hxxps://www[.]mediafire[.]com/file/7kmnatdlp9u0jaa/GenP_3[.]4[.]14[.]1[.]zip/file

Analysis

max time kernel
52s
max time network
58s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
29/08/2024, 01:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/7kmnatdlp9u0jaa/GenP_3.4.14.1.zip/file

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3336	NSudoLG.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133693677365224069"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\GenP 3.4.14.1.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3568	chrome.exe
3568	chrome.exe
3336	NSudoLG.exe
3336	NSudoLG.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3568 wrote to memory of 4792	3568	chrome.exe	81
PID 3568 wrote to memory of 4792	3568	chrome.exe	81
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3264	3568	chrome.exe	82
PID 3568 wrote to memory of 3508	3568	chrome.exe	83
PID 3568 wrote to memory of 3508	3568	chrome.exe	83
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84
PID 3568 wrote to memory of 952	3568	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/7kmnatdlp9u0jaa/GenP_3.4.14.1.zip/file
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe95bcc40,0x7ffbe95bcc4c,0x7ffbe95bcc58
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1852,i,17845484309620031850,9791496678123728870,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2064,i,17845484309620031850,9791496678123728870,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,17845484309620031850,9791496678123728870,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2276 /prefetch:8
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,17845484309620031850,9791496678123728870,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3068,i,17845484309620031850,9791496678123728870,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4588,i,17845484309620031850,9791496678123728870,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4720,i,17845484309620031850,9791496678123728870,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5056,i,17845484309620031850,9791496678123728870,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5052,i,17845484309620031850,9791496678123728870,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5228,i,17845484309620031850,9791496678123728870,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5400,i,17845484309620031850,9791496678123728870,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5548,i,17845484309620031850,9791496678123728870,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5960,i,17845484309620031850,9791496678123728870,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6136,i,17845484309620031850,9791496678123728870,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6000,i,17845484309620031850,9791496678123728870,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5428,i,17845484309620031850,9791496678123728870,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5280,i,17845484309620031850,9791496678123728870,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5216,i,17845484309620031850,9791496678123728870,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7000 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=7000,i,17845484309620031850,9791496678123728870,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7004 /prefetch:8
  2⤵
  PID:4468

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1728

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4660

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1480

C:\Users\Admin\Desktop\GenP-3.4.14.1.exe
"C:\Users\Admin\Desktop\GenP-3.4.14.1.exe"
1⤵
PID:2372
- C:\Users\Admin\AppData\Local\Temp\NSudoLG.exe
  C:\Users\Admin\AppData\Local\Temp\NSudoLG.exe -U:T -P:E -M:S "C:\Users\Admin\Desktop\GenP-3.4.14.1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3336

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004C4
1⤵
PID:3900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
3c2b8b63af205c16cf19305d551bf296

SHA1
1a2e82ca4a4b64cccefa2526d5f42c0df2250b6b

SHA256
f42cea81cec94e264a7dbd13a640833a029782c82ff53510bb27d2e8567c0c52

SHA512
a21c913bdb622ef4492b4df8fdc33f4213d0ffb41e52cb20f6fe1c7983cd7910783e55dc02144a5399b0d8d0718fc8f496fef9f92af68d7e1394deba2dbbda4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
fb72e53a02e5220251101265e4857ff6

SHA1
8be66be3fb9518ad9215744fa063549f6a940651

SHA256
0e5e39ce6a3ce193c3691470b5e177649a6a1b0cb11d49a8cca6d575f0c66181

SHA512
1d32ab09eb27310349ca81f9e22cab6da5064e6673acf953e89a5f3638e7f5cd84916545f7a8294134c03c1f08652a764cb93896a092cd82f1eb1ad4219c7049

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
20KB

MD5
7fe88b3b621156c7e2a1e41385d3423e

SHA1
48a4c83cdd9fe9a3b7feeef017f59a42d706f272

SHA256
0dcb8f6207d2aa479ff564359085ad8acf315e889d91699b4e22750e5bc634fa

SHA512
2d8f14a85d9716c226a3e24aa33e13ddb52114bf51f8972786296c18d61e4342c6699021abe23e67ddf42de80245ad13bf935eab11174d1a703b236b13676fb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
995e5e4f18cf55ffcb337bb654418b83

SHA1
1335fd2dab5d6ebda5046638846308139533bb55

SHA256
554058bce404b7f881da8174bffc8e127c9c73c366819ba21062124c9b1bcf15

SHA512
e93a5c3c87d266ee1f785e3af50bc8060a45314e9b6764b9e160222ebe2795c855f920caa2fcb32800fa039996c11160f468f2ba9558a853053868449d4cef22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1b282ad2d6550078e8a60d899200805b

SHA1
b9ae5ceadec3e619ff5007aa71b78a7c27796d6e

SHA256
55b44c642be9b15ebd30daee508ebacf1dec3d231762683dc407f9e1bfd900ff

SHA512
47e76dc0d2cd2e6e02968a99fbda4cdf1e3d4293aadacc8dbc64bc905b4b102b349d174cac8ca351bf36b8b50e8de3c0fcb547110c34d096c61f64648a5b0369

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
3a87f64cb38e7e30b026de79f91eb1e4

SHA1
2a481579a47cd2a194dbcca018986655a265ac9d

SHA256
db1cb81303c9458aa4b13e8363bc2004cda467e03181c18ccfe4781616b0cfba

SHA512
69c31734400ea9521cc9df8658856d10fb337dcf1d93ede9e1e3acba9698563f3421da25ab49d9369caecc8c5fcd1357cd544347c5ef6ca6468a785061e560d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
06e112ebafc0a4554fe1e29ab17c9438

SHA1
3155c84ea80f3ea3849b94b0754c64dd36f648c4

SHA256
9d0a5d3cc13e2b302fd3a62a531f907b5a7b6f0b75fbba166d610126f1b402e0

SHA512
7c4319b5fd401a950b8ae92e9baa3ca42003bfacd28b6bf32b80d101d3f6f78bb3cab4a936ff274917e2b99b61ec640229479cd89d65a8670a603f220c292214

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f70620886fcfec3e4e5caec04a774ffd

SHA1
1f7e1f1206995f572aca814ee831867d8cb44a0f

SHA256
2a3e2ad1c2bf58e1416e08e155a7343927e55ab49c97792b4889eb14f09f7b43

SHA512
e5f72d40ade9a2c44668bd669bee770a9b75932593516d9fd06c4f9ec3531b5788b4b3325a4f63e72fce483e8bc93644975b590d5dd826ab30975e2ccb50cd1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
752adf2fe406deb3babd76b633a1f2f8

SHA1
8fc891aa15ae0e9ab98336f165b2af098e8a9db3

SHA256
786b4958342712cc0bc0191ca75ab0b6ca2a8d06a9cdaac88b059c30ab5da974

SHA512
056a4d9c1b994d4e6cb697d9067ce6153afd40ba8067f5117042c6dfccc7f9544227983f28eeadd71346404698ea7713006ce620816dcdaf6b7e44d190742bed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
3e5aeab4ba10454a3420581317df8acc

SHA1
1aea1ee8520af3e5194e632ad0c309b0900083a3

SHA256
69b5d4142753c4c293a0f212216eac596d4116deec5fc8b3c8c241957c08491e

SHA512
efe044807e8df9550fd1d840e34143f7fafeedea3c4fd287244f4f3287722fe20bb6513b8012248b3c230ef9c1e6cdfdad78a198bf39be51fc1db9447f5e7789

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
477c0a1aee6f5637ff2789378b4659e7

SHA1
98f45ce5fef8f48672d759e490a09b75e5387191

SHA256
ca4b416b22d612f132bb78eab2c08cc2cdc22d6a48ba26fdafd4053400b86870

SHA512
6343469943d07c0ae3d14cbe6b76bf1861a93789dc7550f6ea7ddb0bcd39688192b00d9986b90b0d2e49a83f38c03682344cd14b36a7fddf4ed43dfa8b4bede3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
622a161a074ee1f4235ae496b5002069

SHA1
d231d338705b6710ce797b295eaea56a3d5113ff

SHA256
d45fc7bf40c0e6fd1e6804c4e20481712cc1903200a8bce3f09da36f9391f6f9

SHA512
b154c2a4a4081636c3492f5891c2484902eb5d87b7e3f6ac65b529550a69ac5eb13bd66fc6051c719f1dc779ede7bfd37e6d1884b3d7e994e2defeb320e547bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\NSudoLG.exe

Filesize
156KB

MD5
7aacfd85b8dff0aa6867bede82cfd147

SHA1
e783f6d4b754ea8424699203b8831bdc9cbdd4e6

SHA256
871e4f28fe39bcad8d295ae46e148be458778c0195ed660b7db18eb595d00bd8

SHA512
59cce358c125368dc5735a28960ddb7ee49835ca19f44255a7ae858ddd8a2db68c72c3f6818eca3678d989041043876e339f9fafe1d81d26001286494a8014f0

Download Submit
C:\Users\Admin\Downloads\GenP 3.4.14.1.zip

Filesize
882KB

MD5
6b104ba9deb749a6b6ce88b9c6997dae

SHA1
19d9b52477606b78bdce568235c0acb9321c1bc4

SHA256
14ce93ae01d50b9d2ff3c36c3edd574a9f8bcec56451f3a865fcc210c617a77b

SHA512
26c804cca16e78016bead5fb43b5c2bca279beaf7edc062f756b43788dba89c49b9054028a271fe70bb1657ac61c704c0ddec38595b885cbd0d94cec1aedd885

Download Submit
C:\Users\Admin\Downloads\GenP 3.4.14.1.zip:Zone.Identifier

Filesize
66B

MD5
91a932dcd7bffe18428528359af8f18f

SHA1
bee30924f7cdee4b6332c7e53726c14e0e5acf36

SHA256
467b8610308d08ee1a4d30fd9ed93e238352b3020d19a8417c51df22eed98b3e

SHA512
0f2e141a64a55088b078d789159fde7bf407ebcd5583528a380cde89f573b104c29045dc1dd923fff562e4bbf1f710443a2ba5d617292cbd625030bcab074fc2

Download Submit