e4ec3a45621dd556deeea5f953fa05909c82630e9f17baf6b14272a0360d62d1

max time kernel
90s
max time network
93s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
25-01-2025 00:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4363463463464363463463463.exe.zip
Size

4KB
MD5

16d34133af438a73419a49de605576d9
SHA1

c3dbcd70359fdad8835091c714a7a275c59bd732
SHA256

e4ec3a45621dd556deeea5f953fa05909c82630e9f17baf6b14272a0360d62d1
SHA512

59c0272d6faa2682b7a6ce1cd414d53cc39f06035f4f38a2e206965805034bf8012b02d59f428973965136d70c89f87ac3b17b5db9c1b1d49844be182b47a3d7
SSDEEP

96:xBf1inGx9SfZ+VCv3wlTDMQ1kyKXyyJNOBIKkNvL5qK+7zHf6MlYOQVPGmcEy:xBfwncSf8Cv3w9DZjKXjmBIKEvLs97D5

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133822386044404167"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3973800497-2716210218-310192997-1000\{24752493-E795-4360-BA5C-1A9757299A02}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1548	chrome.exe
1548	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	1224	7zFM.exe
Token: 35	1224	7zFM.exe
Token: SeSecurityPrivilege	1224	7zFM.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
1224	7zFM.exe
1224	7zFM.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1548 wrote to memory of 3868	1548	chrome.exe	81
PID 1548 wrote to memory of 3868	1548	chrome.exe	81
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 1124	1548	chrome.exe	82
PID 1548 wrote to memory of 2392	1548	chrome.exe	83
PID 1548 wrote to memory of 2392	1548	chrome.exe	83
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84
PID 1548 wrote to memory of 4768	1548	chrome.exe	84

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb9ffcc40,0x7ffbb9ffcc4c,0x7ffbb9ffcc58
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,3109038675519355156,2066371061997783776,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1784,i,3109038675519355156,2066371061997783776,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2060 /prefetch:3
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,3109038675519355156,2066371061997783776,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1792 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,3109038675519355156,2066371061997783776,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,3109038675519355156,2066371061997783776,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4428,i,3109038675519355156,2066371061997783776,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4372 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4468,i,3109038675519355156,2066371061997783776,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4588,i,3109038675519355156,2066371061997783776,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4784,i,3109038675519355156,2066371061997783776,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,3109038675519355156,2066371061997783776,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4948,i,3109038675519355156,2066371061997783776,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5056,i,3109038675519355156,2066371061997783776,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4640,i,3109038675519355156,2066371061997783776,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5192 /prefetch:2
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:2376
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff765224698,0x7ff7652246a4,0x7ff7652246b0
    3⤵
    - Drops file in Windows directory
    PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5468,i,3109038675519355156,2066371061997783776,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4644,i,3109038675519355156,2066371061997783776,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3480,i,3109038675519355156,2066371061997783776,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4440 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4592,i,3109038675519355156,2066371061997783776,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4372 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3464,i,3109038675519355156,2066371061997783776,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3596

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2092

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
20348c1dbdfaae9fb7ee670843d15557

SHA1
d7b283993660c708588ab39f85382f58ab53c16a

SHA256
93887bfed4522f7b4aeaa4f9098b11d39ad3463f1202a43cc7ec24995776c1cc

SHA512
0765a01f87cca853d7c779e7db2daf9d4333c409a8dea4736532d6772559570a3a2f2d5d2447bd5f1c699df222b3b4296eaeeee1afb80ce806868b967bcf65c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
b12d57d73ad98f11236b74d5d0182721

SHA1
0028ae4053a5efb9746f9e540510f2c6dfc81eb8

SHA256
8dcefc47bde5bf8df91f1225226cab20438a26654fc54b81319eda9e715e6e34

SHA512
17b21733ceab2ca8df676e1d1101451c14c70b056a3d96d4c4edbf62e4923247ae1953f2d38f90f01c52bd294855bd4703d30d339d7ec1be669ec6acf142f913

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ef9237d42d618565f150a0d2b240cd60

SHA1
bda04b12b089b9abd463fc133c3730401599cd18

SHA256
016e1d9b79bbfc55d1de9be800c24a0aba88b6c23a8fe248069427df1c838d09

SHA512
12d6394b64f637d328f35602dcbbc5bbe4a02546e675a951d7040a697044e8aa2f54bb690bc3afe92dd85b74292385702c0f923f0969cdd6c7c8f85c69d353fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
ed13ee09fcd367ea41e390852130ff6a

SHA1
4e7a83427842bf0e0ac275bbec5ea68615ca6ecc

SHA256
a18f3abe0f95beadc45d4ce9db1fa79b35004732fadf5756b47a00bfe4bf0aa4

SHA512
4ab1aac8ed523f6f6cbfeec65574654a3d92019c205f2c176be02c09770c1c4903a53c80acb6fad0f085af33607d8ee3d6c19979befd0160b188ce7d9628fe6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
da81dba33ec47c5b9e4ba49fbf187f82

SHA1
46a6de9ea2ab40da1c2e5be9e625f45b13cd2dc0

SHA256
373724f54493269fdd2722ca0990ccbc559f2f17118b751473c1b3813ca097bd

SHA512
aca570edc9c2a32da24e65659479ec7914bc88b873c7d6cc33881d505aa7600a23956450c6e74681bbc2cdf2fa24cf49b831358a9f7ba728b6b671b463d9af3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
aa7470d08949ee5f30f8489f84d3f2f6

SHA1
05c5b760a94db15ea3fc1c48449fe8bc9b7014c3

SHA256
646f571c0ae5f7e7e0df3c2c2b647adf261418c7d7515dd88859d4e956f09928

SHA512
ea4e8f48ca52d62f4deeb3d8076b26f04cd83d98ba01ab1f6ff5122cc91b401615afcf8c58b9128ea5a764baaca64f43421c4db9fe5713f680f8819f0573e71e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fe88b35d91230e9dafebed6ca84ad292

SHA1
a7b833ece4a7252215e6a9ce7eeb38e108ae0150

SHA256
371bcb00f73e8297a6d8f02c46dd533c6660935c554f74576355d1a2816dcffc

SHA512
50c9926f9bc2476fdabb10d0cd4c9970739c26b13d86d3a16964a36695f7b3feef04a263d9ad4f61ac9b59f8e0e4c1a76daadce5d6c31c31362b175341a7c6a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a99bc961b23ddf68ecc1d1c547fb3510

SHA1
540cda1b194171d42dac97abde5ea5eb78e22ccf

SHA256
6273326bcb39d2ebeebbddca3979ae93ebc02085254c3000ebc922932f3f2242

SHA512
0d5fc14ee3c87c63143b0955d8c76a7bec53f29b03101f3167f996db647a192f393ec7383855ba1bd55f911de38afd368664b8001bf52ca3a1b9540c03c043b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6c893d99dc31a00669dcc1094ec922f9

SHA1
5e93b7b1f694e3235d8cc0966489468cfea33f2b

SHA256
3d2dc413fe3207aabdb57c1b864b194c35599e2d31791d89d5186f03d35ccf3f

SHA512
3ee2625b67303a7d4741b34913dcb1fb2093f5b4c8a191e1c499e251465dc5010a8ebfda098230be3a6974c8258c1eda0bae4647d9f256665952832cd7fc4c07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4f83ab221e170b2214518bc1be774b3b

SHA1
528ca89846dc50c002643672106eb84381614c0d

SHA256
5f8aa6fdc8426bac4ee89994678e5c32f7fd0a014f145c0c71b241a53fd6eb59

SHA512
378b4f7dd2f349f49d8a3a19575e97245c115151383374d01a8380980bc1b70c241292f4e66998326d4722c3912b13cc43ced47687bcf669b62feb49ac3c501d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e15a940efed3245413b1b0e123e727ec

SHA1
afa27879203dc6e6874aeb77fd37e61e7a8517a6

SHA256
b7541d186a1b6fb380052e2b86c0bdba11633842c416608df611084a97b02386

SHA512
331547f3c87c5fb8cf661f4cc468606cd3465c4f107a2a4f012d0a731c9940b24e35118ce7cc85d42bebe537679c467d580aabaab0c23b63c6369ded4d725748

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
43d53f592dffe3b879c2a84e025373c8

SHA1
eebc8cee28455535e0f829f19fd09c970a869854

SHA256
db7bcf9ba0213bc0be9d13bf9e72ce42cdb4937a0c046e0129305a997e73d35e

SHA512
4006ea5813799ed37009b1f8e065d5fa1e49862473724c2df56e781a9a6fd3d9ea4fea54a63e12269f35d7eec4b4cdad259685d0fa77c33f5f6718af708694d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ea234f9b9a56b4f0a3a3d51d7957eda1

SHA1
973c88635bc2d5917e1d67f4f38bf2eba2d5a934

SHA256
1713aae2d5b68b2b8d535c0c179f812c847de106f9d4b310d050d0acc534b736

SHA512
bcf27ae1e6d3049487242b866f911a252d7d85dd7b1e8b60822977da7837e4c6ded36429367b11d6a260142339fd2a40c7eb71ce60df2a009e0956a782de7785

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
1270c5efdf3415999de869752a68d52f

SHA1
349736fbba69082827bfe12020d9f18224f34dd0

SHA256
4857ac6832abcd22efd3df28ac373b1c9ff0ddca743e6ec4607ca2439fd2e942

SHA512
592af2f76f3431a9c5333525cc183fb05146b89b43cfa9f06060949116fad91e40f7fe4a46d39592d7bf615b62dc74e6757c5a54d7e1995a4e0738dfd7981034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
3573d256f533ef146f37964bd44fba65

SHA1
1e9b73d793df53caf42dbb95bcfbf45a32404491

SHA256
f4998d3f07cdd53431884592a420f3e8c1638cda3eac0b43fec6534f57769792

SHA512
8ada42711e2019f47dc681efed404d37f18cb0c9f5afb2b9744f0eb54dc359b2b2a4450c3bc17c784df4c87ce895a83fe84a1c16044104ebbebcd5e249374616

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1548_353526922\93e3e7a7-f35f-4ce9-a250-6be0f6f6f63b.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1548_353526922\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit