18d91f03eba3d5dd9e66d77c1e54c984a06cbc3b0f215ef8a9d42df432828a5f

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2024 19:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

374002292-c3a1ee91-ca14-44c2-aab9-b46887c4baa2.svg
Size

4KB
MD5

802b9c67e7056ffe0dd128bbd5807503
SHA1

1df7669ac89fd5425b8c586756f23fe90bbcc33a
SHA256

18d91f03eba3d5dd9e66d77c1e54c984a06cbc3b0f215ef8a9d42df432828a5f
SHA512

6660b4baaea6fe5332b8042aff4c90b223cf7abc001f2f2bc94f767e61d6457064e5c39e221f6d459de406a74d1743919d6624103c9ef38bf0eee5e3da5f63c0
SSDEEP

96:VgS5ETfXSTCv3lUw8BZ4zUh+N1Yib3/c+9rolhbrTW1:V15ETXoE3T7K+Fb3/c++bb+1

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000086445aa8a430244a91c2b800ab210a5100000000020000000000106600000001000020000000d16dff86a2bfc1e3822adf4cb0b4aa66554dd9c64789e98f7065436616289ff8000000000e80000000020000200000000d885c8a937a87335fc877d51aff8abbb57745c32c0f32c0b5a537e96d9a65d8200000006c3cf7df553ea3ee43227e532b803c3b15b249cff3e0a328596ad230a5891a2540000000d1db5e60ccc6e2c4b62546187fe86ce1bb841d200ce25a4dcb7c47769d8558d22e834ab040d02c68274ecd7ebbd9a3e65c7dbffb256f8bdc4e1a32fe0c8c021d	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2238734806"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90484e74d91cdb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31136985"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435524794"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31136985"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2233567396"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31136985"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B0C7140C-88CC-11EF-AEE2-FE5A08828E79} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2233567396"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133732334362949011"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2348	chrome.exe
2348	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4080	iexplore.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4080	iexplore.exe
4080	iexplore.exe
4648	IEXPLORE.EXE
4648	IEXPLORE.EXE
4648	IEXPLORE.EXE
4648	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4080 wrote to memory of 4648	4080	iexplore.exe	83
PID 4080 wrote to memory of 4648	4080	iexplore.exe	83
PID 4080 wrote to memory of 4648	4080	iexplore.exe	83
PID 2348 wrote to memory of 1596	2348	chrome.exe	94
PID 2348 wrote to memory of 1596	2348	chrome.exe	94
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 4416	2348	chrome.exe	95
PID 2348 wrote to memory of 1516	2348	chrome.exe	96
PID 2348 wrote to memory of 1516	2348	chrome.exe	96
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97
PID 2348 wrote to memory of 3624	2348	chrome.exe	97

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\374002292-c3a1ee91-ca14-44c2-aab9-b46887c4baa2.svg
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4080
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4080 CREDAT:17410 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fffa5b9cc40,0x7fffa5b9cc4c,0x7fffa5b9cc58
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1860,i,8967562648047305695,4762282615208747242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,8967562648047305695,4762282615208747242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,8967562648047305695,4762282615208747242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,8967562648047305695,4762282615208747242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3240,i,8967562648047305695,4762282615208747242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3668,i,8967562648047305695,4762282615208747242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4656,i,8967562648047305695,4762282615208747242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4540 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4808,i,8967562648047305695,4762282615208747242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,8967562648047305695,4762282615208747242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4368,i,8967562648047305695,4762282615208747242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5188,i,8967562648047305695,4762282615208747242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3528

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2676

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
dcd4828f3e772219b04c9e7b35e4636c

SHA1
af32e3e2cfa4f1e406348abb1911c77e681225b2

SHA256
b297ad6f3ac45d8c2e85bd3b15751b3c64d7832be286b238918b2ac3a8ad6f06

SHA512
6c9c46f328d544d91ac6f4ed1514f882a36ab42e5d1f87b222a2196acc6fd17946ac8fd4db6aa4e875188e37309d75cabfba62199ba29427f24e5268f9d146f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6efb66d69988b5e2a840a472c2354cfb

SHA1
7fb12fdbe0b3a8bfcb3e5c70eb1903575cc67233

SHA256
2ec60f3691d01f3581488664780fd4ce69515de27343422c28188571cd2970af

SHA512
230b804db0ba4055ce92627eacb372cdf9b509e176bc3e1c91ed5658bf57137a472169a2902f5fa092a25a3fb841ef5138c8abf88e875f1f8f1d3e68b4476071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1d06056907274d0d6d67cc8e2740c292

SHA1
f51f46a77a42bf42dfced174522a8cb8926270cf

SHA256
b84e37487f47723cce7abdafe6d14c9bf92f31066488138e85d319c4bd6a4b3f

SHA512
d61340e6348a3b419c6249ad27c61a9a05546db1fb7baa929529d15a3c352b344f09af2ccd3b9d86f9abcac5fd844e338633c8bfb0307b6a1bcc8de4c13908d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fb400927806bed474b46080475d5d86e

SHA1
10ccc50dc743ab798fd4631573262429007d6913

SHA256
bb0c76180c702c566e6322e7ad3ae566f67ebdf07800a5867011a58608af9d9a

SHA512
f15dc3d6bd47cee74143f529129eff74522519e7014c40d803ac47c95c06d04a5ef7b9dcb5d52a9335aef4427de80810544f254bd0320bf9d3a3b063df532968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d588662e5c52de6bc1f362c017ed3308

SHA1
ae85cbaeba06730624745b28c1b1266f31013027

SHA256
6ae5101856496539654c74e1fffcb02213fe85c3f7315bee09389f55d578e6bc

SHA512
9503146afcd71435b6472f364c2ac537ade1ede9ca4601b69561b023875666f07b4a437b7700fc804c0e56e9fc692f4206a63c420985f84197eacbaa6e16f6a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6420160bcc6e0283d3ee2dadcca2b326

SHA1
ee3f3940032a8aad3fdb78fd906290669698d5ac

SHA256
a7d56f7888814bf452b98247a3cbe1dd26cc0b673fd4830d4239ab2e78c1745b

SHA512
b712f7bff059460ab6c8ea13a0719737abd15bf9820c5ad1ccf6274e6c9bdbd94768c57d78d62c1daa35add1951f02dc9355dcdae2d66d26287489a9558010d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f465ab904423027532672db4463f859c

SHA1
4a4c114e02692c3107cf53db4c04e1f8c7c3c98b

SHA256
ee91615a0945528c2151e5a3a62820ba7f0a08e32f1b099001df3edcedc1c180

SHA512
75f66c772628c5b9c2d2fe4b8974d2a84a6d2bdc687be59401b0d79f54db108e4db3d1487357897cefecc216245e1348b1c6893601ee29f2689e06abf52efa29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f2ccb865d308ccfe85e7760390236838

SHA1
50ed6083a659fd402ac14825d550b37d6cab6ea2

SHA256
d3b2e1d4a37d0451e2f906656e50fd172f980894fae1e2752ed100c6fef5c05a

SHA512
c0923c8c9cbba38683c1f7f18010bf52a74e732dc9c617f0c08b5a09176ed6a919211bb44b596724233e7a4c01a17fd3b22f368594a5030cc287edca9b568255

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
249f3ff2a16bcff02ed7f55d1bb1672a

SHA1
8a3b6ecaaa3b69fdb38091c14d18f4018cc21ecd

SHA256
70932dfa5a2da2251992a3222e0226e53ef249f3870603237c105ad81c2e057f

SHA512
ae6455cd8cfcbbebd1ce284916b1c4d1ad87431a9b59b776550af9bbd535ef40066913e623cdddbc5da3581b5611eb217baa1131db8a1911ff84d8274f060133

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0e2b0ac8213d2124a5ca107f8d914f33

SHA1
ab8d0d41e6ad8710163240293cf07e4dd7f4ca87

SHA256
405b87ed6f03d343621f62d343598314879204d5d9eb433b9016099a90aa8755

SHA512
c16b3b1cbfd67cc7d79adc5ea73910c5e7b29cb5019136e8c747f2289f934f854e57b41023256d0cd54c747fc1446388d054338cf1482e2d74b8d739e8996237

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c090f09e0ddb27b9346ccbef0197b893

SHA1
33d7efd2272d8827e68a91c922078aa47ebff5b3

SHA256
22ba0497de95a65f03794161e692ce5e439bd9fad3bc5e0172b99bea22b47874

SHA512
c0c05fbe6151dae40a5ae71b97360d1a68bef374916a6ba0d44ef6ba67f44173a148bafe9ed97db4ac21517480a1aa512bbce0320bdd38cb2407eb4738b28d11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e903fdf2-ba96-4d2b-8f86-59d0b6732b2b.tmp

Filesize
8KB

MD5
ab0994172e5400fb213de98476259d72

SHA1
e90a417a36de813bccd58b2e54f5aafc79cfe929

SHA256
f006339b17d5eca64a68d69eb0f8dd7d3a268bd089effbe903694a0153da8d40

SHA512
f0971b2529ce90bcbc730adf5f7e82dbdf1636b681df42089103a3a63d86a5906668f900936bcaa6722bc774e3e2b7ca0cd899b2ae0513d20c2a56277bf3149e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
9935c7942b85443643810176e3c44ad5

SHA1
ee220219eaf1fd3e86421ccb4b17b0ba4408fbd8

SHA256
9327e8b4f3428a9ab02c2ffec490aa3433e619e973c1b728c2645fced6416964

SHA512
bf73e2db564d08dd7b5a2659f174c99221cdb2566ec8f77670e480c24689139d331b88244373b3cb75633e0dc1891aaf5fd23fe7e4ef900102877cb6e8e4c0d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
6204f7cbfa3bf2d51e818817581ac9b6

SHA1
f0e00e43f7604230671bbcb048e7bc5dfde0b0d2

SHA256
9d010a69e5094c1f5d69e19c8e1deed333e66f7d77f7d505108d9a51745b69a6

SHA512
3ed2edcf5248085877e903a7c8543b3e8084fccd0b8077c477a18d75023f553a6d9f62c78c56ae1888f5a9af3122692b609fc68caf2f9ee8409232ecc06849f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M6JHG9EK\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit