⤵PID:3948
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=3296,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5352 /prefetch:12⤵PID:1244
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5420,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6108 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:4116 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5128,i,4276700991638103514,11034346455389733642,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2688 /prefetch:12⤵PID:912
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:1520
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:2516
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5b5ad5caaaee00cb8cf445427975ae66c
SHA1dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA51292f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f
-
Filesize
4B
MD5f49655f856acb8884cc0ace29216f511
SHA1cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA2567852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8
-
Filesize
1008B
MD5d222b77a61527f2c177b0869e7babc24
SHA13f23acb984307a4aeba41ebbb70439c97ad1f268
SHA25680dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff
-
Filesize
649B
MD5e7e5491903cb94cca36833bdb3b28589
SHA14b73a51f4ffd7c7be9d343b80684032af647dfdc
SHA2562c3cbf92db4d700cc118c1b1d561c6e8fab791d0994ee16bbacb0c2a7ec47c82
SHA5128bc4b71e216dc39d5b7a9781bd88bb852abc3b758b9c0714f2b35dc4c9437e4feea82c46ac2f5dc65c1b6d1a82ff9093f1e0627278e3d834ebc27a327bbe6d82
-
Filesize
17KB
MD5067d2051ef8f7344da9b1c68253a554d
SHA1c1b861a3ce34af1d75e3ec875b7c1177fb9a1d2a
SHA2567591fe6e88aa52486b3b028ba1676a697ea517c2f75ec26f870be9381be060eb
SHA512b5d91e6ec780f686681537a2119efba875fcac386299ec8e6b61349848184fcb6de6417cc827bee4c83e1fec7be909fe93fd0a3bd0cef86745fa95cc5fe36ff1
-
Filesize
1KB
MD575e92a0f8deeec4ed892b5f29d49c806
SHA19388ddca9341b93c2fc26ae96b47bde70e6e5e02
SHA2565edc7364a2f47e40e409598d5cf3b4464584ec516caafed8eaaebf1bf5ef24a8
SHA51207ea181244b3cdb97a188a5d4ec6c46cc57cc7df6b7ab74d778fa00db991d8e53d0095080c801249a7374c28fcfe920851cb28e01aaee4835972e930975a3138
-
Filesize
1KB
MD5839b36bc4b762a02ede2fda45369cf1b
SHA17bc977cec7951c6444d3428a3477c364e4223382
SHA256db33f1f2224e2112eddcf0dc4f4a7aa9a16219cddbc72a00b6efd366afd4d689
SHA512e5fff428e9ae94ae411c1b4170262349e3679c5d4360901352a82dfde2c79aef7b42bbf3dabd7c51dfe91f15f7bb11be16a001344456ef3dad37a9b9b6847a09
-
Filesize
12KB
MD5787b8b533e7aa71ae0d3654cc275f90b
SHA1ac0ed9382339f6f170949c19235f9a8625aba687
SHA256d83cc7cb5b67d0437daf9fc0687b5273adbd5b5aef366e7c444e9c3be453db71
SHA512a2049c6ac111b303c06f5aac6e31fb8ac5d60589deb9f344c2d0904a3f386a239c91a96fa6cbace1d909c32367397d50b82023a651395666d5746d161b204f99
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD566d1b1213d47f2692bc17d4779a9039a
SHA1d74f4515f39ec209430159db442e45da5659afb5
SHA256d982bf701086194afb1c86096dcbe19c57cdf609e536e95f9169322ebf579f9e
