52c2a5490cbfa4780940b18d6a288453e9115af91f8c10c4c99dbcf1eeda03e8

Resubmissions

26-11-2024 18:46

241126-xerrfstpbw 10

26-11-2024 18:25

26-11-2024 17:52

26-11-2024 17:10

26-11-2024 17:06

26-11-2024 16:26

26-11-2024 16:16

05-05-2024 07:02

Analysis

max time kernel
150s
max time network
151s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
26-11-2024 16:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NAudio.dll
Size

502KB
MD5

3b87d1363a45ce9368e9baec32c69466
SHA1

70a9f4df01d17060ec17df9528fca7026cc42935
SHA256

81b3f1dc3f1eac9762b8a292751a44b64b87d0d4c3982debfdd2621012186451
SHA512

1f07d3b041763b4bc31f6bd7b181deb8d34ff66ec666193932ffc460371adbcd4451483a99009b9b0b71f3864ed5c15c6c3b3777fabeb76f9918c726c35eb7d7
SSDEEP

6144:96/i10SZtfzWctj98vZcE0wmLlaIZs5eku2sX2hrjAzvgmXa6W9FwsT9idwktQZG:9yrSKMJR9aGs55T1X9Fwspi2tGpmS

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133771120285572270"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1188	chrome.exe
1188	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 4736	1188	chrome.exe	86
PID 1188 wrote to memory of 4736	1188	chrome.exe	86
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 1128	1188	chrome.exe	88
PID 1188 wrote to memory of 4632	1188	chrome.exe	89
PID 1188 wrote to memory of 4632	1188	chrome.exe	89
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90
PID 1188 wrote to memory of 4312	1188	chrome.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NAudio.dll,#1
1⤵
PID:3584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff88070cc40,0x7ff88070cc4c,0x7ff88070cc58
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,9062467966727657604,17361420382442318188,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2052,i,9062467966727657604,17361420382442318188,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,9062467966727657604,17361420382442318188,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2280 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,9062467966727657604,17361420382442318188,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,9062467966727657604,17361420382442318188,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3708,i,9062467966727657604,17361420382442318188,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4792,i,9062467966727657604,17361420382442318188,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4728,i,9062467966727657604,17361420382442318188,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4984,i,9062467966727657604,17361420382442318188,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5200,i,9062467966727657604,17361420382442318188,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5192,i,9062467966727657604,17361420382442318188,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5144,i,9062467966727657604,17361420382442318188,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5204,i,9062467966727657604,17361420382442318188,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5592 /prefetch:2
  2⤵
  PID:272
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:380
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x7ff6d9b24698,0x7ff6d9b246a4,0x7ff6d9b246b0
    3⤵
    - Drops file in Windows directory
    PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5468,i,9062467966727657604,17361420382442318188,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3232,i,9062467966727657604,17361420382442318188,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5404,i,9062467966727657604,17361420382442318188,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3016

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4212

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4abf43bf0a5b218fc485f51945432c40

SHA1
dbcfb6e2861621a7ad823e1dfdbb3ff4e8eeebac

SHA256
edea020cdf035954def642ff38a7059daf27800cbf7fb6b598d6affcc28eede7

SHA512
8e1e9fbe20651ac9a390a5be4fe5b903d84e81ea1acfd9bfee5bf16325e1589cbdda056c9f9e46e5ca175f6246d9a4900a493b7130c6a87145654d801b7a0e79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
e82ca5c927074446e2b2a0a9e527d840

SHA1
37847fa621850e23060dc7ab6cf19a1bd46db876

SHA256
cdd843b060f65843e369b88ad683debb0769849d4674dc2dbfcae1f8db7f7baa

SHA512
169503100f297371961d5838ba169927b80b91248b8142d5df69819e6995230f670e446efaec382f9fa8ae63cc43796dcfcd34b492afe1a28ee8aa7a6cca116c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
85d0daac7ef8aa64949bfd915b7bb8c4

SHA1
2abc76d1613a1909c2c3790c93721da9bdfb471c

SHA256
e7988925a122d7370ed6a68edf2a4b503df7101a96a26235bc50bc120595cc01

SHA512
d4a2b72195600008d79f9433297e3a37e765082c7d7b116d44c9bb42a4ffacc16e8d91212797ac326fe2c22261c458177e80706aff64d6726d5d828ffe58ac02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3938afc3047a89344905afa1eb5da558

SHA1
1c21e621ffc63275bb9685227f70e150d7180334

SHA256
4159ef08b4047c1e206600a3ad2a9a9e27069d2b873c72ef6ad9c9319545242c

SHA512
0db98618050226210a730f0a2082d2987c70cea1c8ed141cb6d9a616b2c17050ad33b31beaf76bb42ea1863c3502c723cc048b812c24d2641e4839041f6810b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
412b2431e69fbae530c466a4d30fbcd5

SHA1
05a55f22b6d4be49d695e881c15bbb29002be3ec

SHA256
4e17075b76bc905a94d977920e5a67274affdb33d1ed8772f26de05fc4f96248

SHA512
c65c841728f9f10c456a2303556b9815253f2b271e6fbc1a071a0652571d371fcb5328fa62ebc2843150c757c0ec6684f4795b42865617b4b367aa6f65b465ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cd95e5c69d2363d84a6ffe0a23d1695e

SHA1
bc2df1520775177a362524a6afb13c2bfbdb0741

SHA256
d9bc41660721ccc379b36d6389f05d10f8c41ede6c18a1920f55ed7e3d3eb263

SHA512
d859fa15d99eb5eaba15edc43b386fa2126fc0c6c734c493fafec45cc2d2585cc75dea3edc3cade64501df61548e96f8183bd531f4f4b8c2e64dfa9af190b65c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fe4d45db0d125605ea9e20ffc75c54a5

SHA1
2ee8c144306268de1856742fdec4f13983791db0

SHA256
68db5137ef56300f0bbf3d1cb8c5044f4dbfe9dcdf3ee1cca78ce03608a7af27

SHA512
b766ddc7e4e1fb57e6a81597cb72e19d53a91a500b11908a5e66fba2d43bea8fb276d7950364699fb0fb9513d499f3ef3a92704bcc0eac8bb8be70b55a1fe55c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
beadfdb6b16717f1b090508a10c98a31

SHA1
298238fb3553a52395b2a2fd0bfe1615132b7acf

SHA256
c0f533c9087b99e3609d1606e847bdefb5ee72cf8a3f8c521c3895af38f968ce

SHA512
feeaee5bd8d9a6fb79cb05c3c18e87837d8345bf0093aa99dda639658d2ee1b5fc3f208d616209b0633527914470b6f84a4dba33dbf891ff00ecc6414559e24f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
707aa977f3f201098a642d1dbe4133bf

SHA1
118c66a4ad4c4811177ff4cf3c49666f794445fd

SHA256
f9d829892229217ca57e8817b3b67a850c9f762bdec304f981215ed00db94235

SHA512
95edb5b08830546f48b536ab42e5b9e7f0eae7d0fc4bcd6675f93e946f82c5b23f9ba39f001046f3d19bf2c3024c8da17991375f2d4fe4a36891326a3bc1cb11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1792d67025081ef73dad9a1ea51db251

SHA1
83418d2ff58e38abe7422a2a17e1ea3b223ddf05

SHA256
d58bd0901349e3d23c4468a7d1d77795b584d38430c3162255c724da307364fe

SHA512
999b7874f29fdbac48750ec3d84537add432b498651098f8ef053d4ff48f30a9b02d8773a85497f0ddedd99ba9fd117df77525f00d3946a5c229612971d9c996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d9c739a4a8c44f7558def490cb103300

SHA1
d4adc225ca252768a703ae1a1a588b38ac860395

SHA256
c8233d21bf205ab919f7e8dad178b761a886dd65279b5a596a04d92638e4511b

SHA512
f745ec11eb31e750ab8fa286dab547c735ed62c26cc2632a7b15297649f404931dc81526c1db17bc03c9280b5d5ffa5326c1d3b61b53dd2e400cbfc8def3eacc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a6c2ad8654566eafeb7b886971b3ce55

SHA1
f04d442429489b180e80ed253bb64e7c6ff086c8

SHA256
e9dd375c4ccf3a50ad86379b2c897520d4a43848800db3e7f33c350450bc0ca7

SHA512
21179ba190221efd3ffe1985d3fe24ac199402b59a40cba105fb821df4bb0a659ddce8faefcece8e09ea6c1cc1341fa3e518cd2fd5ab7c0be42bd062dba0cc35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d102a7c1c1ad7a47ff4dc8750b5b78ff

SHA1
72b322e46524593ec1d66659c6275cded373b180

SHA256
454b136b6bbb773e7a10d91d249b24866ee90ac6559086292fa3a437d4ab1d49

SHA512
9271183dfa0f3f9113b8e2304ea53ce405df4dbe4a287f048183fd4ffde3873b6ce877eecc2694dc54113b3a47fce03d1f2bc8b17cc955b98f79e75f3f90ad2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
df837b02082d8db54abae5981bac2544

SHA1
62f35d4ec068fd4ff59814fd13978a1e8917b223

SHA256
01361473d498c07d369322b301aed831f64cb0a0261fa8658f04c3d5eed59545

SHA512
9d43fef0d595c6c9ba9ae8c91c4dd200510fde419dfe3665b8da4ad379dfebf247b9a67f7a5d095d019b262f46777e08421fd39c3c0a7b0994ddcd9e24827491

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1ece8e768d734887567daf842a337be9

SHA1
cc9ee78993eaa76f437b96a731bc6a54175fbe3f

SHA256
be0e592b183cdb176f1ecbd7c1eb1595defe389f1fafb6f01afdf16e5d929b14

SHA512
a7323bafafc1f10299fb23c402e9dd193b72ba0713233c18b8acc93120d80f7244e2e1c64adaad3e1c1af423b374719a20d2c062e1990092423c84ffb8986fb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
14b03f2d7fa8a10ea3f4d21dc7d28d77

SHA1
2736159c9ecdcbe7e0e5e6ecdbebfa5e791926d0

SHA256
a85aab4b5219a128f9282e6fd7f9c67ec62b7a1c2f54c110903724acae37c160

SHA512
268d5b5127d0efad67617f172808df82b893ed6a536960da5934b905953e3f133bd03d534e6aa5c40d4eaeb29ca4a50e3925d04be8232719b2c0eb5b978e9ec9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
55aa9c24f4bcb9d360bfcf40134aba3a

SHA1
fa5193effa6a2aedaef7d6bd5552a08a094a28a4

SHA256
79c5b6b68f17f023365ee898ab4447d2df8c7722a6feceb73db4ce117c6223e6

SHA512
851bdeaf08a52a51639a823410657240f0219af3b08e8074d2d5e1e71e7fcaeae81e7d7446d9d8c443957f6e04b70271d7caba621b3a7561d397b9ecf4eb30a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1188_2117428937\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit