hxxp://www[.]mediafire[.]com/file/q12diacugxv2onu/for-pc_setup-2o23[.]rar/file

Resubmissions

07/03/2023, 15:46

230307-s71slsaa8x 7

07/03/2023, 15:41

230307-s4z2xaaf59 1

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2023, 15:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.mediafire.com/file/q12diacugxv2onu/for-pc_setup-2o23.rar/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133226809110608746"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
452	chrome.exe
452	chrome.exe
4448	chrome.exe
4448	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 2968	452	chrome.exe	86
PID 452 wrote to memory of 2968	452	chrome.exe	86
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4580	452	chrome.exe	87
PID 452 wrote to memory of 4300	452	chrome.exe	88
PID 452 wrote to memory of 4300	452	chrome.exe	88
PID 452 wrote to memory of 4264	452	chrome.exe	89
PID 452 wrote to memory of 4264	452	chrome.exe	89
PID 452 wrote to memory of 4264	452	chrome.exe	89
PID 452 wrote to memory of 4264	452	chrome.exe	89
PID 452 wrote to memory of 4264	452	chrome.exe	89
PID 452 wrote to memory of 4264	452	chrome.exe	89
PID 452 wrote to memory of 4264	452	chrome.exe	89
PID 452 wrote to memory of 4264	452	chrome.exe	89
PID 452 wrote to memory of 4264	452	chrome.exe	89
PID 452 wrote to memory of 4264	452	chrome.exe	89
PID 452 wrote to memory of 4264	452	chrome.exe	89
PID 452 wrote to memory of 4264	452	chrome.exe	89
PID 452 wrote to memory of 4264	452	chrome.exe	89
PID 452 wrote to memory of 4264	452	chrome.exe	89
PID 452 wrote to memory of 4264	452	chrome.exe	89
PID 452 wrote to memory of 4264	452	chrome.exe	89
PID 452 wrote to memory of 4264	452	chrome.exe	89
PID 452 wrote to memory of 4264	452	chrome.exe	89
PID 452 wrote to memory of 4264	452	chrome.exe	89
PID 452 wrote to memory of 4264	452	chrome.exe	89
PID 452 wrote to memory of 4264	452	chrome.exe	89
PID 452 wrote to memory of 4264	452	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://www.mediafire.com/file/q12diacugxv2onu/for-pc_setup-2o23.rar/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffd94ad9758,0x7ffd94ad9768,0x7ffd94ad9778
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:2
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4988 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5180 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5540 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5592 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=6332 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6376 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6804 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6844 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5896 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1664 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5560 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5604 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5540 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7012 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6752 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6616 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4956 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6448 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6164 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5124 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7044 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7208 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7228 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4728 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7520 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5184 --field-trial-handle=1836,i,6912477836704207132,15338664390929024332,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4448

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2592

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
c1343efb8511d9961452ba576fcf2b6e

SHA1
d6d9a39d95a135d2479a2a7f6351d242d56dbfe9

SHA256
db77241240d9944f6a988e58eb1262c7644ae2973fe234fff4ed30c7425642ac

SHA512
6d4fe4decdb9c1f78ad5b518aa9cf002c59c82ca4e784cbacf8a4270b20dc815b667f976236b4b42d5f8f948c9a0f29ee018b88d3663c76ce93ad9e5d70d1a51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
f11cdaa569165482d95198acc4b212fb

SHA1
1b18f4688b3773b65dc496a901e088d8a36dd2e1

SHA256
d31a91b4af71420bb557018aaf461807cfed15e407f64ed8dccc55427670ec10

SHA512
334ed25d464afa744bfe6b767d44e8b1c36a4ec83273b0841f88e6fd612da08ed77bff3ee3af60b412ffcda79d3a123ebdbbba6243e622e96b901856521dcb02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
95ad366f4fa5b83b1344d54ec92a8940

SHA1
bde567d8b2b6cb75c2ce098e3d270d2112dd63b0

SHA256
6ee586497ec79dd1aa9238f62b3a792fde21e6d5a5423c7962abbc9f55f26e66

SHA512
d81e9b8f77708cd777c0ccaa424af4c3ec6369b5429191c7635dccd394a9431d6d152cbcb9691e7f68d7bf98503c5d4e9f0fda63190839eff5991c590bd226de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
1d3961a0ed3925e4b9094cdf443476f0

SHA1
02a310df9e0b6fd97418345fee782fee746b8c61

SHA256
9012943943b9c11a822443e2f5579612ff58b82af3ad8eda530f405b23aa8c9a

SHA512
bd09f9899430a4ecf4ed72e997753f439fa29b67ee6faab9accafbc355c48fd665eb76962b2088e59987d492000682918568c04bc4ffc30f32024ed09625afb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b092957a2cc4c5bfc9576f4daa6a428e

SHA1
3d9ed3959ec7d798404c711e6604ca8004d8b66d

SHA256
f36dcb5c47b66f7c489d0db5f7edcc4a973f473ab12825442a52cda0d594c1dc

SHA512
3133952d68cb3ab80aa5757a584d59d2e47a664289edc6017436f1998cf1c18d04d346b103051d3833741443173531d35b395594c59d976a3728fcc78c8877d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3cf25e634a3eda15050359679bc6965b

SHA1
0b91987218d53aacc792b716e6e29178d6d8a36e

SHA256
f6f82b69d1a84d0dd269a45c75617b4150ab01045c3802774568e12fff81808b

SHA512
218d988b8d0f4bc1596f48feb6e3ff9d952f96d932396bc548d42d8a1b11d4167346bccd48edb8b97acbd7d7ae30bd4246a8c60f377469e16e00fd8f7cb83640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
78ffee56711f7d51cde63e570ab83162

SHA1
2cee0ac5ac275c7740a2fb4cca0bbab8fa586076

SHA256
63349c103d5aaf6a38c452877fe5c8db261415fed7b81dd686954ee0306f9817

SHA512
2f9743acfabc2aabacd4cb044deffd4cccc6e289c6484608afe9bfe5cc8694b41ffa5579cbcdea6ea6690fbaf5ac91cc4842fe991b3d11191fe35f96c5145b5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
29b0f467cd6070e914f3346bd2885f85

SHA1
b322866fa297224b6bb22ffaed5e316f63e97ddf

SHA256
a141f55d93fad920af3832cebc7299f10714c946ec429ed30251d2ef48ddc956

SHA512
a3241bb1d54280e75d18e51f1238c34eee3230a95bb6f35fd92a40b4e96f1714cf55f54a88d085ea50d92e42a1a571dd104e999bb570157488572f1a358b4c46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6b705bc73366d4f40f02b9713a6ddfca

SHA1
43b72e2cec67b8ab47d52c5b5438de5e0d1a3bc6

SHA256
11bb158e81dcb73486e52ce04b67a5a3e223bdffe75189705602ae36173fe462

SHA512
af168594061ad4abf8c4000ddba167f7555638177e0ad04c8899cff87b8f20d8c9dccc34e086c10d5079105dbd43c1fdb7ef328fdf0774be22dce2f30644ffd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7948c4a9199bae13adc9ad1aa50df6df

SHA1
3f78be028991b6d506b4985a810d9bbf396fe886

SHA256
ced79e53bc03eddac458bcca77c061776e41e8507614c3c188105eca27a1ee69

SHA512
ae57624026e35464519c9af7ff811099fe4590dfaef6cd84bea0f766b2e97aeb670825e5b6214404ef2d092cb1ef63e259785c1dc8a0370d6cb53fd99e918058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e0a66ec7-418a-4f4d-97a0-1426540a64fe.tmp

Filesize
143KB

MD5
0a259d62ad9911a242242b75cb5093b3

SHA1
976df1822fa01195764a2b57cc32d2deb1b9d911

SHA256
a936e6dfc7155931f289193d39df9cbee6ccb38a3abcb8e2d687c9d5f1b603dc

SHA512
12d79ad48ee2953df3aa5fa055a7e0afac198ba2a2d3ecb4f3ae0343bffbc953bd4334b4581f50da88f6da81b8e52e87811eea177c56ac4c67292e75c4ebc73a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/1472-260-0x00000214C35F0000-0x00000214C35F1000-memory.dmp

Filesize
4KB

Download
memory/1472-254-0x00007FFDB2060000-0x00007FFDB2061000-memory.dmp

Filesize
4KB

Download
memory/4448-449-0x0000020999E90000-0x0000020999E91000-memory.dmp

Filesize
4KB

Download
memory/4448-448-0x0000020999E90000-0x0000020999E91000-memory.dmp

Filesize
4KB

Download
memory/4448-450-0x0000020999E90000-0x0000020999E91000-memory.dmp

Filesize
4KB

Download
memory/4448-454-0x0000020999E90000-0x0000020999E91000-memory.dmp

Filesize
4KB

Download
memory/4448-455-0x0000020999E90000-0x0000020999E91000-memory.dmp

Filesize
4KB

Download
memory/4448-456-0x0000020999E90000-0x0000020999E91000-memory.dmp

Filesize
4KB

Download
memory/4448-458-0x0000020999E90000-0x0000020999E91000-memory.dmp

Filesize
4KB

Download
memory/4448-457-0x0000020999E90000-0x0000020999E91000-memory.dmp

Filesize
4KB

Download
memory/4448-459-0x0000020999E90000-0x0000020999E91000-memory.dmp

Filesize
4KB

Download
memory/4448-460-0x0000020999E90000-0x0000020999E91000-memory.dmp

Filesize
4KB

Download
memory/4580-137-0x00007FFDB2850000-0x00007FFDB2851000-memory.dmp

Filesize
4KB

Download