socelars | 40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2024 14:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Size

1.5MB
MD5

6ef10388f2ff5ff4542eded1be1fd7e6
SHA1

fffc820ccbcb04d3dbcdec6b3ce9a4b749999b63
SHA256

40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076
SHA512

213f50c833c008ee2994dd510021de445b812da59a61aecea2f13bca8ebda69966610bff2b3de86d5845edd4ef4e322baf8de2adad22feaec251d64b61f762d9
SSDEEP

24576:nxpXPaR2J33o3S7P5zuHHOF2ahfehMHsGKzOYf8EEvX3tZ1n106GYS:xpy+VDa8rtPvX3tZd106pS

Score

10^/10

socelars discovery spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Socelars family
socelars
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops Chrome extension 1 IoCs

Processes:

40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemlmgggokggmncimchkllhcjcaimcle\9.86.66_0\manifest.json	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

2 iplogger.org
5 iplogger.org
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
2	iplogger.org
5	iplogger.org

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

cmd.exetaskkill.exe40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

2108 taskkill.exe

pid	process
2108	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133768469522228966"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

2232 chrome.exe
2232 chrome.exe
2880 chrome.exe
2880 chrome.exe
2880 chrome.exe
2880 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

2232 chrome.exe
2232 chrome.exe
2232 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exetaskkill.exechrome.exe

description	pid	process
Token: SeCreateTokenPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeAssignPrimaryTokenPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeLockMemoryPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeIncreaseQuotaPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeMachineAccountPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeTcbPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeSecurityPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeTakeOwnershipPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeLoadDriverPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeSystemProfilePrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeSystemtimePrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeProfSingleProcessPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeIncBasePriorityPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeCreatePagefilePrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeCreatePermanentPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeBackupPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeRestorePrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeShutdownPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeDebugPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeAuditPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeSystemEnvironmentPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeChangeNotifyPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeRemoteShutdownPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeUndockPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeSyncAgentPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeEnableDelegationPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeManageVolumePrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeImpersonatePrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeCreateGlobalPrivilege	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: 31	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: 32	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: 33	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: 34	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: 35	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
Token: SeDebugPrivilege	2108	taskkill.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.execmd.exechrome.exe

description	pid	process	target process
PID 4316 wrote to memory of 5052	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe	cmd.exe
PID 4316 wrote to memory of 5052	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe	cmd.exe
PID 4316 wrote to memory of 5052	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe	cmd.exe
PID 5052 wrote to memory of 2108	5052	cmd.exe	taskkill.exe
PID 5052 wrote to memory of 2108	5052	cmd.exe	taskkill.exe
PID 5052 wrote to memory of 2108	5052	cmd.exe	taskkill.exe
PID 4316 wrote to memory of 2232	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe	chrome.exe
PID 4316 wrote to memory of 2232	4316	40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe	chrome.exe
PID 2232 wrote to memory of 2284	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2284	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 2356	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1716	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1716	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1492	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1492	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1492	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1492	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1492	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1492	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1492	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1492	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1492	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1492	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1492	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1492	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1492	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1492	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1492	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1492	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1492	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1492	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1492	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1492	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1492	2232	chrome.exe	chrome.exe
PID 2232 wrote to memory of 1492	2232	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe
"C:\Users\Admin\AppData\Local\Temp\40c1600444053c239da106a872369e6cb1ee0f3a6dc7640a2d882bbe02b75076.exe"
1⤵
- Drops Chrome extension
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:5052
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2232
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc3ffcc40,0x7ffbc3ffcc4c,0x7ffbc3ffcc58
    3⤵
    PID:2284
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,6517242827760911935,7839758563155263150,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1864 /prefetch:2
    3⤵
    PID:2356
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,6517242827760911935,7839758563155263150,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2164 /prefetch:3
    3⤵
    PID:1716
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,6517242827760911935,7839758563155263150,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2080 /prefetch:8
    3⤵
    PID:1492
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,6517242827760911935,7839758563155263150,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
    3⤵
    PID:752
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,6517242827760911935,7839758563155263150,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:1
    3⤵
    PID:3164
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3776,i,6517242827760911935,7839758563155263150,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3660 /prefetch:1
    3⤵
    PID:868
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4812,i,6517242827760911935,7839758563155263150,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4824 /prefetch:8
    3⤵
    PID:724
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,6517242827760911935,7839758563155263150,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4880 /prefetch:8
    3⤵
    PID:1424
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4940,i,6517242827760911935,7839758563155263150,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4972 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2880

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1168

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0cdaed41da20b9e6871b72e7e6c3f691

SHA1
01f5472b84750b2e06536b084b68786dd0c44f24

SHA256
980c627261f695a75d130d115ca9e755e9b13161f4768eaaa568482359c05529

SHA512
791703eac31f944a621f07729b63eec2cf4f239aa690f04ef78ae44ce97d7ba17e257f41ee770fdc47b31b36a0e7eaed7c557dab3ded975e92e4b349c96e60dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c55043031afc9048873aa264476ddbe5

SHA1
f37e99b8b2f8ae2712d214d15e44eecbddbbe959

SHA256
0d67e6c6552823cc92792ebe66b41dcbbb15eda417ead97bd9dbcaf34c0a9ebd

SHA512
068285258ab749049add8e41ea017c12d98940d18e8d310012a08957bf3d0f9e867b3f00467f69ebbb5c7c621df9be99b5d7be632ed055be62bf1b90bf8c2090

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e72b8892f7c0e59101a677b9b3a1c448

SHA1
0f7ea174469835afc21e4ac16dc09a2855af025f

SHA256
328388ff1ed4128c10cca55ab59854d06ebc6d75ee2381ff7a1e30b500bdd42b

SHA512
75efda0b51c580056eb089fec75ca9d720b8bfc3bac3f93e94e995a17d29c6cbf67cffcb46e21774f51280554180b1e5eb5070a0eb4aafd093e0ae9d77b82273

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc0f0d4047e5a46cd9fab69bc20328e2

SHA1
a136a38d572e96e8d672610807a7e097fce552e6

SHA256
2775eb2bc1fdab021f6c589433e5b881624366f7044ebc1c5874a2e366375180

SHA512
0c1dedcdd7edcc525ec15a7f51db821c4802b0cb6e14ee65de36f1ce5b64bddcdcc684819539879c26ba517d3415365af360fd937c72751cc1dd6f154555ce54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
47f6920da8bc710dd7b310a727f36c11

SHA1
fea8108482f248a2e84eb30bc60d51a13a0aae34

SHA256
b4484949fd355ba5de5b5c30074b95cb06fc6f39ede8a5600d3aeb096264300b

SHA512
01bfb4ef0e75cfa6c8227a0b1a3b02992e18504bf2821712bace7c5011423142e01994b725c20fafda595c9925d2b599028284f6694273af2001ec8d0ad30322

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d54721a71c0eb137fe12ba6c637c77d1

SHA1
9565b9945ecb0b3c6c7f44a19c36a3c769e59fa5

SHA256
9055a27565421384e2bb2787e75802b82cd09158a418ccc1b04e5e4a40eed1ae

SHA512
34d2b67e4fe29ef9995f7679e875ffdf2fce0c7c7d0c3c330ad97c7d2fb69c9e3c9ecb74237fac561fd9521a984ca38c15615da44a54e807d129aceb94017810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
21e4483ad4fecb2fd93f6e05e515cec7

SHA1
82077e44f4f55cd2d3c78f02ba24e1b99d3c7290

SHA256
3b779c25f2694acf8674e13697dbcb2b50b5a963ac32a55d18dcd007b85708a1

SHA512
cec135797c097780d1e4ff37480eb6cddf1a8aa398a0a65f5e24a4c23ab063caa7719628adb03352ea8d3740c82b1ecc47e782aecdbfbb5a09bc44d828af9dbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
14c282ce054f104f3822b1d71f2aebda

SHA1
66639a3e1b5fe2688d14b66731810477f229173d

SHA256
b03e3f1b18cefa40d838e6311609d49708a30b5f9b7ac5c3df7a83b8bc344a5e

SHA512
e17f6bbdbe5ffbb5545f8c787d2569c913f441f22929f9660c24d74c40e41518c690f53f84715a1563b9434d0ec4286ccab08fb2f7337db84566b7991fc683b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
622ac378550a947c3b2b2633d4d31a59

SHA1
a8b348217232867640e339539995f52139cf1b74

SHA256
640b3a94ab23b82e712989b5e54bfa82899287a2e2b0891456d534650a1d1b33

SHA512
5f580d8ce434fd84dc292a3eccf8f505629b5c485d8b2ddbfeeb5b4cda09e29b3f762c071282e419137bcfff54e068cdfcfe9a44411d87d78dec3a7fa3e6e619

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
cc3f3b565ec4cf8609c3041f021f1c6f

SHA1
bd6a8467dc4df8462b1239bdad645611730e270f

SHA256
e33a93fbf27c02e5b1957571851c3fa20597c088b6e1f7d7899585c8f9133513

SHA512
0e66cbb97b91e2f60aa4cc79f088f024273eac81e06b4ef058064c31cd8ff0557e32012513a74e056c9194fd662153c8297b9c93b74dc055ab796dc0121e5da5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
19KB

MD5
f06cf712c23a990af2e1049fe131334a

SHA1
55e04e7d56cda0f31a578fdbeaf4cf87da502bbf

SHA256
59304eef5ecb4d6038a90fc052106c7c7aba4a5b7674f527fff687d41469dee4

SHA512
cc621eee3dac8a660722342f732f60481b4138b89101eb1de715cddcdf92d890afc6591fe035e1bfa7619d43e827ce90e3ee10deb92c6e93f111cbdd6ef1ec3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
4d25c890c74278bee96b9f2b60fcb678

SHA1
89213798e00e927ad08dffb77b39ba9414dcd0f6

SHA256
02be07e24100a25603503d48967b4b742b35d34a5f3b128ba540d9655fa9164c

SHA512
30bf0bcd7e4efa2aba759e14a6bcca60c51df14c23d8ad335a117d31114b1e4c0bbc5b3d2f1465674837838e5e8952187562ab31f2cb8369de5f649cf5844637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
3cdc59e1ea8ca4d2ef80b9f67db398ae

SHA1
0bbf9f215729bc80068495bdc06b0424fd5e2680

SHA256
216484fbd2200db7c3dd939365dd7f56121b7e25ae82f8bdd4b039244f60b69c

SHA512
e128155c2686f0d4f72ca9964b4d2addb5d92041fe1d7858c2ca69f4b1890755da1031d8901b554924d796ed7a44e1148f0d2ba52b63e075b5686b557479237c

Download Submit
\??\pipe\crashpad_2232_VSUDECWYOSRNUPVK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit