487f4dd9bdbe94a9cf1a04a8fdec19f16f86864d05d06f0511544b3ff68c850c

Resubmissions

16/04/2025, 23:23

250416-3dkjmsw1ds 10

16/04/2025, 23:22

16/04/2025, 23:16

16/04/2025, 23:10

16/04/2025, 21:45

16/04/2025, 21:28

16/04/2025, 21:16

16/04/2025, 21:06

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2025, 23:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

virusshare/3/VirusShare_5c8b670c503455baafbff400a446cf82.exe
Size

208KB
MD5

5c8b670c503455baafbff400a446cf82
SHA1

a3eebbc14b852f77318d9bd09117b1ef56f35ede
SHA256

22564368a2143231eb51f0ecb501d9777060fd9dd832dcc88a799520884da40c
SHA512

6f9bf4e52523c32d980ab29c63e21d29aafd358c7c2cabcca6455685e1a683f96a718efe230d76687b72ce60b24c36c541e720a2d86d490835d481cf93c12d64
SSDEEP

6144:jG3XIHrH91T+dG8tlj+ur37VW7SrBLl2mr/ruei+QE4lIVnAEsnnnnnn:jG3XorH3YGeljtr37s7SrBLrTaei+Qtz

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3680	3224	WerFault.exe	86

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VirusShare_5c8b670c503455baafbff400a446cf82.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language	regedit.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language	regedit.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language	regedit.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language\InstallLanguage	regedit.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133893187111756552"	chrome.exe

Runs regedit.exe 1 IoCs

pid	Process
4684	regedit.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4684	regedit.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4772 wrote to memory of 4852	4772	chrome.exe	99
PID 4772 wrote to memory of 4852	4772	chrome.exe	99
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 2060	4772	chrome.exe	100
PID 4772 wrote to memory of 5892	4772	chrome.exe	101
PID 4772 wrote to memory of 5892	4772	chrome.exe	101
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103
PID 4772 wrote to memory of 4868	4772	chrome.exe	103

C:\Users\Admin\AppData\Local\Temp\virusshare\3\VirusShare_5c8b670c503455baafbff400a446cf82.exe
"C:\Users\Admin\AppData\Local\Temp\virusshare\3\VirusShare_5c8b670c503455baafbff400a446cf82.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3224
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
  2⤵
  - Program crash
  PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3224 -ip 3224
1⤵
PID:2652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x11c,0x120,0x124,0xf4,0x128,0x7fff5449dcf8,0x7fff5449dd04,0x7fff5449dd10
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1988,i,4882331974080321103,14699761000868841410,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2032,i,4882331974080321103,14699761000868841410,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2412,i,4882331974080321103,14699761000868841410,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2424 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3208,i,4882331974080321103,14699761000868841410,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2416,i,4882331974080321103,14699761000868841410,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4468,i,4882331974080321103,14699761000868841410,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4492 /prefetch:2
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4772,i,4882331974080321103,14699761000868841410,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5376,i,4882331974080321103,14699761000868841410,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5592,i,4882331974080321103,14699761000868841410,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=240,i,4882331974080321103,14699761000868841410,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3976,i,4882331974080321103,14699761000868841410,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5896,i,4882331974080321103,14699761000868841410,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5404,i,4882331974080321103,14699761000868841410,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2464

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2876

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4436

C:\Windows\regedit.exe
"C:\Windows\regedit.exe"
1⤵
- System Location Discovery: System Language Discovery
- Runs regedit.exe
- Suspicious behavior: GetForegroundWindowSpam
PID:4684

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
3645a9c3e658df9b27059883f4491c7b

SHA1
e2be900a40eee3cdf01c65e34c3e55a7c5e44021

SHA256
7fb8876bd3abbfa9fc12ebec380585f223c1aef5c55621abcc26854d7494ac51

SHA512
c680b40df053ec63fd4bc450d28eff13c43a1828fe099b0f921179da7dbc6f93339e9cc9c60bff03ba095832a04c556d5a5e49641eaf8e6b1f19f6811f916ee5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9d34054b8244d4dea82188d4acd084ed

SHA1
d7141219e20e08dfacf5def08316ab650c1bd833

SHA256
1ea6e97bf5f600b1d35e7bb8ca44632e571f76d89cae745c3c7d9ec82cb984f1

SHA512
3f186e17a5d7ad8bb259126fbed0836825ec3e7b23216eadad30e00129a7da5778e156e82dd34d6754cff9c18a3865816fa63ba4cd352b4e2bcf7cedb215acb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
65e3961c1585cae78c61f6ed4b271b42

SHA1
2c517c6a1274a39f3b01ca9b02639869887f8135

SHA256
83fa3a18205b0ce54bb59369131757120240c00912f6c45ea2596ede65a57759

SHA512
42be680165b56eedd6d5e2d7da144d37b7b53d0701dabca89df0ca55c6979e8c1a25f4cf5d41e124f120055e589f24600d1cadf033c87cdd9d037f3a7d2f86e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8d39679ef1bdc7e443813022d4d11592

SHA1
550629369cce135079f5c6a6346a92d23b9c6541

SHA256
8cf7e399f1199ec0354c5488106e363e8dd701fe3d13c296780dc01f2a13afcb

SHA512
d86894717f5b97002249fe01a32aa272f839a6889c4f90046e904d081cb7f3461b07e0fa1a5a0baa6d781a482f4ada6a346c87a41b6f40833db41d0d607f3a03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
38078c1930b58a27885f9ab6e8d1234b

SHA1
94fcbba2136fdef4b161b9f838baa691bd0da421

SHA256
e4810270893cdaadcdfd13cb2c764c71d515604c98e86741eec1f050573fc570

SHA512
be0e64e054a90a5f7a0007d778984fc8ceb96b71b7407638693a0f4aeebd1c1bee553554a8e1ccfaada3ce9f999fa8fac36a55baabf1932e44b71340c2fb0904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580f7c.TMP

Filesize
48B

MD5
7730c572a1726cd8855c8f2bcc38672e

SHA1
83fac4094fdbc9b8934d082477a798bfb702bcf5

SHA256
be5b6fd3a285c2445e4841bf04477e20537664885437cce6f8d6cbc1fb5efb95

SHA512
4a7046ef6287ee213d39eedc709f93e41941aed90e37aed88dc73aa6c7835bbf7eb4ba8e6b0275b549c95956c4365ace55457f1093b70a3e4de3348265355e5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
eb4a1af95ecb3bed046e4c3ff1e46968

SHA1
ba8e04de966f49381c307801219d11707d4b559f

SHA256
10facf561728fb1b544d4dad029971946ab453885df0694861e20045cc75caf5

SHA512
d37927d1f5cf6faaef9a0428d631358d462068ba15db02ac9b450628ef3b29a7af83834542f0987bbd29e71f86a89081cd109f4057e4ce8ad1b8bea210f4ebf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
c348d0a31c6e5b12e1e2eb8ea0ef8935

SHA1
5e597f192c2f06b0777f9c3fc7e39a1337d8441a

SHA256
e6e4e770be467225b0786ecb5732ee8a1efa3835f4c253fdc2471783d7b09d06

SHA512
c0f9577eff158e57c3a634cdc4e7452d94decb14e5cc710ee968d33b684db705b455170675a26541808d0ef576e8403318ff9ab8cf283159ca81ae5ad6102d5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
6f718d99066b7d992d770a3d6509864b

SHA1
8cb50cc4fc42570775f08526f1bed14b6ca01224

SHA256
287a706b32b049ef5d8e40583d3c2bd1f79d944a4f3b73591995fe86167cf7e7

SHA512
9f4b2929f318096b4bb9b44d1ab2c35de0584db6f2f130affeccc6213296c2ab7ea2feba50870d901671311d5dc1c65ebce64b2a98b57eb475d2a439ef9f9f12

Download Submit