SHA512f931e64387ea89998d510dc351fa7a7592e386a520e2dd57f78b473040a612b977cb9643486beb8a21ed919f169600cd25c770b72daa04a795aa35e9dd4e4453
-
Filesize
1KB
MD577f59c313dad11bde697921f48a92d30
SHA1e39369e0fe533a449489499aad41a13ad77d6015
SHA25633ace5651ccefb2faee1561304f6f090d0434baad26421cc8c339e2c48ce3f4d
SHA5120fe40c7bccc8265bfe376d5746aa010ad9a1f36ea5fbbd31be20c23361597e9b6993bd1c9dcc435ca31d27ddaa839d6a3e2e0c5ab36b1ddf081e8735430a9b6b
-
Filesize
2KB
MD553800dce8c82bab97541093a064f6c8e
SHA11ce15d17e0ecca029829ff45c1be15b6a773a2e2
SHA2562645ab8a0a1ffc58dab37ebe96781cafd0f63871c92aa5903f2718592d3c4ef4
SHA5124ae21ffa3dd353e32be369e7fe0cad234af6c8c58b44d9a3b524d0bf5227be86a9bdc781a91d168200adc8f7b48c438e58789a4c73efe5fde00f5e6914024e40
-
Filesize
9KB
MD5c20233db38bfc3b005a701dca1792b4d
SHA1728378d10d2fb08d936880e0f835b16e737f46ee
SHA25691472c597f72eb6af9216f25302f2ff1f5f1844a8f40f717ea6c6efbe8540227
SHA512291e7ce0a198e926c99e0240185693557d25a12523bb3c490dbf3fe841f712fc997ab5bd995b89cb485f47725a56aaa40af3f9e0f9447cae84353449882bb366
-
Filesize
10KB
MD556344eec9f4dcb1d296f3abf76ebf966
SHA1815357968ca5c907bcac9e560ede3e8cecd80df5
SHA2563b5447d56c886298f7990b7b143cea6808ed541453b18ff158cc9c1db70f2b55
SHA512691cab5afd00a0731544927f2a40b100b20a6d250a6e714b80b57438a6bbdcadb3e3c9660563cac0117e405da2403d4b5743d84603982532bc20ff5f33d9d46b
-
Filesize
11KB
MD50dfc83827f0a657f7ca4a02362697ad7
SHA1994ab9d58a16008dd5ad169dc22557814d46622f
SHA256f6c73e0a127df5d244f78951e145a6e2e8691c3fc5a7ae345ee9dcdd9d7094ed
SHA5128bd94e16fe938f88caab4587466bf1aa8439fe3fc1301b189ca860db3dd7a4ea90fa902852c82cb9bd71ecad7c971b9f6bd317c332a32ce8888c591a47334a7b
-
Filesize
11KB
MD52252ffa182cba40988aa15b43cab2b34
SHA141e1731c217a6d88e9df706ecc25f34905b3e079
SHA256b04bedd043057c8116122a22e542c39e8623b3210b6fe406ec8606430a4c0702
SHA51294125260d825d107fa059b170f44223a6e75abb7f04677e5a9750e452a38d38c4f88aa301a9ffa320fb45046d8d67dd0ed5b8de750682508c8534f96eb342a0a
-
Filesize
11KB
MD54270fa96ce2ced516d1192ecf6896163
SHA18ab1d979a9d7eba328bf29fe47ca27d8523ff5e7
SHA25618974196875ceb3e3ab57c8190bb31297b37d22e59cc053a7b9a6f90d6663c78
SHA5126e4a3cf3babeb28f114ba89fcc381bb47a4aa349b1e4ea8e10221125ec89692e7a47190fde8d23738a1628321678268af1072178169fb66c78f23a615b6c779f
-
Filesize
9KB
MD5934407c89a37f708d48a73ae1d0269bf
SHA13a57a478e774d0ff79600ad6c35c67499f52003c
SHA25604a6455449795326a4c04f4eebd51fc0c9c5091984c426d171c46e8f3ecde257
SHA512c1bf7ea1c64d0080527071669d4c9f16a487d770a65820f4fd076d2f0cbaddc3e429a487889e4407f11aa364071fc0c9b790a843ced67ad968413a18379511e1
-
Filesize
11KB
MD5f24d221673b2d4f6068f67ecbed0419d
SHA11e8a97994dd6dfbe8eb6e683c86868fbad41f964
SHA2567018e9bce6f4d515b77ac748f2ec10e35d96b8b4f444b716a005ca5718a41be1
SHA5122dbf6c64e421e7e9738fc65ed7a4f2735a17033006be871bcced2c2cc8d178c53b9766150eae26db08b8b46fff08caa8f524ae28a289e0fd102d44cdb5aa7138
-
Filesize
11KB
MD5a64c267da23654bc3ab5435676b5280d
SHA1d99efa89c5101ec0e149f05e3fff01c8fcc2fb03
SHA2561540744c96fd8ca38095ce50002d3c019ff39fbb97740569c497b76fe6cd1c65
SHA512528cdd6e0675b7ffbf90444c187389c3a5bb679b671f2098f5d88e86dba20354e0925d234edf2e725c12d40449c44fc13f81b8f3ef1db6f97f3a7899d97faf5b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\add28351-be88-4fb7-8167-a2b360a9a4c4\index-dir\the-real-index
Filesize72B
MD5ba2c057d65ba485a0a42485c1338444a
SHA154c6305147f9556b0b211c3861c4d983b798f09a
SHA256977ac504063e382f87f79f2fc9566f0e104258eff3a9fc1ee6848c389c1ec725
SHA512ecfb9f8c131a7306a1bbbc3f2c315cde9fed54c1f65b9e5498bc828b5c67b33d173165f7ad7d69bf70bcfc6904f0c0c196cfd48f339e30baa1a50eab99d83d60
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\add28351-be88-4fb7-8167-a2b360a9a4c4\index-dir\the-real-index~RFe587829.TMP
Filesize48B
MD53735ce93a09aca7e5d296316886eab44
SHA1bf99e3640fcba2daf6c705e449085adb5fdc1058
SHA256cafd5ba8836e831617fa346583738f15e1446998f7d0e22be5e1cdd1b11b4463
SHA512ac9a43d074b024c311810769cb3ffda9c9c45aef91ec7791f98656e0d15c2b866942bed9e0d207917533fb1ff6583b3d1f2bfa9a48cb99f1a42eff30d6812ecb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\b8687177-b03b-4afe-8b20-c5647f7eac91\index-dir\the-real-index
Filesize3KB
MD5be9d037bd5c08e46308663fd119fe69b
SHA19fe2101d7580d71acde7abf0eef85c0786cf2210
SHA256011985a345a03f2713d3c2ffd260c3e31e787ddd7cf12189a970f521148be482
SHA5124240fa8441640e827a533fafdb33ecbee6da004635280e3f22d7188850c9597b50ec3e86635f0e406bb4db7fb387f94286bb7352f0a116c42f7f4cb93effbb3d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\b8687177-b03b-4afe-8b20-c5647f7eac91\index-dir\the-real-index~RFe5876d1.TMP
Filesize48B
MD5fbad63e614de7f3d074d547d5448ab7a
SHA1c5c5a2bafb42bc74513546791a7d7c4c3481038c
SHA256d5c5f75e6fc092530d45c1897056d95524d00495f27f6290468443bb433f8f32
SHA512aaf392446661451f5dba0f716ec8234fa85bcf2ab3e0c34387de281ec95861661ac2bc5ccf84d6a778e9314155609efe5244745687736778580a6e19fe6cd131
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt
Filesize202B
MD57e86de536ae678b3019c9902fc7fa841
SHA1aa8fd9b8ea2e9fb8abd9895757e6f7e615a7e32d
SHA25633e54d034b774e82bba82436157388d461f2fee6fe99c32f0d6698ab05216823
SHA51261e02e400a0225e0449aa06eebd29db4372eac09c8d08f530637d5b81066df3f65ce2be9cf91f3e131e761b04484c8235dbe64bef54cdd6497dc70cb0bb13c4a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt
Filesize262B
MD5ad59113471b55471c25ba0b597030846
SHA11d40d81244d8c44156977b2de440e159d33c34dc
SHA256373d78921c5c8f2e01fe71cabf56afb0019bc7194a3b2b9e394d95548423afab
SHA5120c9e98cad86965055adb0d1a5cc2fefb097a9b895494e77d18d46b063ea86e87234b6e8bae8a61e35226eb6439b2787c13bc227b9e1b02b2fb3127407b962c09
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt.tmp
Filesize255B
MD52160b90be84d3780f7766919757f200b
SHA15c353cde1c73612bac34ea0e7ee54804f172b11c
SHA2568d96298292765c2323fc43f9ed733443de218ce6b05bfde6081f07ce0ecb94a1
SHA512fd4b9aa7f635dc4fdf7d4070079cd52242cdc0e30369aaafcce3007bd68a1e4230a90700e0ca44484275edeea6f3545704711309376e94399439d91d33a6ba70
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt~RFe57e157.TMP
Filesize112B
MD56805987bef8766765c0a3290948d4de6
SHA10d03e9de15a45a15fa99f3d9ac3b2e0df8b2a280
SHA2566576db420a6984c2b51780ccbba0361e367c9952eaeca6441737a31963c72cee
SHA5122248bebcbb71a3d6026466f8b4bfc3dc93df35ddaaa022b5878c347a2026b138f765cddacd8e4fa1172fa5694534e1b97465a6a3a498fa6c446d48c77071be54
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize144B
MD590e26c0203aa8e1c54ad5da2a848cdab
SHA18a4ba26f42b2269d5b8eaa6f22945a30c06a7693
SHA2560b86d20e0122db6b67c8719ab0c7fa76511f3fd0a1105a7209d6e744aa92f39f
SHA512e098efe32bb1633b92d8eb6b92a22d12eff6a9589f73ac29c81af8f0d9172c31fee0a1bc9e154dcef13eb7ce070e76355a9f66f60581587e4106bd88cc2ea369
-
Filesize
195KB
MD546c468131b62a043242a36a1e6fbaac3
SHA1c710804a5b9bc6c9a69ad32bae72cb1ad95096db
SHA256731a66b1833ddc894609bb5bcb847d77998a8d19c22ecc5e2346bbf6dcef1210
SHA512bc83d10c0ba6ca1098d8ab648028cc83ffe3346dc6fdc4468bcccf82d1f272a0eb76edb0dec3acb4d83e9e1e8128355fd6add8995750e776b5f792a26d7f13da
-
Filesize
195KB
MD5373b3d7c3dee987f219590e21a3eea46
SHA1ee30614d2cb5b0f40014a1e63425dd50e35d0137
SHA2564ade078a5717983a830b2f421928dbaac93de1ddd209d12e9e4da78b9db35573
SHA512df632145ce4a1b28edce5bb44ec356b133dade37348019a2169e6aa2bd201053db2cbd7ea42feb3eb0c12fb1ee70b3f4467bb4669c31678fffb9851efe387eac
-
Filesize
195KB
MD554722de92be3cd67806646186f41eefe
SHA166f89f8e59d4fc5f4dcd5cc9cdec0d1636c63618
SHA25699ae57f6a48b99c9957d656990bfaa302f359702f1aa2d33807796f79c5e1ca0
SHA5121dcfed8b5ca40d1a4e3e4cf4809a1dee1f6d766fd570d48aa10c7656f961d7a8e29f928556e4ca1767a287327b783cc8fb235e0e6493527338d9e87def47bfd6
-
Filesize
195KB
MD53b31c076175620a9b32f574e83ca8906
SHA11a4db0d95a844f0d70d0e7cfd9a5db9364cbf3eb
SHA25611a0f0cf7ba39438d817e4b1ec8375073fe40892db5fe50093ad3020b76ccd08
SHA512c3df67d2cb648f5bf74f188e1f76e3d63539d47303997aa3429578c3fcd0b05104c27ca6a7cc733487e266e00fb9924b17849b5de91181504f697cda575c0033
-
Filesize
195KB
MD5ac0fe0aa0533e8ae21f6089940e43469
SHA16b4541a8a187efd77a211c3dcd1ca9e87394b799
SHA256846a5e0449f432cc408c4f31d4baea7902971ae8403b98c4fcfb1f9ea13d16a3
SHA512d2a62d72c655d72d5fe2d9cdcc7c95bb2128af7b99735b678e98844306fdc7d6896922c363d92ddc020c7a8d8c728b0710efab5328352d0876ff36fd80dc32bd
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize9KB
MD5ef5005378e93509b2e7c66fe804af15a
SHA1cce472850b39378203584f629f81836a6a2bfa2f
SHA256540c5dec7bd34ed0b30fb06ac970d275d7989062e469b8ec6980a04733afb843
SHA5120d75a1c075e702062cd1128f70f8eebfc0e17076b77b5d01456be77c61edb5dcc225beb609a71796ee8d8ab2b503da08b1e9f757ae2de6e71c303777d10a5f09
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize10KB
MD5ab94787d22a89b0315312b65d43a9110
SHA1d356a08b9aa6c9cb851be38951fa603f73883474
SHA256e8c2dcbd1ecc8810b1d435b645042f07be895e910c14304114f363b97797711b
SHA5120786f865f35235fb74febca5c837b5a4a1054e62527e06617225bcb165d2522a28a02b6bb2dbc10ca47f301a3a3b1c4d022e2cd7fe9295c9083433ea0d770190
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e