a9f6ca54ef2bf71e056c7ad098f64aa6f558ed2827b212b0a817877a4e43466c

Resubmissions

18-12-2024 21:59

241218-1v489strcn 10

18-12-2024 21:54

241218-1sk3lstjct 6

Analysis

max time kernel
151s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-12-2024 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

! Prefabs.txt
Size

17KB
MD5

6fc06edcb562b363ae47fe9dd553b23e
SHA1

2bddabe7eb5851cc685ff0ce6639d6654d76380b
SHA256

a9f6ca54ef2bf71e056c7ad098f64aa6f558ed2827b212b0a817877a4e43466c
SHA512

9143645b5b11d75361fcd81865464690641bd7a26fb5a6c1bc333a3fe13fa43aa35913faa3a615bafc814325afa7dd96f2a789b2cdea0a70034f073db32416ae
SSDEEP

384:7iF7lV68CrBAOVVCbGV6SqZdQNCR88Tg7AlkuYiLhPxb8kwL2V:u5rOrC86SqUCfg7AlkuYiLRxbTIq

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
60	discord.com
85	discord.com
86	discord.com
59	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133790325138608585"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3442511616-637977696-3186306149-1000\{5C747CC7-1E45-44C8-A659-6C1B63B63246}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 2972	2920	chrome.exe	89
PID 2920 wrote to memory of 2972	2920	chrome.exe	89
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2124	2920	chrome.exe	90
PID 2920 wrote to memory of 2516	2920	chrome.exe	91
PID 2920 wrote to memory of 2516	2920	chrome.exe	91
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92
PID 2920 wrote to memory of 5012	2920	chrome.exe	92

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\! Prefabs.txt"
1⤵
PID:3056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb3a04cc40,0x7ffb3a04cc4c,0x7ffb3a04cc58
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,7953752094551788139,5359538226589846381,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2224,i,7953752094551788139,5359538226589846381,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,7953752094551788139,5359538226589846381,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2424 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,7953752094551788139,5359538226589846381,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3276,i,7953752094551788139,5359538226589846381,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3760,i,7953752094551788139,5359538226589846381,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4748,i,7953752094551788139,5359538226589846381,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,7953752094551788139,5359538226589846381,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5100,i,7953752094551788139,5359538226589846381,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,7953752094551788139,5359538226589846381,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5056,i,7953752094551788139,5359538226589846381,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5176,i,7953752094551788139,5359538226589846381,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5608,i,7953752094551788139,5359538226589846381,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5580 /prefetch:2
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5400,i,7953752094551788139,5359538226589846381,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4836,i,7953752094551788139,5359538226589846381,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5332,i,7953752094551788139,5359538226589846381,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5568,i,7953752094551788139,5359538226589846381,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5816,i,7953752094551788139,5359538226589846381,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4684,i,7953752094551788139,5359538226589846381,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4536,i,7953752094551788139,5359538226589846381,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4072 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3504,i,7953752094551788139,5359538226589846381,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3528 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5064,i,7953752094551788139,5359538226589846381,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4304

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3820

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3456

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x2fc
1⤵
PID:220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\540220b8-ae28-4181-8690-c8e4c6142fd0.tmp

Filesize
10KB

MD5
21675f3c9a6f3fdd5516dd398d30c3af

SHA1
b48641a6769287c63d58fcca32f5f3ae38cddb3b

SHA256
7122427498bc379b1db49ed82679ac37482cc709cc7de5ace8588763ecd9575e

SHA512
a843ef959692b02c61e564fa411bb80456dc2a4fe22bfb45f949beac42bcdfd689118204be511847cdd1c6f45f8457b441092052ea7c0a347400cbc97783c395

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\596ce4a2-e677-448c-95a6-51a2495b93b4.tmp

Filesize
9KB

MD5
4d9b69564699471505ee1232bc16651a

SHA1
743bbfb175e80a90ea5615c2686ac7c9384cee8e

SHA256
c78fe47e948f1924e396555e32635268ed21dcdddd04dcd3a2fc04cc603aba4b

SHA512
e7bce80bebcd7b2f90e03e7869f2792d7aa4fb48f55249c517f79fc6c433dd90407a3b510cbabe4b55b4a14b603794f3f768ef04506de80f087070114cafafb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\73a9e138-3703-43d7-bcdd-017c47b8df76.tmp

