6311747767115ab3ab6fee4fcd7d679d8d4902df00a49697ac089154de003cce

Analysis

max time kernel
138s
max time network
140s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
08-08-2024 04:35

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

ezWwTYmb9tEG.zip
Size

8.8MB
MD5

a07a0491c7a6dc150e66f854d2873a9e
SHA1

e13ac68db20f21c9961ba65c71bf2351bbf74cf8
SHA256

6311747767115ab3ab6fee4fcd7d679d8d4902df00a49697ac089154de003cce
SHA512

2da36a033fa00bb9c716bdf973d5471cb47ce4ee9d715f154d573139574a2384edee9e7e62b08c5a820110f278ffd073ed3d84b6f3d8dc0fa2a69feadbfd340b
SSDEEP

196608:jDPbPY6IV7lmSiP7+wXHggRmKhaUIfm4W/Xk+Ga:jvqZTiPfXHgMif3+Ga

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "244"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133675654020186620"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
732	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3888 wrote to memory of 4864	3888	chrome.exe	83
PID 3888 wrote to memory of 4864	3888	chrome.exe	83
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 3416	3888	chrome.exe	84
PID 3888 wrote to memory of 5088	3888	chrome.exe	85
PID 3888 wrote to memory of 5088	3888	chrome.exe	85
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86
PID 3888 wrote to memory of 4632	3888	chrome.exe	86

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\ezWwTYmb9tEG.zip
1⤵
PID:2632

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff816aecc40,0x7ff816aecc4c,0x7ff816aecc58
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1852,i,14271082788436725244,10955013235956868615,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,14271082788436725244,10955013235956868615,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1404 /prefetch:3
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,14271082788436725244,10955013235956868615,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2228 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,14271082788436725244,10955013235956868615,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,14271082788436725244,10955013235956868615,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,14271082788436725244,10955013235956868615,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4396 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4252,i,14271082788436725244,10955013235956868615,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,14271082788436725244,10955013235956868615,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4224,i,14271082788436725244,10955013235956868615,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3764,i,14271082788436725244,10955013235956868615,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3120,i,14271082788436725244,10955013235956868615,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4980,i,14271082788436725244,10955013235956868615,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4556,i,14271082788436725244,10955013235956868615,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4444,i,14271082788436725244,10955013235956868615,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4508 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4528,i,14271082788436725244,10955013235956868615,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=868,i,14271082788436725244,10955013235956868615,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4660,i,14271082788436725244,10955013235956868615,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:3688

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4164

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3056

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a22055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\03e36a3941d3db89_0

Filesize
374KB

MD5
ac5c6fe062096a618c3394f043d91f8a

SHA1
8d6635673bcda35add2ecd7ef76070a1d96783f5

SHA256
7396c5f8e56dba2c7680fba55a04d682be6d71b2eb4f0d58749f95666ad4476d

SHA512
4b9d2e46b95a61910a148f92560aaba620429ef4e4af248a4156e180a445008b981baf38cc1f5368603db761a9704f10983cec4c841ee9e8e43de7d7a82eb175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2d1a60d94cb115fb_0

Filesize
289B

MD5
059b158df505c361da82579b88497740

SHA1
9361dcf45004b0d9d6c35206a256216b4167a4a6

SHA256
487f6bcbdb55955a455dc45d4da9e92cf297688a0fb18dd2b8335fe9e99f69ef

SHA512
9b2230b96b406f7bbb478b08012c0224c388ba1b2ac901973f7714b1bc9db536ff1e5799c2208b3ca25cbe5c5a12bfbd38279f8c457c6fee4736db9ce9edbb20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
41a5144cae19aeb8ee62db32d112fa4c

SHA1
060aec80049dfd3664d3b71233155d25ad59c19a

SHA256
87eaaab86386fd61815d65cd1323918059ec3b0b5c7fea455f3ad3095d9b0a01

SHA512
e2047c64e7909d956288af12ef0bc9c2f859be3dd5807c3fa62737d5f8f3345c395e1361ec811423c2533aa2770dae3d97d41e169e6c2a7386e8ba4138dda9ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c107ad4fdd467d1c2879784952bb4ada

SHA1
63435f1892e5431df1bd4d4849842db4c994d77a

SHA256
8322b4fe77b3b3e4ce54ac48314df5cdaca1a0fa8d284b806cb9fbe000ec6bbe

SHA512
1a463f85e0f6f791fd7f209d8b70646546b274a16674f77cbaf693b3dcc31870a84772313f87d95be08b933c9b0fa75bfa73d6a68101ec4acf2284d61341202d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2535911e0a1795bbd1dd400e1712f5b4

