b36a7be1f49f93e1b46ebfe0c2309ebe6dc19a5706652fcd3763e03f75eabad5

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 19:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

StumbleBolt2.exe
Size

168KB
MD5

602070ab7af2dc5b1a5d36410ef21a91
SHA1

795ffaa5dd65cb7f8bed10e3594592591fb9028d
SHA256

b36a7be1f49f93e1b46ebfe0c2309ebe6dc19a5706652fcd3763e03f75eabad5
SHA512

eed8fa411ed504e7b57093fb91925d1bf335347600f44ee659ea873f337e563a9af66ddc6b36c5b678aaf102de4eae8230b66617b5846d9c070bfc4b7c7f49a9
SSDEEP

3072:Nx0pGO/I3og95q/c6tS0/upj7WK0ObbzWg2SSdzRtS0/upj7WK0ObbzWg2SSd+:tj3pK3tS4LkRS7tS4LkRS

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4792	964	WerFault.exe	84

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133660647019886349"	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
4708	chrome.exe
4708	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	964	StumbleBolt2.exe
Token: SeDebugPrivilege	2536	taskmgr.exe
Token: SeSystemProfilePrivilege	2536	taskmgr.exe
Token: SeCreateGlobalPrivilege	2536	taskmgr.exe
Token: 33	2536	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2536	taskmgr.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
2536	taskmgr.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4708 wrote to memory of 908	4708	chrome.exe	115
PID 4708 wrote to memory of 908	4708	chrome.exe	115
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4788	4708	chrome.exe	116
PID 4708 wrote to memory of 4616	4708	chrome.exe	117
PID 4708 wrote to memory of 4616	4708	chrome.exe	117
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118
PID 4708 wrote to memory of 5012	4708	chrome.exe	118

C:\Users\Admin\AppData\Local\Temp\StumbleBolt2.exe
"C:\Users\Admin\AppData\Local\Temp\StumbleBolt2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:964
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 1860
  2⤵
  - Program crash
  PID:4792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 964 -ip 964
1⤵
PID:2024

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2536

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd2a64cc40,0x7ffd2a64cc4c,0x7ffd2a64cc58
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2484 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3732,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4664,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5000,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=860,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3440,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5140,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5344,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5468,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5720,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5880,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5896,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6024,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6308,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6468,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6668,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=7012,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7016 /prefetch:8
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=7008,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7052 /prefetch:8
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=7332,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7316 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7052,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7284,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7072 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7520,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7532 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6892,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7508 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7804,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7808 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5992,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7764 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7548,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7148 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7408,i,12708543224083366705,10178795813149547650,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:5404

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3404

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7c89c81a-3ffb-47f7-a190-619f6ddffb08.tmp

Filesize
9KB

MD5
6ecbf11e6141606708af22458f75bc81

SHA1
2c923f0ce290652259aa892dc843c00cb3055f43

SHA256
0e3aeff2092f867b392713bfb5b0f1ace12ca3701d6f2db2af3ea3a073b8d58a

SHA512
1fe11951b5f7e3fce2e066122fff54615a5b6c34d7275393b4fff41c68c3dc7ee1b93e899f5f6f31634b8872f15535d4f60ee1e7cf7e1cce967a813b8e715b92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ecbc6be1f2dcb3592fa8cffb167aa4f4

SHA1
8d6dc69edbe023e59f48ad58fa085277d06093e4

SHA256
f663bcee50803cedfbadbdab7332ea276cb2b3e8fa82cf02b7801330dd1d0578

SHA512
01f34f01b119112f7237d7b8b57c35a81c95c297e434664747d33b9fbaac58135b025b03e77ccf6b4865eaf4a5707ac71b68c51b0d9e6d6b41e8b7492bb1260c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
56f91cb48106a7a24ad4e7e0bbcb2bb7

