01c34927c6fcb08d32e5a1213855eb5c5be9c9af5bfecc829a10bee6d55f4965

Resubmissions

30-09-2024 00:50

240930-a61r4stamh 6

30-09-2024 00:45

240930-a37fgsyejn 3

Analysis

max time kernel
150s
max time network
154s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
30-09-2024 00:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MantiWPF/MantiWPF.exe
Size

6.1MB
MD5

fa3704c1b0f62d8ecb03c446809dcf3e
SHA1

24651cc1662a716ff33859c2304910b56a172f84
SHA256

c09ee558bdb5dd6c3dc9a97bfae1e6b3b7f0a4c938ceef277f4c27fc1a7f8964
SHA512

814a4242cf5fb8f0313694c3d0490ec8164677ae140ddeeed524f1347d7516ae722cf05ee23c01cd75469442628f7055ce62944a89bb4d4e48807bfc27ea34b6
SSDEEP

196608:Isx+7ftUO47qMAeoDM9mfsCPprPRC+aSiFt:Ia+7fKO47RAMUfTPpr5C

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 6 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

112 extreme-ip-lookup.com
114 ipinfo.io
1 ipinfo.io
15 extreme-ip-lookup.com
80 api.ipify.org
88 api.ipify.org
Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

flow	ioc
112	extreme-ip-lookup.com
114	ipinfo.io
1	ipinfo.io
15	extreme-ip-lookup.com
80	api.ipify.org
88	api.ipify.org

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133721310952192809"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

3556 chrome.exe
3556 chrome.exe
5052 chrome.exe
5052 chrome.exe
5052 chrome.exe
5052 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

chrome.exe

pid	process
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

MantiWPF.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	3128	MantiWPF.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

Processes:

chrome.exe

pid	process
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3556 wrote to memory of 2120	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2120	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2636	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 3936	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 3936	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe
PID 3556 wrote to memory of 2528	3556	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\MantiWPF\MantiWPF.exe
"C:\Users\Admin\AppData\Local\Temp\MantiWPF\MantiWPF.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffe515ccc40,0x7ffe515ccc4c,0x7ffe515ccc58
2⤵
PID:2120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1816 /prefetch:2
2⤵
PID:2636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2028,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2104 /prefetch:3
2⤵
PID:3936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2156 /prefetch:8
2⤵
PID:2528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3248 /prefetch:1
2⤵
PID:2924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:1168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3636,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3644 /prefetch:1
2⤵
PID:4900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4616,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4628 /prefetch:8
2⤵
PID:656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4620,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4752 /prefetch:8
2⤵
PID:3092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3628,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4832 /prefetch:8
2⤵
PID:2844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4832,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:8
2⤵
PID:32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4456,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4492 /prefetch:1
2⤵
PID:1880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4300,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4412 /prefetch:1
2⤵
PID:2148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4524,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4464 /prefetch:1
2⤵
PID:408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5492,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5488 /prefetch:1
2⤵
PID:2424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5648,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5460 /prefetch:1
2⤵
PID:3060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5708,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5696 /prefetch:1
2⤵
PID:2232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5660,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5644 /prefetch:8
2⤵
PID:2556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5576,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5440 /prefetch:8
2⤵
PID:1152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5588,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4932 /prefetch:8
2⤵
PID:968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5856,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3516 /prefetch:8
2⤵
PID:3324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5036,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5200 /prefetch:1
2⤵
PID:3336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6072,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6060 /prefetch:1
2⤵
PID:4628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6040,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5068 /prefetch:1
2⤵
PID:1800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5488,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5728 /prefetch:1
2⤵
PID:2168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5960,i,17676249876627051854,12075156108350143016,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5664 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5052

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3832

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4264

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004D8
1⤵
PID:3280

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
Filesize
649B

MD5
5b9949f843483386f339898e42e381eb

SHA1
b5b5bda2a414af1926e406b04648f25f69cc5a1f

SHA256
54f3426f1cd98aaf6d3ef1d7d33c798b9d228e8e0b9a18ace3624e0d57840eed

SHA512
85ce3230cb36a4cf23e4820f6aa5957a7681fd330a0d951d023b3822d9ae5e4f1510bc7a16058da94024e1fbf0c2645ab446cf756f239c65323f0b8f76ac8981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
673f8aca555b1d7fbed329b30db14d6f

SHA1
ed298d831035928091f5db43ac1269d11aab04a9

SHA256
f4a1b3a3ccb633fb4246b0750dcff868f74e037919bbccb2dbd12699cad611cf

SHA512
5bbfb325a0b408a0c3ff6029e6495a0c2533aa9315e5730e0793d8ce2b789262fe82c05e9896ae4f8c4c2780a93e262f5563c44792e7b5102a6245a1ae77c520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
e071b9c5ea03f356e992b37b78cea2b2

SHA1
a0523294c76e8b91440cd6ca35f663247190baa6

SHA256
6d0bd5e628cad510442e0828ea14e518f338a01731f690da2a2fed9f3c083f9f

SHA512
1301ab70737eaa4851070d2c09a9fee487336dd87aa7c2c5b0e34bb7c5199cf62860fcde87c8838284e43166142c220105913bbd58715e4de9d7a1404ad085d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
cf31b4d89826cc0e2c4c27cc66e54617

SHA1
19888deb70e80bea32d6d18c54292d4f366904fd

SHA256
d866185de0722c119f41aab6d6228eda3ef410942ae1686f01d1cf822d1a39d7

SHA512
4240830efae296e32f8bad5f1835de85e792499b6cb4c5e880abae05859903c0a7dd2680059bcb8c58126e435e9a0561e37492cfcf974d411757bca7f2e67607

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
b1a323eeed6d8cbc16d6a1d1908c45d0

SHA1
0c652232d5084a07495f2eef7c7a5ccedfd14bb7

SHA256
100907b5f47683984a069c4e90d188255b14e70c52f70fbc386cbaec5592fd33

SHA512
a27d70089edb7bec4006044de93a6a2b2e21aa1634ff0d900072d0142589c2775086a4bf78249294f574f1902859c4dcc3229fe5667dd65f844528ca9baeea3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
874955a81ba6ba2f1e54a4d0dde7ae24

SHA1
3eb892fe7b36ae0b0cb1e05d433df8dacd5b1640

SHA256
a4e34e28118fb333b36e987d7c9921ec97db772b9d679b6a15eb53210aecaeae

SHA512
789af8137ce061debea51525cfe4b1fb5da30621205f759b8d204c2bf1d628f68c71e1436ad70bbe373e675a96419c32299cc3ebbc124e988cf13d844a45d8e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
cec33b6c8e3c584822b099af21c07eb2

SHA1
d8274f3b8c0fddfc44420de7bc06bc981d5ddda5

SHA256
5840c17973e420139a65d4f6c88d056399fcdb872f8ad9c63e008f8754c91755

SHA512
ede80f02a67bcd25b57ef9153634a3001a0abfc8b0fbe98da81e7ed659f69718f48a5ca319ee238d6f77c3da403ba9ddb457ea4d418e153fef6b474be591b2da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
8e42d7b32e401daa8ad8b327af26d1a8

SHA1
b0055564a2334e949134bb8f283dc2f337d87bb1

SHA256
0c889a6e913feb41e452430264e37bb2ada90d75440e98da4b3a96db28e053a8

SHA512
dd750a6c8f767ab8ce5825c334aaf4dd6b6df50a31d9eaeb622a52ebf61a7ccfd69a57c229ca4a33f98319d53d1e8a850b0037ca03ac7c40ebf8fa5ee803c0ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
2d40802c6b21a5851faa5627dc129d05

SHA1
30f54ac1d29141e37ef6510d93cbda31b2fbfd4e

SHA256
eb518f1852c5a7fc97de53fbe31301e89039eec0b689d8a628e3fb1c5a96251b

SHA512
717fdd31077fe472590b944cf2b82a00edfa16c6f5c80bed431f9ec1cdb9045694239dfd7656c456020b9a2cafdea7509d9ad3676387eb1c43d91ff59f7bfa81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
1bec9acfd37cbc8251b4ed0e5e13f234

SHA1
1d018e2eccfb2651ca83aaffcd65825e3eb3adae

SHA256
8a90f1d956d0c97e9ae6255705bfc2a1d67c389698f205c980d6802ea47001d4

SHA512
08758a3e15411af51999687ba8f27e32f6e67501c1c9c3e2485bc8f42c4e64d291940990542ea58358c031c1d9053cf8a6a8f287a870d5099f58a2d3b0e41092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
375ff3f58ff4187ef5a02db369eb7dc8

SHA1
08be1781dc503a7fbaa5a5ba1054eb1e4f64d5e0

SHA256
c59014377112abe75ffc5b96a20f5653b813096dae1964a14e792e8b332d33a1

SHA512
e8a2c56071f6b09d801628a9336f110e9c3fa16c501bacac008bbcfabb0d213ab4a4dfc8521a6c16f616d0160b58a1cfcac82141b5c57afc62248b66d10dad5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
b23260228aaca21f21055b2876b2287d

SHA1
a02f7d5f3cbb20ba37a64d22fc14d323f2183540

SHA256
6eb5432a1d2e043abb732745460b3dc0c06d7bfbaacc5c14e33215e504ebdf05

SHA512
ff16cca1f15384af45633619a6c0c81bf8f5a141ab6204f129cc8fe20b66f4ea137b8e88cd3a8b217662385ff7c889bd89a006cd6b2668154dd1e8595441bc56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
246435b58e8bfb20216b1290beafcd1d

SHA1
1011c95539924f02a393d8d1de1b55db4b8a76b9

SHA256
4ff6523e54ebd449ba1c3594a2fe1a58e066b0ed435eeeb594da31817c686761

SHA512
0ad009d40008a25311e9ac65ad2b43a62f5e59aed611ca21681d180cc8870b4a189b67ddcaeb4a61c35bfa9a2a5279796f9e6aeaf91e596eda6d3a8fbc1b2990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
212KB

MD5
533a463b22b5fd25dcab54f6184981db

SHA1
a3564eaddff5c925367e2dbcbd43450b7a6a2bf4

SHA256
e7849e97bdb7c01d447d7a80923bd826010cdc3ebcbfacae36aeb89747ce6bc8

SHA512
34625c4e896c7791ad40f8caba706741cba43704b92e0272a92a3540ff4ebcb1ba9622faf2d22d7a0782e97b32c29247d545d8df65022f8f3cce663535fb5bc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
212KB

MD5
dd2fc99f1e951e75e5cd65ff1186697b

SHA1
1007ce8c679427293f5602196412202318d57cae

SHA256
ddd2a1763eada49d2db9c6f3c1fbce3468f6bde1f41a8069b63e97d780588850

SHA512
33a6d95befe302dcf69e704916ceac82be60f696bcd5822afda62d1f10eec174e4a39b3dbad5c1b17fddaaa41d108c63a7d3c7395bfddbb8a1f69616a1c4a553

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
212KB

MD5
71464977f6b449e00ebb342591bbcd79

SHA1
54deb6c34a659ed16954f0716ad8ac2cca54f3d6

SHA256
752d5ac1c2b02e9784cef67ae38b73efed1ab362a1ba1da2b1623726870cb65a

SHA512
d0bab73a51f626523d82f494051f57bceb71b9dd800c57f3a9f084ad6f9277eb2f1f9bff011fe9a6259225142f72949b41dba96de6e81c965a1215809023a3b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
212KB

MD5
33e1f9ed7c2bcd4ac3acc91a8db341ad

SHA1
7cd91f0f4d78bdeaf32a133cddcb1501e01017fe

SHA256
9ce7fcf32ee79d6898a067b7cfaf82f34f83847c35f4d219516bbf7243ec13d0

SHA512
0a0554a56cd33a87e3649538e6c7ab17bd5202142ab6dc86d1367b2dfe91f3c51d202f77ab72e4d7681e7000b868306ba1d55aff1a9398e09e7cdfeea03b3c25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
212KB

MD5
18b207e9200a18e1f91c78c1e801ebb1

SHA1
f9857425aa5d4d1492c48bb64f7e0533e0525663

SHA256
56ac69b9004aa550cbb126b6d3a43acc70d03ce62b6e62857032bdec607c83c7

SHA512
956a9f9e34729591f9c3b8595e10e1314e30037670d28fbb5c7146eba9ef497615ae0914ea73ccd9bdd79887e14af78941c42849879b52d9d9b26e632338530b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_3556_HIKUMPCDGKSHWNMV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3128-7-0x00007FFE44430000-0x00007FFE44EF2000-memory.dmp

Filesize
10.8MB

Download
memory/3128-6-0x00007FFE44430000-0x00007FFE44EF2000-memory.dmp

Filesize
10.8MB

Download
memory/3128-5-0x0000023B9CE30000-0x0000023B9CEE2000-memory.dmp

Filesize
712KB

Download
memory/3128-4-0x00007FFE44430000-0x00007FFE44EF2000-memory.dmp

Filesize
10.8MB

Download
memory/3128-3-0x00007FFE44430000-0x00007FFE44EF2000-memory.dmp

Filesize
10.8MB

Download
memory/3128-2-0x0000023B9C1A0000-0x0000023B9CC2E000-memory.dmp

Filesize
10.6MB

Download
memory/3128-0-0x00007FFE44433000-0x00007FFE44435000-memory.dmp

Filesize
8KB

Download
memory/3128-1-0x0000023B813D0000-0x0000023B819FA000-memory.dmp

Filesize
6.2MB

Download