454a7b251dc2adde1ccd34f3d129e9d9bca549002a3b27922e01ab8c4e9ffe4b

Analysis

max time kernel
149s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 07:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

454a7b251dc2adde1ccd34f3d129e9d9bca549002a3b27922e01ab8c4e9ffe4b.exe
Size

4.1MB
MD5

0f7140c65e0a8aa683133f8c3baa68be
SHA1

679671bdf3f7d15b07dbb7c9ff26d6d1164991d2
SHA256

454a7b251dc2adde1ccd34f3d129e9d9bca549002a3b27922e01ab8c4e9ffe4b
SHA512

f438737f8cb4a15583668e8c0f273cc49b6c215b1ec0b60842b2a9f7a465b3fb612adb83359ee1659fd0e8e9efcc67ebb997249898773797c158a4344a721cd7
SSDEEP

49152:hNDZDE4rS9aHyC5YIyNWtct8MhUEDofPW+Kh2wftZs9ph+v96O5oYV+dbZW/igld:iz8hct8MBmohVPx

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 5 IoCs

Processes:

chrmstp.exechrmstp.exechrmstp.exechrmstp.exe454a7b251dc2adde1ccd34f3d129e9d9bca549002a3b27922e01ab8c4e9ffe4b.exe

description	ioc	process
File opened for modification	C:\Program Files\Crashpad\metadata	chrmstp.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	chrmstp.exe
File opened for modification	C:\Program Files\Crashpad\metadata	chrmstp.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	chrmstp.exe
File opened for modification	C:\Program Files\chrome_installer.log	454a7b251dc2adde1ccd34f3d129e9d9bca549002a3b27922e01ab8c4e9ffe4b.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133766488397489595"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrmstp.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ chrmstp.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

4476 chrome.exe
4476 chrome.exe
1716 chrome.exe
1716 chrome.exe
1716 chrome.exe
1716 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

4476 chrome.exe
4476 chrome.exe
4476 chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	chrmstp.exe

pid	process
4476	chrome.exe
4476	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe

pid	process
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

chrome.exechrmstp.exe

pid process

4476 chrome.exe
4476 chrome.exe
4476 chrome.exe
4880 chrmstp.exe

pid	process
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4880	chrmstp.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

454a7b251dc2adde1ccd34f3d129e9d9bca549002a3b27922e01ab8c4e9ffe4b.exechrome.exe

description	pid	process	target process
PID 1280 wrote to memory of 4512	1280	454a7b251dc2adde1ccd34f3d129e9d9bca549002a3b27922e01ab8c4e9ffe4b.exe	454a7b251dc2adde1ccd34f3d129e9d9bca549002a3b27922e01ab8c4e9ffe4b.exe
PID 1280 wrote to memory of 4512	1280	454a7b251dc2adde1ccd34f3d129e9d9bca549002a3b27922e01ab8c4e9ffe4b.exe	454a7b251dc2adde1ccd34f3d129e9d9bca549002a3b27922e01ab8c4e9ffe4b.exe
PID 1280 wrote to memory of 4476	1280	454a7b251dc2adde1ccd34f3d129e9d9bca549002a3b27922e01ab8c4e9ffe4b.exe	chrome.exe
PID 1280 wrote to memory of 4476	1280	454a7b251dc2adde1ccd34f3d129e9d9bca549002a3b27922e01ab8c4e9ffe4b.exe	chrome.exe
PID 4476 wrote to memory of 2356	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 2356	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4948	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 1136	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 1136	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 556	4476	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\454a7b251dc2adde1ccd34f3d129e9d9bca549002a3b27922e01ab8c4e9ffe4b.exe
"C:\Users\Admin\AppData\Local\Temp\454a7b251dc2adde1ccd34f3d129e9d9bca549002a3b27922e01ab8c4e9ffe4b.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Users\Admin\AppData\Local\Temp\454a7b251dc2adde1ccd34f3d129e9d9bca549002a3b27922e01ab8c4e9ffe4b.exe
  C:\Users\Admin\AppData\Local\Temp\454a7b251dc2adde1ccd34f3d129e9d9bca549002a3b27922e01ab8c4e9ffe4b.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=128.0.6613.137 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x7ff7c08746b8,0x7ff7c08746c4,0x7ff7c08746d0
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4476
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcf90bcc40,0x7ffcf90bcc4c,0x7ffcf90bcc58
    3⤵
    PID:2356
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,13003099576706696978,5303456198189058784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1816 /prefetch:2
    3⤵
    PID:4948
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,13003099576706696978,5303456198189058784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:3
    3⤵
    PID:1136
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,13003099576706696978,5303456198189058784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2288 /prefetch:8
    3⤵
    PID:556
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3240,i,13003099576706696978,5303456198189058784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3276 /prefetch:1
    3⤵
    PID:1184
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3272,i,13003099576706696978,5303456198189058784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:1
    3⤵
    PID:1808
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4480,i,13003099576706696978,5303456198189058784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4512 /prefetch:1
    3⤵
    PID:4260
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4784,i,13003099576706696978,5303456198189058784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:8
    3⤵
    PID:3436
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4920,i,13003099576706696978,5303456198189058784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4984 /prefetch:8
    3⤵
    PID:4448
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:1312
  - - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff634a94698,0x7ff634a946a4,0x7ff634a946b0
      4⤵
      Drops file in Program Files directory
      PID:3348
  - - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\initial_preferences" --create-shortcuts=1 --install-level=0
      4⤵
      Drops file in Program Files directory
      Modifies registry class
      Suspicious use of FindShellTrayWindow
      PID:4880
    - - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
        
        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff634a94698,0x7ff634a946a4,0x7ff634a946b0
        5⤵
        Drops file in Program Files directory
        
        PID:2604
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=724,i,13003099576706696978,5303456198189058784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1716

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4952

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Crashpad\settings.dat

Filesize
40B

MD5
934c2dd19aa34465e442b9e9de55c3ac

SHA1
f345325d036b975e555d3ad5ef0aaca59ed6ae7d

SHA256
2c3a2a462a0e747b660e2cf29af794961abe17b23d490e6958cc677ba528582e

SHA512
d6434c23be0abec8908d05075cb5e3f8a6e725933b262f7dcb56c7c6a2147028c948039ff84e0aedb7e9e903f1b2f3492beba35995eb444483b772c18903c983

Download Submit
C:\Program Files\Google\Chrome\Application\SetupMetrics\e0011717-6f36-4e3e-8118-c9ef7f8b9490.tmp

Filesize
520B

MD5
d7bdecbddac6262e516e22a4d6f24f0b

SHA1
1a633ee43641fa78fbe959d13fa18654fd4a90be

SHA256
db3be7c6d81b2387c39b32d15c096173022cccee1015571dd3e09f2a69b508a9

SHA512
1e72db18de776fe264db3052ce9a842c9766a720a9119fc6605f795c36d4c7bf8f77680c5564f36e591368ccd354104a7412f267c4157f04c4926bce51aeeaa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
73d076263128b1602fe145cd548942d0

SHA1
69fe6ab6529c2d81d21f8c664da47c16c2e663ae

SHA256
f2dd7199b48e34d54ee1a221f654ad9c04d8b606c02bdbe77b33b82fb2df6b29

SHA512
e371083407ee6a1e3436a3d1ea4e6a84f211c6ad7c501f7a09916a9ada5b50a39dcb9e8be7a4dee664ea88ec33be8c6197c2f0ac2eabe3c0691bc9d0ed4e415d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b139dc53cca10b99ac8396e9bd894f5a