SHA1
8fcf8f164fc35ad539b0e8cbc3c3440608fa5278

SHA256
bb8b7c579e20d5ac2b19273eeed4bee29f565da51a3c5efce0513dba9e0d21c2

SHA512
aaebc7f0aef858526622d5d5c2040a54b72f5bdaba65790b881110f77bea42523e43704cc5ab981903af8c04d79fc22fc7b10eab79e827888d5c9b8e9eb47653

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5597c832352d165a5726c66eea9c48dc

SHA1
6ec283c2f8b757c2d29627388e24dc3898b132de

SHA256
13507baa0e4b85c0585c2ced717a5f3962031d8fc8cccf4041e58c8589e1a249

SHA512
0728f846dd8f96eb5ff76fcbda80985e28a4291e504fad4a20b6825cc1fccc64686def773763c42ab707e3c039b36a8f50a1f1fb65d7135b313d14f5b2ee2b77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b8df6689557c106e7c604705be3fed3e

SHA1
13ff290ad896ff4d3cbbb9013ca6dceba1ed2f27

SHA256
da6b7452e230e4f976408e7353201247bec6e6e17c77870222a22c6e6b365879

SHA512
6554d44bd3deb214344b42fc1373f6479cc5f6f792408d6d99cfd80969b6cc1c25dee5f0d244524319a8e68d23bd5cf578853e69e2a1545569ee3bfb8056bb47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
98a5cb39e94f9f4aad0eaa084735382a

SHA1
3c5210a8b353721e00c04949e59c29cf180c561a

SHA256
1970d5f220fef415220696315a5067c69590efdc636107dcc64565b00f0ecfc1

SHA512
4d73b5657aadd2c44343fd620f20344559552224fad0714158205146536149e4b7bac64329c02e9709d9c2a61a9df5645befb50abbbc92554872ce8042ac7fcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a372352f6918b33b79dcb8af9e90dd30

SHA1
a4d36487ae4637957265d8521701ab53fe4af5f9

SHA256
877386339439c3e371e079609d3e3ae327031c7f2f5fcbbd111234904b14596e

SHA512
eb37dc8d8473d6740401013cd07ead4c04724a6b6252706610595d1e454b105fad909fd8a2c41c950eb3bd358a406559e3a7cf9371182ceec4f23bcc1aeee2c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b7a5e94cad9c68c3c4a4a2f42c53a44d

SHA1
bb9f8f37a23dca4e89770b46fde159fdf2b8b161

SHA256
a707828bbb24453d972c903d7195699235540fe78fbd080d7266b8bbf0f38955

SHA512
c1f4bac7a56cb684b13d9a11ab43a8d5a03f054f0001457483e9f4f359b9479af443e5b86d46dfc88a38c3ad6f9c42639b234728e498d89c3a0717edbb563342

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f9e9cd6f1557799f8527c1f5b9a8b6e6

SHA1
bb75e5cb8a02152a7fbe040f57681bd159abc819

SHA256
8afe81560e781b155fed782fa552c92185fce1ed0643ca3e1c46a5e4cafa437f

SHA512
935bd894ca82f6128a2e9be5a6d4912467ad32045cc9a172f02122ab6113b25e15c45f2e19cb15f399eaef48f5059e3dbb054346c074dba9fb98b4940979feb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
908b85df455eac8451da0d2e6b6765f3

SHA1
096e5cc5a30ddecf25c05cead3b2f7d0ebc859be

SHA256
48463222e532cec5c35af77cbee0312d5737e8e77146dc1c7e40801cab7048dc

SHA512
10f6547a7fc4a0ccb18c96acbd33d45b2a3b2251484868816299c95e002eb36ab7b040180cf55fafb93ecb07658559e2f2334e519e34680e7ee23db279b13de7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
35bbed7b3ebded628cb1b4a9ade438da

SHA1
f0d53e3fbed09f86fd6901cb58b9e0098600d3c2

SHA256
2b9b3ba8607a9ed3a66a4c8ced9327dfbd89279a68fe7b36d3d4a6ff0abb15ea

SHA512
afa477b5f7de361be26ddbf708647c619161ac975b465ad9d02f9479a64da682402457c8c78f57906fd3e8e49734caf9b64fa3faef8570582794ce2a04ff7e4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f142b21201c34b0c056d392f392aff50

SHA1
ffdc3aacbc637bc394146e8becb4c9ae30a493e9

SHA256
68be5d727d8095d6dcc841f1823df0d8818b7a7b151fe8f6cb98dfbd716d4dd4

SHA512
6e0e7330403e7e8ff828f5020aa0205bf6a4eae73f5a34f501258880bfd9183f503283cc5bcbb21aaa5cca9d692806af34d5fcee916620de2332a6a2abda8c8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5dc33daac361c7ba08afc2c4514a76c

SHA1
3574c6e98d0b2e17cb097606230e4ae459d464a6

SHA256
ab460c066ea655a6d84d714a6f8c10f8baabbb8fd46da9c3bc1f6c5f4d27f8eb

SHA512
afb207ab24f5cfd8f69a33b449bbc8c77535ebefa3a8f1327f244a9741d4e556f094eb48cf4735483425285d3f64845f6a23553d49507e841738c4717334af3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e1e241ac34b15d5f12ea8b02838668d7

SHA1
b1a918eb3f608cd3a3dd6bf87cb39486dbd9a37c

SHA256
9de5466c8b583513427391c564b3f619c180b966f1094b1741fa18bed9bc791b

SHA512
66b2fbba0c5d8031149643d86e0c383f49c25cb685a4a4fcaf5776fc328c366824cf7a1173dcf7f188418480855ad429083f9a241e778f8f2ae8a76d644593c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
4a9d995f6df1c260b7e43c68b82407a5

SHA1
bbd903756787d496a03c84ab5b03cecb8d72fce6

SHA256
245db2da7bb4d86ea0bbf7e77c40d39ed564d80e8c20a30d0e202a604f85a809

SHA512
d64d9c24ea04d825bb88dc79272969ad519737fab67f252b5c8c7654017df548674ed51672535ed11543be9c9ed0b1eeb0b54bcc47fcaa641876c9fa2a8ff80e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
656272c5f0b1011e869110125de96e99

SHA1
6c475c1f9df3d8fd4e72566711cd03aabd3ddd47

SHA256
dabf57121b2583c38d0323ad2f73387f789c29b6769ab9059ca1033f2b1e3a5a

SHA512
4b704737441026c90a2e7ec9d97aa41979f5c2db8c3b60211ccfeed03373c12440ef434103e5930cdd853415d1960fcd77a2752ceb8cb9d9d5b4f2a4bd638980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
23a858141e21a386d3e9204b6053757c

SHA1
c63b1f824b5b212707816cb19cc97e34db9d23d7

SHA256
abd8938715e06d1880f81f049a29668638fba69f749e5ff64689a1c73aea1ffd

SHA512
79da105315d9813c74b36ed218afe2ce2841094e3759367474b1d330d41a2e2543e71e483faee6b9296ab2ec577e310eedf92b57b7ab8debf4f494ab1c76a0c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
240KB

MD5
a43f04d9634c1eb0f4cca131a23afecf

SHA1
6d4588b82cc5888eee1fa29426f0a0cc4cb0779f

SHA256
2713561d23e6021b79806dbb7b366a482036e8d191f42993bc4db93451e1842d

SHA512
21ee17926935b2aa970ebc85a5e05de9a16fa2bedb3d6937901b985b1c55152f7b21c66a22342ef5c0a5c14bc886dd04a47a3fd6ad456f14f2b7942ecf9444f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
c1801fe220dfa707557ec2a12a299a8d

SHA1
c1da9858d306ab3c6ed8588678584a488fa42a3e

SHA256
76e76f871b6976cffb6cff91606be13bc740dbf20e42cdf27e86495b382352e7

SHA512
67e613f8f4746a4db554825f677d59fffe8f333f2b457da914791544dacf59a9fcb4fc85f4cc167345c1ba06ae7acc28bf02753ef471bfb6fd3d4acc87629a4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
213KB

MD5
2dfc02138e139b3fa1ef807735c535ea

SHA1
1a0aad8aca36ef4f1b31ccac687b55933df0a86c

SHA256
6caa1f0e7d29554289a69d168e2278e20b296d0d1121e72ee78409eb9c260e59

SHA512
23d8000c2e0804276b1924079137d990497e2e9b70e63cc4ba0ee5c065bc3cbccbc3df63abbf1fa62ebd1baf035254c12b955f0e467f307cf63a92d358ea697c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
afe0b757d67388b7d1901a99e7b40f78

SHA1
0bbbf7a10eba851eb6da5aba7d2ddeb509239921

SHA256
90532294c7af5588e6579828554b45c91b32bd3dcc09355b9bc39d760e036675

SHA512
c4beaaa4ce3e1983ba2f259e521049294a77d732e5450a41e1a1156cf1eda7b2954ca79c5f4178da346712bb5b7e1e08d0a8b233d19338ae5110e809aeb9d1a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
e4ead1cdd55310968320cb6060ec662d

SHA1
367ed7240ee3596ae6cec86a7b12c909c2194802

SHA256
68eda27c61c5585bd9c72dd64820fef5589c9f0a8a7d3506e54a2ec293df784c

SHA512
49c04bad315947a2950314827f3a4cca2f7f6d6e10516b1651811522fc7db8b36644b13856e54c97b19b0c9c35f891c070ff8b308a6dbf8c80b114aa118ff8dd

Download Submit