hxxp://email[.]mylogbuy[.]com/ls/click?upn=u001[.]Mu3w-2F-2FbqVbNYF0KR2CIQ3EWxS1Pu-2F-2Bj7yKspVP-2FnYNLRVPUCPm44Uz7vdtj-2Fpeyui5L0OmvEzcElHgRa1wjMmsh6fLsBZwtPLM1JG-2BpBxLdD8TGJkgY67QEAmMG3tKmjtmvp-2FcEtvDJoC9CmkgRysU-2FgDlwYaF5jfrxQFQcruQBbosyWligVSKyuuXa1KX66Lt6mesivs6j5qv6I7qh448Sx2qAxmhvqcd3kxW-2BitCLXOZDzSLWl5L6T2AzrpUAoMvg7-2BA93lLeojyv-2BxzDb1MlX7iVFtTWA3suz7cEHzBSbxwExoKV0AjB7ec8tDa3CZ0FOP2MLwWokrbHRRjVe0ugubqL7crSi5UDLJhViZtIg7hRDWHIX1L9dJS3I5ykAgz5P8sBViT1XDqzHb6U9d0xRdeYeYe-2FvW8AAArlkAU2EoEZcB6hdB4gQRRgiRJWwAeP-2F0qBLyO9dJS05-2FxLW-2FH9xpvlScWwtjBe0hFtGFD1X55gwf32Ny-2By67NBmD19JkU1EPSNMLOr7-2FgkrNZ8hlg-3D-3DUzBH_HUyirpnN02zbsmmCc-2FXrpS7eOpUOWY8T1Wy8hlzXEBiFJy9MmJG55sJnEQY5xpKXmxqnDDSSMPEh0KpwdBGgPlkNQfhF2v5InN88190XH5MwkGnWbl85fsDE8tNmG0SeNBb4qWyQVtltxA1kYJ4LOQ9IFE-2Fe9sW-2BxqUawhoM0b3qatLbeUwnkXbRZ9l33YYUXrYoGv8UKGTTrNCqfahi-2FLT8EdsjxqCvKdua8D-2FKwk2BYOKj-2F9RMr4qF4iOm1vfVt-2BCW6Gvu2p0aYhFHSBAExSy7iJh27BnUrblkda8DgWY-3D

Analysis

max time kernel
299s
max time network
290s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 05:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://email.mylogbuy.com/ls/click?upn=u001.Mu3w-2F-2FbqVbNYF0KR2CIQ3EWxS1Pu-2F-2Bj7yKspVP-2FnYNLRVPUCPm44Uz7vdtj-2Fpeyui5L0OmvEzcElHgRa1wjMmsh6fLsBZwtPLM1JG-2BpBxLdD8TGJkgY67QEAmMG3tKmjtmvp-2FcEtvDJoC9CmkgRysU-2FgDlwYaF5jfrxQFQcruQBbosyWligVSKyuuXa1KX66Lt6mesivs6j5qv6I7qh448Sx2qAxmhvqcd3kxW-2BitCLXOZDzSLWl5L6T2AzrpUAoMvg7-2BA93lLeojyv-2BxzDb1MlX7iVFtTWA3suz7cEHzBSbxwExoKV0AjB7ec8tDa3CZ0FOP2MLwWokrbHRRjVe0ugubqL7crSi5UDLJhViZtIg7hRDWHIX1L9dJS3I5ykAgz5P8sBViT1XDqzHb6U9d0xRdeYeYe-2FvW8AAArlkAU2EoEZcB6hdB4gQRRgiRJWwAeP-2F0qBLyO9dJS05-2FxLW-2FH9xpvlScWwtjBe0hFtGFD1X55gwf32Ny-2By67NBmD19JkU1EPSNMLOr7-2FgkrNZ8hlg-3D-3DUzBH_HUyirpnN02zbsmmCc-2FXrpS7eOpUOWY8T1Wy8hlzXEBiFJy9MmJG55sJnEQY5xpKXmxqnDDSSMPEh0KpwdBGgPlkNQfhF2v5InN88190XH5MwkGnWbl85fsDE8tNmG0SeNBb4qWyQVtltxA1kYJ4LOQ9IFE-2Fe9sW-2BxqUawhoM0b3qatLbeUwnkXbRZ9l33YYUXrYoGv8UKGTTrNCqfahi-2FLT8EdsjxqCvKdua8D-2FKwk2BYOKj-2F9RMr4qF4iOm1vfVt-2BCW6Gvu2p0aYhFHSBAExSy7iJh27BnUrblkda8DgWY-3D

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133693842850876200"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4640	chrome.exe
4640	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: 33	2756	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2756	AUDIODG.EXE
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4640 wrote to memory of 1388	4640	chrome.exe	84
PID 4640 wrote to memory of 1388	4640	chrome.exe	84
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 5000	4640	chrome.exe	85
PID 4640 wrote to memory of 2888	4640	chrome.exe	86
PID 4640 wrote to memory of 2888	4640	chrome.exe	86
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87
PID 4640 wrote to memory of 3772	4640	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://email.mylogbuy.com/ls/click?upn=u001.Mu3w-2F-2FbqVbNYF0KR2CIQ3EWxS1Pu-2F-2Bj7yKspVP-2FnYNLRVPUCPm44Uz7vdtj-2Fpeyui5L0OmvEzcElHgRa1wjMmsh6fLsBZwtPLM1JG-2BpBxLdD8TGJkgY67QEAmMG3tKmjtmvp-2FcEtvDJoC9CmkgRysU-2FgDlwYaF5jfrxQFQcruQBbosyWligVSKyuuXa1KX66Lt6mesivs6j5qv6I7qh448Sx2qAxmhvqcd3kxW-2BitCLXOZDzSLWl5L6T2AzrpUAoMvg7-2BA93lLeojyv-2BxzDb1MlX7iVFtTWA3suz7cEHzBSbxwExoKV0AjB7ec8tDa3CZ0FOP2MLwWokrbHRRjVe0ugubqL7crSi5UDLJhViZtIg7hRDWHIX1L9dJS3I5ykAgz5P8sBViT1XDqzHb6U9d0xRdeYeYe-2FvW8AAArlkAU2EoEZcB6hdB4gQRRgiRJWwAeP-2F0qBLyO9dJS05-2FxLW-2FH9xpvlScWwtjBe0hFtGFD1X55gwf32Ny-2By67NBmD19JkU1EPSNMLOr7-2FgkrNZ8hlg-3D-3DUzBH_HUyirpnN02zbsmmCc-2FXrpS7eOpUOWY8T1Wy8hlzXEBiFJy9MmJG55sJnEQY5xpKXmxqnDDSSMPEh0KpwdBGgPlkNQfhF2v5InN88190XH5MwkGnWbl85fsDE8tNmG0SeNBb4qWyQVtltxA1kYJ4LOQ9IFE-2Fe9sW-2BxqUawhoM0b3qatLbeUwnkXbRZ9l33YYUXrYoGv8UKGTTrNCqfahi-2FLT8EdsjxqCvKdua8D-2FKwk2BYOKj-2F9RMr4qF4iOm1vfVt-2BCW6Gvu2p0aYhFHSBAExSy7iJh27BnUrblkda8DgWY-3D
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa591ccc40,0x7ffa591ccc4c,0x7ffa591ccc58
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,1631431506006384463,8260231424775091352,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,1631431506006384463,8260231424775091352,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,1631431506006384463,8260231424775091352,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2424 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2944,i,1631431506006384463,8260231424775091352,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2940,i,1631431506006384463,8260231424775091352,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3880,i,1631431506006384463,8260231424775091352,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4372 /prefetch:1
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4612,i,1631431506006384463,8260231424775091352,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3332 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4876,i,1631431506006384463,8260231424775091352,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4912,i,1631431506006384463,8260231424775091352,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4800

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2700

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x518
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2756

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b664bc5ca0cc5b39293c05f03b5459c7

SHA1
1c71e18de7e6b441631a79a75ef34d1706943b4b

SHA256
898c6081c4f89655bc78a2fea8bb157f93c21674cc300c5518a0b5cccf23d303

SHA512
8ac9f6f363ac1cb93887ce956e25b9878ba87b59cd9e603c65e548d89ae9597c1e6bdf491c476d445f6037f44377ba83bbe727a1f1c6036dbd68c951b69ee876

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
1425ab8a64fbda5912fb0b1f250cc138

SHA1
1d699416b51e638e16fc2e93721a635f3c3690e7

SHA256
a9d3063969c555b62f297e9222f270032dda19c0c4fc4f79c7814f90867e472a

SHA512
f3e06845215d8783fc118cfe51de467f5e4c0c9a6fc4b1831fd9507e313990d73dc2c3cd0703727dc7eda2c19c68c9191e753e2e1586a46ae7b2bb443654bace

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
306a20ed0f529d27cb02b89f62b7ef4b

SHA1
d98a159e823fbe2d8429de649020efa3c1b7b711

SHA256
9aae625e8628847b8fc3ecb146cca7bfea13649460b5adaf31c8f4fc2f8f19a7

SHA512
63d32a1e1167c57a6fadfcc4f1a62fe798ba1f06343814fab58a6d2e6885dbdc59210766c092c61d673f3de173b15fff782a881da4643cb94b7c6967446f38f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5bbe9444266a08abf1038de4db2b5441

SHA1
12e60f21b184ecb5d686775b51056c4d9a47d214

SHA256
35ea97258be881678542144cf7c9ce1e055e71a5df4c96e247e70799a5e7f99b

SHA512
2a06fdccf6c59981b22a7668da2e7b74a4cb696ddd96ceeb8c1afe5ad11d4b31be67cadedd1abab77b555b75e0295633cc2ece02a1ca5d3c028c32408cf4e107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
53e01257b04d54be6fd2e94d943d548f

SHA1
ef463c8f88f429aee0b1d3fd82b5dc452ab4cfec

SHA256
2ced62bc433cf1372ff19157f4d405d2971d91332a582a0bade58a6af88b39bc

SHA512
82ce50cdffe14403679443543118b6efb86b86919d85c260184ce14a954b1590d0628d237752e5bd4563fe9169596e6df01c0f3c541b89132536ba5b96983a2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9411f454cbd34293c927270816157b5e

SHA1
030863c419056ec0cb830473a805dd3cb20c84df

SHA256
34581b8ed66675e4584157f63e749321ed705dd3556b131837ae2e48dff16526

SHA512
07a9bd56347264ccba57a3abcd42e4275be8090d27247f03d3181eb4d3d04dd9b361ecc8c0b37b260e0260ce999e15be32356458b2aa706c9127cd9c4836699b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
69b2ed0fb56970c5ac0ca4eb7f7f0b2a

SHA1
d561931e0522b154a3d724290713f4d911d921e4

SHA256
83f0b6bda765a172a24a4c27ccb819ad910296b5f470c88895522607d7502ca5

SHA512
1ffc5cae36a2ee75f06c9ba4dafba75be11787622f13b056aa50b617d68fb536800c7c932fc795723aced72cc0177085fdb259853ae0424ea122a2a272222898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0880542bc3c2a2a6fefc1693727e8eab

SHA1
765b7492f47388fe6c5eb13bea86d56065f401ba

SHA256
810bda64b43e86d5a75d83a3cbd3276bc3c55992908ecdbd45a25066f28295bb

SHA512
cd14c3bb2ea1393b66c9da8d321179c5304ed5d46fbad30d7680c1e7dd09b26a9fbaf13c2341b6ad9fbf5e822571dbd13ae1dce795b502e059b1c38d4fed412a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0c61547ea71e0913a0485da1ed098b75

SHA1
4abe0add3897d3d8e7ccb2ca7af4d976aa9e43df

SHA256
9661e11ba157232ef6cd082a918d9dcc0646053b7ec03ccff50267c73fe321ba

SHA512
735a2883cae7cc0a5bd8d1007e7b8147b3e35d04beab56028effb2edc9bfa20af73ac40af2aec292d3fa6d2a07ebc078c4495f2269b5e3107a1c239636e616d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb1115fb111c5b3e40567ec7179a0aec

SHA1
df11e3fa63d94d837d64c7664ad4802e70085e43

SHA256
deb81840451ce728fd42851203f58394c6d6efc3aab91eae00e8cba60aa6ca34

SHA512
518efcc4d9778e81557be8cdb8b5091c7bca23c47b8323b792b5ba1b84774092911504ddb7731269980d5343d9a24c5d3e7efe51088231d78fe14dce61ee8fb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae26c7f948b38ed0c304e9c495ea2f31

SHA1
d9a8373d943268a8f9fcbc4d432a96cd4b01ecb6

SHA256
e35e90eee9816c3e048de91bd775efa90631d570f398247b097e49c70ec8730e

SHA512
55900a99d2cca79508ff091e3bc08385c6aa502a8f0c5a104821dd6767403ded865cce5c55617e562bf460cc04355c18c43e48410ad381321ee92a0543438336

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
404557aacde2402c98c0625a2c422c3c

SHA1
a012d11c27a20d22d668c9f43f7f830715c2929e

SHA256
fd130dd7bb9ba9b70cd40f2f1a46321bf9fe659dc83a260bab114522b96575be

SHA512
7196f9d30724c52c736a177173a1fb5f723bc7d7601ffe5c6ea144565974034d5fca9b1eb1245c1d464c2244983e5e4693f146faaa6feb3f98889de22430c57d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be5d847c8625531b41d088ca2c5d994c

SHA1
8d3300b2b756e5a96cb1193d42dd5265e3372426

SHA256
6d8ddb38fe085538a9851b4dd6e9828c6346b85e93f2a96a5d14b5925632b643

SHA512
672c48155ee0b5340dc234f418c7689d19513c6416f8069eade6b9e21a8dabe1e315665f4487fa02a431473f55e539db8ce5599fa0a46e570e389962f35cd0cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9d074a1cda5a9beb8fad09e90c9d3ed9

SHA1
84a6ba3aba19679d7e17031fd934c5e71b1f2106

SHA256
6a7ac7b1091de9a3c44bec915c3178035e9a73a882d773f3bf7cd8ff2875d38c

SHA512
9404858c290795d726cbf164a54d4d70194a2dde0b5f07e4908aed3f575d050d65487c5a83ee3c539b08e39336a4dd2c54b874c108827750c29fc3f13aa186ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3254d6c728202745f7161b2731802183

SHA1
4c9c5ce6b1a1133c85f81a60ffbe14235fe209f0

SHA256
a2ce3b379f77d137c045e040a60a12f44da485fc2fff71460acf74dc9fb090f0

SHA512
e6fdfad3f26d81fd77da9e41f20bde249794971e5add22eabbf51cdb528dad739fd8316a9a1192e5b46826fc3a01e9d0bc0e280e4b1929ded63f0f293721f3bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
77b33c6efbb4463e802a9f3bc789f13d

SHA1
51c9e348b4edeca0f35c897436a501995144cb1a

SHA256
71ef157269d35066a7fdd2b7bf6358b19db2a30cc0c8de041ba950b16ebda9ec

SHA512
480d0fd392cb23261887e08acad1acc24b022946d18581a91ed5fd7fb3d5646fd4f496f2c5399fa326a358bf8371a3152941a4c244d8af1b8da5222ad0b76dc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5b4e3a2eec8503623378f0a91e4c5299

SHA1
bac55c84df7ef4adeeab50bbe87dd4de26c35d4f

SHA256
9f9a14fd0bba65fbeff16ef24225398c91c1063e3e64ce384a8e0cd8176230ab

SHA512
e539757ac7a77d5c790bcb51531dc49cbc532e5efe794bd566097a08695974fd0c624068a4dcf31efe08287c1e96248b7288e52187f4434e4fb4d81c7e401a3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2e9cd46898cb60bd01971d825f8a6af4

SHA1
b86ca055a7c7a4eab232ddfa373ce9edc6ac0df1

SHA256
392c5740fc31a3854e32bdde286af173cc6a99f0554fe790c65cbdda7f138fcf

SHA512
57e893622339f15f99e575f9ab3fa80f645be77f5601a70fe8c00edb13c4b755ecfc84862229315df4913826d3bfe0c5ba5cb0d04c82f621c0580d7f6a0e5d22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
393c590d35c8ce49e90cb51722fd3f82

SHA1
c94557ca73b969fcd3b9d0fb36dd24ca051466c0

SHA256
e52d9772f85256febbd1cee350d04594b290a50ea01a0854d8cf17339bc3ff5a

SHA512
479ab766c3a283b8daf3fba7572bcd3cde2529d0640825cb16d66e7a2a5a26647939673e42ccab0c6fbfd2ee977d5afb89d70662d27120e4758466d224277a20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6116498ee6e1d823fc521cfe32f83676

SHA1
66f3af7947dc85b2f577a0021cba4e3b4a507b5b

SHA256
2153fb117b74a5206ac3c69d38ec98efc2e68d4866262e624ed6a4a5a29f29dc

SHA512
dfa4d00fb64a93d63636fa5e91a1d443fe61195ffc06c1a7196b4c507e24a684da098ddae61b5d5105136fb4efe6e9032ab2cfa999a2d6902f47b43cbcdaaa6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
10ab173451afc0839bb0139574921b51

SHA1
ce6e2556c35c4b3f6f4e7d3f65c4203b89eaa8c9

SHA256
5eef8f0cd5509db0db8a6cd61af5a8c21e9cd157c89bf7965a2ef396d8b8fada

SHA512
bc0e0939cf19588a173c7162e6cb07f592c81cafcc392368016b40e8859a8fb1d7861da21ec6dfc0a045b915bf9d9f4b1b953373e5692df3fb5ca0ae0be9c26b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e47eacfcc954067146dfc90b5c1ea961

SHA1
34144e820f6a4195279ae16bdefeb9ee4b7e2ba4

SHA256
a0af41e690d0d574bc287233e401319de3e9015aab68b7b20d50952988c2f28a

SHA512
633a9611f9ec48b4f1055e98dadff74a05f1a3114d27492c6e041ab4a313c203efe0f55d20b7f65f1b3511c3d9bbc2dbc4aaa52bc14fac4aac157e99a5f03c1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2a527a7925c9831fe87590920f15ac30

SHA1
8da6f99af3d709b3b59ce6910769d8a74b9bc6ed

SHA256
b48b12d8498ff51161ace0f6a19a71248d7e77e9fb03d96c5b53ddc8e3b7f53b

SHA512
edacb32e9d17e7a02d9bd618340d5c2f0f93774adf17d6170370feafb88a1fcf631c54373b556252e04d44e6039201f0b2081be978513413b3973df5504b3dc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1019989c28b5c8f093dfea3d457c78bf

SHA1
8a74557b2e8a04f8fca222f44d644b5d6574d714

SHA256
b077bf5b445d0fb9530861c61605dc8ee5d0a78063dea6477bf6d1815c98a852

SHA512
c11c548bf2eded1cd66d0435f74d39ae4e00c0e6501b9e9d0e13de2fab794b9efc4135b022b58d8acbd8ac5da81493fdbca4b4dac3da3468c99ff0a467849921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
f63c3b8163bb2a5bcc8d8ae65afd8042

SHA1
db47aa55534085062dd2ce9c92d659ed19b86006

SHA256
a974600ce81725c4491e1b6c2da2437ac6c8e18f2179e90d5346bb757188f98d

SHA512
b524c6b39084a87bc0e2968669e533e93cc4584643fbff8df34a516f97382b01adeff8b75a9986cf9e52a4b31ba43053aa2332caa581bf10f732c04ae3fdb121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
23670ffa556691ed8782eecad7093178

SHA1
efb36701b127d5b13cb5b1a64ebd403934d88832

SHA256
79c65971179230f7e49f8ac374e54648e5c2d501c15f5b9738e5effe0f426ccb

SHA512
d7f3f9e7f9a9a27fe1f7e56bf0a689c2e721d493f22f3e78ac74ae49f3b5256e1aa31190812d99b44b950e41ab1cfea8e379d9e9e4adc3a306a4b81e4c760563

Download Submit