hxxps://marvelrivals[.]com/marvelrivals[.]com-zt-pc-61930-20240701

Analysis

max time kernel
119s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 01:12

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://marvelrivals.com/marvelrivals.com-zt-pc-61930-20240701

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "182"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133664299460030051"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1252	chrome.exe
1252	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2176	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 3964	1252	chrome.exe	84
PID 1252 wrote to memory of 3964	1252	chrome.exe	84
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 2424	1252	chrome.exe	85
PID 1252 wrote to memory of 820	1252	chrome.exe	86
PID 1252 wrote to memory of 820	1252	chrome.exe	86
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87
PID 1252 wrote to memory of 2880	1252	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://marvelrivals.com/marvelrivals.com-zt-pc-61930-20240701
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc8f9ccc40,0x7ffc8f9ccc4c,0x7ffc8f9ccc58
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,2858139714041265673,1689877831691535750,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,2858139714041265673,1689877831691535750,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1648,i,2858139714041265673,1689877831691535750,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2440 /prefetch:8
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,2858139714041265673,1689877831691535750,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,2858139714041265673,1689877831691535750,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3688,i,2858139714041265673,1689877831691535750,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4736,i,2858139714041265673,1689877831691535750,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3484 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3468,i,2858139714041265673,1689877831691535750,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5024,i,2858139714041265673,1689877831691535750,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3324,i,2858139714041265673,1689877831691535750,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5156,i,2858139714041265673,1689877831691535750,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5300,i,2858139714041265673,1689877831691535750,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5096,i,2858139714041265673,1689877831691535750,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3168,i,2858139714041265673,1689877831691535750,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4400,i,2858139714041265673,1689877831691535750,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4832,i,2858139714041265673,1689877831691535750,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5232,i,2858139714041265673,1689877831691535750,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5228,i,2858139714041265673,1689877831691535750,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5128,i,2858139714041265673,1689877831691535750,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3636

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4780

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2656

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3939855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
aff92253883415a658bbcff15b6eda38

SHA1
461c68577d32adde2c9dd2d7158ee289ac0fc0c2

SHA256
1d51b926a3f9de0a06e656bf595767fe764567f3808bb3ff85372c4eb98c685a

SHA512
995f2e2fb1d3c22abe858f710d567d946a8a4154c9e9c2db64fdc8d8d60e16683f2620f4d731bc9c845de8dbee5c94e68333b7d8bef9d3f85d40712d3588f9f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
7d4710d27175d2c3eb1518c441b84374

SHA1
5ab3583dc1ab5410c44b3196c5024807260a9bc5

SHA256
a550ed78e918fb9e9ab47a1e8c4bf4fe975dd4bed344ff619121cdffd4409e48

SHA512
d3e147ec4b13f3484c69fbe4650de2b0714fcff2a2ff2e92bcc85337fd5ed9ef9b3758501cf07e4566bf863704a57bed819942e445d2b848dba3cfb6b46308eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
6bcb0dc8b9d0a585dc0d46b5469a8731

SHA1
14f670f4866dfa160e8c29689c2b20bba93c8524

SHA256
1801415da17feedd6d0c027d7a86d841147ab9cb04303d558e3b4c65a8f74def

SHA512
43dc46e9169c465947b942da32ce6cbd947471cd89dbc9de482e5c80ba8cef2f8a3cc783aac2867654a978d3fe142777eb09c11060313d97dd1405014ae81867

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
7be1ebe08f75ad5dbc8b984f71da1441

SHA1
8ecfa3b4a77cf2000b6a841b63c6126ba2678df0

SHA256
85043d2c85ea614d03a248faa37ef832a74a6f87bf9257b9664ca82485101e1c

SHA512
4237c3e7fccfc98a01d74ec4da0b7c75a57ecd74099c155d904c97c48f57619a5ca1b72cb8dbccbc1c14ea312e9ef737c3bc1bfd58d2a412d345c1905a0f8308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
14a4dd46e3d636fc2700ccb6493347a3

SHA1
161e257698e8736dc4710458ad7fc6f276b52653

SHA256
c8e0d5837adf298b73f77353af733b024a98a00c460df6a348fb00d149070922

SHA512
3f8a258beb13cce9d6e8e4403420c8bd2541d3865ebda2b7d059623de909ac4d6988c997d9b52e6eb14281e2f8d77ece9c706deee1af1a8366e3d56427489d12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1eee6ce180b0a93676f77b1687993d39

SHA1
4303937c6db8fded5773aa4b9140031416db8c15

SHA256
dec9b581e6eff884dfcecb96bb8c8dabdd0d654cd033c2d0908d439b11272824

SHA512
12cf6db1d4c8d2662f1bd6dc8e80fb495e52793f5c98f41e04d74546098466dbd47a22706ecddf0d87e94a52472ebb279fc93256b5ed5e42970a3ad678ebc6eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6770b202d0a255a39511d66ceb5d862f

SHA1
e77b66217012d5aab2832d3065221d4c339a0b51

SHA256
54b2727c2dde4680837ba3420eb3bfa3d2f51efabcf16b99c4a9ae47093ab203

SHA512
ed39fe7a42bcf3b311aafd4f66c2efabe912f9d4b5029493efa9fb4caa18f17c508df9e841c440a38dcca7eeec996326f30beee557bb201d8cb26af53058f52b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dea576d345908490978318da29826246

SHA1
058a6e9d61d66f6fdb5918961a1e651e12d199d0

SHA256
74af477cfd624295d00ed4c15f5624dfb60a533f5d915f8d25041ad6d644afc1

SHA512
b10c323201f012000b6c5ec4b26c2e4478411a07cfb2a94919609dbab7b261f7b219dadf710220a54d2ff5c5db6f888747ea8dea1f209c735dbb6aebf4ebce0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
35ef633b3d81801310a41568b030c753

SHA1
1604c70eaf105779c9c75786fbea4c7c07412a7c

SHA256
e940ecdee2676b3e0b62a72d98751fa0c62d39ecbddd31ce32ef2503e7218c65

SHA512
91276a69e9b2258733a1b512728fd7130f669a3516f23e860b72db7fb1566576186df3b92d07d992385a1154447214cc3dff656b18911df3aee4c879d6a0cc3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3029663033e662087938fbed04e3f58c

SHA1
fd33f289bcdc10ac47e450dec7fa488a3cafa7cc

SHA256
9bd62d703cff893ade5500d582933f9aba57cbb2fbfe514f430c4cd8d300c489

SHA512
846848f05144f184e08f255e5264a83dddb327e3e288159a42b4c675cc00f907ff521fe254911daa6e83e16931709cf9d5c1c4b98f8692c4305a3edeabaecfe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
73a5d48ea789921edc1da33c27d8876f

SHA1
184b21b21f47cdbc30756dd5ac5b011260c145a4

SHA256
23ae64527ddd84357e42d8c03d75d968e5fdfb6721756d6bff4c939d635f6f70

SHA512
539649ddeda4b5ad4ac7e3965cd2c1809f2823a91a96520d1a72d5f8ace9f95901054747316d64e60e88048dbf16af025fba384564251e57914cf87966f85918

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7a64983cb0442af1c76ed77f54fe5339

SHA1
9cf9e5ba1dbdcf2a4113b8cba243ec64131bef6b

SHA256
81785d5222e6fd47309d881e13a00aa812897b5e15d205c8a1ddb60cef820c07

SHA512
5d5e7fd38d1a82d5e3046faee472ad970e7a66b7833b2d63525ebaa0d1c01ac48cc04acb2cc0caea97a94d1572420eb2468f90177accbd0034b16b088cf612bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
19c9bc6b218824214bc3c405968e0c29

SHA1
7971930ef1874192f7f82c46b56d48d01deddad9

SHA256
754985520c0b0795a50c6402e1c52b06c06c7648c78812b8afa978e1a29b8f60

SHA512
07c3c2483e4eab334b2465bc014e33700a1c4bd35830986bb1d551fbce3e7c2f1ac46e8d9ca8c18911c2e0cd0eddd4c9cf5e80a65a252c97d40afae5fa2cba67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
301dc4b19b1bbd24e6608c8c02c24d2e

SHA1
78b9874f03402e51690564d26a7d7eee3b407b27

SHA256
c433ce2426bf2d80394281f99b51271457297fd7dd5758bc22297b42e264dcdf

SHA512
339fc7a782a1644b8329471c7d65757ba4148ccba15adff866372714c27667b729f6b0b1433347ca1c70427d8bb7295df11be2e9933563c75452b253db1ae4da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
17f4f136ca3e422533f3a969f2fedd23

SHA1
f719828880cb4ee204818ba64be10e21b59b6fc3

SHA256
91fb24eb2f9c4dcaef780b6283e7b03b49df9f514e901bedf809f97b0947b9cc

SHA512
49f330cbb10e7f19d33deb12be188e659bf806be2301e1b6a44b898e378b389759aa450d31d3aa0b9a87b9074e51859e227a83616e4514d1f0d8b8d053df57b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cfe16e751ef0d7195bfcecce4b716de0

SHA1
81d15b9cf97482c26965537992f9cda3e5e35555

SHA256
5360d2c5c8744fbd4e2b2b73b9302ba2ac883161fc84bb3e55276d0780cfe390

SHA512
8a95fdfa6e556324a3dcc226681bb1a03e0ed3830156f40f74b924b8944ece503343dbb20f661a2e878beeabe4d33eaade4306fdaa2d23e74cb82ccbbe05acb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b3fb867c7d068b5e107ab34a4d993d59

SHA1
7a9298538957537e370312f1ce25a03c1756166a

SHA256
1ec76fe4b4c01e05015d358c749cc6156e29accd27688dc3a2f3b7008b29dce3

SHA512
930f5fed5f8ebe7f47eb9137622aeff2abb28e9d0d623b3ec549b71a291e267b9cf8d148eb69cbb43db721e7601dd2166cf1e621be1b49e4a248d3b0b800fbc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
25254ec1d08ed6c8c905a5b71458aadf

SHA1
7dd699891655c1c642efe2564398fd8c9ff87652

SHA256
29f8644f47f5651ee8ff7e4f331c487213c3835a85bd6a2611494397da3e6f97

SHA512
3de7111657525f79cce29fec4b91b2f0f0e96e234551348e10de57be5366eba56f1c810f81c672949d038951d91d2f36a9a905db490f28894cc70565011a3215

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
e6d0cd5e45fcd68dc1085c2ab5c5ddd9

SHA1
86505598226d9a36df72202faeb3e2f123354521

SHA256
a7c019429c441cd6749f3a08042d3463d45cf57332190ac6cfb14480888238f3

SHA512
594f138231affa85a2d1c5b79393ea120ebdb23d8a881aa4b6debfac662ea444467398932089e825dc374657a080de41ee5e5b5a0d404dc633367d2f42881678

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
7cdef9797daee66fc3678c3e7528fd31

SHA1
ab024e974bd689457eff77e87132635a0fe7cb4d

SHA256
3ba7b52885f1af72f82c52043e6fc32cc1f12e2b5a11b9ae02f5412075d1875d

SHA512
4a57772bb49d2f54667ff59fe8f75d771357de99a40c3df0021f370186cad1f9d48d87e2f56583213f87b18614059e0a6b77507aa72c10bbdaeb7d5ba12ea6f8

Download Submit