SHA1
3ab7e740382eaff8a5e21681f187011fcda3aba5

SHA256
3129bf3cbc6d7ef5e37217c628d250bcec0704f39b408592db5ea382e52deb84

SHA512
092c7887b7edbde4f3753bebb8796ea237007971aac551857228d8d29440b8904341048cc925d102d162b05415f7cdd0de4ef9742dff1ee78e6d7b4828ecffcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
acb665105d24391d5a780c552201b44f

SHA1
360d4e371d9c86fa06cad84bd5636ebb39a07eb8

SHA256
f639cf9d2837b6b2e2ab0f16c1290cef5f7136b4fa0542337977a42b021003f8

SHA512
9115dd32adb9ebc35c079b3649f116d6c092c08f9faea8f75ebbd51fdf5a1264d9d81b640bda5a5a53492b2e5b9327e2f0228cbb4e93bfde7751ed718cbe4a11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5217703bf95465dfb1b36cbf1c753f86

SHA1
7d8731dc1196727e5363e425e21a398d717b0f8b

SHA256
21620169bfac015cffa6d0caaadb942697c1a1f12c195c74b89ed2542e3463af

SHA512
f97bb2e19b3bdb2988fe7b674717ef657b2a454038b31c938be55f2c1396da9bc1973a247ea1b36ba3743818eed387c49f0b03fae8c2ec7c82476e331ebff75d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
67cf5d1325dcd4288d86e78ef1d94871

SHA1
b2c6ba2b736ec38f8d64620dabc1e6de20428e69

SHA256
0d2d01200ec57ecaac02ca0de753d496bb9123d1bc26d5479307e5ac9d4a7514

SHA512
26f999d3f75b424f9b00732d91063dd7318c261fa471cac4d0a77cf8476cedf5331a196867a63dcbb85f20f874d804ad6899a82cef28fb60c238b548ed7b35b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5f22c48466a29ce8df77e559e8037a5a

SHA1
d2ca7d249b1a66b6fb7ff6c351f12cf576efc976

SHA256
8fb940c624bbc6f6133315dd7cf0f10c380df8614af3730ec71d4a1c6bd9dc6e

SHA512
45ea4648747aa98922d5d4f8051fcccc5168044d21b3d5d4e00fd12a429088ccdd9c8679999ab6a1f6620fc99ea811fb13edc2aa74d71e356a23324829ca3e66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
41a638539f974fbc23ca2453021bc79f

SHA1
006631f1d48492cfc9e533f75d6582ba7027e166

SHA256
01aa776606506c6ec4a14bf6d5d899f588b957c945ba410e8a148792ef1b30af

SHA512
35f5cab95f77c273ea6569406ae3aac626b18b6f5093d2367e4cae16737a7d8fa1a5dbbb873d67b8f3e225c708e5f9f03c7cc609efe017006b068bb9f68197cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0f36b19cd1a0defcbbe333b183748769

SHA1
ff3900a379e558cf790b32c794aebdc49fe8997e

SHA256
5b2d485a7e69a174c45461ab69e313eeced1ceeccaa2acef3e47d3b3e8785f71

SHA512
b392142904b2f3a4681e976ae82bc87835ccf1d23f2e5a76d38b278dc36c641b7a4f8c8393def1d9e5a041db7defa40015dbdfd10a63a7beae334b43435db89d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
528b600d49b39190e1cf815f16780f2c

SHA1
9033d6c2a33ea7cd27d92ea1c2a63800952854d9

SHA256
482961f864b518c57055a2140909e91f43048fd464c16117cca6e6f33002f07e

SHA512
ea2261a5a0dad9c32d928a227cd22847187bb6c2af99fbb59fdec9478f0028ed144975bbb1db11522008e5b873f7a9e70b5ba32c7d8698d056357f44b93c7869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
76c26e89e9b2be17652cc40352f85ca3

SHA1
cbea256f9fdc5bbb68b26b349ffa2c6be89e8d78

SHA256
cc2c64dc006f180c53441678cba7e5db2c39cb058d38d96d5aab2a8460d31d6b

SHA512
09f4642c6aa26cd230a5c3553a282d33e3aa7d330c838ad745407dc0ee988839e6ea60d1c4b92c88b2c6d5a53eb54e938aa46e57ba74a5be4bfa24dd1d436f35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9fd51f7d205e139436b8726ec8817eba

SHA1
7737e0b162e33f0062b4f5208d6c7d50e202d1f6

SHA256
9ea19918bea7c7aa66ee6e04175b7da70528f1088abe3fdacfa96f5e84a94666

SHA512
4978cd38e10ccac12b55912ae849b3de6c309984b19601627f31f9fa930ddc1651d7dcc520ede96fd34bbd44287aaa5c509c2ed175d325ba5c86b6d67a8c3250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
23efe3aee9772526dc02d92a5db49652

SHA1
a66555c787d663bf0b190f0a87e7c0da1eb3e8bc

SHA256
fd67432560706ba09e13f7726cfda8a0e9f18798043ce4a75f7012b14508b20a

SHA512
7f082c3d0be531034d214beae195318a61dac6493a517c67e1be87ea68b980fa885f7baa8949da92e38d8367b51cee3737e51f4adc5a57f4c717a9c0421acbd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
74e3ebd6bb44aeafc5b3b0471eb27fba

SHA1
348eb553dc031db8d05175a8172aa6777dd6baeb

SHA256
7af7f9fe8200027811d440b05ce3aa7fc3b48945799437a5d9d9abd84885376f

SHA512
b960f7dabd5223dfa545fc7db5f423901486fa6dfaef7d7cf0f79a2acceeb5bfe1e19bbd2fc56c6de5174498e3a37502b6b04eee56aed1be381f0f0afed49314

Download Submit
memory/964-4-0x0000000004EE0000-0x0000000004EEA000-memory.dmp

Filesize
40KB

Download
memory/964-3-0x0000000004D30000-0x0000000004DC2000-memory.dmp

Filesize
584KB

Download
memory/964-2-0x00000000051F0000-0x0000000005794000-memory.dmp

Filesize
5.6MB

Download
memory/964-5-0x0000000074F40000-0x00000000756F0000-memory.dmp

Filesize
7.7MB

Download
memory/964-6-0x0000000074F40000-0x00000000756F0000-memory.dmp

Filesize
7.7MB

Download
memory/964-1-0x0000000000320000-0x0000000000350000-memory.dmp

Filesize
192KB

Download
memory/964-0-0x0000000074F4E000-0x0000000074F4F000-memory.dmp

Filesize
4KB

Download
memory/2536-9-0x0000028E58AD0000-0x0000028E58AD1000-memory.dmp

Filesize
4KB

Download
memory/2536-13-0x0000028E58AD0000-0x0000028E58AD1000-memory.dmp

Filesize
4KB

Download
memory/2536-14-0x0000028E58AD0000-0x0000028E58AD1000-memory.dmp

Filesize
4KB

Download
memory/2536-15-0x0000028E58AD0000-0x0000028E58AD1000-memory.dmp

Filesize
4KB

Download
memory/2536-16-0x0000028E58AD0000-0x0000028E58AD1000-memory.dmp

Filesize
4KB

Download
memory/2536-17-0x0000028E58AD0000-0x0000028E58AD1000-memory.dmp

Filesize
4KB

Download
memory/2536-19-0x0000028E58AD0000-0x0000028E58AD1000-memory.dmp

Filesize
4KB

Download
memory/2536-18-0x0000028E58AD0000-0x0000028E58AD1000-memory.dmp

Filesize
4KB

Download
memory/2536-8-0x0000028E58AD0000-0x0000028E58AD1000-memory.dmp

Filesize
4KB

Download
memory/2536-7-0x0000028E58AD0000-0x0000028E58AD1000-memory.dmp

Filesize
4KB

Download