cca64c1b47349f386cab4d55781cadc09a58d6fcb49ecb3403b0167fde815968

Resubmissions

01/07/2024, 18:52

240701-xh8t5stdpg 9

Analysis

max time kernel
73s
max time network
85s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
01/07/2024, 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

crack.dll
Size

5.1MB
MD5

1b3490a5645912ee61f7411b8c933434
SHA1

4324a88ea1e0823c3bc2ba42e18a2fde38cdaee5
SHA256

cca64c1b47349f386cab4d55781cadc09a58d6fcb49ecb3403b0167fde815968
SHA512

b29743a53d9627c4e1f4c3e2f30a4c1649ed9873f36edbc49b2ebff57ccf6c0272f400517da965eb8b000b2a831bb4189a4a7401d599c26f1626fe34333f735e
SSDEEP

98304:j3AGYCYv+e3LYthMtJXvbHEvS3bTO4j4gwwzbzDayGBnH8fdmjLdGGf:TAX+HthyJXz3/r4ZQn4

Score

9^/10

evasion trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	rundll32.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	rundll32.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rundll32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643335899022088"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1600	chrome.exe
1600	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeCreatePagefilePrivilege	1600	chrome.exe

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 2348	1600	chrome.exe	84
PID 1600 wrote to memory of 2348	1600	chrome.exe	84
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 2216	1600	chrome.exe	85
PID 1600 wrote to memory of 952	1600	chrome.exe	86
PID 1600 wrote to memory of 952	1600	chrome.exe	86
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87
PID 1600 wrote to memory of 2776	1600	chrome.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\crack.dll,#1
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
PID:3920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xec,0x10c,0x7ffc2cc9ab58,0x7ffc2cc9ab68,0x7ffc2cc9ab78
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1836,i,8305427990057487914,15211017125988474962,131072 /prefetch:2
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1836,i,8305427990057487914,15211017125988474962,131072 /prefetch:8
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2164 --field-trial-handle=1836,i,8305427990057487914,15211017125988474962,131072 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1836,i,8305427990057487914,15211017125988474962,131072 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1836,i,8305427990057487914,15211017125988474962,131072 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4176 --field-trial-handle=1836,i,8305427990057487914,15211017125988474962,131072 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1836,i,8305427990057487914,15211017125988474962,131072 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1836,i,8305427990057487914,15211017125988474962,131072 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2660
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff6c28bae48,0x7ff6c28bae58,0x7ff6c28bae68
    3⤵
    PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4756 --field-trial-handle=1836,i,8305427990057487914,15211017125988474962,131072 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4808 --field-trial-handle=1836,i,8305427990057487914,15211017125988474962,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3912 --field-trial-handle=1836,i,8305427990057487914,15211017125988474962,131072 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4460 --field-trial-handle=1836,i,8305427990057487914,15211017125988474962,131072 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4188 --field-trial-handle=1836,i,8305427990057487914,15211017125988474962,131072 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4236 --field-trial-handle=1836,i,8305427990057487914,15211017125988474962,131072 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4288 --field-trial-handle=1836,i,8305427990057487914,15211017125988474962,131072 /prefetch:8
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4236 --field-trial-handle=1836,i,8305427990057487914,15211017125988474962,131072 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4460 --field-trial-handle=1836,i,8305427990057487914,15211017125988474962,131072 /prefetch:1
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4840 --field-trial-handle=1836,i,8305427990057487914,15211017125988474962,131072 /prefetch:1
  2⤵
  PID:2752

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1092

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\SetupMetrics\20240701185312.pma

Filesize
488B

MD5
6d971ce11af4a6a93a4311841da1a178

SHA1
cbfdbc9b184f340cbad764abc4d8a31b9c250176

SHA256
338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

SHA512
c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
00f5c4a9a141cc379bc9a130bebdc3a8

SHA1
0effb629afca971619e6dd31c10e6c33f4fc39cb

SHA256
9bb958b97dafec04a3d58740e47a6cb7749791128234a3cb758d08ed3a557572

SHA512
c8c4e44a5db48076f1bc51dd9aa4b7ab0cb26b9f58d26c8b9aa91afccd7ca76f4863f7416a9b85eb2ca6508ec5240f38a9a2f940907a359ed8b0957632568135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ec3bdc4beb86ea27f68311f8cfa38e5a

SHA1
0cd62e3686584889d7f22ebca9295f842da3c943

SHA256
63f37dd911d0bed7476113f9916f3e757c9a1f7d25705b7733d158aec85970d2

SHA512
80139e7840c717402acdddd37425a64ea04390868758107a3970d526cf2280263158491b967ca7e0a2cbf3cab4139d28761fd239ddf0479e046bfd7eb850a7ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
cb2c4059be229726789c4027ea505162

SHA1
40ba39c6683859bd644b033b5e11496a3d7ec659

SHA256
c810821873a109fea01d4ca69d21618ee7b0c6c15c3f319cb6846aa2438d7401

SHA512
6914f1ed7a7b3d2c69cc684b4c472a2d118c06fcf02ba5d7ec4d57ec162b558c6df9168f3fafa66b708a77aea507287b11b6c54c0914b4b1d1a6f1308790e748

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c8716e96d3b0b29893c5a08115e03036

SHA1
476a13dbbc228f2e6044383922e2cd77d456a81b

SHA256
3f4904f85c9aa0ec4fd8f41db00e08413c578c9cfff4e35faf5427a5bcc874b7

SHA512
65acd97009806179d438b3575331d917be9a0223d754289ad3346847b63f95fa0e4ee482bc675d357b4f1c8bac9dc5e03a0880976f5485e340b15492f215b747

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
791e2b132e2b724a45d9b2224b9d0b11

SHA1
11eb82bf0f60c6bd643b3836a8242d31b706b4e6

SHA256
17b83529fe9c514ce9368cc999dc6c0aa59c9a27963038e920f1cf4cf44330b2

SHA512
17ff162bfae64576a332a1c0b8e0cfbfeb0368caf11f60bb85253753640299d14ca2c5997f95f5658a3f10a15df965bbc33f69d66538ff697ebb3d3542ec1fd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
ffeb17125df670299c79b0d3162225d6

SHA1
f9bae8c79955ca72517837cce4e1af006cfb28c0

SHA256
4454a3091174e032181c8bdbc5b6fd6628fee3b42070ca0b19c5e07ee54c0e0f

SHA512
394e3ee82eba353502ce9ddfaf91c338264ef962c97ae382e6b8294be5d83494d89de432804cd5b43512efa8e81aea86de0225d9b5c70ffc24f33510075703eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
2ef095201a6b1a9422dd3f3b7cf954e1

SHA1
d72291f3aa5a86f5f9ec22c137caed80f059aa0f

SHA256
bad8e5415120d923865165c6bfcacf0472c9c14639460c1639f1e5012b770c15

SHA512
e7f7e1b72b8f8ce3ecac8a25951380e5960c3847f465dc17abf607590f9ae93d9033bc4d4bdc38b9a8d28712f1e601310ca75796643540dafca9b3971ded86fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
4c1746b4a9e7ca3a89307a89fc6ddb02

SHA1
a6d442e3d7209081f7f113b88e718ea3c6d20a2c

SHA256
b33733fdd4e571c529abc4621617c9fe9af6a30abe6a8dc0ed78fab0947f088b

SHA512
fd8ad82efcbb6b24d7d9c41c308368a461c6c2d085b223b535dfcce254b145b6a585b4aeb5a9f2578a23258e8f9b7b0d700ea91a036e7a62237e967906830511

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
87KB

MD5
ba66d36ac2106c6e70427a6a805aa823

SHA1
5b858a7620a7b86a9ebf3e3ecc0b4c4649919eef

SHA256
5ab81ea7803934eb89b536381b6ab6f614873d4229dbdb4c311b98ed7b2b6f89

SHA512
92c8cc3a0f880f9e518d119fa263d83d9c3b8ebb6bc93fc53306500b6906d6fb31668780014bc42640a7b62edc2021be25a143b10808ffd8f344ac0fd2d5eb5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583b2f.TMP

Filesize
83KB

MD5
7658234b62da315027e741bf10c8a091

SHA1
53ce2c9d38d537d38c5e7b1cb254a388e3b8fd03

SHA256
e22ee66a230f4393e693720161e13096754a9af9759ae8b5a7eda917762467cf

SHA512
b4640d805c45f0db1260bfe135d8954b311f4b78e27f7b93d09922bd77ab761392744cc847020a1cb4c74fc9e4c230bfa653f9ad299a50ccb304ec59db3d91e8

Download Submit
memory/3920-7-0x00000000556C0000-0x00000000560B3000-memory.dmp

Filesize
9.9MB

Download
memory/3920-3-0x00000000556C0000-0x00000000560B3000-memory.dmp

Filesize
9.9MB

Download
memory/3920-2-0x00000000556C0000-0x00000000560B3000-memory.dmp

Filesize
9.9MB

Download
memory/3920-1-0x00000000556C0000-0x00000000560B3000-memory.dmp

Filesize
9.9MB

Download
memory/3920-4-0x00000000556C0000-0x00000000560B3000-memory.dmp

Filesize
9.9MB

Download
memory/3920-6-0x00000000556C0000-0x00000000560B3000-memory.dmp

Filesize
9.9MB

Download
memory/3920-5-0x00000000556C0000-0x00000000560B3000-memory.dmp

Filesize
9.9MB

Download
memory/3920-0-0x00000000556C0000-0x00000000560B3000-memory.dmp

Filesize
9.9MB

Download