984dfc64c10f96c5350d6d9216a5d7abfece1658dfc93925f7a6b0c80817c886

Resubmissions

22-10-2024 00:20

241022-amwdaavhka 10

22-10-2024 00:16

22-10-2024 00:12

22-10-2024 00:09

22-10-2024 00:06

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-10-2024 00:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WaveInstaller.exe
Size

2.3MB
MD5

215d509bc217f7878270c161763b471e
SHA1

bfe0a2580d54cfa28d3ff5ef8dc754fdc73adcd9
SHA256

984dfc64c10f96c5350d6d9216a5d7abfece1658dfc93925f7a6b0c80817c886
SHA512

68e615dfcb1b7770ad64175438a913744c14bdd3af93b339c2b526271bdd0d23334e78d049fdae8ca9fe66672a8cf252ebf891be9ab6c46a3d8f1fb00fa8c83b
SSDEEP

49152:LinbT3qpTDQSmanAmwJAaDMg33U2pLOiniT:LinKpTJmWAmmAMP8in

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

Processes:

flow	ioc
129	raw.githubusercontent.com
130	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

WaveInstaller.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveInstaller.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133740293730077143"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid	Process
1896	chrome.exe
1896	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid	Process
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

WaveInstaller.exechrome.exe

description	pid	Process
Token: SeDebugPrivilege	2532	WaveInstaller.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	Process
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	Process
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 1896 wrote to memory of 3568	1896	chrome.exe	97
PID 1896 wrote to memory of 3568	1896	chrome.exe	97
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 4404	1896	chrome.exe	98
PID 1896 wrote to memory of 2792	1896	chrome.exe	99
PID 1896 wrote to memory of 2792	1896	chrome.exe	99
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100
PID 1896 wrote to memory of 4660	1896	chrome.exe	100

C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbc35ccc40,0x7ffbc35ccc4c,0x7ffbc35ccc58
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,13619776841716198140,8578888848925654860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,13619776841716198140,8578888848925654860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,13619776841716198140,8578888848925654860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,13619776841716198140,8578888848925654860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,13619776841716198140,8578888848925654860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4540,i,13619776841716198140,8578888848925654860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4548,i,13619776841716198140,8578888848925654860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4488 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3688,i,13619776841716198140,8578888848925654860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4972,i,13619776841716198140,8578888848925654860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4696,i,13619776841716198140,8578888848925654860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5004,i,13619776841716198140,8578888848925654860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3468,i,13619776841716198140,8578888848925654860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3248,i,13619776841716198140,8578888848925654860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5532,i,13619776841716198140,8578888848925654860,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2912

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2724

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1664

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1048

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap31779:190:7zEvent30486
1⤵
PID:512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8e289b1b-ff90-488b-9505-d2204abc7e5b.tmp

Filesize
9KB

MD5
a2452d0f5f4021bd1906899cc261deef

SHA1
46bc70e8b72d1e02eeb5a81fd8121e2ba4de375a

SHA256
b48c540856cf223696c02fde69cbe1d3fafdf35f7774f5274ee35cdef34367c8

SHA512
5f525ddfdc58c101ef7f2acbbeb6111eb10294fd6a50284574e1409a2cc058b51a83ca330a1439c7acd9b34b7df61102d13007f66c7e70cd54f259c785702dbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8484974e13764bc83faad567de8c41c1

SHA1
88930e191d7a0aa82d57db9b979762392d9699fd

SHA256
541fe61450a27960917847728e9028f29f15d5616c7c7f0ceb01dd708bb43503

SHA512
0278d1b03b0b0dc491a95075df7e2fb6c70c95514c565f92cdc01c191ad0dbb8a686b4cd4d99eb24abd9cc58033693fa992469bf45fed2cbd214f5e5e0b09ea0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
100KB

MD5
4acd53302f5d77a1d30d48705c02b56a

SHA1
06ffa5d35a54c4c13e8996d898f33047c1ebfead

SHA256
3c27946298cfe693f4ee4f744a5265e584efb1bc37a6afc5ff767bbf95825151

SHA512
b8a678573fd9fcf753fbc0c03e86d8fd885e22fe66578c613ff8d7b513077f9e5690b9666517779b35341a7e630cb5ae3295d4e4b808c00435658fd557ba303c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
215KB

MD5
0e3d96124ecfd1e2818dfd4d5f21352a

SHA1
098b1aa4b26d3c77d24dc2ffd335d2f3a7aeb5d7

SHA256
eef545efdb498b725fbabeedd5b80cec3c60357df9bc2943cfd7c8d5ae061dcc

SHA512
c02d65d901e26d0ed28600fa739f1aa42184e00b4e9919f1e4e9623fe9d07a2e2c35b0215d4f101afc1e32fc101a200ca4244eb1d9ca846065d387144451331c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
e2f16d441cdd64291c1581d706cd51b3

SHA1
a5585ae98886b405a046f6b5aa563fc412ce9ccf

SHA256
a8b5bd75ac1cdca07333713762784553dc5bb336686c88ddfca28611d5bdb9f4

SHA512
22fca08a458efd95ac58f387619232b1780b6d6f2dc8971f4edbb2cc8a9bebc1d65c9a318c9ed2ebee4f0b0dca0c21aaf46da1419797b613b9b41269aa69d674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
cf48d8d8353c7dca8780b7c80298d7f6

SHA1
af252105ab889653734d0ce4de24c22af9419fe3

SHA256
ad956a13935029f2e56ebecc94d390f74528a9e451f033bcdb9a71138ae45023

SHA512
9bcef9f063e5853ce75837cfd900530fcaaa4214b7a589af55ee4eb19c639a23e32ee9d745e63dbc63fc69272654c33ddf86e4b9f094fb06bfcfa7d1944da298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
83ec7580bfaea7b11c6df64fc384bc84

SHA1
c782f21e295242fd3affef97ff263aa97c8f115f

SHA256
7a098bde2a032aecb1b9d814da514ae40c2c810c6a82f6cc711aa9a90469439a

SHA512
a08445331bd3642775128e032cc1efd2377429fbd31da0c2c90f82f6ac751470cd5c9c39be46c0094a57518c5bddb367d9389ecbf8dafef32de674b8dd9ccdf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
fbfb92b3848994a41a13ffc31deb82d3

SHA1
f57293178477c3ed46fb3acac8f93880adcd1b07

SHA256
e512c3a3fddc03229e8a2d3345fa16d9eaed8ea4c368df6f97664a2bd5bb9e14

SHA512
0b15702727d88be72cae3a9e734d6d78b9d0726241dfb7e2aecf8e1d111be8e56e9b21b16004fc6f337fcfe4be2bf5524b1b83b4a37b5b042569f55c2c0b1d41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
688B

MD5
8d6bd2a1af55c17a7b5f4a96f43fa49b

SHA1
55a15b7e3b7a7a9085414864db3482ae8a853a8e

SHA256
b5a1f4ab96ba3b03b175009e1fec9d74a7ae8e0dd9a97523f0547a2db0025ce8

SHA512
196c0f2c3804c72a396531afa7af1b776c8ff084e1e03bdd850b9b9fa13ce9b4ebed54af9c6812444571923dbfcbb4a79fb37dd400655ac4e423873cc83e3d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f0d97c5f0b7c284b30b3c64d07a8e43b

SHA1
b600c9ac7ae04ccf021a57c5d9979f462693f17c

SHA256
bb90b4877c29f3dcc4644eda127fdb165a3a25536e0072674471648f0519e345

SHA512
a911d1f6c2b142d79200c49d7ccc72223bfb7d28d17b216a0c2ddae5356d884d36c6bf63ca946b850dc11c92665a4906b0cfdf9fc71877293ae9932fbba40558

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
c05974bfc782073fc3e3aa77642d5b82

SHA1
7e84308555bbe2fb35f61db7d27b269058073e9a

SHA256
0a7ec82b0a5a1672efd9b431981fb2c38750367e1fac2bdd8535eabcc81dc5eb

SHA512
ba00436e2b97f2c78a7e7fc725079cf893a2bafe7002d583d74cec730b951d406f70f35a02d6b622fdcd29a3e4b5e052374b28e1e61061f86f10c7eed4709d56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
16288f5270ec447905ac184c01d21f12

SHA1
ec98575228d69cf4b6b6298cbe77807b4664e895

SHA256
1b7d1901d201ff59af2f322a0846f79bbe46545bf8b53c8bca5d5af517485a58

SHA512
6f1014d532ec05793a235b30d48202cd4f1a6bd9f9a1e086ee7047e01b071909c5bb5c4b8938803560c254d3f385d4856e4e2872eb15490af0698e0985268051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
f65fcaa2262945ebc7adfa3b6d74b9eb

SHA1
c8f3b7e0afc8580f05ecdbe4d0970ad86abdec83

SHA256
27285797a5eb54a227586924e1b393420b6ea49e7a0732a36937d4aed37a601b

SHA512
b7a609558a7f4e7ae0b03a946df8efce4d0a118eac7a843796673f85ffe8da7028b98c2392fa741e1be146d930af294767c66646c3c27f843f1dd71fbcd836ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
688B

MD5
d6a42a9274c8e4d500771af848a5adb6

SHA1
cc28552774dcbaa7f3fd696c073890bc1b59862d

SHA256
41a745b70c415e4ac3300d3a6d543e5af85c1a5a25f738bd65482c2f6738ecae

SHA512
e2b477dc61bb9be1b4b670a3f5a10a7026a33cd5a1d6eaf952370dc05c7f75f599856069f74fe30f59b1f03e8c3e33a347911640069303e608039fcbadfcf861

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
f214da16d5355872fa049e98d4d2be2e

SHA1
7b4240f9ae8c12ebd896bb45be6c7df99d60073f

SHA256
7103719da528a7e561783164afacf1540cca43474d613a7e63b4bc5ca8c67944

SHA512
7eb33053101872f382610895314f07119bfce68d1f01b731bd78ea7785d5178b1e673da3c49faf4f71f1bd3731248286c56fec0e285de06e27e9a0af37aaab39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6d389d719686a2c0b2c5521008a7b15b

SHA1
b5916cc2682159104e03721da3d1155df9a88dbc

SHA256
3724713ff808782a24d6c4c5ead18a66d566cf355c7fb0a7f6ef6fc1249cc6a6

SHA512
edcf3cc1f9fa5c95f7dad9f11f84f6ff99c237a49769ea633d54e2f874744f570d1ba593fcaf0b56e0d50cb832ed84c66df438dbdea9ac7eb57140233060cce0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ff82fc9fc3a1313c151af3697ee80ba3

SHA1
50bfa1dcdac7268fdefb807b169c8f533d3cf013

SHA256
99af11fce5ab0e24dcd9a66ffb9426f1cb8db13fba1b8a8a577d072f83bfd55f

SHA512
edcb59237cd35a2fa48bea11cd3bfef0b75e675930f644301f95b5abdec90bae4e35df3119c71bfdf2352b829315f0df8ea533af7e2e0c045b21f9eaeba70849

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d477852cc0c01998954b961d2ba5cc99

SHA1
76465b8aef9ba7b92e928f14aec25138caf89ee3

SHA256
723132d500d81ae91f6dbdddd9773c43c077f7228dc6b09c274e8c756e8dfc27

SHA512
bc29340278b6651eb018e8b2e8fcabe717a3f45e81da6dd88b1f38d5287482b2ccfb39efc928b8d52e8f8c130e922961b27f5b8178dfa55e2e826d1c6667c5b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0b16a20009ff485882c1b6d7b750fcfd

SHA1
09be57605a27500f80903218dbe245868974bdf3

SHA256
d9069f53d5e610f1e3cadfb1be33f89f8497cfa9d9dcca7a27570d64c0ea1ba5

SHA512
7b7a7cede024d59d054587488db12ed6267b11380c85f33cb3a67c22c3c2a13ec8e46632a5d0271d8071b43e98ddb14e9eae0711a0f4450fd8a8b7bf23b7c6b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9e9657d65a5944111c2caee8618ba2b4

SHA1
e901c4a2ed2c5169801bceb1931ce3615076282b

SHA256
21961a06be8ada07fe10be4bca00c32d6f658ed0933ad455dbb4ca0164d7b82d

SHA512
339de8ed63b9e9f96706f897fab113bea830a256867bec8b4d20ceceea2f9701624ac326c5a75897a47ccd73ae6b1038e5b532a0d92fe1f651548ed959d230ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9cf8a3f0d012ce671c88aac49df00802

SHA1
94b7de3eb118822fecc12a541e7a5f5d508a406b

SHA256
c822758173c5762043b70057d01b77bf127327d4ede553150206ae8069254735

SHA512
93faec5fb9efa3d91818583361b172fb7d46fb84ea1e6dc63dd0255109998e5c4a3ea3635e411fbba34b576bdc61a02791b0540be093bd59b9723edd00c66242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0bc15c2aaeaa8b3a3383b8433ea12271

SHA1
e4f3c5461b6c82b4bce03e3911b790029810d004

SHA256
e66dbfe774b5d9ec98be043d313a5f59a9218f0d39ab14992ba98c644ace2b56

SHA512
a69fb4dfad095c45b5d439529a97548978695e5aa5ebe87caae210aa7dd570a9f1abfc01e4842584d02eba59d0fb623373c42d8e6276633fb09816db192718bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e82b3d1eca10b1d6df1d25cc403572aa

SHA1
b19c85ffa08bbc452f9a9841c337dbcacd092b70

SHA256
fc37f1fd88bacc641104e7fd0c5a37255f8506817803769ba0353d78247e8520

SHA512
3a05d0dcf45b828362aa30feb79062de0a36af50bb47fc9877ff6c237127a9f2ba1d7e1666d0f2c4e2bb16b34cc018b54bde5481e46dbd5bc3b7a1d71f726022

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1ca261738a4aeccea1f2af11186f3d52

SHA1
07241f4693b48d42022c214a0b359106801d4002

SHA256
36978e6aa5f94d30e2d154f42b38e00e572889b5e143a48e296573ef7b417a52

SHA512
61e3cb43b08f6fd85436fc2fa22de63047517ed37edceb2fefcf70f91eb1464e5d08990758808e34f3866bdc3f3f1b004337a2e124dcbcecbe2353497d638cb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
887d885712f0083b76a829e2ba22f488

SHA1
2d01a84d0a56c99a6577fcef5c2776794de7411a

SHA256
d6f8046b59a773538614d65c2bf745dd4f3c0237598307c871d86baa2b59f103

SHA512
9616a691fd0b395310841799ecedfc20e6f6597a795ad8c6a317f4e22bad2a62decadb534cf6686162f7cf4b8384568aa1124d619698134ecf0ebfe9508d8de9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
992fd15f1053cbca9ec1f0cc9ec4acb9

SHA1
e35736035a54b8a606674ba9b1c4e9c4071fe23a

SHA256
e81412d6d332317799901cc11f699ad50cf99f0475255f1295ce7fa21a08c1a1

SHA512
bc8e5175e372d284b9719baba10d1252a893d7ba79bb6d3937a3dc3d7634addd06a6e48bd298550ad8084e6a4c3ac03dbdb611ae6dce2e339826c8a7c4415fc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
63b5907f0a8b916dd363787ac82f1c76

SHA1
3df04a70770f06945d7e2ffc0c8e2851eba0a411

SHA256
1d6c871c7d6c1aab18a245bb8e671a45dcad662e9a9c204a9e1b6eb292dd1fcc

SHA512
65f5ee2c240169baf2ce09a65905a18b56e3778b33a0e258cfbbf317e596baa65ddeed957a948bb0853e2402371f0ebef10730aefbd37ae7f478e658023caa9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
f9dd7f3ff0623e054c716927df740e97

SHA1
a6fd9470b794c0dcbddeda389274e920c7e739a7

SHA256
e484cc9f58ceaa468060f9e10a4f73c7c8b3c67aa37d4616a5fa20ede9b88f85

SHA512
e9eb2f1076a35c6fc3c969e53aadc408800028d150ec1157ff82b6522c7ccc5d87e08eec45c1432188cd62c20dd12c006ec33cb8fc80e9bba3711a00f72af470

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe

Filesize
949KB

MD5
495df8a4dee554179394b33daece4d1e

SHA1
0a67a0e43b4b4e3e25a736d08de4cec22033b696

SHA256
201263498c60fa595f394650c53a08d0b82850349123b97d41565e145ddf2f42

SHA512
ce3bef1038741f7a0f90cc131a4a1883fd84b006654024d591f5451e73166b4cae546e307c358b5b90aa0e6517bf7b6098f1f59a3ecc01598d4feb26e6b6af33

Download Submit
\??\pipe\crashpad_1896_XZZNXMUQRJYHEYWW

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2532-41-0x00000000753A0000-0x0000000075B50000-memory.dmp

Filesize
7.7MB

Download
memory/2532-263-0x000000000AF80000-0x000000000AF8A000-memory.dmp

Filesize
40KB

Download
memory/2532-264-0x000000000AFD0000-0x000000000AFDA000-memory.dmp

Filesize
40KB

Download
memory/2532-262-0x000000000BEA0000-0x000000000BF12000-memory.dmp

Filesize
456KB

Download
memory/2532-260-0x000000000AAB0000-0x000000000AAB8000-memory.dmp

Filesize
32KB

Download
memory/2532-259-0x0000000000D50000-0x0000000000D76000-memory.dmp

Filesize
152KB

Download
memory/2532-258-0x000000000BAD0000-0x000000000BB66000-memory.dmp

Filesize
600KB

Download
memory/2532-0-0x00000000753AE000-0x00000000753AF000-memory.dmp

Filesize
4KB

Download
memory/2532-19-0x00000000753A0000-0x0000000075B50000-memory.dmp

Filesize
7.7MB

Download
memory/2532-12-0x00000000753AE000-0x00000000753AF000-memory.dmp

Filesize
4KB

Download
memory/2532-6-0x00000000753A0000-0x0000000075B50000-memory.dmp

Filesize
7.7MB

Download
memory/2532-4-0x00000000097B0000-0x00000000097E8000-memory.dmp

Filesize
224KB

Download
memory/2532-5-0x0000000009780000-0x000000000978E000-memory.dmp

Filesize
56KB

Download
memory/2532-3-0x00000000753A0000-0x0000000075B50000-memory.dmp

Filesize
7.7MB

Download
memory/2532-2-0x00000000753A0000-0x0000000075B50000-memory.dmp

Filesize
7.7MB

Download
memory/2532-1-0x0000000000680000-0x00000000008CA000-memory.dmp

Filesize
2.3MB

Download