ebbcb489171abfcfce56554dbaeacd22a15838391cbc7c756db02995129def5a

max time kernel
211s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02/11/2024, 07:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper.exe
Size

800KB
MD5

2a4dcf20b82896be94eb538260c5fb93
SHA1

21f232c2fd8132f8677e53258562ad98b455e679
SHA256

ebbcb489171abfcfce56554dbaeacd22a15838391cbc7c756db02995129def5a
SHA512

4f1164b2312fb94b7030d6eb6aa9f3502912ffa33505f156443570fc964bfd3bb21ded3cf84092054e07346d2dce83a0907ba33f4ba39ad3fe7a78e836efe288
SSDEEP

12288:t0zVvgDNMoWjTmFzAzBocaKjyWtiR1pptHxQ0z:O5vgHWjTwAlocaKjyyItHDz

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
1604	ipconfig.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133750075145542748"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2036	chrome.exe
2036	chrome.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2128	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeDebugPrivilege	2128	taskmgr.exe
Token: SeSystemProfilePrivilege	2128	taskmgr.exe
Token: SeCreateGlobalPrivilege	2128	taskmgr.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe
2128	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 632 wrote to memory of 4740	632	Bootstrapper.exe	86
PID 632 wrote to memory of 4740	632	Bootstrapper.exe	86
PID 4740 wrote to memory of 1604	4740	cmd.exe	88
PID 4740 wrote to memory of 1604	4740	cmd.exe	88
PID 2036 wrote to memory of 5092	2036	chrome.exe	103
PID 2036 wrote to memory of 5092	2036	chrome.exe	103
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 720	2036	chrome.exe	104
PID 2036 wrote to memory of 5076	2036	chrome.exe	105
PID 2036 wrote to memory of 5076	2036	chrome.exe	105
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106
PID 2036 wrote to memory of 2032	2036	chrome.exe	106

C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:632
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4740
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:1604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbb367cc40,0x7ffbb367cc4c,0x7ffbb367cc58
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,14579271586913145604,10635193072834821598,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,14579271586913145604,10635193072834821598,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,14579271586913145604,10635193072834821598,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2404 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,14579271586913145604,10635193072834821598,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,14579271586913145604,10635193072834821598,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3700,i,14579271586913145604,10635193072834821598,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3732 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,14579271586913145604,10635193072834821598,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4532 /prefetch:8
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4688,i,14579271586913145604,10635193072834821598,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4560,i,14579271586913145604,10635193072834821598,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4544,i,14579271586913145604,10635193072834821598,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:3796

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1432

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4372

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d3094f2cbe4ce22791f5bc7e27f0458e

SHA1
0ebae64324bf50d25ce477e1fefb90c70b4c05da

SHA256
85078a6e8492c1f2c94009200cd8aeac1daaa75733b8b17460ddd7b8bcbde601

SHA512
32fc7624ce7f08d7d587495c94bda1a01cecd478e99bbaad871d828f7e401e72e0ea00d001962990f605e4fcaa9aa77cfaa568dcc86b9ea0c9b1cdd515519a7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
e6b4053e637ed34547cc78f4dc6b8962

SHA1
0b23c754fb9dc5384af7e178117fc890e188e522

SHA256
74c1c139fe19358723a538f8457bb35a809c0804066fe02d6af49b67f2105542

SHA512
dc9bab57ae1775510af869832d9157e8d63b4a65ab3d5d44e60b31aab4a18e1d8798c6de908e6cbe7f759b6d794aced5d86dbe54c266b61c62b503df78657fdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5898fe4b4ef55fbe28ab9da7eb3ad5f9

SHA1
feb2816969b958b9d4d08bff753acc6ccd3c02c9

SHA256
432af3067dad9e86876c86a95dd69c28d3c51fde384495908b2c7cca2933c215

SHA512
d908aa5026256248f2d723a83ea0e84420a99f4ff4911d4649d87c7c8663c690d92e6fe13a58577c926f777c5551c923ede5d0691b2daf1d5dc6bb270a2cee01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3e9b2547e5974163590bd7e67fdb98bb

SHA1
a8932543a841884df4230dfdceac1c63eaf9b8a7

SHA256
8e7c43e3e21f0ce93eb733bdcf988e2a4596cbcf5c643e8a226fcaddaac38ecf

SHA512
be4d904251cedb25c68fc120c8f2b5059479d75d4349a39a244ec3b8eeb03c8ee01c43540f94c7ae0f0ae58528948c22fca6c1273b69efbc8ce8c22ab3cd9909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1219b0c8c08e5c97d1b36ca465d257be

SHA1
c7c71fb09b72f9b76bfe5438475031e7f8db9512

SHA256
56994cdd3d3c282a11e3e25d2420e5f4bf6251ea29b560dfc656c901b2f4c397

SHA512
8f5a42694259aa8436917075c0bebd1f9896630a05dfa11e88bef335e754c665fd9b90f824d4d171172982e414384feb2a77e1d60b92c4f143bcb5c7e293ec15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f2c1c8927818d61550d8e8ab14c1715b

SHA1
a1a28d9671b953df9a1b7be985be35666a280767

SHA256
8e48869ca7f84ebf000b18b8411c32a21b9bc945a90852419a93ed5993e0b2c1

SHA512
a137bb3e1c60d2f4e6c9120ad5cc26c24f92a26b38eaf2012a374f9e09c0d06ad70ef229f96d4d45e2ea2e9031d331af1f8377345053886c50f3c974132efc2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
62983914164c9f65c43bf77cec3a304a

SHA1
aa10b5657486190f2cdf005eb46ccb6a50be24ed

SHA256
a2ec209fbb72a88d6c4cb401d54ae7e08eeecf9034146faec6c74a11883befb9

SHA512
61a3c1e7a369f6445654e208ae82568a8746a118e8fd6624061b3847c9332bdfb45057793d7d993add0167620f725e4ce40689ddf1aab1d45631f7a8d8938d11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca5877256c6675da1acea71aaa56a120

SHA1
c746caca6b6ebd9b847d95ef0695be40671a9002

SHA256
197c3fc47461d8bc1fd97d7f95e853ff5c3bf8c237f437ccce9e9e46c7143892

SHA512
4179f82a3939aeafea31bd6339b4b41facf0a711c93bea87f0cfd8b5f49e1024aab761ef85db85a87d4d146d7636df4e141fae5457c0663d7f4ad02777fa93c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b0c1c910828be30d09fa80e343d94c92

SHA1
beacc3f997496e31a025269d62944bdd08b4bb43

SHA256
aee249995bca0e9edd9a849aae84305251bd972234c601df6a7e86f661c40fe9

SHA512
577a80a8cea7ffff3115c71c5687434e2aeddd692dfdc6afeaa29dacb703873a4c277cc0c92668a24c3aefaf31d9242ebd2044987cc625e0f59f6edbf32e1f90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bbc540d196727bcc9ccbefe64ac7c893

SHA1
ce60e0d58022a8e59c80697c3ef174794e734b82

SHA256
6c59eb69ce8ddb30a4dd2795e4fbddcb0e64f051d19adef6e8a3446ecc6d4c9c

SHA512
c4b79639a072b2b9b34ce3e5667829c2382f94b340a0f23d6df5b18696acc70ae457a649ac315cb11cf0214a20aad1846b28996031d0a49360c752225c69677a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
611934d81372785b3c88d68b66748e1d

SHA1
f204ccc6df12ee24f5ae07ea75cd1ccaf5cf780e

SHA256
76747d9a52c0a7da40d94616e5a359bfc4e262bf63afb93849aa6e1563549a4f

SHA512
a0200b5ed0a661fcba811a66f1fca48250556bba6bd875c50145797a19d40ae380807aef737cbf0d57e72fdca64caf7d7dfc43e0bbeb22d7f3c5fd0f5d651891

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b8962bb0-45cf-430d-ac34-bdaf3f65d08a.tmp

Filesize
8KB

MD5
5ac641a819dc82d4eb2f904961ae8673

SHA1
79a6a9a0be4ac6f3351abd6c03b56b637a63cc15

SHA256
5bde64449f5e442747d511781e1a7fa096143e3c3fe3df1329f132f13328f18b

SHA512
dc1cee488ea6ffbf2c853d3cb8205223085061c068733de9274b28a1a557495bf3170dcfb910e99efbb540e36cbe396262485a05e9362b6a206dba4ddd6da493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
229KB

MD5
c32f48d50e81fffa0630b9b155d85da0

SHA1
5b96b67079fa05c618783a6f90253d965f8541b4

SHA256
f76dd45ebd45aff6caca5e01a8f43cf955ba15dd4de0695a0c1c0a675bfd1666

SHA512
fb229d4f70965137a7bab015b470319613af25b79cb1801aa280ae0573e271609c2ab4dbab1b8ac5a9f2721e14decc8e4a4eaadf039bfa84da0dc70d77305cc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
229KB

MD5
7cb4aa387776cb984f4f68767b394b7b

SHA1
6c08099b52b4c8fb428625cdf7bd2a22d1a89e88

SHA256
0a71162731a3f081710c2674e48d9bd47a6eb3b4eb1082511424d917e032879a

SHA512
fbf2f2d58dd42408f3ba18046c3ad5a12277d4f87e8277d8f8417705aa4c43aa60ad2f58d31c332d7821754a946c3883df61185e95f92e2c62d79c95afed2dda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
229KB

MD5
51646fb88d5fb3b65522760ffb077ca6

SHA1
b618b79df6b9da93119f25ac0939f0a51a5f7cf1

SHA256
df55aec4dc79e99e5695eb9a95e396f7a01a06636ed2217c6eb43dc16690e3c0

SHA512
be798a9939accd7f1bfad7d5af3363d3e0cc4725b1079069b774321985a2b96eb70db19393f94ac14fe9315ddcae5c35f04f61371fc74bfa80abd744baec4a73

Download Submit
memory/632-1-0x0000021557600000-0x00000215576CE000-memory.dmp

Filesize
824KB

Download
memory/632-0-0x00007FFBB8CE3000-0x00007FFBB8CE5000-memory.dmp

Filesize
8KB

Download
memory/2128-37-0x0000025843E60000-0x0000025843E61000-memory.dmp

Filesize
4KB

Download
memory/2128-38-0x0000025843E60000-0x0000025843E61000-memory.dmp

Filesize
4KB

Download
memory/2128-44-0x0000025843E60000-0x0000025843E61000-memory.dmp

Filesize
4KB

Download
memory/2128-39-0x0000025843E60000-0x0000025843E61000-memory.dmp

Filesize
4KB

Download
memory/2128-43-0x0000025843E60000-0x0000025843E61000-memory.dmp

Filesize
4KB

Download
memory/2128-46-0x0000025843E60000-0x0000025843E61000-memory.dmp

Filesize
4KB

Download
memory/2128-47-0x0000025843E60000-0x0000025843E61000-memory.dmp

Filesize
4KB

Download
memory/2128-48-0x0000025843E60000-0x0000025843E61000-memory.dmp

Filesize
4KB

Download
memory/2128-49-0x0000025843E60000-0x0000025843E61000-memory.dmp

Filesize
4KB

Download
memory/2128-45-0x0000025843E60000-0x0000025843E61000-memory.dmp

Filesize
4KB

Download