Overview

overview

10

Static

static

1

NеwIns.rar

windows10-2004-x64

10

Analysis

  • max time kernel
    88s
  • max time network
    78s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/11/2024, 10:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NеwIns.rar

  • Size

    65.4MB

  • MD5

    0cb086002283c129a5d7fb74e4dd8cce

  • SHA1

    0f45f5b2001c92b72ce7ad1b374a213c64e6b2a5

  • SHA256

    8567ec919ec83bc38b0a2571acdb62fffbe4f6d6e5384e4968df6d2087d0bf7f

  • SHA512

    2a9e212e0b60881e20f5e54c7337837777defc2905ea977fe1a5f14cd07eab3cb83586612d427199e7ee8f522038d62ef57c2ac470501840e1d92083dc6fd01b

  • SSDEEP

    1572864:zoe9+W67M7lM1Wv9wi1ned93iV6vDX4SDsEGsaXucGtjYxoZ:Ue92pMT1ed9yV6vDdDstFecgWoZ

Score
10/10
vidarcredential_accessdiscoverystealer

Malware Config

Extracted

Family

vidar

C2

https://5.75.212.182

https://t.me/asg7rd

https://steamcommunity.com/profiles/76561199794498376
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Signatures

  • Detect Vidar Stealer 9 IoCs
    stealer
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar family
    vidar
  • Downloads MZ/PE file
  • Uses browser remote debugging 2 TTPs 7 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 8 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 24 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\NеwIns.rar"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3356
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3184
    • C:\Users\Admin\Desktop\NеwIns\NewInst.exe
      "C:\Users\Admin\Desktop\NеwIns\NewInst.exe"
      1⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4564
      • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
        "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Checks processor information in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:5028
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
          3⤵
          • Uses browser remote debugging
          • Enumerates system info in registry
          • Modifies data under HKEY_USERS
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:3252
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbac22cc40,0x7ffbac22cc4c,0x7ffbac22cc58
            4⤵
              PID:4516
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,3142844386332420530,7815080807246724336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1912 /prefetch:2
              4⤵
                PID:4820
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2064,i,3142844386332420530,7815080807246724336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2056 /prefetch:3
                4⤵
                  PID:2616
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,3142844386332420530,7815080807246724336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2480 /prefetch:8
                  4⤵
                    PID:3356
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3184,i,3142844386332420530,7815080807246724336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
                    4⤵
                    • Uses browser remote debugging
                    PID:1312
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,3142844386332420530,7815080807246724336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3252 /prefetch:1
                    4⤵
                    • Uses browser remote debugging
                    PID:2672
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3844,i,3142844386332420530,7815080807246724336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:1
                    4⤵
                    • Uses browser remote debugging
                    PID:4816
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4796,i,3142844386332420530,7815080807246724336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4680 /prefetch:8
                    4⤵
                      PID:1260
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,3142844386332420530,7815080807246724336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4824 /prefetch:8
                      4⤵
                        PID:1164
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5036,i,3142844386332420530,7815080807246724336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5044 /prefetch:8
                        4⤵
                          PID:3104
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,3142844386332420530,7815080807246724336,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3440 /prefetch:8
                          4⤵
                            PID:4796
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                          3⤵
                          • Uses browser remote debugging
                          • Enumerates system info in registry
                          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                          PID:3708
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffbac2346f8,0x7ffbac234708,0x7ffbac234718
                            4⤵
                            • Checks processor information in registry
                            • Enumerates system info in registry
                            PID:3744
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,17328059839986043257,8809300281175476490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
                            4⤵
                              PID:3220
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,17328059839986043257,8809300281175476490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
                              4⤵
                                PID:4356
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,17328059839986043257,8809300281175476490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2292 /prefetch:2
                                4⤵
                                  PID:848
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,17328059839986043257,8809300281175476490,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
                                  4⤵
                                    PID:2640
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,17328059839986043257,8809300281175476490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2320 /prefetch:2
                                    4⤵
                                      PID:1008
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,17328059839986043257,8809300281175476490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3284 /prefetch:2
                                      4⤵
                                        PID:3212
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2036,17328059839986043257,8809300281175476490,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
                                        4⤵
                                        • Uses browser remote debugging
                                        PID:4552
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2036,17328059839986043257,8809300281175476490,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2892 /prefetch:1
                                        4⤵
                                        • Uses browser remote debugging
                                        PID:1884
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,17328059839986043257,8809300281175476490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3280 /prefetch:2
                                        4⤵
                                          PID:4820
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,17328059839986043257,8809300281175476490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3156 /prefetch:2
                                          4⤵
                                            PID:3908
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,17328059839986043257,8809300281175476490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3496 /prefetch:2
                                            4⤵
                                              PID:3692
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,17328059839986043257,8809300281175476490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3856 /prefetch:2
                                              4⤵
                                                PID:748
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,17328059839986043257,8809300281175476490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3232 /prefetch:2
                                                4⤵
                                                  PID:3684
                                          • C:\Windows\system32\taskmgr.exe
                                            "C:\Windows\system32\taskmgr.exe" /4
                                            1⤵
                                            • Checks SCSI registry key(s)
                                            • Suspicious behavior: EnumeratesProcesses
                                            • Suspicious use of AdjustPrivilegeToken
                                            • Suspicious use of FindShellTrayWindow
                                            • Suspicious use of SendNotifyMessage
                                            PID:4636
                                          • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                            "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                            1⤵
                                              PID:3636
                                            • C:\Windows\system32\svchost.exe
                                              C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                              1⤵
                                                PID:3652

                                              Network

                                              MITRE ATT&CK Enterprise v15

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • C:\ProgramData\chrome.dll
                                                Filesize

                                                676KB

                                                MD5

                                                eda18948a989176f4eebb175ce806255

                                                SHA1

                                                ff22a3d5f5fb705137f233c36622c79eab995897

                                                SHA256

                                                81a4f37c5495800b7cc46aea6535d9180dadb5c151db6f1fd1968d1cd8c1eeb4

                                                SHA512

                                                160ed9990c37a4753fc0f5111c94414568654afbedc05308308197df2a99594f2d5d8fe511fd2279543a869ed20248e603d88a0b9b8fb119e8e6131b0c52ff85

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                Filesize

                                                649B

                                                MD5

                                                61c36d29c480f5c240cbc7f115235a18

                                                SHA1

                                                34f54be4bfb24ac596b12694f83c54dd96419322

                                                SHA256

                                                789f40832d7360bf8eb381a83bb62efc560c563c1dc5242582b670f5c2628c3e

                                                SHA512

                                                97c56fd6aff580702b61c90510d16d5d687432944f9af2c9b8112cc4606d0dadc17d932ec6a02f8a844404480a7a502ca3d4ab22e9aff32e3c582def820dd21b

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                Filesize

                                                2B

                                                MD5

                                                d751713988987e9331980363e24189ce

                                                SHA1

                                                97d170e1550eee4afc0af065b78cda302a97674c

                                                SHA256

                                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                SHA512

                                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\1f75763d-c8c8-41b8-88b7-148f5eef210b.dmp
                                                Filesize

                                                10.5MB

                                                MD5

                                                0dd3febfc6e626aae623e3f631b3ca76

                                                SHA1

                                                7e3c29d06f2d42f1fa0ac32ec6e80849ce42d7a5

                                                SHA256

                                                66d03d756bc51e0193d9f37c6edca682a962ee52a099b3093f5fb40978495b59

                                                SHA512

                                                f799c2eff07a623e8a27adeac93ee28e3250805c7f2ba3de828e463c189a6ee31ddc285ab82c8ebb9fe23082717d7df908b630189292220534a38dba354dd9f2

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                Filesize

                                                152B

                                                MD5

                                                a0486d6f8406d852dd805b66ff467692

                                                SHA1

                                                77ba1f63142e86b21c951b808f4bc5d8ed89b571

                                                SHA256

                                                c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

                                                SHA512

                                                065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                Filesize

                                                152B

                                                MD5

                                                dc058ebc0f8181946a312f0be99ed79c

                                                SHA1

                                                0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

                                                SHA256

                                                378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

                                                SHA512

                                                36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                Filesize

                                                5KB

                                                MD5

                                                61833e4687bcae55bcff9516016288ca

                                                SHA1

                                                d2b37698b82b46b01a6451a1e94201057ce9593c

                                                SHA256

                                                50798f6a89f424a656de99ff91b524287e3e7e2922d91c9eae7541f473cc404c

                                                SHA512

                                                01374dcfbd598c1604d4a39d84c03567d70039688806b8cd8a3edd6a848615f3609f3f5d9dbc567a16805cf8656e45eaaf1d142244ef931a64fa1b09a4833268

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                                Filesize

                                                264KB

                                                MD5

                                                f50f89a0a91564d0b8a211f8921aa7de

                                                SHA1

                                                112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                SHA256

                                                b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                SHA512

                                                bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Temp\7zEC1D7E197\NеwIns\jres\doc\bin\msvcr100.dll
                                                Filesize

                                                755KB

                                                MD5

                                                bf38660a9125935658cfa3e53fdc7d65

                                                SHA1

                                                0b51fb415ec89848f339f8989d323bea722bfd70

                                                SHA256

                                                60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

                                                SHA512

                                                25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Temp\7zEC1D7E197\NеwIns\jres\doc\lib\deploy\messages_zh_TW.properties
                                                Filesize

                                                3KB

                                                MD5

                                                4287d97616f708e0a258be0141504beb

                                                SHA1

                                                5d2110cabbbc0f83a89aec60a6b37f5f5ad3163e

                                                SHA256

                                                479dc754bd7bff2c9c35d2e308b138eef2a1a94cf4f0fc6ccd529df02c877dc7

                                                SHA512

                                                f273f8d501c5d29422257733624b5193234635bd24b444874e38d8d823d728d935b176579d5d1203451c0ce377c57ed7eb3a9ce9adcb3bb591024c3b7ee78dcd

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Temp\7zEC1D7E197\NеwIns\jres\doc\lib\images\cursors\win32_CopyNoDrop32x32.gif
                                                Filesize

                                                153B

                                                MD5

                                                1e9d8f133a442da6b0c74d49bc84a341

                                                SHA1

                                                259edc45b4569427e8319895a444f4295d54348f

                                                SHA256

                                                1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

                                                SHA512

                                                63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

                                                Download Submit

                                              • memory/4636-866-0x000001B51E4B0000-0x000001B51E4B1000-memory.dmp

                                                Filesize

                                                4KB

                                                Download

                                              • memory/4636-872-0x000001B51E4B0000-0x000001B51E4B1000-memory.dmp

                                                Filesize

                                                4KB

                                                Download

                                              • memory/4636-873-0x000001B51E4B0000-0x000001B51E4B1000-memory.dmp

                                                Filesize

                                                4KB

                                                Download

                                              • memory/4636-874-0x000001B51E4B0000-0x000001B51E4B1000-memory.dmp

                                                Filesize

                                                4KB

                                                Download

                                              • memory/4636-875-0x000001B51E4B0000-0x000001B51E4B1000-memory.dmp

                                                Filesize

                                                4KB

                                                Download

                                              • memory/4636-876-0x000001B51E4B0000-0x000001B51E4B1000-memory.dmp

                                                Filesize

                                                4KB

                                                Download

                                              • memory/4636-877-0x000001B51E4B0000-0x000001B51E4B1000-memory.dmp

                                                Filesize

                                                4KB

                                                Download

                                              • memory/4636-878-0x000001B51E4B0000-0x000001B51E4B1000-memory.dmp

                                                Filesize

                                                4KB

                                                Download

                                              • memory/4636-867-0x000001B51E4B0000-0x000001B51E4B1000-memory.dmp

                                                Filesize

                                                4KB

                                                Download

                                              • memory/4636-868-0x000001B51E4B0000-0x000001B51E4B1000-memory.dmp

                                                Filesize

                                                4KB

                                                Download

                                              • memory/5028-883-0x0000000000680000-0x0000000000980000-memory.dmp

                                                Filesize

                                                3.0MB

                                                Download

                                              • memory/5028-892-0x000000001B730000-0x000000001B98F000-memory.dmp

                                                Filesize

                                                2.4MB

                                                Download

                                              • memory/5028-943-0x0000000000680000-0x0000000000980000-memory.dmp

                                                Filesize

                                                3.0MB

                                                Download

                                              • memory/5028-944-0x0000000000680000-0x0000000000980000-memory.dmp

                                                Filesize

                                                3.0MB

                                                Download

                                              • memory/5028-950-0x0000000000680000-0x0000000000980000-memory.dmp

                                                Filesize

                                                3.0MB

                                                Download

                                              • memory/5028-951-0x0000000000680000-0x0000000000980000-memory.dmp

                                                Filesize

                                                3.0MB

                                                Download

                                              • memory/5028-890-0x0000000000680000-0x0000000000980000-memory.dmp

                                                Filesize

                                                3.0MB

                                                Download

                                              • memory/5028-889-0x0000000000680000-0x0000000000980000-memory.dmp

                                                Filesize

                                                3.0MB

                                                Download

                                              • memory/5028-884-0x0000000000680000-0x0000000000980000-memory.dmp

                                                Filesize

                                                3.0MB

                                                Download

                                              • memory/5028-880-0x0000000000680000-0x0000000000980000-memory.dmp

                                                Filesize

                                                3.0MB

                                                Download

                                              • memory/5028-879-0x0000000000680000-0x0000000000980000-memory.dmp

                                                Filesize

                                                3.0MB

                                                Download