hxxps://mega[.]nz/file/0pg2iSDB#ptHn2yRhtt9IsQtQZZNB7wT_M7nk6QrQpVrIH8XwbK4

Analysis

max time kernel
310s
max time network
305s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2023 21:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/0pg2iSDB#ptHn2yRhtt9IsQtQZZNB7wT_M7nk6QrQpVrIH8XwbK4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133455090511398177"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1440	chrome.exe
1440	chrome.exe
4732	chrome.exe
4732	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1440 wrote to memory of 2216	1440	chrome.exe	86
PID 1440 wrote to memory of 2216	1440	chrome.exe	86
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 2204	1440	chrome.exe	88
PID 1440 wrote to memory of 1664	1440	chrome.exe	89
PID 1440 wrote to memory of 1664	1440	chrome.exe	89
PID 1440 wrote to memory of 228	1440	chrome.exe	90
PID 1440 wrote to memory of 228	1440	chrome.exe	90
PID 1440 wrote to memory of 228	1440	chrome.exe	90
PID 1440 wrote to memory of 228	1440	chrome.exe	90
PID 1440 wrote to memory of 228	1440	chrome.exe	90
PID 1440 wrote to memory of 228	1440	chrome.exe	90
PID 1440 wrote to memory of 228	1440	chrome.exe	90
PID 1440 wrote to memory of 228	1440	chrome.exe	90
PID 1440 wrote to memory of 228	1440	chrome.exe	90
PID 1440 wrote to memory of 228	1440	chrome.exe	90
PID 1440 wrote to memory of 228	1440	chrome.exe	90
PID 1440 wrote to memory of 228	1440	chrome.exe	90
PID 1440 wrote to memory of 228	1440	chrome.exe	90
PID 1440 wrote to memory of 228	1440	chrome.exe	90
PID 1440 wrote to memory of 228	1440	chrome.exe	90
PID 1440 wrote to memory of 228	1440	chrome.exe	90
PID 1440 wrote to memory of 228	1440	chrome.exe	90
PID 1440 wrote to memory of 228	1440	chrome.exe	90
PID 1440 wrote to memory of 228	1440	chrome.exe	90
PID 1440 wrote to memory of 228	1440	chrome.exe	90
PID 1440 wrote to memory of 228	1440	chrome.exe	90
PID 1440 wrote to memory of 228	1440	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/0pg2iSDB#ptHn2yRhtt9IsQtQZZNB7wT_M7nk6QrQpVrIH8XwbK4
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffde7869758,0x7ffde7869768,0x7ffde7869778
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:2
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5072 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5416 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5572 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:8
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5580 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5116 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5344 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5704 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5564 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3244 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3836 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1604 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4596 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2504 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4560 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3688 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4660 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6020 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3228 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:8
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5964 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 --field-trial-handle=1804,i,8599911737192059861,17211721721322057239,131072 /prefetch:8
  2⤵
  PID:4436

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1376

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x300
1⤵
PID:1080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
f8de84a161be7a6dddb7c8b04a44195a

SHA1
ad2054b46fc62da512502bca20e0c990242fbfa5

SHA256
5c339a502f5e354efff3f1cfa82fd59459876f88c147a45f7d96afa6d0c6dd4e

SHA512
a8f1008ba4ef5c645ef41e5e28bac5cf323cfd90a873e85c96f6cc92de0a4d4a3c34bf39caa29b8a9a015dd33da12e56f3af40a331dc719a61071dc0d7bc0788

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
44971a604cf4d8fdab2e07e1c8eda3d9

SHA1
23f34c24681ab7b241088f5e930093d9b6b51cc6

SHA256
b4119b6f20a136e806478c08c0ee4a1ebcc65d7002b86e0e1d08e142497f3b94

SHA512
ec1c62952cac9dde71399ca079e7f9f687bfa1f786944100d20d1719a4f73f83ec84101b88ba90a3d71c70e09798331e25a37d39a4962a7d379ef0c2d917e246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f1fe929007efe782e68420c218e52e1b

SHA1
72d5a345f05624bdb1b5a480a4583502c3b5e5b2

SHA256
a131abf5f314826f3c07560a85d8539e67773b462bbc3ed09018b79b76a59431

SHA512
27ca7c30995df8f65034281c06163c6c4a6180a0dc4fddc448c3f3470b1132381094e2f4c8b3516bd95884544b355818c8af84dd2eaa502fedfa71340ef216c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
ebcc007378554de5061ca4ce7c1c7cce

SHA1
13eda5b505a56afc02941e388247c77771661976

SHA256
64629eb51f9705134cac45c5cb358f042306ff47325bcd802417f6d72ae20d11

SHA512
431066dca8f15ec17be873b5a9ac4a03e1101e8ecdbec5f3c84c73f7002fe79813cc9411ada3fdf191447c9641983d3f8c9178ddb85a1c90b02ce36e7d07e79f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
f7e02933c8631330e61723880cfad636

SHA1
e66019c82793b3bec585cc5ddea5ead0c7d84c76

SHA256
5ab912138beb12a4178e8690c9cb4cff995030941ac5420a1e5e344efbd4709e

SHA512
77af472baacef2285256387c367022f4fbbb5df22844bc00a9f7c104a7c36e258e473183172f055fdbec0e1d62e6c9ecb628608e589d54a8b2a49be0acaf054b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d853e8909ace7ec9b2432c8e41c8e200

SHA1
fb2257ba7949d1d940fe44bd5737678b7b9718cb

SHA256
97138c5708e42a843f915d82c0af9503806b533899e8413640cc8de82c51b446

SHA512
394ffca2444be0ed537db4938d34ea995272bda07cf6a3a45758e64f74a515e584346d6614ae9763adab60ad7b9c0a4b270aaabd3325ba144b5c44c5a5584459

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
66099522c93bb0191540844187538a5a

SHA1
b67d765fef409a48d41aca45c9a5905d93f417bb

SHA256
2a6d09775511f22ce2b1ca24f3e78cc6646b80b946b261f93ef5b1545effb556

SHA512
ff8ee6fb7e406e8ac493343df0c257c290371324359523002a4fd4aa20d031f8886293958bad560475495e8f2f0e6f5a507c169ee76e1eb39cc1975150f5db68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
551a90bbdc7f21573e714cd6aef278cd

SHA1
1861f8903b88386d6875dd2f176124b0e947624a

SHA256
793a6ff63658d9827b03d0032a119fd527b40d60a887c03b916eaf7cc9671b73

SHA512
7c4295b1b395d9de947d5e1ea83b5afa803b14b47cb76f64a63aaa1ab9fc8cddfdbd608d2546716b16309f21e65ea9e416f83a473c83e6dd2897ecf24d537d8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6fc70506898ded0624a6c2f67fe1efa6

SHA1
a4676c7dfe7a6e0512c201564cfac97986990e10

SHA256
5adfe066c46ad5b068029106d1b754c2b1affc4e8f9f88c05d9c7915b8bb64eb

SHA512
1073f33375adaaa94e48cfc4a2a5777d8cdd272d04536d99380f1b91448dd95b132dd5263d7d7411f1db3cc74fdefcf8e4f63a6857dd22ef5e3587a293ce6070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1f662baff08d819cddd24364a8302952

SHA1
e23256b9ed84366c6fc02b7211b13bd0835578a8

SHA256
3b94ca50603ed6c89fdd806c8fb82379fecb9dc2a952367108176d8f4c5261d2

SHA512
5933b6a30f8d244e3c17d199a8353ca928f0ec2ef5a8dd08367ff5a2b8d7c007eba719af9635d766b11cc59e7a00be917d80ccbd32493d42e4ebb516c849e54b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
020817c92291664e151c9c1aadd12eb2

SHA1
1b8ab546ba46f86a53a99a45aa8ca5272d2dbb2d

SHA256
5b0c557d2587bbd33355444650e5a00768c68438c617458e0447cf73745c3ae6

SHA512
38f19dfe996f22f94a3fb8e4121b96dbc6b3e58ac108f03c6fd1424f6c72f45114876ac3e8ac074eec16c7fa119f6dc26ae22d1af0bd65ff40fad8d26531785a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b2f241816c3a985b78106812e69af975

SHA1
af903fb60f6a9e74aa0a3f5a188d356c43b70bb6

SHA256
e63801cbce02236fd146893bf86428ef0a3faa06e4b5185bf1895161950d6714

SHA512
320a651eae7f1e0ad040cdf6a280d5a05b189dbc71aca18edbfbc86851982966ecdad9fdf37878cd733d7e700e65ea5b4ba4250f07ded53854ed671c233dfd5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
726d48bd29f55a4d6f9b4abd09b5bd22

SHA1
5797ff64793cca6fc44a805bc281da07c4850587

SHA256
26e26b421b026bc297e90f48dd1b303e7f8298778adcb5baf34beae2c574afd1

SHA512
fbaa4f39117a83bd9f77641aa5134dd5338a861117c64a48efb01c9974ea29d9a22c033ef30e67ccd97a6978c042ccd28d01e579a1f275c81863fc55c3ced8db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582371.TMP

Filesize
48B

MD5
a35184f0d3cf0b5b9ff9c80823958d81

SHA1
9c8a0d695dfe2808567ddd280d1e5b5266179405

SHA256
cddeba175305fe829ea344d2ab57f3a50ca18c8820848240656b1c40808cb436

SHA512
f5464ac4a6fee3021cc8dbd5c5d824412143b99d5f9a7fa9d0493e351213886c7365f48e3721131229c8489e06cd02013c3b789ad2785c90157138e87e3c0143

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
9053b5dba62f0bf11e1fa243b45f990b

SHA1
b378be041585ae30155460a0a33832885b3b628e

SHA256
27aa53b8f1523003361ab859a428242e8fd0a3e3cab4ea10b9ed04eb478eace0

SHA512
ff5d47eaeb0c96101a51e949a91c75f052715aefca62625ae26f2bf3aae778a3702841f59ee16b086dc3002174c553f68f259c637cde54be701301b3780c7536

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
f6b22df9770b1b53c051e5f1625bad3e

SHA1
ab3df7e170293f6631c35e28371de67b4b532606

SHA256
7a015901d2d420e6f25c7735e172631ed4108ecb4832b90eb96f2093dc438c6a

SHA512
5809d841a6f6da09c9d32c2820532bd8c0254707e5e1be6406d24bd972f549bb8a51369932300277dab8072469d33f55a5237682467fc1bb16a94843199f1cc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
02263bcc9341741cbbd1e99e9b3bc125

SHA1
68ac39f86daee5b26c97aad373860c71eb6fed76

SHA256
c29e8f2e1b0592fe396fe3aadaa31a54e275cbc479e183d46af3a8875ae3daf9

SHA512
9e25bf50f1b84b981d9cd5460a474fbdc81dd9c3746f02fda2abb1b0dcf020c3627137736f7e024927f4f3ff028d870edcc90329efb39d6d272bb1f5de3b8af1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5bee54.TMP

Filesize
101KB

MD5
78f3012439d32150c80ee567c3434663

SHA1
79e4c68e6cf017a133960d17adb9c0cdcdf3dfe1

SHA256
5b579d11770eb442dfa12579a7ecfd5b62ef084a815009c23c4e06f5ce153d88

SHA512
178ccb89d17e078aba31733ba54037d3b61704ee67114cb17411bf49923cb5c6d85c70082762bbd92089588acef1cbf6b236aff11f5909c1b600a9ad3bf2708b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit