Analysis
-
max time kernel
142s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
26-12-2024 09:46
General
-
Target
9175feef2943b05dc196eca70af03b87b5a00af8bd0f88b87929561c68663344.exe
-
Size
2.7MB
-
MD5
332a4162dbeaa01b903e2cfb935c981e
-
SHA1
3af6fd07c1873fc064d2df8c432ac6c1d8751f6d
-
SHA256
9175feef2943b05dc196eca70af03b87b5a00af8bd0f88b87929561c68663344
-
SHA512
2454a1b88b7e66f0407a9a9781ea7a104325efc51cedebf1508c2e2b06438be5c37cc12c4692109d676428f9887768e17a14dfeccacad646827f9649a22ca3e4
-
SSDEEP
49152:kODta1az5/eiQxcu6HQvA4Mfgv+JrQCx2xgOY0OU:bg1az5/eiQxyHQI42gv+J4x5Y0O
Malware Config
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Signatures
-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Uses browser remote debugging 2 TTPs 10 IoCs
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 8 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 54 IoCs
-
Suspicious use of FindShellTrayWindow 51 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9175feef2943b05dc196eca70af03b87b5a00af8bd0f88b87929561c68663344.exe"C:\Users\Admin\AppData\Local\Temp\9175feef2943b05dc196eca70af03b87b5a00af8bd0f88b87929561c68663344.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""2⤵
- Uses browser remote debugging
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa03a0cc40,0x7ffa03a0cc4c,0x7ffa03a0cc583⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,16443434121874025839,8421474941562551124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1964 /prefetch:23⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1884,i,16443434121874025839,8421474941562551124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2072 /prefetch:33⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,16443434121874025839,8421474941562551124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2440 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,16443434121874025839,8421474941562551124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:13⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,16443434121874025839,8421474941562551124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3212 /prefetch:13⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3596,i,16443434121874025839,8421474941562551124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4552 /prefetch:13⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4708,i,16443434121874025839,8421474941562551124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4744,i,16443434121874025839,8421474941562551124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5008,i,16443434121874025839,8421474941562551124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4704 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5012,i,16443434121874025839,8421474941562551124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5100,i,16443434121874025839,8421474941562551124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4804 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4520,i,16443434121874025839,8421474941562551124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4816,i,16443434121874025839,8421474941562551124,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:23⤵
- Uses browser remote debugging
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"2⤵
- Uses browser remote debugging
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa03a146f8,0x7ffa03a14708,0x7ffa03a147183⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,12456703398752592769,14905370992939982368,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,12456703398752592769,14905370992939982368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,12456703398752592769,14905370992939982368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2224,12456703398752592769,14905370992939982368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:13⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2224,12456703398752592769,14905370992939982368,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:13⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2224,12456703398752592769,14905370992939982368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:13⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2224,12456703398752592769,14905370992939982368,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:13⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,12456703398752592769,14905370992939982368,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,12456703398752592769,14905370992939982368,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,12456703398752592769,14905370992939982368,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2832 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,12456703398752592769,14905370992939982368,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4604 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,12456703398752592769,14905370992939982368,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4556 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,12456703398752592769,14905370992939982368,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3548 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,12456703398752592769,14905370992939982368,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3596 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,12456703398752592769,14905370992939982368,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2804 /prefetch:23⤵
-
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD50903d226f29141cf79976252f964041b
SHA14e67bf2c702c490408625a6c45428d1295efeec9
SHA2569b1c3630e3677b3eabae2982fffa1958b761279714fcb117edd843c10c3d5a7d
SHA512da3b33dec114615e1c5c9c6e3336841b5fcecf000c5302a23b14d845671b5d420097a5e5d07a0cd0c772776321811ef57812cda7bf23be5e6b54c693afd0be6b
-
Filesize
851B
MD507ffbe5f24ca348723ff8c6c488abfb8
SHA16dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA2566895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA5127ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6
-
Filesize
854B
MD54ec1df2da46182103d2ffc3b92d20ca5
SHA1fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA2566c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD5071b1c9f7c1d8407b51ccd7d50d15514
SHA18213f39ff0f3210f259efacf455af5fb6667b3f2
SHA2566bb949d27f4df4d6de1f34f1d6a1cfc5eff0f94276b21469f49b4f11771a2881
SHA5122dc5a7b58ebe5a4b2930b1b9cf4ac874a8c477d9e23edc651706a0aef6a70b6841a634e6c8a050590971a3446d50e815fb4953fdbc1cf461403ce836342213eb
-
Filesize
9KB
MD581062990eec0d56cec8084ec27ae59a5
SHA10b09f387836e855bda7ee70fa40d6f5e34fb6e3c
SHA256f2c73bf1d62591e50ffd272919096191c4004257600a290ad300f5b0218f27f3
SHA5127f95a31889c02db66e56e091a23bb3b6a1a969efe3d413734d8fa949f2d3041ccecec660438d263869435060bd2e3fefe74e51f93063d4216373108fb2035e16
-
Filesize
9KB
MD57d2cda0c33f3742aa917c073b3f71a60
SHA1d42747eb758fd11f4670eeadafd23c8d3f9632de
SHA25604f6e8856caa053f0f6ae1ac89a05bf05b357d071607d2649712fbedfcbe0673
SHA512ba489174823fa26498a3f24a7609aa5dbceeb50995575e6faa2ba3284fea2fb5a214d933fed6245cb8b5fa0078ce43c158dc42f0b8ce4a3b315115cde8318ba3
-
Filesize
15KB
MD5eb7d8a32b5805a9471b95b3300df669d
SHA14166a77cfcdb3a4a7272728088bf95428d70aa2e
SHA2561aa20d1a3d802f822f010e01690665f5c4592130a2be8ccc0eb2ab3523042bc3
SHA512869424c2e26ace515180743f29e5eedf3e55f912f5c67225012881e2225dee1e596ef58b248aaaa78ac26eeee2b9a7608ddf07a9512bebc06af5aeb467651112
-
Filesize
72B
MD5399b21d3e9657225b065b86649d0f05f
SHA109ace007cd72351509a7736f99c7be17b1ee3708
SHA256beeef66f0e06e0b9c6867ae5a6e7f93a559b97069765b2ac7fcb3be839fad337
SHA512dd4562c61de9a79ea90e22021b2a4b1aa4ff0cfdeaf03e75f0878a2ff735e79513331c70600453dc25439b7b616fae4c20ec7dea28a90db1d2c6c81b6ebd16f2
-
Filesize
231KB
MD59840a3bc167e5faf91c97b78b0762341
SHA19aeb51bb1c6d47613a217be8641349da28cf5128
SHA25647eade78c3e0b171cd225b638b6696327be9b5a8f33017619699e4f78d08a43f
SHA512b0b77cc1efc445a847e45d5983862a4479da09f1535fb183921c6d5ba6f6845a212bf43eb43d42454f9445e6cc8b3622c953417ab2815eb476d84d0059fb0fa6
-
Filesize
284B
MD55aec3b285389495c0e6b800c8b9c35d1
SHA13b9e99a583eb045f9e04ae0fc8556af4d983c59d
SHA256722397bc3ef7325df7c53ae7c87d5fb8e42f7a5b082a059aed33e4ef4103eb75
SHA51279aec574a086bee48b76e7e5b3a75517c2c34d1790f62d2d4f4ec75873009b185dad84d20824de27d27d7f3664bdc54f3ac4ce46650d42f67d081591d3fa0f29
-
Filesize
954B
MD5d5b4a6ff7775dc9002830ebbecc2982c
SHA1e857b53804379c0e6859c0ee67bef681573308ab
SHA256abea99798cd1ffaaac07ead01c96ce8b3f7353580770314370261ca3b2b44cac
SHA512717b79411b0bf2b7888736722064ffacdefdf0c5120f2ce8598a2a115b73450989ea50b3f36dbe097b51fee06b2eed9dbe4bbd7b0eff24b4044574bfb0ed160d
-
Filesize
834KB
MD520fa4c71f91fd409c47a0c194e682aa6
SHA11ae94f2af86178e509415de708019af421482525
SHA2565b398c78981f4b8b9a54ae76c509f4d9235051aabe711f2a6ea84209b78595d0
SHA512c2d76d0f169d2bec894064d0279c0ae2f19baa9c85dc54f56b8780e089b6f8afbe5ffae0caab2de11f49a2991b2ec94b9358d4dc67b1ff86cbe7fabc9c8e3362
-
Filesize
6.2MB
MD592b68e62f16ca23e85eed901a53ffac0
SHA17d1d5f8c714cf9b3bb71173fc7e8d62d48d5ad71
SHA256e5cf6927bdabd1d9e0e81c0866efd3be2ac4bfa897972c07fd89184975e10cf3
SHA51265dbb68e2642082c79e7380f4ddf0a7b627b966af26fd572ddef9fe677ae7ed7a396e880c83bfcbd1a170d78f3f958277a4df930f1e3cbe8d240be5b2e7415c6
-
Filesize
838KB
MD5cdad3d404998ab04804fc424e18c434e
SHA1b2bae6b6db14a5bdad21b834d838ef6e90b3e970
SHA256fa520ee042e96538a08304fc3d8bc34e7f2541681d8744f1aaf5f458a1220c84
SHA512176955202d103a80ced3167e2526de0d7a5aeb44026ce0c22d912edd0477dee45381ff4a56c39a6b2c10867f31b3cce0e5fd5c9f26e6d468fe1c4a6f25cf41ac
-
Filesize
830KB
MD5a7ec2b5f3c0dde740cb672e85d8d6df2
SHA1b2fc86e2e22c77415dbebf96c2856266b14ebc94
SHA256804439f53089843e5a74ee47efbd46be8f0eec4582a3f9914cd8c6db85dd6bb0
SHA512e2af3c36adf278b52298656d9efecfd5aabee2dcd5a70194aabd056c2967cac31b7aa5e41933251a663d866147bbd2bb748da72a0770622152805e027e784678
-
Filesize
826KB
MD59b93940623dd9f592a72c1dc7491708c
SHA16cb0024df9a769e570a1181f08313d6a0388728b
SHA256656e3a98488c8ba5dceaab080987ea2b6bb2739491093b534ffdb57558628226
SHA512a82702dc695dfaaf53df250c5fee804e7bed28b2e85e8ec62955538aae2ba5b759715cb6be1996443fbd74a5dd50bbf046e689bccc49e7cd2c9d364fb5c134e5
-
Filesize
838KB
MD5b36be74c76a18b71056b992a71e01261
SHA182d2ba65888e7ab38ca2ed14265fdd649e3d66e0
SHA2562679b2e7d67a2bd9aca766d9606be7ecb38895eebc3d89388d7fa2485aeff829
SHA512bdd4ae7077bd20b1331d5f89f3993d46d64a5545b27beda2faf3fa82f7da9163e18d6e9c222c7ccfb1feb1a8766df4ab9fee07e2a397590d4b2a283ce4acfde2
-
Filesize
826KB
MD5e14230b5be1487b78c54a255e452ff31
SHA199a4ca9cea5292f09c3f366db9893f2f1cc558c4
SHA256fe450b1b0514be0904847426412782ec9da0cabe358223d2c83a8185ee451d23
SHA512d8276c54c3d53fa6a99c36c26fef9ccbd48e1a5d62c84dfc22f32fc77ee7ac3295bdce818c30ed82f10368fa81e5c69f95a5038aee8a0cd825307427050a26df
-
Filesize
842KB
MD5d8e87b4d85bf6cfc56f91b621e355f10
SHA1c603ee1b0b51a85d518c316afd9ad7beb34fa820
SHA256496d4f82c1993d3f760badfa8eee784f8c070eae5767dc27a549629fc7e1ce07
SHA51233060212eb8bed95ae91dd5bd1c88cf43b8126fbdcd369634cad1dad5b02929c4db703d144d96d78a2b3a4965a8302aaaf67efb29233b367077f5931e90ed47e
-
Filesize
826KB
MD5868a8b103609a7b3a00ef00a3dc4e300
SHA1e721ec02fd7cd4a9716c84764de0196a46580fc6
SHA2565ceeb77febbb67a97ebec79f0460a58151e0857eb69eb47ab084e74e7e93bdd6
SHA5127759424d4beb8258b79b4ecf1957afaa8fde899f9af34ab76c3658f148e7da7231d24ac7a29ea6906df0f0e7da3a526b883180014105fdbaebee85f02c7b7691
-
Filesize
830KB
MD5904ab4f460f2ff788674c877a1cd94d7
SHA1c90cf5f45580afaf4e80739c70a6869b297d9577
SHA25629977251747cf27719fe2e643ccb03a01d5626e511d1a7abd8386dbfb7af5fbe
SHA5120a0492ef751fcfb01d69cd66d2bf1595fe10e53a4028167307654ec7828e689d7cdc56855453c6a02532f1af8f871719b22a8faea31f350eb588fb013d209e3f
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
152B
MD5c1c391a608339b696e2ab7ae1ffa3d97
SHA10ed0aa3cbcd88f98bf6c0e843d09571689f33982
SHA256be997737a7dcc1ea29d7229be9deb3b8e26ebb2bef90e8c3cb5cb930c8b14e18
SHA51296c657c28edfc3f9fbc461fa8532f53fb08fba93659b384e79c6dda7d732807b611c350fa65682d25b267f830481113f10d4327e59abca1a11313ea917143878
-
Filesize
152B
MD555af145aa40405f422777b30ce73c587
SHA10ffaf93ecb2bf5a72c31e587523f97bcd3067fcf
SHA256c45be5a063764befcbccba222204154f699171a367ac6e19971834f9d9f81d4b
SHA512a2602294fe74e5f53653cf9f92f9d8158d2e95544d6a0ff57d355e2b3ead1bfb9457b513d368e514e668ea16db172dd6fb892ac57e826202996c8e9e92d00964
-
Filesize
152B
MD5d098eab4ed4c8489d3eb8b1530b0bace
SHA1a3ed3fd67bdba0da5aba155d88d5f07c2944dc50
SHA256c6834d3148b32fddc137c6e1e2415bbf65f1b3c217ccdd03bdb86a51d34998de
SHA51216468866fc2cfbaecbdc7f8390df9a827d870a7acc7880dd05fb076f81a0b3eee63aa1024157ce3f59787ff1e4a36fbd68992c30881ef77b42a565496e1b574a
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
5KB
MD5ef04e5c2b7e90cc1774e9bf3590f5b37
SHA15870cdc463af39b113fa3dbdd5f7f80e1ecc7eae
SHA256dbe5c6bdd4f0b245ec5580f818e3943d10594b7174e62fdcc21892646e890d23
SHA512b083a7c10cc85c69f50c67f0c17c36b793c60192f4c2c21937a320c39116c4c5fe241b5cee3898b541b20d1245fd61c23ed332ef437171064f527fee173e6ce1
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
711B
MD5558659936250e03cc14b60ebf648aa09
SHA132f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA2562445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA5121632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727
-
Filesize
150KB
MD514937b985303ecce4196154a24fc369a
SHA1ecfe89e11a8d08ce0c8745ff5735d5edad683730
SHA25671006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff
SHA5121d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c
-
Filesize
4.9MB
-
Filesize
4.9MB
-
Filesize
972KB
-
Filesize
4.9MB
-
Filesize
4.9MB
-
Filesize
4.9MB
-
Filesize
4.9MB
-
Filesize
4.9MB
-
Filesize
4.9MB
-
Filesize
4.9MB
-
Filesize
4.9MB
-
Filesize
4.9MB
-
Filesize
92KB
-
Filesize
8KB
-
Filesize
4.9MB
-
Filesize
4.9MB
-
Filesize
4.9MB
-
Filesize
4.9MB
-
Filesize
4.9MB
-
Filesize
4.9MB
-
Filesize
4.9MB