ad63c13c9f488c90efaa2a271d210f84f39e723ce2a2879c3cb5c444ee1a40aa

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2025, 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

instagram_dm.png
Size

32KB
MD5

7f4f027e0e09752664b12d5561e7f768
SHA1

41d801d8c17e7973f3acf67d516e28735797e1eb
SHA256

ad63c13c9f488c90efaa2a271d210f84f39e723ce2a2879c3cb5c444ee1a40aa
SHA512

bd3a83ef7de3facf55a17b63e8c0520242ee348dfaddd2703a62656acd7c39d13e444c185af4506e4a60b020b168f6dc1937099d2d6a81ce8815f7131146baec
SSDEEP

768:EwQIrguKvrsEJI+RPLSR2CMpH663vIn1QBbMXrYkQZ:EwNgbrsEPe7IHfnBbyrYkQZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133824171851859282"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2832	chrome.exe
2832	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2832 wrote to memory of 4512	2832	chrome.exe	96
PID 2832 wrote to memory of 4512	2832	chrome.exe	96
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 2716	2832	chrome.exe	97
PID 2832 wrote to memory of 4828	2832	chrome.exe	98
PID 2832 wrote to memory of 4828	2832	chrome.exe	98
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99
PID 2832 wrote to memory of 4084	2832	chrome.exe	99

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\instagram_dm.png
1⤵
PID:1600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8fcb2cc40,0x7ff8fcb2cc4c,0x7ff8fcb2cc58
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2052,i,16288898724997546873,15865925838004569842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1704,i,16288898724997546873,15865925838004569842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,16288898724997546873,15865925838004569842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2448 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,16288898724997546873,15865925838004569842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,16288898724997546873,15865925838004569842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3664,i,16288898724997546873,15865925838004569842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4868,i,16288898724997546873,15865925838004569842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5060,i,16288898724997546873,15865925838004569842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4448,i,16288898724997546873,15865925838004569842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4488 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5088,i,16288898724997546873,15865925838004569842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4932,i,16288898724997546873,15865925838004569842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5180,i,16288898724997546873,15865925838004569842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4476,i,16288898724997546873,15865925838004569842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4912 /prefetch:2
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5380,i,16288898724997546873,15865925838004569842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4548,i,16288898724997546873,15865925838004569842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5448,i,16288898724997546873,15865925838004569842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5696,i,16288898724997546873,15865925838004569842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5600,i,16288898724997546873,15865925838004569842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5260,i,16288898724997546873,15865925838004569842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5116,i,16288898724997546873,15865925838004569842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5092

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4080

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
6d9918e5da0204fa56e2aac80405fb37

SHA1
a6f4d47c9a9927a67b99c11e95c040819c51d3a0

SHA256
36dc3ac4c380fbde73120249931c5ad99fa843973aaebe25b727f90024c35aeb

SHA512
0a5c645169c7af218f159566bbf1d1ef9b41dc43dd717b46083d499eb9922eab60c686742b88e968127418f4de20e98e0af5c4668bcab7b7381632310051b23e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f6236a537ddb0b1a0a78c38001e66511

SHA1
b328e1d5a54825231f0cf7f44e965738a4527cbd

SHA256
e728bc1230fedf86af7c659cae22069a3ff4195f4fa5782b19a117a862636ed9

SHA512
1cb97c5b99698e97bb21a05f3ad7cec02022315c6b2a11c625a71fd21662fb1cce4d1f929926ee159d1e3197daca18bf85f335a59db92fe28e93ce691fef787a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
b777098e12d8da05824b61a48f09aead

SHA1
0c59485a8fc048134b7bd607c72e691ae180b4e9

SHA256
1b698a937745d1c6d1db37f585a701c2640cf1825c574c34ae81073b61619f95

SHA512
d1abca0339cb361d1098c1d38db967239de479105c9f899495394dc126787abdd324e38b348514afec65ab8e2db069fd711050f3f94b162c2fea9c6dbb0a03aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b81b34b18247de09f34bb008683e2564

SHA1
09669c6f96c6e20711d9db5885012bb01b22220a

SHA256
ecbd88e3935388fcbb357dd133ceeb8aec539789dac0f8a22b8e56f67c979767

SHA512
1275cca012acca9d72282d34bb8bb2b75a1101c12f4d332d39ce6f2c1bb8ca5c5b852ab1a7b90eee992cec65191b791833b09ec9830d4b5307530a2dde0d6220

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
54f017532b1f9b4bdbe2b2ffc1063ec4

SHA1
932bae87701a3082508d94e8d8c4e044f679c45b

SHA256
040ea235f4ea6bfa31a64247221c8cbeeed62654e870d1299f3d367d5da31a57

SHA512
7da3f3a0c2592883654bc45c6a4ed4462e898047851510a8adf64084cb0c3bc6181d30a01ac2fe004a8581daf9e8eb54594c16d659f7e66a0c6f2e842ac1823a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
730d185e01c4dfec8389b7e69d5d67e2

SHA1
17e171cc8272c25fd90a584743e7cf551e8355fb

SHA256
4a433444605442b7314a5097940d97d789957a847193e0992036c19408532c6c

SHA512
f3360a9878c57f8a087eda03a00d3520affbaa0dd5b41c3fa79d6ebbaef18e4d2d7c97fb1dfd1a3caffea89bcae1efc67b792c96e4841042e84804f2a433ed82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
47f1ea85f4abc00d90563e1e11bbe00b

SHA1
04532cd06c76a5195a1a57e05e35d6f657a5fb39

SHA256
74af940d9655eafb4cd1ff5db78600c69c615756f976d86327212626427f5568

SHA512
8717ad4dc4e57e63a51e88e3c7002b01262781adefef2147845009832862682e75e156cd6f685b55b15eadaca0614e1beb45d2ea0e3d2b4cb5496c3b3ffadca2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7c199df292000811b862d736fc467966

SHA1
3fcc875b009aa5769405763de3ff352ca900431f

SHA256
ad3e4f8500f0612d77e21e3545040764ce579746aa842528af6e4ebc9ec07578

SHA512
c0f9ac6c850c6d0c2a21baca2cffa34df91fd082ffee70d86ed46a06166939c38aec39805cf6d1c1fef39bba3e4cc9bc108563cf8375b4c551c64e1cd469a2fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b43f8b4bd64c962e40f262e787941526

SHA1
f294a95ad54502471e2fc67ead10e3876d24aced

SHA256
cabd1deff9efb403e713a3903b5d5ecee4970df42e83688c324a84a17f6cee5c

SHA512
683f1781517fc184aa946b68367de634d293c0c71d47801224b08c6c804dc2fc8ba66e18f19c5d2c3c8bc2d57972d9cb92129cbeff1fc0d11dc70e36c64da84b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
71f063126732a06e609c2c10d1dd7caf

SHA1
9d3607f00ab6cb30391feab99e3a21c2780eb6bb

SHA256
de4ec4b7bfb72c582a3c378e5c4a029b224b7afe10101a8ba249299bd901c52e

SHA512
7837dd2253acbf7c7ac04e896c078fcdd0aa49d66025db07368342db3a4a53b66c1887068d5d19f2d57a24c349d1e9841d5ee46d1ea304c1a9b523d01d8ce31c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1ed057e67351b53b1366c757fe23bf38

SHA1
b57fc0db461ae5cf7394c4fb5deb15f72167790d

SHA256
071c90be433fc1d974af70592c344eef5c0f13b9fc5f604d64ae51f61415b08e

SHA512
ebee2543c3c07d0b2af3b234bec6c797ad91eaef8de3faf36ccaad76fdca3d55bcd05ef552abb00ad5fce0e80204adcbde10b8114ff488ebc6955768f22c3f86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
fe1510d53c1ab21e98d27c44dc16c8fa

SHA1
6e54016ad51b6ded3c5ca0d72f22ae61cd80f2c6

SHA256
22e2c6840bea3ce307a854ff0c1fc6fee2835712bf42270c7af3d28e3f9d059e

SHA512
d862f72aa33e0d0dba5430a2118d20faf095333f6964ece7ed071476c320fb9a4e6e119e8d358c175a1e905573949d8662c236594d1cc3d0e34cd6439c156b48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
bd59a6af0f43350e224c68da810c1f3d

SHA1
f2cc1932fa78058e1cf1065a1c4f65874e70bdfa

SHA256
dc9fdad62df91d6bec875e8705fb329f9dc108d4238e5727cbabc47d837315bf

SHA512
d0a2107656cc6b5f839dffee7d331f94acbc9b43c72d410c3c0b9c92b69c84092715d5a788933aa5f93ba6e4b3ab082f992ca30e4e5817aa90230b6724d63319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
6bff5a35426e77fa9aff85df2bd9848e

SHA1
4760ebfe4575bc27c4e802d6267d1770277f58bc

SHA256
3848cc1de666c40a98f517467f6e234dcfbb8e1edd74579717945cf3afc1678d

SHA512
964f501753a6a1a0a4a3bec1479da1cfd3efa63acac9d7232134f8eb4644e43528eb0f9cac5523f609affbf1d02a2eb47f07c93891e5a55aedd0c2e8d7e6fe42

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2832_1629158895\30b7793e-5927-47ff-8b59-2dffdc667bca.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2832_1629158895\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit