hxxps://www[.]mediafire[.]com/file/an26dt6kc4ta6v7/Setup_Pswrd_123[.]rar/file

Resubmissions

19/12/2023, 12:00

231219-n6sndsghc6 10

19/12/2023, 11:57

231219-n4kvrsefel 1

Analysis

max time kernel
150s
max time network
157s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
19/12/2023, 11:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/an26dt6kc4ta6v7/Setup_Pswrd_123.rar/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133474606847878573"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-175642277-3213633112-3688900201-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1944	chrome.exe
1944	chrome.exe
5852	chrome.exe
5852	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5964	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
5964	7zFM.exe
5964	7zFM.exe
5964	7zFM.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 2348	1944	chrome.exe	79
PID 1944 wrote to memory of 2348	1944	chrome.exe	79
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4660	1944	chrome.exe	81
PID 1944 wrote to memory of 4352	1944	chrome.exe	83
PID 1944 wrote to memory of 4352	1944	chrome.exe	83
PID 1944 wrote to memory of 3704	1944	chrome.exe	82
PID 1944 wrote to memory of 3704	1944	chrome.exe	82
PID 1944 wrote to memory of 3704	1944	chrome.exe	82
PID 1944 wrote to memory of 3704	1944	chrome.exe	82
PID 1944 wrote to memory of 3704	1944	chrome.exe	82
PID 1944 wrote to memory of 3704	1944	chrome.exe	82
PID 1944 wrote to memory of 3704	1944	chrome.exe	82
PID 1944 wrote to memory of 3704	1944	chrome.exe	82
PID 1944 wrote to memory of 3704	1944	chrome.exe	82
PID 1944 wrote to memory of 3704	1944	chrome.exe	82
PID 1944 wrote to memory of 3704	1944	chrome.exe	82
PID 1944 wrote to memory of 3704	1944	chrome.exe	82
PID 1944 wrote to memory of 3704	1944	chrome.exe	82
PID 1944 wrote to memory of 3704	1944	chrome.exe	82
PID 1944 wrote to memory of 3704	1944	chrome.exe	82
PID 1944 wrote to memory of 3704	1944	chrome.exe	82
PID 1944 wrote to memory of 3704	1944	chrome.exe	82
PID 1944 wrote to memory of 3704	1944	chrome.exe	82
PID 1944 wrote to memory of 3704	1944	chrome.exe	82
PID 1944 wrote to memory of 3704	1944	chrome.exe	82
PID 1944 wrote to memory of 3704	1944	chrome.exe	82
PID 1944 wrote to memory of 3704	1944	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/an26dt6kc4ta6v7/Setup_Pswrd_123.rar/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0x7c,0x10c,0x7ffb1deb9758,0x7ffb1deb9768,0x7ffb1deb9778
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:2
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2776 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5056 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5148 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5144 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:1
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5552 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5896 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6108 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6356 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6196 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6624 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6640 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=7036 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=7536 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7540 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7928 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8108 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:8
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7940 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7096 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:8
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4760 --field-trial-handle=1832,i,9569002365184270811,11261624422207533778,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5852

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3660

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3876

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\Setup_Pswrd_123.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:5964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
5cf52bcc7579b2daddde3a4a8bec37d4

SHA1
f94e739d9bd55deca47fcae0c4d6ffe82a81660e

SHA256
c72715194e0c2e188ae9d429f77f8f7d2697b62b2477b9b9472fc80142bc3f62

SHA512
d686b666c8445c443bc617228344029d00367dc52ab89def2bf397860b574d359d154a3a717c7d93c940e9cb3450884ea52bf00f63642846b0c47f85d28b1f5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
822698a061e260694c06e3c66b1f2061

SHA1
5a34fef6ad38f28747d21ed38cbcc44d52163802

SHA256
5218a22311e5ec55024f3bb288f3e8b395e3f5e5d2a68e7f88025ee6128b27cb

SHA512
a3935962278532e1948b8c0031dd2187e89d619906bc77520537f97dbd2c2970f91d179445511b2c2ce83a4c95f5878818aac571e11b200ed0125f3c44206438

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
2fc0f26472b6f9619987d6f1957ab3db

SHA1
f0a2d668fee7174bf8d85957f03e0ae17df9eb76

SHA256
78d9b6ef85751df0b9bdad7846fb556715e6d89c6fd54518bddcd8527b4f3a67

SHA512
599f48d6a032f49de23106c8656acce2213696aab6ba39c895c20054164a3e9cffe384990b127891e7858bf801e649fee0a2ab504f70f31ec9a8910d164fb7fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2f7a41ad56b8f481efacc94ae08dfa91

SHA1
5fd6ca023a6198557a7f7f63dbf2255653f97adc

SHA256
7ec1fa440d169a925ca1c48be9477bd24e7fece0e51e19daa1ae30eea49ce663

SHA512
11f8d0764e94d081a257c8c195c0b633c338306680b309ddecf5b510cc6ae5fcbad2edfaa73975ba06c08c27cfe515f2033f80acfb989402ec8bcbe93abcb9e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
7b6145c039ebcf00b9c29221c2e259eb

SHA1
a094ad57ff65440fe08a9cf9423cdbdec6fd51f5

SHA256
0b01de940698a3125c4c19952336beac7f2650a324b8cf6ee48c0fb92f443fff

SHA512
55e35582ac7cda917d0a45c5343e86213fda9593cccfdef7418e8808a869f50ec60d25f62adde90f5476763e3d05c0d08eed73707989c40ba7db98151b17c88b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
c94139350be4ca35f18058c73be7f39b

SHA1
5249946c22be3115fa860405522775055c4c9f0a

SHA256
3fa98522f9b1a0c52845c574f24301c53778b443ce83b868d5e234dabb6afe85

SHA512
1e04032e2708017025295bdc22f8a868cf597bcbb3267153cf3518131b8b2c6d93b49be03e43e76afcc0f221330552dd6b464e3810492424b77cb698dd22a59e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
3f7aa19d4706916b5cdcab4f085b1988

SHA1
46be357d4746c712d5fda0f3ff9704e210b9b4dc

SHA256
7f52f0e3ea4a06482cf078171afcc199d2733c03ae9e058bd45a33490bd67ab7

SHA512
6b9c3f71900625fdebd4ba7094ccab1b4b94bae79ea1bd1c3b54717779c3ab6d57f3ffd7c6b5582c694872dba127f8a5a26b3b138144f7d547413cb62f94f073

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
402f0f01477647bee458d0187c2afe6f

SHA1
0f7f858a307c4ebd9cd02a3ead97d73ab390bc95

SHA256
2eed856fda2687037b5c87ccdfd640a4255f7f269345348e325bd710c3e3818d

SHA512
26f134240c44792c040f4a212470fc89fc7e70f494e774f7a83a8e2504bae0377211d09ecdb9e548d477748f490e438ce1260739313458f5b26d9048c03a42e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0318c5377eedaa7a50a6108c73ddd8b3

SHA1
343c6ac880364cc38a26122a8dc9dcf7d8a77983

SHA256
aa6d0d8168f728067d954fed8f4830adb7a227b09b781cb2a6f7061b726df558

SHA512
4407771615245abd3940ffe13ed3f931f0aad8eb903400bf810b6561d9456bd0cabed60775f4ea5be13f11183c8f12697959f471efbc18cdb3f0d57a7d06fca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
db4d91f2bd8ef34e720de1b53cfb9e3c

SHA1
48e8c536ff7d90f472ecd7bf8f3bc8e73ef75422

SHA256
73f36fbaaf07ac576c249a298b6ad0144c5f04a0d5fd1bd191441035b0a9cf92

SHA512
f04e88b9cb3d2be534a1c04e1ef7fa75bf712262ee7ddeeda7b65afcff7c463aff6cf691022388f3357e67f6b2ad626bf136cd31414353b5ad2f8ef952a7b898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1a0f3688d14061794e4620a15e403d19

SHA1
bc30df587f3fdeee2430a4ad9d10ae2227ba6210

SHA256
966a7c4da60c602913e85e5157f21e719b7cb9b7a5a295dde02946d212afde01

SHA512
c24013da7f17a96c11500e15e019c7f2374586cc391f1be425c5016088dbe54030dcd5460cb25806accf74be899d0a90bc510681d2394e28485282051cd6fa57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
61088b0873ad88315cf5686d42eb9ba8

SHA1
966cf448861bd265bb66d8b5be7dcc5221877c5f

SHA256
0b317225c13f3206ff88504e392abfb7e156c8e911dc21e7635658ccc7c9e648

SHA512
7e74b3955b6efd0ceed3ceb1e2f2ff298e3a9b1d05003ba7d8ffc5d4438004e0eb109417f3cc17b275cf26d67a063d9587cf421236f81bfd610ef06c785342cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
048dbe1f843177f79693c361804097a6

SHA1
0c140a5215073c7c011d0a0038ecdb6b17699765

SHA256
c6ad555dacf258abd994211a79c28544e11fcc8a84560e237018adc307be40e9

SHA512
c2b815f0525a1043d8bcd8040a598bda710e19678afc8fa553f911510ef8bc0d294b54743f90f2a9930230a5f57aa2b90fc5255faacc331b09d2710265195635

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
e8d34c0ed8a9402607c6c80a71158a04

SHA1
56e018a8e965c75c313477cd8088f1bfb9c273a0

SHA256
593afb0ff5c87e3685af45b77cf2d9e8aada812f3e98e4930e5cda5f99d6055b

SHA512
4b01354ad83824c3a0e61dc87f121b89983e8b9a128eb02ef27d89719674b071cc24e16f2b6125006f86798c41467a17e3895b1c71dff86333889a8aca02ff60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
b339a98396df0b4296f8940b85388294

SHA1
6091f5073ae5b53984ca59ff81d4463b1b99d386

SHA256
d17453a5727c6b2122c79be76a16d379597b14803219fd9cb1003c7ee7c9efb9

SHA512
8c12a3958a06f054de9cf362b936f60da5d382a487e150bcfef228e12acd7817b973007a7b2a3964e76f96a646911bbd1826bb1cddbb26c32782eb41a783d295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58a3bd.TMP

Filesize
98KB

MD5
7748588260ce3f93ba90b96ccd78a284

SHA1
dabe9737e993de956e14afdfbb6dfd2b6933fafb

SHA256
8b17543a3564d8baa2e5c1259e49919df673c901a6d07cc82f9e3e8ba99a2985

SHA512
77ef264774c2e123ec8dae7f83e48cf8d42b41e15636dfe0845e33f801c9273e550c7c1f2bf78589062df21961caf46219aeecb6e6d43a0b207f4e7bb51da8af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Desktop\Setup_Pswrd_123.rar

Filesize
8.6MB

MD5
0f968bd08e66b47a321611da3a0accfd

SHA1
a2d501000fb4195b19a8132013830779c6076f67

SHA256
17fd0ca475f772f3845c362cd4e2c75a55e7ef54822ac68b3e49d9310e0b5d64

SHA512
6f37fa11ae801701b551237655b75604676bf9784900b29b7e4f336225f6e228950b9bebeaf5915312f44206d8e3443445c596bd2da06035015ed6907abf642e

Download Submit