b17cb39f3d9da2e11a0f098e075fbd104327cbcf2143ccee63fb1510810a9d09

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 19:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

loader-o.pyc
Size

61KB
MD5

4da1c2751b1ab14235592b98665387e3
SHA1

e80b3e2288b4a56bb16613297c0145375769d023
SHA256

1c492f435f72342a73511d72a4ec41cb314789d46cb0a4a9e4adc7ddb5883c97
SHA512

a0fccc1d2f66c90234156c6c6945301ff7e96a863a83a42d64eacf5b3338d8e4f8f8996728024c84018ef001ec7b17f5b4106cf8fde096fcad80be03d2c300e0
SSDEEP

768:lU5RsdBJeuqUIx4Lc11n/ijkGIVY48maOFJfuuc9oLmgj3nHvVZ0FC:lU5RCJeupLc1JKiG4/a2J2uc9ojjXvf

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
46	mediafire.com
47	mediafire.com
48	mediafire.com
49	mediafire.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133705557132442927"	chrome.exe

Modifies registry class 13 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\pyc_auto_file\shell\open\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\pyc_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\pyc_auto_file\shell\edit\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\pyc_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\pyc_auto_file\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\.pyc\ = "pyc_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\pyc_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\.pyc	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\pyc_auto_file\shell\edit	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\pyc_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2718105630-359604950-2820636825-1000\{A6BA5C0B-2E15-4BBB-A1F3-B99175C05C4E}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3796	chrome.exe
3796	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3408	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3408 wrote to memory of 388	3408	OpenWith.exe	97
PID 3408 wrote to memory of 388	3408	OpenWith.exe	97
PID 3796 wrote to memory of 3624	3796	chrome.exe	101
PID 3796 wrote to memory of 3624	3796	chrome.exe	101
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 4584	3796	chrome.exe	102
PID 3796 wrote to memory of 3732	3796	chrome.exe	103
PID 3796 wrote to memory of 3732	3796	chrome.exe	103
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104
PID 3796 wrote to memory of 4540	3796	chrome.exe	104

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\loader-o.pyc
1⤵
- Modifies registry class
PID:764

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3408
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\loader-o.pyc
  2⤵
  PID:388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8d344cc40,0x7ff8d344cc4c,0x7ff8d344cc58
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1840,i,2931969163835062229,16428341006875166429,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1708,i,2931969163835062229,16428341006875166429,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,2931969163835062229,16428341006875166429,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,2931969163835062229,16428341006875166429,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,2931969163835062229,16428341006875166429,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3660,i,2931969163835062229,16428341006875166429,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4872,i,2931969163835062229,16428341006875166429,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4884,i,2931969163835062229,16428341006875166429,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4868,i,2931969163835062229,16428341006875166429,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4708,i,2931969163835062229,16428341006875166429,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5424,i,2931969163835062229,16428341006875166429,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3424,i,2931969163835062229,16428341006875166429,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5780,i,2931969163835062229,16428341006875166429,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5756,i,2931969163835062229,16428341006875166429,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2072

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4604

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\25e2ddb5-a52b-4f36-a703-c11225713897.tmp

Filesize
9KB

MD5
8d6b4b37c96f232d9baac0393376aa6d

SHA1
ccb6b67f02a178413b35c75084e04d84c4cd4eab

SHA256
968249207fc49b0904ff7822cf8bd851614245f2168e6bdbf15d90d23168991e

SHA512
7466b2c9022417cb9726b1e5e101dd7942004e0fe926f07635ebb0b160bffe69e8b93217b5b8717a99459fefcfb91980d7eb1ca20e7cd734da7a76815555c85e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
21a0c58ea7507815911e6f2daf2268a4

SHA1
d36fec2773006cfc2af4f48754be23875e163631

SHA256
ed64e2d197c1b2a5cf8edd26ca8878b3a185dea1d5be3a72074ca8c05ec3289d

SHA512
ff2ab63938c07b77e0a9d71e1e6d93496c870e8a65f61e52bbcdb10223aac7b88d2376789002f80333d3fc25e0b953921d844fee337bdaa17ba9552f0b83f166

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
c231e533f409f4b736a2f6a270b43a86

SHA1
18471278e625a5de755855241c2f2c679731c82d

SHA256
bb1fb8db90838413f79ad5785394a0533c3a24aeda1ce4ca92efda81c3fa830c

SHA512
028120eaa838a832fb5041671fdb267429508f79f44d3c74b850a36f1f21a85af7c07a18cb663603481d7ea9f8b5abccf689f0b7da65abe9ebb1743cacdd02ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
2f0ef9fe1d170b792c08332db0be67a6

SHA1
fb6922943350b4e7bfe23905f4e733f3771e7e41

SHA256
58fcbb42cecac13d73f5be2e9f0171e92721a5c3d19a937789b1088f5c148426

SHA512
d847494619b271269281584424418ce993f5b0a7ea71506b3272b6a54e5ab24d2dcbcd4a4394f95127613548f6db705b7378edb17782ffa5b356ee4757f62e82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
a68ff9b3d685dacd472725b8ef3e9017

SHA1
63e1b1e716512ade41a6a2052b18347869e9d554

SHA256
a198b24bd4134cfdd65441271497e1f809af6de4f9d14b1ac45f6a484388ea6d

SHA512
5274dd70a81e16259315afaff3d383661b019c2c7be1ff190f4dcd6999e4d81c92541fde5a63b8265d52cc972eb585d61c82478a0dc5288a418521847b221cef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
46aa17c2f52f59f126f4fc2bef1f38fa

SHA1
091f9e3c3a51ce1ec54cf70b6510695d46ace5a1

SHA256
73d5859d3dea36ce30edf8e081e1ee54ebbbcc94cdd7750991fe637f9a9a9c04

SHA512
7f9de54c573a648c9c0a9568c3d251aecbeafcc0dec2c3ca6c3798885539d44cee88e0d05252d1ee1963c4b228208205c1ef936fd82154697eb53b8815e005b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8aea01bd256f2d3473c0e850d3f67e76

SHA1
12f2c07f5eb772e810595b672763a4f590383097

SHA256
d1a9226b25ce40d62cc7d1523ede5772ebf38e82414c9ce5668bdd177f6d81e8

SHA512
11d60b149f6f08710299dd84ae146ddc59acd52b64338dcc3516ef94a4308069bf4d864091e826c094db2b1cdcf26c71c40ff174a2821ce13972ca57457ea80e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
58c0450e540539eb1ddc4844ce77d722

SHA1
743779bdfaf20603480910a94f5d86588d5218df

SHA256
1ce45fe99129e0ce3bf03e382a05868221713c37adfd28cbd84702353ab39af5

SHA512
dfdf78e1080360d4440646f16a84c69544d8fc1ed226a7c7e2ea78aa0d747684eac969ac651f7414ba7a972adf83e27b86e5daaf4d09f0e97c6b762dd71aeda3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2b878ae396a02fba1863800323cb8127

SHA1
d966e246d1fb213e98de45dda48cb394f9df6212

SHA256
8e24720ab7fee1529266137df3d277b7705b74d73691b296c1ca5bae6634ceed

SHA512
737487169f5e23847f59ee731bc07cd8a7b213815d1e216a9b3f1c3fc4ebf8643d766a77fc6578c4d533bfcf5ba27c8261ac2f545631a35049503cf157f58f6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1ad44ef1d373637671907a0419f42983

SHA1
ca6c0ce78b22447040fdf9f49f5ec6a74304a375

SHA256
9cee2e1c8d579940a40e3c3eeb5915e08f6893bf6070af9a729996f6e05b64db

SHA512
0bb04812e11eb19f643089850019d0ef9147d7628021fcf30c33e4255442f4b60d163edce5cbfe2df3a586e7cd3d91648e68d5a8facd3d7820dfe455d27d6fa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f9bcc5680bff9906e21c06d4a91be320

SHA1
cbe1c7350c25856b6f52223a20a09389311a96b6

SHA256
90ab9638206ad98c04a22629dcd7a459729b2234d5f529ef110e9bd5232e144f

SHA512
eb121ca3b14482bef283ccbfdbf2476f650907ca4b7a7f43c676c01664b72a5ac720a2c6423f15ad98b8e1a1462724d5d70bc6e42d0d6b5d86f06f9a3ed53081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c7d4a15d531f1074dabfa46986c9d3b0

SHA1
9ad98a8ba73f27a5daf6037f5fa91a56bb87b392

SHA256
a324bc7f8e77823daebe25f8e8a94c7166bcb7f0bf8280109c12649f992f2ff9

SHA512
5d127413519c494330f301c01cb653a0d45bb99c16cd566f5d2fedef421a3f60ffce4a112bf5d6d281b327cc791897d439050b712f0ddc665e6c32eeefd48feb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
616ef193c663b022ef25149c5017b146

SHA1
13553a4bad7162f6101cb12db1dbeb7c3a4dc347

SHA256
30dce04230eee734b28297759da11388b8b8deee63653b032cf98c7664416b0d

SHA512
d43b15cc39477c33ddda4200dccc5db204b7a7833907e68e78483ef18341b6e46e8a79a04d8d4f8f47b7eb482242b8a27928e75f329292585f70f6605a172444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
644f743d72a8c2847ca15b594bff7976

SHA1
f82dc439eb1350525151efb8a8fe402fb68eccbd

SHA256
65dced1a2a22b18d113410ba7d401d1b102b3c8a67278df6756b0df0b47544fa

SHA512
22cb967bacc41b7d34ca2e128e00937daa48b0fbdb171f742d3c8819bf065d5e0e9f8d580a2a1dd71de5753c00904e2a2ae6f7f0cbcaa696e012f4d89f01b2e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a9196450e630992ff6b7d0a4000c086b

SHA1
2089fe5ab3fef257d1f931162bf241e83b7a3e83

SHA256
6a87f2761227488a35724c0f16f453db58097a1ee04892511929219642ee026e

SHA512
630455602dfde7c944b157e33a40b2f742c558b354e0bef049f79ef0b2bfeb54f134f8ea2ab39caea3eb611d15d6c8cd43eb181774fdd9a0804d7ef45ce433b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a27b00dab50cb2f93e9279ef39af9ad7

SHA1
ff76f3679f15c13ff3a8209cd1799adfa0b93303

SHA256
c949084fcc49f8ce72b12232999a67a7d2bb54366c9d42ff584c55d7d57aba73

SHA512
49c661dfaf826218fbb5ac23bf48bcee16ecac09ba67dafac5c203f166ea24546ed7acde5e9997de7d68aa03cc019fd7d4b3457a984a4a853280bc6786cf39bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
206KB

MD5
757263f3dd860c6a5b8ff6c535c065a5

SHA1
f291c10c293e98b1ad71f07109af234e50d128ed

SHA256
700577a1c45cb880f5ff9f9939d8a589756797e36c4469767294411483744277

SHA512
7c3f2f07fa70c7af4b6068e117023caa453be7e75f85a248ff90c966e655eee799f977ffa0033a22e770c68376433efc2814fa545185858ebce7fdee56195298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
206KB

MD5
b5d0f1041cdc861cf7b9ba12149f2199

SHA1
446d2a27213b6a6aa8531e5338cfa6002013b3cc

SHA256
91174070810db99719f1cb8f761d4398a1115ac2c2aaa6be70364f89f8e7d1f5

SHA512
7f30a01596079c317e5e1c989297b3a9c72a572d797185efd85446abbde18741c1f082e09db002a1c82c97e32f9c8b08bb4b3c8698ac932cfe834e7ca9294125

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
206KB

MD5
02d2d29876fd33338e8c7f0b314d85aa

SHA1
645fda227abf6139cb43eb628028906433f58ee9

SHA256
578c8591eb002710195aec016e7e2cdb6d6512d9fd6cde17b02ad974e45c8cb1

SHA512
8f3f9b27515b42df1d8b0444bd27c7c58b5184ae409a4ad5008d92d7bf9415e6e16be294a6be709ca0af7c7c51ad42a6b01e5a01fe92ebc6f6749b397142e6eb

Download Submit