b4acfbc4174469c9aff54043442223afe559dab84954e4b51b64756fe2b045ac

Resubmissions

27-09-2024 20:25

240927-y7q63azgkh 10

27-09-2024 20:17

240927-y2m78axelm 10

Analysis

max time kernel
571s
max time network
414s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
27-09-2024 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Minecraft/Minecraft.exe
Size

275KB
MD5

9affb7fa676cf886e26db62cb2551049
SHA1

5a9c57cdde1e326176c1c704b0dd99a204206708
SHA256

3e9d47b28ef50dc9e05f3960b08ab706eac8e335378f56c8cb10f8e50b5ea496
SHA512

bb5cc56f1f0ad058dfa47505c355536803a2124fc2905def17155c9e67bd66132413f142df8ef4119a08a5cb63f988e4e3f0f05a6336e139f994d6e46190f59b
SSDEEP

6144:O5/1evXsbwi+ifQFKgkFNWhWleeKkfv1FX9:OB1evYGiAtIWhWlGkfTX

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

Minecraft.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Minecraft.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Minecraft.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133719428478890977"	chrome.exe

Modifies registry class 21 IoCs

Processes:

Minecraft.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Minecraft.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	Minecraft.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Minecraft.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Minecraft.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Minecraft.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	Minecraft.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Minecraft.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Minecraft.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Minecraft.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Minecraft.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Minecraft.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Minecraft.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	Minecraft.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	Minecraft.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Minecraft.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	Minecraft.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Minecraft.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	Minecraft.exe
Key created	\Registry\User\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\NotificationData	Minecraft.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Minecraft.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	Minecraft.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

980 chrome.exe
980 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

chrome.exe

pid	process
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Minecraft.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	740	Minecraft.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeCreatePagefilePrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

Minecraft.exe

pid process

740 Minecraft.exe
740 Minecraft.exe
740 Minecraft.exe

pid	process
740	Minecraft.exe
740	Minecraft.exe
740	Minecraft.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 980 wrote to memory of 864	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 864	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4928	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 2620	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 2620	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 4680	980	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Minecraft\Minecraft.exe
"C:\Users\Admin\AppData\Local\Temp\Minecraft\Minecraft.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa788dcc40,0x7ffa788dcc4c,0x7ffa788dcc58
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,7973851087101089340,1966373825263440384,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1804,i,7973851087101089340,1966373825263440384,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1752,i,7973851087101089340,1966373825263440384,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,7973851087101089340,1966373825263440384,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,7973851087101089340,1966373825263440384,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,7973851087101089340,1966373825263440384,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4640,i,7973851087101089340,1966373825263440384,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4668 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4660,i,7973851087101089340,1966373825263440384,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4396,i,7973851087101089340,1966373825263440384,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4400,i,7973851087101089340,1966373825263440384,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4964,i,7973851087101089340,1966373825263440384,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3320,i,7973851087101089340,1966373825263440384,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3444,i,7973851087101089340,1966373825263440384,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4784,i,7973851087101089340,1966373825263440384,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5300,i,7973851087101089340,1966373825263440384,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5428,i,7973851087101089340,1966373825263440384,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5516,i,7973851087101089340,1966373825263440384,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3040,i,7973851087101089340,1966373825263440384,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5660,i,7973851087101089340,1966373825263440384,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3600

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4948

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2880

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3f9b8f07ad6f05d96492c5f7ecc349f9

SHA1
81c7909b8c453f0b1a374adca8716d2bfd96c924

SHA256
38c8979787706dfe244254889df00a5f43e6e7e115404cddf5e8c5b3d7e35254

SHA512
f5aa9f0fcd02a2081e283198a196dee02d7789e4ec2666e154d82e136c0ee7e2c06b2183d26d6b568d1e4d3a032058244f170ed594e3b44788d2b68c5e3dcb55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5228731712098b147e266d8a730649d1

SHA1
7aac7f8366bb55e7acd11c5e2d73b71baaa8e074

SHA256
20b9aba8ee4b05a05ce65b5a50ced5b3eaf525bb69ee45893f73ea968bbd50f5

SHA512
dd4ce7a078bdc9a0233418af7f447e07148d7cbc77bbcdff949512a1d9645596d12a61c1cd0efefd7a759af271f2e06b1ec019157f6d2e4a888424fc544295a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
45d9c23de051eddabc3cd283400e04af

SHA1
1fc7377ce08dd9dac7a9e87ab0155b5e36df6424

SHA256
80ea20e3fc79d6278d1a134bd869f93fff34f3012a1131f251a80f5e9d85c73d

SHA512
fbb6794eb57098d9022e22776965c3cf799596df3ab4035cb4d02cd823c2269248e7ae4c9d0c7ac5a16dec793f03c40bbb70de26df1a725cbc356f50246d0b5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
803800342e02a95555983732457f26a2

SHA1
5e8d13bb6b00cf4149e73ef7619bdca537a23fd7

SHA256
f1f62e3d417a362e141d97ed8890900e988e4d34857c5fc1f8a90230160f02c9

SHA512
6e376cb3a0a684a1d9c08e79192c3ed936a50d3c566d12fe2a0964a0eeff8483e40caeff43faf6fc26597b1dc995b7a99d133b91fc61f9b4cfea57241395d580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
8c19da80e0720e6cf7de83349cbf0185

SHA1
478aec7e530c9518de912776a846063629c12a5d

SHA256
b46290dcfc5affca78973e201b98fc5bfabdce694814f2004183ba35bbbe9243

SHA512
740e734e88849441dd09fd554a29e9633b3a94205d78439cfac5914835c54c681bae7b0868546f42e1fc65b17f190e608b45944c07b85ee31b6448ac58c5acb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
386e67609e6103086c62a53c5cc02817

SHA1
1c9c98e24c0b3ffe3c064b7e9de1b860ac889760

SHA256
8cdce2646a23dadf0d1622027394f7cd8bfdcb6eaafa8cd4cfd434da66b6afa9

SHA512
fc6c9bc55d42321c065929e6372d5c6ec4ac0bc2034a13ac0592d9d8f3bc0fa5e687b0d775a84eb6c24ebd92e92dd243a03b271058b6b2b81e4240e7e6b5a6e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
56fba9641fc8dc6f3deed4a6710d5eaa

SHA1
f464e0f44f6c1c2745402b8cb085a4ed5acbfef9

SHA256
0b3e9ef5b2403aeb555133b52c5ddefd656d53dedfcbb249ed9c02c4da234212

SHA512
1322f305a8eb8f2739ca3b27fca6c05ed79abd53f3f11775cde98500100ad37563b6de638bc050d01ea55404fe22dbf8fdb050fd06d3cc4e7be1f868862f0b3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d61c563f5b77f4c9b9e09fd8b9193bc7

SHA1
d1956338af0e4cdf4657b1f44c27674de8f889e4

SHA256
ea5e6d0365020d18cbcfb8c3df4e11f3333c794c7ad021d26d2e3a86ff442723

SHA512
3d5cfe2dc84d85a3178ce6d9ddb02eb9e98486c24b3f0fab1c3d5567516a4989f5e6d96c90d866712d58cee2a8c2ed929160f646b7b287fa90a2541f46b2cbb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
1e2d54e9dc9abe92480c3a268bc722da

SHA1
66f21daeed5dc0312800284a50b71e746507ba55

SHA256
4385a42a66deaf9aab02650a4af850cae7b5f5e04d69693b3936aae2d538ec40

SHA512
7812fce7e9fa4fb58f6d97f07f8ffc5839d4b2643913af471c19d2873d03c483ee5f9d27bab560509c9c76bf4ab9a09e43bc563ea7708773ec82f4c7686b5e17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
adb2ca15c2c1c4c2c30b4042e9c86de0

SHA1
ad30fcc512c993cd0721cb7a48cbc03d435f733c

SHA256
67063019548c524823f84b48c17a77a618f1fd62605477304178b3ede0c85b04

SHA512
4ff90c3dfc86c519d154759e26d6480d06d671239f43a5ded9261fa0c9508a02974229cee25f25436ad80f5133207c717e7f067fdb42a4639b93aadb2acdd7a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d56d3697d6b527e9730ae65adc6410f5

SHA1
df4f6142c6594c2f682f2eca3e1d2c7034362fec

SHA256
ccb3bb31cbaef2d5432bd902943a910b85161cba8ed79f36141d80799ab37c3f

SHA512
305b1cb779c9f926aa416ea4b82375cae9cee7f212139543d059449c3b64bfa5d4b71262529374f1d89cf8bffe13b8feaa7a3ab48a5758e194b2368bc7a36bb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cfcf1c98b188694da26873e2c7a9ce6b

SHA1
f600888113d7e7901b78cb8220e956901ad9e9f0

SHA256
a050b30e1fa2d8f1473710de0794e2477a6349fffe1a3ea65cc6ed41e85eca94

SHA512
b415335faafa147e4bb8620539ee90223e8ee050cd90baf25bb0ddc9b05c65dc2772901af48e2df9cb06dc2c82970e384eda9419b137396d55e27d703488a71f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9bcfefada2948116a49b75a4ee7aeebb

SHA1
a26d263134f7564e89145a8220f4f13bf4a61c89

SHA256
5d05aa457e49507579627adac78ef75ad7531746129a1e5dbef13c6d3d18def1

SHA512
27817485da42ed7ad98063dfaa9464e4d1b168c77dfc8c538243b98df69d736a09c058343e71f802304bd591e9407ae328252b5c9e66b37e4587424678e08687

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5f936855ae74ac76496e583467278358

SHA1
7fb920d4b0a6e34f264511d60d2f1283dd9c7900

SHA256
b053ef4db6bf09fab034d6a2781d4ab87d9b6388a13b72633c957c73a527796e

SHA512
a304da0650fc4a82ce42bea267bee1d027cb9032c2e4c2bf81f7512d4bb27ca0a96824a6014070496478793b8eb78006df47edf879108e5a9e8b9dddf71aa5f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5fd927114425364d8553f612203ee589

SHA1
e9100d5363ec5f2250b2743512c907622fd58d6f

SHA256
da7fe577bc21a19c366a2364e142027010860563b1996b7731314edab1e924f7

SHA512
41d45c4555796d1ebffc38d29be0cb7465736a9dfeebe1ebb7dfc1cd3508d47abee72cf937a779aecb6e45c2728f4487a2823b645e2cba439829c91de0708371

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
849157053b98e32fd2d3cd7b8954cba4

SHA1
16dcc65f7b5417d91e2d06591d9192dcb449f633

SHA256
907a048395e3cd763b850dccf33d542eb8541001cbaeffce1ceeadca5ac43ce5

SHA512
b60f369df5370012dfed93766e00081bcae99490b6f2920aa9b8bd3b80e5d12e213345760bbead1ffbfb4f187e1bae01589241844bd6d252e01914d2cf9393d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d816963a0aecb4adcfbcf89f8e74d775

SHA1
41e9706a51f9594c382a752e87c7591686b046b0

SHA256
3e04022b9efd40922b577c58bd7b343af7c024eae9d35dd91f54dd51673d079e

SHA512
1bba3506fd5f354bb21d3fc724940c5b2f79ad3cc1e186047828712e5b8eaff279564be73f9d5e841b2e2bda04c8301fd64d7c1e219bec0ef7f1efa3143fb306

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9b76c503bedeb2616abb4fc2a1d8f8cb

SHA1
d227acec742bbdfcace55c2953e0a35ec1696f96

SHA256
35ea819b2df2c796ed94608fe46674446a5fb30ea497693978a1850884a3612b

SHA512
f611787ba7cbe8d13a770bd75ff29f3573162e40b5ad371988d07f55c9211bf88846e245ed2eb69da239005aa591b23f5f57565f2693955036df08d182213981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8c72741cc07bed4835d7e18e15b59a7a

SHA1
df60991f31be9f622ee263875398eac4b63ad8f0

SHA256
05bd4a7ac1522117a53ac09c5b7b944efe5c332298759c8bd1cdae173325a85b

SHA512
2c4c4605d60ffdb69e492e794e10d72f0b8e6177788f97220caff09f8d9048431bc745a4ee80a7c3ca79a6c6808dd6d2f67a550da43be2bbc88241175d034c94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
fcb69f7bef70fddd000128760b5335ff

SHA1
4f793247b204497e5f930523cbfeda48930a0821

SHA256
71a341b1e6bdeb294f3cff88228d2cfde3730c61b0230455bf58ef2f1394011d

SHA512
b4b2b8955d1f78ce8fd3a049c70c418982e864afd9125f40151ce8b0dddc295bce97aa8cc628c0d6ee775fab5c828737d65b21464ee7b8f35878a31c99f39e2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
73b072c75b5ff29cc7949454c7218d88

SHA1
2bffccd760c4a67c2ca7d377f6a2c8adb4487512

SHA256
e0ce5f972b7a6b9cc8405bd71eb31a9e9b1d6dded398afa19357b850647f3440

SHA512
114cd6645063cd04d10561c69f5938f2dcb9100da32d14aec984e6462bdd1c7a7d9ec421a871f33b0209eed78f4af6b3243e0ee4aa8395c5efd54ad2b304a4ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
4219c2dc5396e8bf071db46795d33a02

SHA1
f0a1bdd6570143cf7f00a132e83680be9d679dd3

SHA256
76562eb996cf9000f80bb3a0abfb7e6ed11a5b9235acda18382256e7fa2030c5

SHA512
df06e86d2647ec9bcda59e9377d836ebe90bbd56c6a05513d2a9b26a437593805d8767a7fd5f636793b6ab1b21b387d8921e5051194bc0e4c22a949bc8ebe9f4

Download Submit
\??\pipe\crashpad_980_AXJEZGVEDNSZSSLK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/740-7-0x0000000074330000-0x0000000074AE1000-memory.dmp

Filesize
7.7MB

Download
memory/740-8-0x00000000012A0000-0x0000000001306000-memory.dmp

Filesize
408KB

Download
memory/740-9-0x0000000005960000-0x0000000005986000-memory.dmp

Filesize
152KB

Download
memory/740-6-0x000000007433E000-0x000000007433F000-memory.dmp

Filesize
4KB

Download
memory/740-5-0x0000000005A90000-0x0000000006036000-memory.dmp

Filesize
5.6MB

Download
memory/740-4-0x0000000074330000-0x0000000074AE1000-memory.dmp

Filesize
7.7MB

Download
memory/740-3-0x0000000005320000-0x000000000533C000-memory.dmp

Filesize
112KB

Download
memory/740-2-0x00000000053F0000-0x0000000005482000-memory.dmp

Filesize
584KB

Download
memory/740-0-0x000000007433E000-0x000000007433F000-memory.dmp

Filesize
4KB

Download
memory/740-1-0x0000000000860000-0x00000000008AC000-memory.dmp

Filesize
304KB

Download