hxxps://www[.]mediafire[.]com/file/acu404dedtvxh7k/WIN_APS_V24[.]1[.]1[.]238_AP_ZNT[.]rar/file

Analysis

max time kernel
177s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2023, 14:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/acu404dedtvxh7k/WIN_APS_V24.1.1.238_AP_ZNT.rar/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133233692472700330"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4912	chrome.exe
4912	chrome.exe
1508	chrome.exe
1508	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 408	4912	chrome.exe	85
PID 4912 wrote to memory of 408	4912	chrome.exe	85
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 3212	4912	chrome.exe	86
PID 4912 wrote to memory of 4512	4912	chrome.exe	87
PID 4912 wrote to memory of 4512	4912	chrome.exe	87
PID 4912 wrote to memory of 3428	4912	chrome.exe	88
PID 4912 wrote to memory of 3428	4912	chrome.exe	88
PID 4912 wrote to memory of 3428	4912	chrome.exe	88
PID 4912 wrote to memory of 3428	4912	chrome.exe	88
PID 4912 wrote to memory of 3428	4912	chrome.exe	88
PID 4912 wrote to memory of 3428	4912	chrome.exe	88
PID 4912 wrote to memory of 3428	4912	chrome.exe	88
PID 4912 wrote to memory of 3428	4912	chrome.exe	88
PID 4912 wrote to memory of 3428	4912	chrome.exe	88
PID 4912 wrote to memory of 3428	4912	chrome.exe	88
PID 4912 wrote to memory of 3428	4912	chrome.exe	88
PID 4912 wrote to memory of 3428	4912	chrome.exe	88
PID 4912 wrote to memory of 3428	4912	chrome.exe	88
PID 4912 wrote to memory of 3428	4912	chrome.exe	88
PID 4912 wrote to memory of 3428	4912	chrome.exe	88
PID 4912 wrote to memory of 3428	4912	chrome.exe	88
PID 4912 wrote to memory of 3428	4912	chrome.exe	88
PID 4912 wrote to memory of 3428	4912	chrome.exe	88
PID 4912 wrote to memory of 3428	4912	chrome.exe	88
PID 4912 wrote to memory of 3428	4912	chrome.exe	88
PID 4912 wrote to memory of 3428	4912	chrome.exe	88
PID 4912 wrote to memory of 3428	4912	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.mediafire.com/file/acu404dedtvxh7k/WIN_APS_V24.1.1.238_AP_ZNT.rar/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffb9ab99758,0x7ffb9ab99768,0x7ffb9ab99778
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:2
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:8
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3212 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3224 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4844 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5072 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5368 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5760 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5776 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5732 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6404 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5504 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:8
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6216 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1748 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6160 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5640 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5840 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5780 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3968 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5436 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6236 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6256 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5396 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2960 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6672 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6832 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7264 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7244 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5952 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4476 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=2792 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7160 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7528 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7096 --field-trial-handle=1828,i,1533859757490468576,8544028834137314818,131072 /prefetch:1
  2⤵
  PID:3692

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:632

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
725dfadacd7b746ba806f956314d8daf

SHA1
a217932961c1c5e788d3e2ec98f0451431d564a3

SHA256
5b496c58006f91bd0a1b1c08789fcf0415cf2ff1c0ed2044e9dd0f0a7d29679c

SHA512
ab63cfcd15058ddef4623d6da2e286658a5d225e31261a55829b1a4d77b92d91dc18d02cd71a5c0bab2d2a395a1d7aa91194764c3eb3fe6b2632e25002c9c8c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
96a78487b9937b4227eac356c1c14750

SHA1
0160102dbf779649228b471da911e2634ac99366

SHA256
3d4650ac695530a314bc75e5d9c74d1e9c8bcaed246a10ee0e173195af379648

SHA512
d3b584c86e59cfd04ee17c6baad00670ab90dd97193a017100bd5a3750b01edaf7a17e4c808d5083d5cf488c7f5bcfbbc43775828e7215bb8d9e596b67c9d0c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7d854bb82412d0b62bb28d785087e572

SHA1
86ddab83a7a4cec206a3fd51c363cd87ced394c0

SHA256
4931953447f0fc4b96b2527966a9f57c0b9b8b70553142b0bb0de050b7636188

SHA512
b681a04da08bed160370ecfb33728bff78075fc972d20fb0a436b1956579f1c5fc500bc265851a2ac8da97eeb7cf53f400ca351809420aa71affdcc683cd5f5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
97caaae1518a5d0b8831e87916a44526

SHA1
0970d6f35a7492b6b1dc2fdc3b4a39796e721b1e

SHA256
8cbc45162814ae00a5086fedd6cf9b45acf69d21d2431cd4d15be3fa406ecdb0

SHA512
d579e807ce86e5509fc72a6ae0d1d0904b7b54d3faa416af2cba7b0a8e72783b388d1bfba3fef9106f6eb33fdc52041546a96794a7db6c9a163b8b54c13db5b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
a9d37f9e278875159dd4f594d3994f90

SHA1
57e303017b40cbb3820cb84410061d90ea52b619

SHA256
5a34f8e9cf0ca75b194bab8d6a6b6c827b7b32088c6ed9ec3c72ca755011983a

SHA512
0f19695a7d0cda691bd70214ec9287bd48bacb3b768cc68c6926ccbfc7d8bd2e7fd48f1ca9ca531f5319683a1a58b2e66d253f2795405bca3833a286c228c636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
822a9add18a7e7fa869577790be4acfc

SHA1
30baa6affc5fe0d1c8024cee69abcf8f8f627f58

SHA256
099c44d0f3704f1a98d57a96f2331f6010679cd971535d3c3631699b87d77bc3

SHA512
0d09a0064dd0e7e543db7367aa5685eab3507361f4e9a392716f804815361f83645e7b7dc7542eea55d50e29bd33a247cb40a254654b958be49898beb3344598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
2985e2bff0f71964b707b823c49370ef

SHA1
69af2b907ba9eb1dee2a4cac8fc0e87855921745

SHA256
274902027b99ab435ce753f3822c6ed8bd5207d5b4d25cd484d3c7adfc6e90f0

SHA512
18f1b731a9c7dbe9f7281b9488d3b3215accd9eda1759dd72f0c6d2e3e72a78abe5d429dd7a6a78a07d81e325d72a07cf2e1d03a838d4c38088542b01ea039ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bc65ec09e26a9433f34d2a9684a0c18c

SHA1
415e189e5c98a639058e89ac0e442184f0e62d8b

SHA256
1d393f068fce8ff242864940626badbbe2bee5b41877746ca429808085d23ff2

SHA512
e14e0736f57054de729f08b4fcdb08f20f80cd92a0171e49399fda0055662b507aa3730a43283d2007942a21acf509825553049d906b676e197c406d372bc593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
a9d53d4870a08d8c8f216d0571884321

SHA1
e3e63aefe4902b2061157e4cfec354817f2b1bf9

SHA256
255b311e93998d94ed0ad35628010daea3d85260083eb9d5d7a809e082142f75

SHA512
62260c9fdacd8a544c02b1261baffe64562e53639c1b8ad2f8d586b1d19e8f8a3ead27c0d47e07dbe4bdee70a68f7b7f52f4f4ca89d43231c79e7aa7ebbdf2d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
194aeb45676fac396a95ecb1f842c8ea

SHA1
a3071c63f69d6219ee58fe45314f0d0932776013

SHA256
07c6dd34be5d795b0ffa44f1beb565f709a6b94972edb039a82252bae1368649

SHA512
b1bceed37355e12b47edd02dcaaeda5889b530a210628cbf4690c006eda47db1ab5a0b9f759b4393cf36d2db39ef83fd079795832e068b98a4b9c241fa07e72f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f91d079a370bc93883f8149de7e4f11e

SHA1
0bc81fb98ab4b2bf60ac1a1583dfbcd61566e6d0

SHA256
69bc98a2420cfbd280c6778cfdb86666cef21776692cb7ed38cbe8d1f2537f30

SHA512
4c2716e9b3979b04b4af7cad7edb4888d2271adba8b089c4b6637c2485f33dc22c9c9d7a52f51718332415f197b3cad4c41d065b1b8bb417c49b02e89f520917

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8b8cb1c165abea2d9aa9961b954ee651

SHA1
b52b0d12f9a351f5a40d265d619cd610d18f20a0

SHA256
78fcb6dd2c251a07700e9e0c6b1626fbbf9474f824156ad3a5bd1806278de1d8

SHA512
7716bff9943202fe1f1ce802c24a2160463cb5ea9be4c367d2af8b2220c59f12f6326863a1c4cf16f0becad10964a5cb94b1d5a0af710543430d2941daf72f3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b4d7ed64-9633-4ccd-aaf0-3d775761d950.tmp

Filesize
7KB

MD5
bfaf30bd537174844dcdc0b4318d8946

SHA1
74d8fce790efa237635a02a9b15cc827b51ea2c8

SHA256
d26b43f06bc0881bd0ba80b5e6de8be5450ff828e0a2d8aa72410d08cb0f08ff

SHA512
c70da03c1d0069913846067a3afcdc917002427384341fa6e944ab992b204feede8252c20f85e0ca444a95dabb32214bf4f3ef6982fd3999a2a96f212e3e67cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
9c2007204af5b211fc7f71594218786d

SHA1
5c286e034c760b9c16c3736f25f9bd6fa46712cf

SHA256
6dab72831021f3bca0c104d7f4dc7d7e3a00a419490b71f50f28637d6a97b527

SHA512
2f70bed774287f71ac13e7c1c10b3d699d34591bfca253f1509220bab0b3f6471fd21ae5a04f8ab5d1981cdb26efe861a6dfa8846eec73f9d5d90485b5e303c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
1ac5a35ec6df965294acfafd11192b2c

SHA1
a8450a555642656ba6b3dd8df68472ce7b43f813

SHA256
d0251c00a13645e456a4e6e0f1ce47966d7a04fb3e3c74a1c7ea9e3a4fac47e2

SHA512
f74f938e7dc2b4532613393d26a696c2933772b4f4c87aaaed3008b2f8187ddb3f61583b570da54d93b736b4e01293015932d8189bd9b6b1a3f1980f11b3fcc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
cab4412d878aca4c441cbfdfd6448e2e

SHA1
f3a839b36c53208a420f9d027f1a08aa9d7f8405

SHA256
8bef184aa1389403c5990abb5d3beefaf2872325e7afa8775f5ec33f5aca9b94

SHA512
5b51662858f2c4121f8314f16924caa2ff3b93b530e994fd02f8af963e9a1d3d8541de34e573cb68a90531bf351fd7be882e40cdcb8ffda11458f3cc91c87564

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58e1a1.TMP

Filesize
103KB

MD5
c8e574bef6cdd1c30bcf09b119df05ee

SHA1
a1750dd00237badcb5b953e52f300925e5968a4e

SHA256
c522defc3b65d82e7e4ff19e864323afb37398ff5977d7f25e11daae1a64ca51

SHA512
0841ba013800ce160b548c2d420159f7becc275c0aadde5043ef9d53130fbaf64c83aa15dde0f076452b5dc11a231edbe2fb045cd6bfc2292c371e1a1b9c2341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit