31c454ebf50478d0b21aacaa5fd2711a9e233057709e2d609bd3635a2e4a8cac

Resubmissions

04/10/2024, 17:53

241004-wgsabsscjd 6

04/10/2024, 17:50

241004-weshbasare 6

04/10/2024, 16:43

241004-t8glssvdrm 6

04/10/2024, 16:38

241004-t5dqqsvcnk 4

Analysis

max time kernel
600s
max time network
578s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 17:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NizzixX64-release.exe
Size

871KB
MD5

ee227c9c3ca41fb71f8bf91c2a5cc3ee
SHA1

955203ba3aeea788ab673f1fdd75604020f9ba3c
SHA256

31c454ebf50478d0b21aacaa5fd2711a9e233057709e2d609bd3635a2e4a8cac
SHA512

59f30c6fc4d224426f942f96ecab588efaf31b8cc1403a9aa393a7d3d7e04b79efa18e77d70cfb76ead9ceb2919ebf4637a10f7a7ca3a7e16bde3e458322b20e
SSDEEP

12288:LR0wxCiQeMdqFIslS4/cvK8DXuhQR32CbOfPoA7:LCijM0qF4/cyq6QnbOfPP

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
69	pastebin.com
67	pastebin.com
68	pastebin.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133725380544406744"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe
532	NizzixX64-release.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 532 wrote to memory of 3728	532	NizzixX64-release.exe	83
PID 532 wrote to memory of 3728	532	NizzixX64-release.exe	83
PID 3728 wrote to memory of 4464	3728	cmd.exe	84
PID 3728 wrote to memory of 4464	3728	cmd.exe	84
PID 3728 wrote to memory of 3020	3728	cmd.exe	85
PID 3728 wrote to memory of 3020	3728	cmd.exe	85
PID 3728 wrote to memory of 3752	3728	cmd.exe	86
PID 3728 wrote to memory of 3752	3728	cmd.exe	86
PID 2284 wrote to memory of 2540	2284	chrome.exe	89
PID 2284 wrote to memory of 2540	2284	chrome.exe	89
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 4620	2284	chrome.exe	90
PID 2284 wrote to memory of 2876	2284	chrome.exe	91
PID 2284 wrote to memory of 2876	2284	chrome.exe	91
PID 2284 wrote to memory of 828	2284	chrome.exe	92
PID 2284 wrote to memory of 828	2284	chrome.exe	92
PID 2284 wrote to memory of 828	2284	chrome.exe	92
PID 2284 wrote to memory of 828	2284	chrome.exe	92
PID 2284 wrote to memory of 828	2284	chrome.exe	92
PID 2284 wrote to memory of 828	2284	chrome.exe	92
PID 2284 wrote to memory of 828	2284	chrome.exe	92
PID 2284 wrote to memory of 828	2284	chrome.exe	92
PID 2284 wrote to memory of 828	2284	chrome.exe	92
PID 2284 wrote to memory of 828	2284	chrome.exe	92
PID 2284 wrote to memory of 828	2284	chrome.exe	92
PID 2284 wrote to memory of 828	2284	chrome.exe	92
PID 2284 wrote to memory of 828	2284	chrome.exe	92
PID 2284 wrote to memory of 828	2284	chrome.exe	92
PID 2284 wrote to memory of 828	2284	chrome.exe	92
PID 2284 wrote to memory of 828	2284	chrome.exe	92
PID 2284 wrote to memory of 828	2284	chrome.exe	92
PID 2284 wrote to memory of 828	2284	chrome.exe	92
PID 2284 wrote to memory of 828	2284	chrome.exe	92
PID 2284 wrote to memory of 828	2284	chrome.exe	92
PID 2284 wrote to memory of 828	2284	chrome.exe	92
PID 2284 wrote to memory of 828	2284	chrome.exe	92

C:\Users\Admin\AppData\Local\Temp\NizzixX64-release.exe
"C:\Users\Admin\AppData\Local\Temp\NizzixX64-release.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\NizzixX64-release.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3728
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\NizzixX64-release.exe" MD5
    3⤵
    PID:4464
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:3020
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:3752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbf839cc40,0x7ffbf839cc4c,0x7ffbf839cc58
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,6327486265822698768,12946357770346578382,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,6327486265822698768,12946357770346578382,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,6327486265822698768,12946357770346578382,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2440 /prefetch:8
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,6327486265822698768,12946357770346578382,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3360,i,6327486265822698768,12946357770346578382,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4540,i,6327486265822698768,12946357770346578382,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3704,i,6327486265822698768,12946357770346578382,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3664 /prefetch:8
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3708,i,6327486265822698768,12946357770346578382,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4884,i,6327486265822698768,12946357770346578382,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4808,i,6327486265822698768,12946357770346578382,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4836,i,6327486265822698768,12946357770346578382,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5000,i,6327486265822698768,12946357770346578382,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3380,i,6327486265822698768,12946357770346578382,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3248,i,6327486265822698768,12946357770346578382,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3364,i,6327486265822698768,12946357770346578382,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5488,i,6327486265822698768,12946357770346578382,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4772,i,6327486265822698768,12946357770346578382,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=860 /prefetch:8
  2⤵
  PID:3020

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3300

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0fe086c8-bf69-49d7-989f-c01b56000fbf.tmp

Filesize
649B

MD5
4efe0d655f1341eaf843c02334868a4d

SHA1
7babbdbb4fe58978dc79c92613df97d09e6000ab

SHA256
95316e9b8c535cc6e0439c388f51c9155791a0367676bc1248338c19e73fa69f

SHA512
2d1a86409f533c50c322dfd6a46bf6e9ce4d8f422ef395ae0fb224003abca7c60eab30c329bb48f05522b7da164f266ef99a09c5a380bbf99c5bd11d3cfffea2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
45bba0fd0e4f06a3f8c0dbd3fc1dd9f3

SHA1
467b9ea34b1f285c57f2ddeaeac8d74bbc500630

SHA256
717789395f26882eafd488aead01bf4299a643cdb58134bcf6626e55926c458b

SHA512
5da05b1b84980cd08bbc46f6702a96d08ec824d7f710ce4f974278c5a74974ed3e7690bc748009d22f58b3b385c228bd010c388ce53bc69c6187425e80c08455

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
87f1ef18f2c914aa678af9e0bce095ef

SHA1
d6c0e2eee066dd5d619b5741ab7cebe0ab0591aa

SHA256
910d54df98c2aeb12c693c911225280b3591e483a50c717f36512e084e509d2f

SHA512
15b526834705e90e3c354d002a0a931ae74709f61f0d434cee58e87d979ca1483ae71ec973306f2ddea392110320ea33470b732c2e4ca2a68c15e78e3a9dcdc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
84e3b3293c1e46a2e900a2de6f249f2b

SHA1
33ea0237f28e1ebc997e6945c5eae5c6d2db9112

SHA256
a19b5dbef9291bbef4d19030450c07a1a9aae3b16087d3f981524e57d419975f

SHA512
68e039e2204e314f739b71f7cdab556c3d471caebf9d67c2e9788086901de81956a6a46e3aa90cb3a0eaa668a66b84212970566485964741e29f8c9d41853f22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8078c58940267e52fefba521e2f42230

SHA1
8073ed1e5b6516dba2eb8d3c3f7f19d6282ccc86

SHA256
a22badfee2f8ee5199e81b17faf349ce43bcd63bb0c1f5d914281ae4dd6d4472

SHA512
b4106cc42281a1ebdbd4539cf50d07b1a33e80320d11d5981fffeea1b21188e73ee07451900001dbebbc1eebac1f141dd986fc1977d712b19cb09dbd954a8791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c6095afcfb3bb73bc314a208f362590

SHA1
60d38987e1984b152ddb7db379e3a6e863edca65

SHA256
b5bebcee4993c9e02eff7d569aeffbc27581f84df033dcaffcb64c4e9a470fa0

SHA512
f4c179a826fc95202322dcfd645f42a8ea68faadf89ad6c707788232a090c59958dd9fcc5343604208f46263d0ccfe512438621e697132647075cb72db768d90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a8f3d6bb9dc21e53bc08787db292636c

SHA1
d528bb86209bbf7edd64c9a4d108dcf998fcb942

SHA256
a52c8ea30f3164874f993223d8d334debe4a23c2555b0ccc0c211d3620e6cf93

SHA512
3a8835ce4b2180cdcba8d3aaa21a6ec8663652cf4432c07c9c6e324ca3892cbc624b5bfb3079c33910649df37dea575f0a57248217307d47fa18c4436d24b426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0e7eda824fc75af4bff505ff28d6132a

SHA1
7ad03afb385ccaab6e08e235811961b9d751e036

SHA256
17173c44b88ecf6e5483033755133dc7d638a6a1130c6f07d6515b53ab8385fc

SHA512
51376aacf2bb09dfb178511f97bcc1e52bc374fcf30b8912ae581d7fcd78a30cb2b49311ef6d8f8ac515fac950558e5411299a9524003839125b3d74ba3b284b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
76709c413e6681ac296ceae4a9e46551

SHA1
7fea5cc358cb1553378f36b0b41671cb774e3218

SHA256
a78c0c0d5c241128f5df2777c85f5406318790e2bea3973e49e6a575bde43505

SHA512
ce48f608c2c8df95dab8da83770e492e4d368e8a7d3a60ffebfa18c8c4148d362839948f92afb4585f9ec5fd9feca144343951f09e512f961c06d28b8a47a998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
506ff29cb95bc892bd3b81243218acbc

SHA1
4c9bbe0992cec0a2fa78fe96618c139ed8b66d75

SHA256
504ebb79799012beeb355754b08bb9f1659daee8664e9babcadbb606e23cfad4

SHA512
1053f31bb758768365071b9cc749bcf6d46fc8c324d67917438172f5fb7b0078614a62dbd4f746294484b88e46b1816eba6c1c488d0e3bc5fe91d87d7af38d5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f49fd4d4f16691d2b606e3fdeb5b7b9a

SHA1
59aefbad02edc4a3b893f77dac79711254c294b1

SHA256
77e44f9e81960ebd18121371fca0d5e65a5febfd6a324d65cf10e181e0f36516

SHA512
a69909193cbaf0f688a5e3dfcaac734b4ccf3671d4a14049ff2b9c50a1328c64207df65fd9dd6e158a102e14fa650b046b59bbfa5da228979234915505f9bcdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
24f2b2560519e40d504c4aa27bbba10a

SHA1
d4f9d782e67b5b99c104649ca05df7658e04456c

SHA256
a29efea68a1c80757b2eb7000a33bc0ec6c2cff27cfc0db5bf3ea919d57ba525

SHA512
c9117cbe3b71241ac455b03bb5684b595e778b0cbfe57283058782863f9a9580077ff601d206995cb2b3acf1fcb529b68393a2a1618fa81c75ab9ff5ce9ad104

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7ba56999266314df4f7bfe5a4a455441

SHA1
4dbda43238c666dababeef600079f73f8bc598d7

SHA256
73547ef895a5f7b2bc8c14938cd905e3244a91b9b0e0dd82673df94db9540790

SHA512
494ce7159e3eb15c8b93091e75423a0a7a28eec5e13e9811c3f16fc43cdb978b4279aae3cd76a95649ffdb0d2884f203503c3929e7f1d460b25fb19df0939e11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1cb7e88347099b738d0eefac12eb73d2

SHA1
4092cd24b0818f0e741c46bb276378fd095c9346

SHA256
45a6f1aa3c6671f39e2c77c83aadfaa97edc165b4e4c0252276dc76e0c24c0f3

SHA512
daf11d2800955045af3fd96e5a240a6ba8e7eee1350135d4b9535227e0b5c1fa4710a96599704750eb4632ddbaf9854e75ab731aede0ccf9b41e1a62fcd01568

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
66d05b027e2d90b5a2aaaf1284f597b3

SHA1
1869305f95c249ec11ad4949b085f617936b1371

SHA256
8067262d891244d9c669c0a9f98e7cde17a8d21a6608a31c476c1ed068caa511

SHA512
9c65a563f586df25ed5f7d011b0b679a582086fd141745c01b7a2f8670f13f2bfe3dae6f76e0c825d71b71d1a15dba02d8b1147f545b2ba73990b851ce8db711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d33f1a9152b3c30d840327f1c4e519ef

SHA1
7f16093e234d04bfbf6afcd4a3e041559c4c5a02

SHA256
748731093a44dbcd45ed643d06d680eaed5517c3d0215f16521f27c642b58f09

SHA512
2964fd801e61a3495cfa54d03807eff6d351f4a3acf20699e0750d06692ccd478349b4ef2df7234944c8d7078a8e9d090abff43b35c1bea21b6599283d9f4d82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e08f730ad9f66badb005e5fa32a6c861

SHA1
16dffc87ebc84692f719b657e97adcaf612329cb

SHA256
c0ff0b21d2d43b0a5d91e516ca54c29ee0aef36705534e693347c6b137be85b5

SHA512
073946ee4ab176e67e03efb7f4b794a26a0c3f72a6893ccfcc406d9c55266f44a82dd10ae196d35446ca7af27405457532665c2d281328031a72fc8472dad835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2b771118149b3491b7a04acb6a9667ab

SHA1
f0b72ba15fe49fe13d99942bbc81f5c46ee50e01

SHA256
b5d08fc3aa80f3ac0696ea62b4b09da6dc27f1299266233766fe94845e5d92f3

SHA512
0500e4028699d74251f9489f79b5c776d1bdf077cac95058ddbad10841a5cf0257ae62b524c74c13528bbb26421dbdff736d11f9e458d7f164518868e8fe3bb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d4f634c92ea09718299a8851a7c03855

SHA1
3f3efc272c8a4bba088521f9a6ce5bc3db8fe4d0

SHA256
8fc6c92da7c4ce023fc520ed0e6a1613dbd4d24570704d0f45de25864e42bc5e

SHA512
18956551e6132f46b6c594da78454d088f42424c3bac21f3b2e53cf9eb7ea9363452b462f7346ab94acabc37bdf057e4cf6f436b88668418df64cee433cc3c29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3694a55a27a3cfae0dceda56c79339b7

SHA1
55ab3c5f6ffb06a5043c3ddfc077b811b89cf41c

SHA256
fadd59d59ce261a496b38c90572d55de364d47de59f5b3bda22d9a5e94380299

SHA512
5180a2cc3baa36ab7bcbbd63f243afa0e6ec108e13b4a5b8f13715a5cd92debaa0aac4ee1b7adeea85f568ef838f3447114508a69ccf2abd1227ec0100be3f95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
116b15bf7b6f463e272b6a2bd9cdd34e

SHA1
4049403ce659a8964b024a191788ed3da732e9b1

SHA256
b12c8556551358c20188f4f5ce0adee43865e93a2b0d83517089063ebd497559

SHA512
8b279285a3534e4334a56c75bd1c71df4bd8fb9863622a516ec46bb00ebd1159ac6759c8651f4c08c31ea06c00bda5398314e4ec081471af73818993aa5ac52a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7c2a445a0f5a51c6db74d1572d54450f

SHA1
7d8fbcd81f7d97ce57b3c9ff24df29504dc707c8

SHA256
b24a8314293b6203b5d0a6767d2a603644473d14c330aea7e821a3991aaff17d

SHA512
05f6c2e8a5b516f595ec081efa1b487c597648ce2376e0c1c414a2378e9e18d0d55c7d32fcca13c75e10395feaaeecd83add32599b0a276fd3431a65e480b21d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9679efc6271f098df701993f7d86ce3b

SHA1
782b3b1d9edc7fbe00d540f8eb25d8f94fc70701

SHA256
628b1d58009bbfafb615c28f4a91e978b4cc469efcf07c05a1e3addf135a3410

SHA512
505b8910de5c4da7544b3c30830e8128591bfc5ffa7053877cbdc300e16c6364922c0c87e4ae771f49487e237f2b80289466e2b90fcc1334ccf36117bafb556e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
081ad390d0d09c8f983d4a8b6ef6b057

SHA1
cc0f96df6738be5164387d3f9edec115c879a5fb

SHA256
e6b2412041564ab1042087b6308beded140792613bf99607627158a0774a70c6

SHA512
8805e9e84972c3606c2fb3bfe8a9f775579be694a56ba174e9a527a50289463de7a7bd86ac04859357d12c73d3bbd42602e1dcc0993135cafe790beccdaee7c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
111274f8cb708833e47f826e70005299

SHA1
2786495831a45818589c510f8a0ab35c821019e1

SHA256
5df950b98ee50be24e2b3f554ec118552122a890da38338308551e57ed19c929

SHA512
b66bb0be7255fda92952705a17a9066d653fae31393ae65ec579928c739457ba8a5326c75c2e15ceb05e682b0af48c2b6d07f295fa199a6e303fb82ab147892b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e651eb2dbb371c1ced0c6456ef8031e

SHA1
dd679e7440eb075b129719dc0abff27c41235d17

SHA256
672a2b7ea308abf91e8f05d79f88f55193e9f4117b0b8665c007861ab101a74c

SHA512
89eabf41f67dda0f8b2a0cd7f1c5eab861151d860f6a4ed7f8d8e67956bc31fd823ce57a699530ac58cf4ef0a61307b0c25598e83202e26f5d8a06d9fb10ab41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a6a62dff1d4e3ed9c770013a1b439eb3

SHA1
b305a327739058026476ea2fb5b24df509dfcc15

SHA256
f31b9e2b6f26a340f608ef3236514d05cf9e9e27afa4ee76f2d01d405a84dcf5

SHA512
b5aaf06abd136c27c76c84b1c836fcdce8a94525f4615bad6a1cba215d9b1504ccd37771a45a77c0d9c7e36b44da3cf187cf892c919531ae73acc6738ef20d7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
08e2f4aa66837e7a677bfd0d394f6041

SHA1
666a3e8b87ca0009978b83e236c069e8708ff91b

SHA256
83738317305a8537d755236a72797fe983e7a8aebca5bf43a43fe2839ea2e6ee

SHA512
1760e899d3fb5f6d06876683da10044f3209fe4b5ee09bf3640b40c289ce2c05e39559d2e70e4d73a6040c4bfa1240a1594fe00250886199b3ee19ed35ccf228

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4d25db9f87988a05c9fb3f4ff6bc0f96

SHA1
b8b9a760d9f15d265165438c8a8d171d862c7dcb

SHA256
09ef6461d1072af8943d4e92a2ec5e53140fec8bf93b44c9746728d5009bfd6a

SHA512
a1b28fd06f9af4f1e2bafa39087e1927e33cc90ad679a9631e4ae48e7e6a89d484bee9be14ff3352c57c8174d3db1105def6e58070713b000e0db9b7dfad416c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
17afde6c03c8402595999c8c0f265082

SHA1
1c1f7458b5a1fceac73ee8a8104481563c6d8761

SHA256
c0a22048f4831ed9077d5ba1fd45cdf2a661982cb634ffe1f74f6289ed08ea49

SHA512
18705023e85c4efe42352ce41c20da5f264ee3973db3b6bc795f900cc4ded816b33e29e846e0d2f896d037f7c9044f676582d2df214e3a2ff38e1ab7afc00da3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
c671263dde4ff020a4ac0f84c0f36cc8

SHA1
3ef503ba698f9dd5fa6eeee9c70f7b1d17ec8ea7

SHA256
a9d86f7a06befaa6c8867555dd3636548dfa7f717782530cb5d4527c1a4b6b76

SHA512
9eaf3bb148199a6e328e3761daf8e6005e17a95177431ecc7b38a277e354965dc98ce7aff0d595a06f2b3ab0c4a8c56c05a4ec7da40eb6474c0d0d32ad909651

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
448501ab2bb0d6d2b667677f22a14af2

SHA1
3050af424b7aa182da993f2119bff81770d08b12

SHA256
37ff29afac4da1e8ad9f389e9c71eb97367d82dca6afb7dcfb48f480716c22fa

SHA512
1fad079cc3758a76eb7b19ea0b99d9efea67e3a0f7983017c8b19dc9e551fffe458c9abfe7b54f5e57162aae8576196e502aa289c603e266b06ffc461bf86f10

Download Submit