4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50

Analysis

max time kernel
149s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe
Size

897KB
MD5

0c9e276d4ef89feb58c3526ddd8f4bf5
SHA1

d7d0552f88883d5ef40fdb0814d5a560bd15c526
SHA256

4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50
SHA512

ee76d8c442e688a86577cf426abf2327b05ad600ec043980376ec4fd6eb56c61e1198ed4f57684698722ad13988f4b3553f41957cad9abb1f059cb81f1d745cc
SSDEEP

12288:BqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga1Tg:BqDEvCTbMWu7rQYlBQcBiT6rprG8ahg

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
4624	taskkill.exe
3796	taskkill.exe
2580	taskkill.exe
4720	taskkill.exe
748	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133724787879717931"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe
1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe
1920	chrome.exe
1920	chrome.exe
1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe
1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1920	chrome.exe
1920	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4624	taskkill.exe
Token: SeDebugPrivilege	3796	taskkill.exe
Token: SeDebugPrivilege	2580	taskkill.exe
Token: SeDebugPrivilege	4720	taskkill.exe
Token: SeDebugPrivilege	748	taskkill.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe
1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe
1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe
1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe
1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe
1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe
1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe
1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe
1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe
1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe
1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe
1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe
1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 4624	1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe	82
PID 1456 wrote to memory of 4624	1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe	82
PID 1456 wrote to memory of 4624	1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe	82
PID 1456 wrote to memory of 3796	1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe	85
PID 1456 wrote to memory of 3796	1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe	85
PID 1456 wrote to memory of 3796	1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe	85
PID 1456 wrote to memory of 2580	1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe	87
PID 1456 wrote to memory of 2580	1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe	87
PID 1456 wrote to memory of 2580	1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe	87
PID 1456 wrote to memory of 4720	1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe	89
PID 1456 wrote to memory of 4720	1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe	89
PID 1456 wrote to memory of 4720	1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe	89
PID 1456 wrote to memory of 748	1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe	91
PID 1456 wrote to memory of 748	1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe	91
PID 1456 wrote to memory of 748	1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe	91
PID 1456 wrote to memory of 1920	1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe	93
PID 1456 wrote to memory of 1920	1456	4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe	93
PID 1920 wrote to memory of 1532	1920	chrome.exe	94
PID 1920 wrote to memory of 1532	1920	chrome.exe	94
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 4260	1920	chrome.exe	95
PID 1920 wrote to memory of 1408	1920	chrome.exe	96
PID 1920 wrote to memory of 1408	1920	chrome.exe	96
PID 1920 wrote to memory of 4920	1920	chrome.exe	97
PID 1920 wrote to memory of 4920	1920	chrome.exe	97
PID 1920 wrote to memory of 4920	1920	chrome.exe	97
PID 1920 wrote to memory of 4920	1920	chrome.exe	97
PID 1920 wrote to memory of 4920	1920	chrome.exe	97
PID 1920 wrote to memory of 4920	1920	chrome.exe	97
PID 1920 wrote to memory of 4920	1920	chrome.exe	97
PID 1920 wrote to memory of 4920	1920	chrome.exe	97
PID 1920 wrote to memory of 4920	1920	chrome.exe	97
PID 1920 wrote to memory of 4920	1920	chrome.exe	97
PID 1920 wrote to memory of 4920	1920	chrome.exe	97
PID 1920 wrote to memory of 4920	1920	chrome.exe	97
PID 1920 wrote to memory of 4920	1920	chrome.exe	97

C:\Users\Admin\AppData\Local\Temp\4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe
"C:\Users\Admin\AppData\Local\Temp\4d020512e5ffd9fcc7bdcadb66fe0f0fc5e322dfd2d33b6c00ddb67a834bdc50.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4624
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3796
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2580
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4720
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1920
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcb58dcc40,0x7ffcb58dcc4c,0x7ffcb58dcc58
    3⤵
    PID:1532
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,17314869885567256547,14602318554122189960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1908 /prefetch:2
    3⤵
    PID:4260
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,17314869885567256547,14602318554122189960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2160 /prefetch:3
    3⤵
    PID:1408
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,17314869885567256547,14602318554122189960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2456 /prefetch:8
    3⤵
    PID:4920
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,17314869885567256547,14602318554122189960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
    3⤵
    PID:2296
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,17314869885567256547,14602318554122189960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3224 /prefetch:1
    3⤵
    PID:3688
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4580,i,17314869885567256547,14602318554122189960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4608 /prefetch:8
    3⤵
    PID:3040
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4636,i,17314869885567256547,14602318554122189960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4656 /prefetch:8
    3⤵
    PID:4888
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=728,i,17314869885567256547,14602318554122189960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3904 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2576

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1960

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5ab354ed-ae44-4b3f-a0a5-7401452a69f9.tmp

Filesize
10KB

MD5
a307323fb98c0ea3d77cb354985a77b4

SHA1
c792af8acc8b23ec3d0a24d1f23748d10b593127

SHA256
9cdcca27e7a762357b84f9f767995eab86fcc59b6bbec281f1baf5999d046b9f

SHA512
462a4fe6f8524aeea65aac4b2269b9db472fa5e5a879f550ecb9bcac409dd7a922b0de49836647c880963c47974e3c1254fe44c6fe56a5b83ba7903f5392fa57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
040e57dc6d4b38ab2d057dc8ef2e2139

SHA1
081f4e9fbe4e133bb6cb5069781b20f1b8ae6062

SHA256
610d1327211d0f0009d6b33dabd1d612e9590dae88d30f85875281e934b42294

SHA512
48d0d68c56d93d5e5ca94c8d0314d38e758a48cf93c8c9cbd89d23760a899db5efccae1fb1a433809c72b9454eed4f74fb5fbadace61fc3171e2887dd3bd2e42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
a9dfad30d235d4dcb432f3aaf09a776f

SHA1
b0e3e8786d7dfd93ebefd25ffe7a9957c102930d

SHA256
1dbfa82d1a9d157929e2bf4b32f101fb5c19f1a6b92f535e0154088cc490976e

SHA512
45715665bbba8764702da3dabb85a687512842d86b8c440d1bbd7e316e4ab8f7071b49549aeea3b5f4cb31961bbfdd3e67fc17a5c161c6ed1cac818b30cc5996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ab9cfd5cad5a330f544d80f6ca2a5e08

SHA1
a6d5c40c5b51daf9581f5b423b7268029e4db805

SHA256
0c34b5356666b8ceac7cfa761ee99bd92a94067b50b9a444200b0686561cd520

SHA512
fdf9e1b6370da3c891c809bade9924261a197ca5b24edd30ecccb0091ad4291462bc15f625b1157bd2c2b39a416f59f348ff385123960f04ca13ab3afb48ec93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c9b8ead6a62bd9a10ae0e91374918a00

SHA1
f8704ebf5d01048b2d51bac6b3de5ffba302f8f0

SHA256
90069a029feeb3393c2784fb8bbdbfdb4f4c184bfec02e921d9cb71ec59ae0bb

SHA512
96c859774eaee055fed2ade175ce039011e5f85c38e9c4a920a03004237ef5ec2bfb38416ec851464298d8c574dc54061a0cf9bd19ab3093579e34c20c5a7570

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
1ee6b56b53bdf2c3ac841ff00cd82676

SHA1
b43274e7e7af007ae87722ee62fa0ac7b12e0bfb

SHA256
5a7326fa7a49e829737a8eb9af92b45430ed4133a3cf837cb1afe77bff7a1604

SHA512
54b5397389fb1a7fa9aab84bef5bc6616446ad5845bef698c836b7b095d6c06b4103afcaa673936d3fdcdef063d9f92f80980745d23b07a9122fcfd42c5f1137

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
06bd9820285c64a67d6c9e82509e007e

SHA1
3a72bbd2d73ef69ea4fe2c1ba0c78e823dd66474

SHA256
98e7c3952ca07e7e13ec91be3d55cbb34b86534debb774bdd5d33cf0246a793b

SHA512
2d8eab46ddff6ac131495d7f1fad48ce43ea43141c20b752989400eb76507755f3afb7d954d0147c8abec4e63d8df247a570c94c51f47e12aef3f6b84458dfbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b719f731e168440325c17d15c0266021

SHA1
ed1c4b63cd3aca6466bf2abcf838af8531a75e92

SHA256
69cb09e35aa75212c6af3e0247094ba0e332f1e10b2a65bc62b5ac9ef10bc356

SHA512
fa13de2d38a7bc5a0f61d154a3964982def2bfc5ca699bfdc7dfef06f1c360db72006d2aa2ae36bf3e79427d1e82c5f85b624934eecb19ce42934e71877b9b1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
efac468d68ffd41cf984a3f853211d18

SHA1
6a565fded733de69e70f216167298d10381ac30e

SHA256
808c513333704e0c4fc5fce1627fe6d9e4a3444bd21ff2b4410c35729987eb48

SHA512
20b92694f7d9eec30bb66214078210ea57811f17663f5ba79d40a1566b7b0f949d06b85f7bf1e60fc3650473453886d4488e2e4401a93ec01187effe47176e8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0ca849dc866db8554feeaa1e304792f2

SHA1
b7f8dbc72ad629ccdb3e7dfdfc779d04184caae4

SHA256
38bc15d841fd9e58071558046ceaedee7294f4381d7f45be47ad2f49dd5e308a

SHA512
39053cf5c6aef9440d4d57314e6a8d24363fd80bca4984dbb56507411d3ce380e7c1851149e5aa3165851c26b7d0a5d14d2bda8b88766306f6f649ec84e2171e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0a6ee89837013edd4a505ba01e798379

SHA1
a1d0ccec814fb7d2c80ae026a545be446ef3e710

SHA256
612a419aa2697b62d156826481084c57be1f70053bccbfbde3612b00238ec169

SHA512
38f156f746a1f37557d394ef19474cfb99c8e5be19c22d3b4c8ac0e771a61ef9c148f8914ca32ca0383fea1bcc5acddb65e165f6c3aea47b77af8c418390e481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
48997bd64373b4a64db72fb9984d2ced

SHA1
b5dbbddc78cec06c9bf69c5a014db1c9637cb61a

SHA256
3aafb49efbc8f9aab280d65f10b8f91892d5333c8ee6d91617fb61990ce724a7

SHA512
73884fe67e7aae85a5be06433825624b1bddfac8ed3e5b79800177800b0671efc7e5656163ca758919bd38ff7b29296d69b5f44939976d046bf69d2493724e2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d00c3620-b126-4af5-af4c-b60151d5bfbc.tmp

Filesize
15KB

MD5
c442a3f9df3606d1d4283161dfe35d04

SHA1
571c77bc250da77b9d35f1e7ac8d9ff9f81ba487

SHA256
9c81d119276b00d38f85d94a797a0f4f7f1739c12bd47110065b72b4500dd00e

SHA512
cf6cbc6e5017af3b00ff95107820b5151563896a3ccb2a6d2ddd5f2dab073cbaf25a4424285a3b44322699a8d88227ef14f66fab640870d0d239ba7feeb0e5ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
210KB

MD5
82d16f2ec0c15a7c6049988922a25714

SHA1
1b6b7f8358848d5869425c518ab46556edc49090

SHA256
80666253f6a38ff14b5531e2d05896a945bb84ddba5cdc4b70d12c24c4c28792

SHA512
643d60520fd6099806d656a569b1fe1c0bffb234062af3883be01a25a1fb3570fa33bbbcf9164e9bdac61cdfc56ae3a5cc907a4c7d050a625b0ee67796d93f05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
4f190003ac863e3491a87e8fcaa9f649

SHA1
54234fb15ee145421ef3a686e9aafa8b9fcb8112

SHA256
3c55d01fe7b1cfdea7699db38ed5cc5619dc9eda64634c66fed6ab9cba31e8b3

SHA512
47374fea6f2b0f52a746308abda672e05e2e379bff724ccd991824abdf187cd5c08d088be59d8d20a10ae12621f8930a13a6d7f8842f0b30e257344befa78508

Download Submit