SHA1
31c9e62405137478776137ff49f28e665bc5361d

SHA256
bd8272fab27ec91818b2845992f2b2a5363776779651fd5882bc80e1cf4f09cc

SHA512
e9b95f0fcd96d2779b7e69d77f6b2ca3ac34636fa6f85624614daa8109d7de90bfc0ded5647be1f8b14637c2d71a54ec32d453f968938dc2765e944eddd6967d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

Filesize
192KB

MD5
a8cf54419129b874864cf206392ece0f

SHA1
2d8f78e5d6951faedba3257d5794227f34c50967

SHA256
b8a7649c907c010db609d7143f3f0601a385b9cf803f4b0bddb449c41151cc1f

SHA512
02a77857be5123636fdc44791f6cf7a4532fa53e34576be7f6ab21da51ef400fc138d7dda6a2880b2b42ddb22a803a1897e4f95ea3479487af61a199c7929a8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8e256c6f3b1e8d51436f6fd0a0958b8b

SHA1
568dc701fbab7cf2e2c3b169635af1b6f3cef4f8

SHA256
68aba94a1dc1d00fdc417767a5811018a20f28e30329c2378bf77050a7dbefb8

SHA512
a1c4ec600618ea34c29bdeb1c22a140c48660c25074253156f8ff506e6d1eb9f094a9a738e85d8fc63fde5e66b5ea28ed48b2300ce6a9c62f51baf96582215db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0119cf957a34ed8cb1ebd77a2cde6d91

SHA1
dbc8e459664a3b0fe0b671e17af6528b499ef8f6

SHA256
b0d343021bd466d231550c90e0331e4454e265b2bb777e9fad92a5f6f677f449

SHA512
8b6cb2d40987342da008855c7f7bb4327c1c908ccf15ecce16bb957a34501bc3cc4bf98f66011ba769d829b16fb1407ef32a7db46f70e9289b1a1d820674ea9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8fde5a7c3040172c07adead766f0d6a5

SHA1
2e9499927a7ceacd7f1c9d377281cad38cbee4ea

SHA256
60075162997f68c37de15d32a63637945206e59d2cfcc159bd5c33f10d86e1ad

SHA512
206691a00a988af0f0dfa1f0af99f68df617b4a690bc1c7cdc114e06e70ec62b4aba6380af2cc4a49b47870cb2885aaa2d1e942c8dbfe895687a5af99eff7cd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ce56cad86f75d8f121c3e07e7e2cf937

SHA1
34f56ad4438e543f519c8c9829c1f6035e2554c3

SHA256
e74fa38792656be7f1fa88afffe2c6f877036af02adbedde41bf6824f903669c

SHA512
d6f222a956143af86146411c8dbccdff5719ac732f892edb0007a436a9aca71a200167af320fc6298cb4ee48e62fe7997d577e4f2f8a217bd13c8b355f828227

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
107d3c66557078002c1f1f58b8bf98e0

SHA1
0927ce195b5e577ac7433054b58f9e366eaae6b5

SHA256
cb6f53f1e6bec79432363b64afa7e105b5b1f81e2449afc73dc43ab65ad76d86

SHA512
f5cb7db2f7f149a27dc21bbfb5df8a496e40abff01130619b922970a51f92e6d7fe7b3fc4a54d3cb684b07a327cd80913905428b28c5d0eb60f158577ebf5594

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9f400adc91be1a9d54821e60af4e3dc1

SHA1
2da9c1fb20b61e9615d7925345434be0cc795226

SHA256
26650746be032298087d9ec49e41617b9b4b2f924fc99307941fe9c949af9362

SHA512
4754a193e7800055044dc8439255fd26125e954512c0195ca3cc5db203bf8866a94a7a1f35b5c25da16860030c645acb27e2efec7d98fa3e99ea98243b7061b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fe709e140ce30a63d9b97ab175a8aa0a

SHA1
891105208fe221d546161ec6947cb2c2ab2da2d1

SHA256
edf627e228301f10027432e50bf50327d57ea1774fcdce77559320c4b42d32a5

SHA512
3fd944edeca7e7e37dd004b9ddf3495ba1e3ae515a721ae3eaea4386d6c78b5714a7ec2b3d5680834e9db8237b14550e1ca320909559da2408e797ac9eb49d71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
71e798bae96e94b650d1b4a39e085739

SHA1
006a5b43188b607107ab78cf91a53e2838acbab4

SHA256
2e160b21cbe2d692c1ebe14240ea9cd892d6df3f26c47ed5dec975a95c2b750b

SHA512
d71f343d50be815630a5ce7c31aec5ed1103b14987ec19d6db4378519fe712e6c4b6f837589620c8bc9cca646580cb6b71f49f08579f08acfc78cfa7e7c4a849

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ac710e4b432ac034c66c2d4538b2bc5b

SHA1
0957eec7968912781a2fc07233c0e8a792d49632

SHA256
2b27514fb3f4eda59e587990bf7d1c482e00905023a9cd68bd8d6b5f20cd2a85

SHA512
d0e90512bab524e3193d330dec5df8d59f314342dd0079f8eda421161c3c86b6da11dc448dd1848f8fee0de482a16544c54abc330e6601a365333369935a507a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe57c97a.TMP

Filesize
1KB

MD5
1579d58a26f27dfaa977b3b2089ae52a

SHA1
a7142ff0359c843283460a587e54b84145e65aeb

SHA256
36518a18ce1fafc2e67795dd8a4abe1b8a19d6f2af5ad001b91fa450fc66871c

SHA512
7887a1d765253168334f98b227869adf2bce24f594008b0c2ba0fb8bf08655a91db723e5d4b5e7dd584a0054a8f96ef91ae9e1a9fcef901c37865d7586da8631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ff98acc7531bc352e54a320b4df99d15

SHA1
74bd3a24bcc9ca962ec56172536b12761876911d

SHA256
8c031dfbbf92a94e80022eeb8cd9a50ca3712d6fee65df4bd6607c4c838ccce7

SHA512
a1eccad29b3e56ca0f4657285a3acd23ee20627a4e910e89ec1eb614fe7cde6065f09e22cbe91edec45f29b702429d967fcdbd2395c3a8caa394ea56e4eb9ff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
b1c96bd486fc88b22d57d96f35e799ce

SHA1
d53fe2c0bb195ed664fedf270c241e55550f6fe2

SHA256
9159abe16528ac0100284742d7f5ca5551b348fe36617ff1686e8adb9b963878

SHA512
2e08789d800dca7e83af6a0955ac0e9de23f7d2c1ffa2207c67f480a766cce8bcb24444fb502bd7f0179be0e9e45c3bdb380ba6c496ca6c7a692c2448e807a20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
b7ade91f0018046f10062b45d6175bfe

SHA1
23c0a8405935462f19975dc8901a4373b4e3c648

SHA256
0d7b9dcc8825ffa07fa3f213122c9fe9ebb923e78e61769f95d3668a83106ae8

SHA512
a275f32a043258ee923ec13ddb983f7cd106d2523c094200a968e3624b194201c0dcd813b8cb0d39a43cd8202995bf543cc39098e0fc9601e236b690cf2cfcff

Download Submit
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

Filesize
8KB

MD5
3acb19af8090ae51410e3675614c3c7e

SHA1
7bed3e7fc7f3233ccf485693c74c732c7b4df80a

SHA256
9c4f5df9f26c419a0c0bc393b02fa5cc80d92ae348b7ed202cd9d4846420fba4

SHA512
d1b131a2c9f72610dfb119996f33c44b07c4ee72e8e6ab7c6f1f3a3399ab11a2efc468195641229387dd6356929c60fbd55b8860b1702177e5e3a86aed154532

Download Submit
\??\pipe\crashpad_4476_TXULHMFEXUIYQILC

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit