4a9d815f284adda187982e2b24da2beaad860739bc4b4cb1cf26408e7c221dd6

Analysis

max time kernel
464s
max time network
470s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
30-08-2024 02:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

capcut_capcutpc_0_1.2.6_installer.exe
Size

2.2MB
MD5

c91e097550ea6ccedf592d8b83414e0d
SHA1

021f3f26d86f98af28dc987baad8714f64867207
SHA256

4a9d815f284adda187982e2b24da2beaad860739bc4b4cb1cf26408e7c221dd6
SHA512

916898c9850ddfcd2c11da7421eeffc4d48406d9ad4787a4dc572ec17a81a39edd30733aa8cccde8b31450ff8031e3da68be019a8a0eff50c0a17ed4fa0aa3c9
SSDEEP

49152:uGVKq6wrr98ArcTTuVMZCC8GYCNbFLg3dlXI5x8oaigMv3Dh:uGVLprJ8ArnVMZCUPFcNlXID8en1

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Loads dropped DLL 4 IoCs

Processes:

capcut_capcutpc_0_1.2.6_installer.exe

pid	process
2524	capcut_capcutpc_0_1.2.6_installer.exe
2524	capcut_capcutpc_0_1.2.6_installer.exe
2524	capcut_capcutpc_0_1.2.6_installer.exe
2524	capcut_capcutpc_0_1.2.6_installer.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

capcut_capcutpc_0_1.2.6_installer.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language capcut_capcutpc_0_1.2.6_installer.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	capcut_capcutpc_0_1.2.6_installer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133694578964440650"	chrome.exe

Modifies registry class 1 IoCs

Processes:

MiniSearchHost.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

capcut_capcutpc_0_1.2.6_installer.exechrome.exe

pid process

2524 capcut_capcutpc_0_1.2.6_installer.exe
2524 capcut_capcutpc_0_1.2.6_installer.exe
1264 chrome.exe
1264 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

1264 chrome.exe
1264 chrome.exe
1264 chrome.exe
1264 chrome.exe
1264 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MiniSearchHost.exe

pid process

1980 MiniSearchHost.exe

pid	process
1980	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1264 wrote to memory of 772	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 772	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2192	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2024	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 2024	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe
PID 1264 wrote to memory of 4648	1264	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\capcut_capcutpc_0_1.2.6_installer.exe
"C:\Users\Admin\AppData\Local\Temp\capcut_capcutpc_0_1.2.6_installer.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2524

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf723cc40,0x7ffdf723cc4c,0x7ffdf723cc58
2⤵
PID:772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,10314288644889668312,1096512915040933141,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1904 /prefetch:2
2⤵
PID:2192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1892,i,10314288644889668312,1096512915040933141,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1940 /prefetch:3
2⤵
PID:2024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,10314288644889668312,1096512915040933141,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2216 /prefetch:8
2⤵
PID:4648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,10314288644889668312,1096512915040933141,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
2⤵
PID:344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,10314288644889668312,1096512915040933141,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3400 /prefetch:1
2⤵
PID:4576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4520,i,10314288644889668312,1096512915040933141,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4480 /prefetch:1
2⤵
PID:3704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4600,i,10314288644889668312,1096512915040933141,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4484 /prefetch:8
2⤵
PID:2320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4672,i,10314288644889668312,1096512915040933141,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4668 /prefetch:8
2⤵
PID:4672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4372,i,10314288644889668312,1096512915040933141,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3884 /prefetch:8
2⤵
PID:1568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4484,i,10314288644889668312,1096512915040933141,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4640 /prefetch:8
2⤵
PID:2108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4756,i,10314288644889668312,1096512915040933141,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4804 /prefetch:8
2⤵
PID:2884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3592,i,10314288644889668312,1096512915040933141,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4760 /prefetch:8
2⤵
PID:2332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4316,i,10314288644889668312,1096512915040933141,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5088 /prefetch:1
2⤵
PID:4692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3356,i,10314288644889668312,1096512915040933141,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:1516

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3920

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0fc251a794246a36062dcf1aad54504c

SHA1
465d03f70bb6ce522aeba39fe26659d2de4054e9

SHA256
bff77c718e1c2669f2fec5d7f78d7b0d5df5d6cda58a77ae77f9041c9a863aea

SHA512
f335ad27a1b700a5103751fe7457ab8104bacfcea40e07bc45368d52d2a07c7c4576ef8ecd5bce0812957ddf57b695053e5a11933f9a15d03b019cc31ab9149e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
37132f81baaaf19b3927af230ef43a42

SHA1
a798e61fcc91f9945871c725ba8e151e1d971cc5

SHA256
e226b26f0805e6321d236db5fd84255cec80ffd6d8c6af274fcfb7db584727aa

SHA512
2136c1554f8f8be4363fdfc33876bdb3f2f0ed574104f49237305540c6a963c109c38e5f5c493bbd6bc2024382f92f8f7dd27389a21219eaecf5650aec5f81e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
d73921fb2cac08764591ba53b7021d83

SHA1
0e78a6baad00507179c1c126dab32ae415f0c451

SHA256
fb64f3dff18feaf82f18571e6ccddbbdfd475555dcc21c7071fa0615ea1f663b

SHA512
02c47877e803f6cd21109e2c30ebb28f581111f4adc777675a7309132f42d826eb879723a4d2cfe13d5004a3f93caf1d7eb456ab35215d12674dcc2fb0d3760a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6476f456dcbc14bc51387b026ad0c657

SHA1
18ab5dec2211dbbc543c3bfeb025f53c6a72b48b

SHA256
69e3dfdf31cec5e1f58872759770bea72df763bbf2a156a57efdd8d56b3b69b0

SHA512
bffd5defdfa22f2d7421e4b9515f7ad80ed3904b5c352fe931319542598744488e88856f5d03a77855d871f7c25bf518885adb2989ea668d18660fc64999b339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
89700c815fbf1a3287b8c3bdc7b51238

SHA1
afc2e13576d862789884c4300b9a39c7cd8e6504

SHA256
da1cde2c57e068ec0e4f51c710b494d07c2733b82dcd70964083f88507c0400b

SHA512
1bb9cce45f5060af88e9a6f9b91f735e6f49849525a12383ca410b4f89331c80fac422e42ebbde2760c7e65dc185dd5b6eaefdffad1300ae6e05161238b123df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0c73305a1b7aa843240c53e8a76bbc48

SHA1
0f6211f54ca54edfb9514746bc571613150e72fc

SHA256
ba5a604922d70234b0b5db4b8453bd0a5a7fd96b1f093c38e1fb16a93a95988c

SHA512
2d5c1bea7933095bbd7497c0c0080caebab2a98ad4a0a0e1fb83528a57befdc0422b0e05b5ce44371f5d007281015a6ebc2e8ffaa7c23819a771a2a0fd1c060a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
8a77999bf4914686ec39e814727c20a5

SHA1
cedf69e30b3eca4f4e198e8e6af212d85f30b766

SHA256
638fca7144786f443735d0b0473ba5060d4206b9b5636d1cce878b829f5ac080

SHA512
264ccce77a71ec3e68c6ada447815d6564fc7115bf24974761661845bdbde86fcfec941aead0ef4c02db7ddbd674c2aba6ccc7e15de463d0370ca11c5bcc3d75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
14560a8a27904c7c63eb0861a539a8ec

SHA1
ce1f2b6114ab5e87da115548b256031395bbf131

SHA256
a64f5b153874e8289c230c73afc18b9a5d12fea96bd92a8dfdf1ceed9dfe84c0

SHA512
327496c66d1e1bcae0ecaf1780cd284c448210de15c187d89ec5e0ad5560da50daa40464cd82d11b5ba1b6f80304192d7cfd65c680ab5abfa82a0dd9e22536dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
27cbfd3be7d750785dafdae28f5c5738

SHA1
0195ae26b9bac24dab5963147c4af90dab7014fe

SHA256
b2f34a8fc0fea2c67e9c0e1cd1dd5e27123bcb910382c15130494c90864d9e50

SHA512
fcabb977ec45ebc17d5db86e943ba9892bbb7ac725fc5b792c0cdecd767829fb3d2de9f26c80f1d71377bfc99f42d99efa3ab4416b42254f75f626962ba42b68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
1d5fa852fee7f46e51b44064a0d1a73a

SHA1
e94209731cf210af1cc3ea0dadb8f46c9b8d2761

SHA256
6ec535251806e776be720852b2346ba713740712d19aec7cdac2300442edfd66

SHA512
08a54af94f3322161debf4690d895e386126d750faabb5ed280fab53fa205ea4a5b668c74d11d54c16bbf2e4812bc782c10ad9903a30ff4d8b3c8849605e3b75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0c2a6e5603806be925dcdc862ce7bc15

SHA1
e7a85dca84b6b69699fd6733676ecd7abdf5dd5c

SHA256
9deede7c06db4e22e099674a4663fb23c1695ae3adc02f8e8763e707fc52b267

SHA512
3da8ff78b6d0d1a21df9cc308ad7de2547f4553c3c1036600907c39f62c3b2362aff5d118948c31ecfc3d1ef9f1c552407bed3c98bd6811d017f5e8c962bd67d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9c61b140e60210322b1354da81fd5cf9

SHA1
6d29fa1cd1ac632579bc4e3ee39c87bdeff9b58d

SHA256
09c58af553979774b32551524c4d02ee816370f46744d1b5d188a9f48cd6d25c

SHA512
31b42fe6951d6931b83261f41d99aba3ab929fb626e7dbd8b1a41afe89af8004f881c6a342c9d34ee3df3fda96a6761c633504a6f931520b7222615f167e410c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e89b42ee8e908fdb6d3c6418f42df1c1

SHA1
72018c96cc92eff0c881709b3503a49d56d38dec

SHA256
566cb3eb37d2b2835719d384de4ee5e674e4c3b28e5a19320fdaec70af74a246

SHA512
824e87e456362c4675fcbab5c98a82339a9a742ef0e4d4fee8022f3e72d5d04b4d03bee5c08142fb62cdfd7ccf582c2bf5df9cb50dbe7f4976480090222e9065

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
82905c10f05fc1a2c7f235a8071e5ba5

SHA1
ef6fa505964016d5a1122c3de1f10cd028588371

SHA256
16665df3e790d632e4220907b6a55119cca4cc8f145b8b94d866372985564bcc

SHA512
f76b137ebcfbd8030232b74eb3a1e3b9e922f0fbfcd7a99d56c56499c6c0e24effffb182a6191f7a2f279be6ecd40ed2fd936ee19637471950a552bf1a13552b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb80602560f1278997bc0f7399f2516b

SHA1
959734b5a4f6fb22ccc6b89bdb8d9a13e3de7c8c

SHA256
25e4acddf2e07786533e000ccf89d9b89106ff79f4fd8cbc7c1a9dbe02dd0686

SHA512
b1e8e6adb4549d067cfc5b185dc1560a5a523231f7ff7a5feec736b1525bdc72deed2528231a7fdc9ac7f2adde075a0b372bc6bebc683d1fa4f71263e6da7040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9f05ab18648a5f33406f351e782e9e66

SHA1
1a7985ca618444d24a7ce2df2625cb497bc75ac9

SHA256
0ab65005cc5b80ad4b5dd9da42570f016bf897e657a8804ceeb0470604920cf2

SHA512
a52e276beef845bfa4f5c5529eaeac1dc5cfdc6440bb8bd367dd1c94e1f1a3ec9e916f1471383617f643753b390969f9b7f794623b11e1e0162e5f7e3fc6c4f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ddcd1bbd85daf80fda61ad133c53031e

SHA1
e36df95415c7e3a6b1c77f9b6b3d9312039d5c4f

SHA256
f927975d63937712fde3d45d4e7fabbf10f79911db7c845f4cfd6291a9b593e8

SHA512
02a2550fb1f92594e7a30d9190488d8c0f98aedf717b29f8893b7a2ded5385cd98b4bbb468d774ecb909bdb1231ebdcfaa1dba9442b63592b89329dfffe4f82a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
da7f61ccab0e7d0d53efff140505c09b

SHA1
d9df4078b6120da4f2947c07c6a9bfe74a359c07

SHA256
a008e280b692ac72470234f2c21148dba633bc6ccbe78f88e5fa3513393736b1

SHA512
f4072bbf3d223f81bec837ec8b08db221e7758aed3ec4d9a82869311a766dcca19c81ff0263d1d3fb4b6cabafecff3b0fe2aec9b3cc1865890d48b9a37fa7c14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6ae6879b7aa9776b1955374948d03c1d

SHA1
7911453e2043afec7286ba81d8e7ebee4123c197

SHA256
5aa4c8998989eab42a63e5ece2d9fac783e63c145f66b249626d213f46716758

SHA512
9ae5ffbfdeebe21404eda92c295691a02b390ce9b2876d200b7a73546f247ead14052141f873341b8a6a4013e0293a9eebe98118251bcdca966ee968c5f743ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6f3f42d23734428e7038af511ccfbecb

SHA1
5a7f04f378d0e8f6e55a67479111f9109a6b118d

SHA256
6d3d499fa89fe3d639d483c6594285e1fee817699f09cbae509a6851bfca6339

SHA512
86b5304e1d7f350b82b31ee0e2f857f0f5c22516779712014bfbf2242d3a533fb1eb852d0a036dc7e1148092cd482711f205624f3daf652bf20bf268f456a83f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
30cc7ea926372103b73d66634cf045d8

SHA1
825480b9e284570d155c3bd70f1bf8e80dda132e

SHA256
a52ed42d8eb7f6641e895684112ae526d33166f39a761c0125840381daf5353a

SHA512
fd0041d7d1755ef6e223a08fe2aead5ce42b87f530fbda1af12c39d9e83ccf024d3884ba072bf9ec815970624139048744fda69f0226defc2363f0a896ed4d51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e9d69737c620fb1ea28b364bc4589422

SHA1
8b000ec930da31a0579fe4c83885ed1f6da5200c

SHA256
44369a66f8f4dbbc8057395c3e08a8ce0d4e1edb156729965f66020a40949b98

SHA512
d47b7728ac167671788664f3117f89bcca13ada830b7a934c0e2f959647df1e2e1649baa0e520f2a1eecffc397e84e602f88ba7c70c92689bbe6e4772036c556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
17b8f8ea1997f4bdb1b28bdb6fcf10a9

SHA1
1f6dfacec85af9a88bebed30ca609e9792f07071

SHA256
eb6bcbdf2937ec9cbb3bf22689c6fc6f2a266c719318aacd27d4fb8afcefca20

SHA512
a2059f826262373b75ced029a4b6db16661d01bd26ec551a51e0edc3651a859318056ed98979d3c9c5969f21658ebe1997a415d8a1d91880de47e2de9a00e106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
652b99193c1b2ddf172c71dc24fd118b

SHA1
410440fd194b1f243a4fb44e07c66debb0fdbec7

SHA256
3a23af2d3bdce79f8b87453e6eb9421ab3b8a2d793919a21194735a2929e4d32

SHA512
183ff79cba22297a8e6f3ebe7dc2aab5869bb7c99e50cb8706b24a56cffc104f5bfe84ca8cf377f341373ebec3a204ce721a653d1f45585bec34b2204d7d0195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
e61acc411e4595bd3645d58c0cc723cd

SHA1
744911d6440e9dfb5b7f576a73812864de1ccf8f

SHA256
b84981c18745314d1672bb96b6ee7bbc4efb8ff564aa3cd66f9d290c73c2e6f4

SHA512
11cbb54ea55b5a3337b5105a69b49be2e3e7ed2d5b217b23e0385ce350fc4b46af56d4bc8fb79fc6d41b4abe97fd174fad266624028d45d252c3dd0ac30e8bca

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
3e1f5eeae74491d8850ef2c8b03a9a3b

SHA1
0c02c9c2550107de6dd0eb740ac5668f292883c0

SHA256
66756c0edf3925de7bcb685385e2a4f0b854cffd796a9e90eb1ed064b1fb0e30

SHA512
7637f0807d88dbceeb68823a044583e2248ac1ba73c000da6560f94075635a27d15970df7e52f8315bdc2f1c45cff6f1ab7690e916b58307a533f8df24329c2a

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
26d98b946f17c556ed48590e1e6afa3a

SHA1
e8f42f8fc64a498a5549da2a7e687f65346ebf84

SHA256
b2b3884625d0b3bc36888649d7c3a9187a29aa782fa68a3dd5ddf82f19ed9f91

SHA512
f09c4a67232efa5cf2a66bae57a2222b89fb45700da028a37598fa6b3cb760a8a84609a4ac91d4b314bc5e32f5f5d198d048ffdb9804b38d93e741a87285884e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy7531.tmp\BgWorker.dll

Filesize
2KB

MD5
33ec04738007e665059cf40bc0f0c22b

SHA1
4196759a922e333d9b17bda5369f14c33cd5e3bc

SHA256
50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

SHA512
2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy7531.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy7531.tmp\downloader_nsis_plugin.dll

Filesize
1.2MB

MD5
f181413906a465fd0dd68cc4a3d98803

SHA1
5aa28be48047dd0b672ab98d5e7cbd8260486b4b

SHA256
e28ff7b8fc4b1eb2d1f394ce15de2fc031cda58db645038c8c07581c31e79dda

SHA512
8d0116bcbc3938b2ebdddf77dec87e4b6c872382d20b555571b0bc3e4a35f88d16bc450004f875a8271165b71bdbae5d4d474a5bfda4c7787da63f4325009c25

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy7531.tmp\shell_downloader.dll

Filesize
2.3MB

MD5
c052c0a2ed833d924b7799625413ac1c

SHA1
bdd08a29f4de283ba0eb3cda4abc26f6e85d4d5e

SHA256
098972cf9ddc9d574130e025a252a99b278de9cc0ae700acfb8c935c24eb1172

SHA512
89e67c29d5d8a401a70a5b572844f24bfde82d5d4259ecc5e6f12be0ddb434995a2e985914fc421973998e3fdc48b133e269e8bb1da513ec66199f01060162f1

Download Submit
\??\pipe\crashpad_1264_VKQDKQJLYCMLXWAQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit