Analysis
-
max time kernel
115s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20250207-en -
resource tags
-
submitted
17/02/2025, 06:06
General
-
Target
1550fd6b2a31385d0bd5e363129eecb804368c71b705f2396d9496fe4f01eb90N.exe
-
Size
1.7MB
-
MD5
43da466ae4cc3c25a47476ae10d16750
-
SHA1
1ecfd009e8b0e3eb8a493abd13f6400393763295
-
SHA256
1550fd6b2a31385d0bd5e363129eecb804368c71b705f2396d9496fe4f01eb90
-
SHA512
6e1e98003d95100d8692c9fe601f005af64dca1c10fb3092c5eba2c39b17bd42557c540a0098b6bbc3b2f26e17871fff7f18d7d8e98ad7d9d275f24aa3b36d3f
-
SSDEEP
24576:DNSyXH4MW7rCDZZEgSQjH/Z5ic6iO1eroL2PZ8FudQt+UvWw9vWs2o412GNs/1Lg:zYBCDZZWu6n1NEW+eRl4R+tL5zUKqro
Malware Config
Extracted
stealc
reno
http://185.215.113.115
-
url_path
/c4becf79229cb002.php
Signatures
-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Downloads MZ/PE file 1 IoCs
-
Uses browser remote debugging 2 TTPs 9 IoCs
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 8 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 14 IoCs
-
Suspicious use of FindShellTrayWindow 51 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1550fd6b2a31385d0bd5e363129eecb804368c71b705f2396d9496fe4f01eb90N.exe"C:\Users\Admin\AppData\Local\Temp\1550fd6b2a31385d0bd5e363129eecb804368c71b705f2396d9496fe4f01eb90N.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""2⤵
- Uses browser remote debugging
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc3b7fcc40,0x7ffc3b7fcc4c,0x7ffc3b7fcc583⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2008,i,869872058109595493,2578843248982752477,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=1996 /prefetch:23⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1524,i,869872058109595493,2578843248982752477,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=1904 /prefetch:33⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,869872058109595493,2578843248982752477,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=2408 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,869872058109595493,2578843248982752477,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3204 /prefetch:13⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,869872058109595493,2578843248982752477,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3244 /prefetch:13⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4304,i,869872058109595493,2578843248982752477,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4484 /prefetch:13⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4508,i,869872058109595493,2578843248982752477,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4548 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4672,i,869872058109595493,2578843248982752477,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4524 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5016,i,869872058109595493,2578843248982752477,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4976 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3644,i,869872058109595493,2578843248982752477,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4948 /prefetch:83⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"2⤵
- Uses browser remote debugging
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc28f046f8,0x7ffc28f04708,0x7ffc28f047183⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10631848678985595761,13610778287339293929,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10631848678985595761,13610778287339293929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10631848678985595761,13610778287339293929,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2128,10631848678985595761,13610778287339293929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:13⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2128,10631848678985595761,13610778287339293929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:13⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2128,10631848678985595761,13610778287339293929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:13⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2128,10631848678985595761,13610778287339293929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:13⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10631848678985595761,13610778287339293929,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10631848678985595761,13610778287339293929,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10631848678985595761,13610778287339293929,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2640 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10631848678985595761,13610778287339293929,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2644 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10631848678985595761,13610778287339293929,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4912 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10631848678985595761,13610778287339293929,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4924 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10631848678985595761,13610778287339293929,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3580 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10631848678985595761,13610778287339293929,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4876 /prefetch:23⤵
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 16162⤵
- Program crash
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTVFQTdCQjItMjExNS00RjUzLUFENzMtOTBCQzgzNEUxMjlFfSIgdXNlcmlkPSJ7MDU0RkQ0QkUtOTQyMS00QTFGLUFBRjYtODcwOUE3NkIyQTc2fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MTQwMkU3M0ItMTRENi00RjAzLUE0RUYtRENDOUVDRjgyOURGfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI5IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDcxNzgiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxOTY4MDM3MTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTI2MjkxNDg3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 396 -ip 3961⤵
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD55b42bd77a6a659a5825e926c976ec460
SHA1518b26e358773d83f278f19c4829a8613f2889bd
SHA256ed577eb271093dc7c2899a01cb01c20ba1ae73adfb8218c2fb363639cafb01aa
SHA5122412d1f57d4297f5d78ec0e038c8b1862d3a1e94441a9b4531f0a4e9e3c8d139fe67e260b9ee107cadc8730bddb90ece797c9cb6002d936f5cc7a6ab8a7f92c5
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
126KB
MD5c8e215bdd1e9757375c684e42dae96bb
SHA1f7d785c73eef7dbd49b3bd4587cc29be35b6726e
SHA25680827cb7cd1c6602ef4756b452ca3604065b830a070f3cccf452f180c5d05c88
SHA51279f499fdea7cd36c4a5058a29759d7e43cf0fb9b3adb815d84cf467b917d61d3061c88990d001f53dc4fce35d7c83c0acbda26b45f142bf6a62d484521c9f999
-
Filesize
829KB
MD5c324b5d207d11f8fe94c24a512dc1cff
SHA1fdbb13a628ca0dc72a64038e474d7800dc845b79
SHA2562a4ae4c72e47f0e827c5033b23a589bff92b12ed7a9043f9f78d8098c93ef992
SHA512a7f20969b3bcecfd64f24b5da4b912fb59d01137309009cd5313c2eac7848fd6f7b4bcc43347754faf87549d6a88c42fe00e2f23470c7bb308fb5fb6d7046af4
-
Filesize
839KB
MD50867e98211aaf1e29b7798cb400b1a67
SHA1821a6bcde055338668b8f66def2d3cb2ba3811e5
SHA256f7e174fcbaa82354b5f3ca244ea16e11f7076bf52362c1c8019ee11d2fea497c
SHA5127ba9a796e61d4092891b73f08fe88746f6d25d9ae77e82beaa99ae22a8a2a30add672db5fc1fe3ceb130472a5fe3a79c271fe8bdfe916b71e6d440c6eb0123e2
-
Filesize
838KB
MD524c8829509e76ad8dea7227b5780fea0
SHA18d4b5c32523cc96095f2d8798c3948529ffc3c5c
SHA256f0135f41a5daa4b606758bf675fef5072d069e3fc81076381f9818d260915093
SHA512633f817eb75acad1e2f043fe1588699112a7eb31672e91027a3c1f50de3841f9264c1684f665d2d7d85b228614a13455b81171ed03dae59e47ea3a2a409133c7
-
Filesize
826KB
MD54d3b251132970a768f0b8d33ddcaf278
SHA1f869b03ee4e6983d22d58341b608eb6f0450f0b1
SHA25657c9ee5654a21b96c39bdf24ab5bd30608c2c2d0b0c872e73df9fdfb6f3282c5
SHA512690ac0120561f78c7649ec4765e326ce84855e6657186d3f36bb8c604d4f79b13e658c98ca33ab8d1c989d1ecbc8aedc6a0db6beecebf813b27f97f93ba7168c
-
Filesize
829KB
MD5838fbf31fefbf8a997acab124ce8c237
SHA127a68cb8f3a01409c2af270fa2bc1fc3b83657d0
SHA25622327f6e2122e2b40401b1c8adffb35f5e619f21c22aa2bf484042a9f69b6d7f
SHA5120d7d5f8e56b6b6528ace7f05a58345067067b9e592b329355290d67c40e5a33d0fcdc4b7bf10c7e71f4d778632f73bd25b48ea1ce33839070f5b1606c96d7ed1
-
Filesize
5.9MB
MD52ce09eb84bd90794f49d844859838f6e
SHA1177855b4a16e46528f0df03b4d2b5c17972c78c7
SHA256c6ea9afe787493a889532da42121202b4c7e118d56a59b33f90196758c3a278a
SHA5123cec6aedadc6bfeb13b34bfb76e2ad5d3cbf8c2b35a827713e28032550bf39f882b57212e2cb85705f8ba1a9adc762c42194af322437eb5d95cd82a18c4b883d
-
Filesize
838KB
MD50890c4d8b98181b61832a3c173c2b930
SHA1d83ed05c62742b92937018c3e58e888ce2b9e68b
SHA25628589c5602ff1e5dba69428f3f1c1aff054be5f3155807bc7173fd6bab3bb639
SHA512ca8bcac9bbe769eb5d0572e6a369bee187301fc5256e69210211171682dccfbaffdc0b02fb422acaa78d3aaa8f21f3a6357822775f65fffd8ee4ec909fa6c59c
-
Filesize
825KB
MD55204132a91f933a0d64092d94187d8c7
SHA18e9b625ef74a2981ed56b07647eb0fbdb9626bfd
SHA2563ccb5abc866e87ce74067981bb31de398aff8de05063b5dec4f8b0d6bc2cc784
SHA5120f3a1f7cad971c118a0b6aa90755b4955e3bcd0ff02a59562929d62bb5d7f13ca8eca7e403fb7a3565cf6f6d16cd736a28ec72e671e7e49d8ac724f876e81244
-
Filesize
829KB
MD5928cfbea63adbe52379fecb1e3896a78
SHA19e048a06d307dc9f90fb4ac692a3895d87c64108
SHA25696335519c65f2a9685a99c00c1425e4319f2b6709cde918f68e63001a2fbd595
SHA5121634e8667c36784fa8f393be70665330db19ead41a77c6c17f34c6417cd2fc9766b3ef4d820bdea9b822d621ed20f09ddfa85c31248aea498a7e9f8fb2f40edb
-
Filesize
825KB
MD5ab0586be1ee3f83b7efc857d639bdda6
SHA17dd26b4128664cb6af6435b2e3bb398c8b38f102
SHA2568d7bab438d19208a516ac4044642c817b9e64716fdfb662b42fe576777d251e5
SHA512331df74b141613a75ade34e71c0dacbba19e3cc83eefab22e00dd492b667e958e3925d4306cce49168dd70083aa352c0a8934e30233d5f4a7f753dc6099367a4
-
Filesize
152B
MD5fd8d517fc88af81dcc9b495f1666d614
SHA192b1fb7043857a0a36ee91c0ed9b9e45f8974365
SHA256ad5850e42d99c4e5bde6af20a77c69a9c55dd6aa2f4b4c8a3714b99d886316ce
SHA5128be94fb6a57efdd20ba96226c4165f542159a64aaf6cd9bf24153709e2674b0c2803c1438bcce73ae53094da6b28f5c738692aab4b9b5a7a707b38185eef9247
-
Filesize
152B
MD555e898c831b006424e16e7a731334d1d
SHA130dc5b4a0762452bc8984ddef9b8ebd256673421
SHA25626a8efa6e68c1a8e229715fd1da416533ec10ac194fe9020570a64d3bb4a25cc
SHA512ea634cfe27ef319d94bc43075bfb81f32075c260ebb5ba1f95df78952011246eb5ec243fcaf2c1cdfa8dfd30c517e0fcf763fdcdd04713ca61ac9fe70bcabf98
-
Filesize
152B
MD5e72002b5dc0f4cfa489693cca093b715
SHA1428c929026b67ecfbc3e4530368770d521b3b3ec
SHA25633cc02d2ce5b928b3d7f2a8b79a81b2a18b6cddb3e6b09ee273f4741ff320219
SHA512911fe24c2a098eaae1744795713fd80e60b678071e99bca02d63b11eb526f68499002fd48182874326301840a029662cd5e69f18e62cbed7cb5c5d0a7b620289
-
Filesize
152B
MD5f58c3464415674a029ee2b136d108baf
SHA1be2542fe427f1d02f471915484ff335c84d8ede2
SHA2568303b30b17b5377a0f1db4d2fa7b2906ccb0df59001e0d75e80cd3e49bf97a9b
SHA512dccf12b1777cbbe50e6d982672ce540892a8d1a9acd94887cef5bf760612d1dc22967c989b78a7738eae5e7f2c6a72f19ff06b8ec16099e70424890ace290bf0
-
Filesize
152B
MD59f97f0e178b7131416efd4febb1d0062
SHA14d4fd08e326368564c1eb8169ca111b96559cd74
SHA2569269920302e046b81075c4f7b80b5aaa951a580722ce2f7c935937f73b4fa4b3
SHA5128a0ba020b120d80ab2fc5703e9a552903312f2581c0f3765ca2e909033db5428e419cbec15e1cafdaf4503c10c87199ab5a383f9b5ddaf687b6a5dfbc543f884
-
Filesize
152B
MD5ecb187610a5620aaf69292fbb3c746ba
SHA1d4af84f4656f8239310c633934303e2d77a71bea
SHA256f38aff6bd4e624aa0e26bb9623bff66b7b7ab3736a5b5f206dbf3df274fcf88f
SHA5129b0f840217d1c05dca449333f00b271b81a04f8ae67e14b0476d94135f6b1af6ce22c46bc4cd5737f7d62afb7ff00adacab5e12369b348b1ee7ff84a6049bb5a
-
Filesize
152B
MD5bf1cbdc01e52c5d71490db18e4d96e26
SHA1eae76c3321be3fe37e0514a00134c48ba7d682f7
SHA256a2ac9dcb59c6bfcb77bc3af33d53013e3718ba90914d91af5eadc535a14291cb
SHA5128813f617f87a9e8fb6070074453e329d096762224bb6342d245aa1cf159f53150cd2ae784f04be24057d7cc431d1bee8d3918129cfb2d125ca9e8b610d84fb70
-
Filesize
152B
MD5a928ccb94e5876acabf365e91cda8394
SHA12f0cd2b5364652179d33d47be5c3b0384c5231bf
SHA256ec2cf667fe982da1acbb51f5158354ddf580bda9c2d84f98ddba8cccbb2a2efc
SHA512c53a3888630c5569c908be8d6183ae51d23fb518180737fec2d2ef5871ad2c9a76c46df4a30f5f73f3941459e1849afe4d60155f6d4e5696e3d5ce5a10f27ed6
-
Filesize
152B
MD5d44f6d6e7efe70fab6c852bb5b7455a0
SHA10e10115d677f55f7cb4b5721e1275df5c01ea842
SHA256aa26ea90b867a3f439ee88c55f31b5a7890b3503ab814fea2d27f0149c9aafc4
SHA512ee5f719de53d37e809361d56039002e974f0cf1561079ada1f5cd2ea2db310cb80226ba8b9bca687c2ddf9696b71abcfffd8d5dba4a07198e1e4d3b4e2e0c3e7
-
Filesize
152B
MD5cb0cb9bc9bc47b241cea8a15930aaf18
SHA1bea4efbadb649764c8c0dde5ffb550e2a5f91a26
SHA2567ba3da7afec53ca47958b26551707592ea453b1af13688f37fe0e1ef411a8b8a
SHA5129eccc1a158c23dc034e4676ee071414bf9c67912b5e2ab6181d325167ce008e13c916967be62c845d4c7f637c03cca9676af0c41ec5e946925050090d0b49e1f
-
Filesize
6KB
MD5519be86b076bd042f85a6f49ee417091
SHA153ab8684e048df3c4b165e33b7859617e46b9885
SHA256a43a454c6226d133356349d61080b20257418f51c5ea81322956f73811a255fc
SHA51268d383670b760a1a925043555493e07e378835baade4ef58ce4f752d58b7e9568b6e95a7ffd3b10ecaca907de9d5533e0bfab1079e955c2ef96df2ea61137601
-
Filesize
6KB
MD5fa8bcf74d40c5de936033f3b65d86d52
SHA18c73570694b48a759bf9512b517cb57be8b0c121
SHA2566a957c424a50c77be4ebed904c96c08565c04645a7ac99affa672ab178cad3cf
SHA51211e509dc6797ea62ba9cc6d17452ddc19c021adcd2d4d5c0ef3a074242c0d25f088d42017993a6f4d487b94af980d74af1e7aff13203c3b0d95883d75ecd2930
-
Filesize
10KB
MD58e1eeda0822ac4414e69b18e7f4bfd59
SHA1d3a85fdf4bf457c4d487de1ff3faae5f369c6e1a
SHA256d2ac04422ebcf240b3cb9aa5da5efe000fcf121702fa29f3a8a66fd2e5567d9b
SHA512f2df89df582e8dba18511c8569b00adf2818dd1cff89dc90bd423810fb1a5decd77a04a268d27206d4781f50a84dc129a19493e4d4c99ea2d3102bd8b774c20a
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
92KB
-
Filesize
6.6MB
-
Filesize
6.6MB
-
Filesize
6.6MB
-
Filesize
6.6MB
-
Filesize
6.6MB
-
Filesize
6.6MB
-
Filesize
6.6MB
-
Filesize
6.6MB
-
Filesize
6.6MB
-
Filesize
8KB
-
Filesize
6.6MB