Filesize
10KB

MD5
84888c90431398fcefe647bc94fb4b0f

SHA1
686933e78685252bdf86c7e556892c02f4ae655e

SHA256
711a03a6f9378b1f97529daa88f01d46da86e0a3a7d050e660dcbe59c94def2c

SHA512
3f38730a77c78a9a342ab7dd0279c88ea9594a504f382ac887b76ecf248f5dd38fe48c27e0f7b05f1db0e7d54c6ed51d7a51c2628d9e9743495830ddd0915f30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
cd647e2de73ba5eb32c0dc148cd4cd4e

SHA1
e92e1c752f6e65d4799569f33b6da291e8844fd3

SHA256
a6dec2587c2a51f62841a688837153d8b43c77e8291e1db1dc939f620b0ffd19

SHA512
899b129f62cc55df1d8eb431cf7223f6a26374b2778267eb7ae6243ce83034c2d767800c1514b6dfd8e082fb31835bdf4ce7f5fdd7f1a0b52ca597b959d0be24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
278864ae7d320671d72fa46e199768b0

SHA1
5211c6a3a2714bdbc4c938889046dcdc3cb86777

SHA256
ce3bc66dbf8d98be87b71928dd8beded11e8897d571fb6b40875962232430c53

SHA512
b884c3c8eda3529d5702ba2deb626f00fc8232a7a6da12369d2463713f9c7aae6e3b1a633c1cca43b4ba7e3e3228f809cbabd6d7344162b27d2b232f6e55b1c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\0ed13ef7-0f18-417c-b368-512531d020ec.tmp

Filesize
523B

MD5
9618ef48ca5def24ec746bd6ef1cde9b

SHA1
d7fa61c0d1658d38adcb03cc334c03fa9966d998

SHA256
d9c17f9271fe2a565df982f08a16d8af6c74dbf5c4caeff0be9b10f29f96f833

SHA512
c1bff83d8c48e55c2853d5f16822c45229fe89310c36588c990aa4d5c963327d8ee3a8b45f017a3be353b9b5cc67a73adeb80b3514860e55f41bc8a851f9abe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c5ddb68d5bbc8779bdae04d598805b14

SHA1
48b6fa1088db9919eaab6d6078d5a774d3d4f535

SHA256
92516cf718bddc5a05df1973aecc8725dce1eb14f4a4c554e41dbd283f015628

SHA512
93d82890f2c6b75b4937d4b2fb6f10199720e2d5a846f608f8d59f63791a151ab7943422d38987d3614b65a25f2ae4903155849f8559361fb1bab72a69100070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1125122f396084a25757ef507a00a09c

SHA1
3ccf6a9ee56bbbd18b528536d5b7cdc140298396

SHA256
440130bbf502d63b223e22081d9b4834a65d21f0263488bca791ddd54723c285

SHA512
4b8c519157766ae077d75bf8beb437a820206557251b61bde036ce346c760d0b2a1d9dd79e412665e449351a0316a294cfa952e160704438097ee969bc89bf84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
f9b45b5846d5fd4b41dc1503f7f3a7b4

SHA1
85a6075397f36ffe050a0daf3bfd919529001c32

SHA256
41e9a9f80315382843be810e000471baca0431f0113ca63ef95d65f41c85b5a2

SHA512
c63b2666f0957fbb35b5c33c79d6a4822a177b6d52f9a2c2e69d62856bcbda7d04b7c8725fdc2fed3b186d4cdebd401c3f3468ab815048c590aca20ba4a28e5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
334da4e84d17151e4ecfff3aa26354dd

SHA1
3f2fa3409d15bf6835734f0968afc8a6a2f83858

SHA256
b09fe842e1ca610439f0cdac5ccc8f7cafd34ba10d4198eb2e3505857a9aae74

SHA512
2bdfa5cb83513ae066ff5289549da60d25bc20e03a2a447c788e59f457a0f3e080c19eec6964565b484b044fa70ba68466f16ff879643a2147c2c1d19f125a37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bcdac352645a5eb798bf80502d681542

SHA1
1ade363f33a35fb967db4a4b50aaefef10fe0cef

SHA256
4f9b06a952acacc69a9160741f8d2ce0a683c8b48cffd1668a2d0a41af83b977

SHA512
852e38ed025abe3d35fe23c39ff733f5185b61d6cc490ca5e6569d62b903a8659d8ccd5243a1e52235656cbb12a41c5d1c7b319ca2853833dc3a886ca2791752

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f1721574ffcbe21f2f30c51122667a52

SHA1
457b9ce91c0e475d759f775be2d8aacd3f480d89

SHA256
59a22701b017d6587a83d6b6ec94f0c41800029a287496e992084d611f5f3b60

SHA512
37c4fc9b7d6dcf7154dbf1ae50c39d890e9af7ba0b83e31e51b33a1bde8f35615a29960e24b738c2b57fe63aee1be4001a2f562b5faf34b0139b97274ca176fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
406fe75f73b952bf155ced24eaeeeca3

SHA1
585c3439e5533d19834108718e45abfb4ec3eeec

SHA256
8d75571eba11c68bce7b564252efa506f5511f316b6c60baedb0304d734573d1

SHA512
8ed98b1a324794dae0609111a1efa4979e6e11892ae5dca424ddec2dcc16e990cb5f0f32f2ba230a681918bc4c712face4a14c66e153fa7c45f244fa0e3c0dd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4ac56fcd88d96a09ab1ff69c8da0a7f5

SHA1
c51ad6207e1e7ebef143f1fe540ab09680279638

SHA256
20c87e3c70b4da5128ec181f65ae324d3220963b36283653a05c48683c738bb2

SHA512
71339d3aaee5f32532fa95fe07466637b544853c36b876f2c3645e7b213204715930ebe9adac22a835cc33f34ffbdd1d398548b4ce25cfe879339083427edcae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
52637acfd396193c5ef0f0b29eca8eb7

SHA1
6515e136c8bb09ef05a0f09ab9ea7606ce5d1058

SHA256
d296b8383af47921b0692d48ad4449adda01f177426616abcd94d2aff87856ee

SHA512
17414a29b3b4411d2db59622c1be45c6021ae5da268a8795f0e0e9ef37e86a64578a801c722f132b79886d7ea7a579ee0d46b628baba64c43332a19e19e62ce8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d8086ab5f86a426ad8780c3a63e33450

SHA1
324c8a37f95b14e4d5d095aa2c0fa6501f0f63fd

SHA256
e2b5eca3c815f0fa186dd732625943e56aac9e9b7d4801f4985be2076273ffb6

SHA512
87ac4666bce54db3cf13a1b2cae62e149ee8147987d4b14289d22843ec8bc246d00a5e74df03c2c4269a9dcebec466c85c22f66244477e09376b16ee34efe487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
4feb34a4e1170fc4be97a5b0adb7c7d0

SHA1
20a4f3bbdfae5d63825737ccd28fd5395e683f90

SHA256
7ef94e572d354f935e3d341ba5b488da634f32240478dce0053747310336991f

SHA512
583f0d9c8c6859ffdc8ed573f22821c02da853a4d405591a751c23f45ae18946def7de0c04547b002e2ac3f4dd5d7ca67bb377d174e4bbe23c0f5efad51e6bfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
c731f8f0a86b7dad6909ba3c5d33ac8a

SHA1
79c626020ad72e9c00ccb11760761af430dbc555

SHA256
4bd2b4bc10f6a73c6839301392980bbf39b2bde75e6838921803eb88f4e73777

SHA512
e487286bd4de20370ec846dc1b24c64272d73ff20f1d3a61efada294ea30db0fccec956c7a982406ed22dcdf394ae2ca472557f42226a819133c9c5acaddc458

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2920_1421775872\6d467f4c-3972-42dd-9d86-8730dc9953a3.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2920_1421775872\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit