hxxps://www[.]mediafire[.]com/file/ucp9mukvwgjdkdg/cro[.]epg[.]rar/file

Analysis

max time kernel
150s
max time network
155s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
05/03/2024, 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/ucp9mukvwgjdkdg/cro.epg.rar/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133541362701094424"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\cro.epg.rar:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2744	chrome.exe
2744	chrome.exe
2452	chrome.exe
2452	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2936	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeCreatePagefilePrivilege	2744	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 5000	2744	chrome.exe	80
PID 2744 wrote to memory of 5000	2744	chrome.exe	80
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 2076	2744	chrome.exe	83
PID 2744 wrote to memory of 4936	2744	chrome.exe	84
PID 2744 wrote to memory of 4936	2744	chrome.exe	84
PID 2744 wrote to memory of 4892	2744	chrome.exe	85
PID 2744 wrote to memory of 4892	2744	chrome.exe	85
PID 2744 wrote to memory of 4892	2744	chrome.exe	85
PID 2744 wrote to memory of 4892	2744	chrome.exe	85
PID 2744 wrote to memory of 4892	2744	chrome.exe	85
PID 2744 wrote to memory of 4892	2744	chrome.exe	85
PID 2744 wrote to memory of 4892	2744	chrome.exe	85
PID 2744 wrote to memory of 4892	2744	chrome.exe	85
PID 2744 wrote to memory of 4892	2744	chrome.exe	85
PID 2744 wrote to memory of 4892	2744	chrome.exe	85
PID 2744 wrote to memory of 4892	2744	chrome.exe	85
PID 2744 wrote to memory of 4892	2744	chrome.exe	85
PID 2744 wrote to memory of 4892	2744	chrome.exe	85
PID 2744 wrote to memory of 4892	2744	chrome.exe	85
PID 2744 wrote to memory of 4892	2744	chrome.exe	85
PID 2744 wrote to memory of 4892	2744	chrome.exe	85
PID 2744 wrote to memory of 4892	2744	chrome.exe	85
PID 2744 wrote to memory of 4892	2744	chrome.exe	85
PID 2744 wrote to memory of 4892	2744	chrome.exe	85
PID 2744 wrote to memory of 4892	2744	chrome.exe	85
PID 2744 wrote to memory of 4892	2744	chrome.exe	85
PID 2744 wrote to memory of 4892	2744	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/ucp9mukvwgjdkdg/cro.epg.rar/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb5ef09758,0x7ffb5ef09768,0x7ffb5ef09778
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1816,i,18279439008086933298,5960154253221970919,131072 /prefetch:2
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1816,i,18279439008086933298,5960154253221970919,131072 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1816,i,18279439008086933298,5960154253221970919,131072 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1816,i,18279439008086933298,5960154253221970919,131072 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3264 --field-trial-handle=1816,i,18279439008086933298,5960154253221970919,131072 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5188 --field-trial-handle=1816,i,18279439008086933298,5960154253221970919,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5364 --field-trial-handle=1816,i,18279439008086933298,5960154253221970919,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5632 --field-trial-handle=1816,i,18279439008086933298,5960154253221970919,131072 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=6304 --field-trial-handle=1816,i,18279439008086933298,5960154253221970919,131072 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 --field-trial-handle=1816,i,18279439008086933298,5960154253221970919,131072 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6292 --field-trial-handle=1816,i,18279439008086933298,5960154253221970919,131072 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1816,i,18279439008086933298,5960154253221970919,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 --field-trial-handle=1816,i,18279439008086933298,5960154253221970919,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\cro.epg.rar"
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=744 --field-trial-handle=1816,i,18279439008086933298,5960154253221970919,131072 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4576 --field-trial-handle=1816,i,18279439008086933298,5960154253221970919,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4536 --field-trial-handle=1816,i,18279439008086933298,5960154253221970919,131072 /prefetch:1
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6604 --field-trial-handle=1816,i,18279439008086933298,5960154253221970919,131072 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6820 --field-trial-handle=1816,i,18279439008086933298,5960154253221970919,131072 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7000 --field-trial-handle=1816,i,18279439008086933298,5960154253221970919,131072 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\cro.epg.rar"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6068 --field-trial-handle=1816,i,18279439008086933298,5960154253221970919,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2452

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3860

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
8100a733857c0637add32b59ecb63ba3

SHA1
a884a5512fe76adab40be4acb4542c01978783af

SHA256
c84989d9ce65e4cca056ba424fe1b7c6dfb548fb1f7f6150534832ab1b33dbe3

SHA512
d66e25fa25e66083d7c3f9f3a8eebc5f740c5db535b0bf46c76ad216aa4fdde6bec0664c144d2e6f69a9864ce540d4903ca8bc6bd7fbdff104474101e4a040e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6734b7ff3493d202eec4d15f6fcaca5a

SHA1
c0110f271355f36d643209d4df18d3472321c69e

SHA256
5a8aa7c42fa913c2cd300711f312109c37c2ee4cc6740eec49467d79a860c27a

SHA512
acc90d2510a80beb07e75785c52395745ba774b98d3c3ea889dfd48c8493c346ddff2a43045062d00665c495a84473ac6871bea0872e33e44770b8311b0c5b53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
82a1eda7010fffb5fb43e49572c10e44

SHA1
382f4a09fe24188cbac4860853f0a0407598beef

SHA256
173c93f7b590d7f85966ac46d1e86d22db470c90de215ac1b417ef3c6bb17436

SHA512
42baddcec24f1c9f04c3327dfca8b351d88709ca0cc437a53a4e9f8dee2bf5d884d41e7976d864e468399b3f10103bde1278f64f38e1e289d632732a54c90a43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b9cab5653eb0fb2e381e9393d1649c03

SHA1
4f42632c369a7bbad32aab7ffbf675a9f6974e03

SHA256
6062b30d8569b490f5a164a7293ec0d4aaaa21de0518a09031ce825990978345

SHA512
332604d5d4d6b47937b2bd538208d715a799bdae8f6e406896179c250b843462d2805da199209e20ea56a32b44584fa75ac7b4119bdaf41bb3e364c68fce8657

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6a3551730f06b63120a2ffd9353bed69

SHA1
027224317fa92e1990ff513931170cb8015b3d32

SHA256
ee95336adb12a3916fcb30130903fd5992ae26d98b8a3251420b844c8ff35e70

SHA512
ebe1114ef0644dee2732d9dbf40b37d6581b66bd3c7133937c6bfd6fe1ffd70b677aad5ac3571fcf45f8ae1b3c706e7f1dc885012998aeca0e02a5cce4072366

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
10ab3f72b68dcfe8ef7da9d028869f62

SHA1
1560c39d806c1f6c56745a870d436515d8ce60f8

SHA256
53c252181e449140e011cd2359505f2c78b927ea90cac8c4e46a072ce94e0f72

SHA512
9290a71da2280585213e685e1e2ea89d2b6b35e2e32eda4f51419066e904ff8c80932dba0c370d952f60ab74571fe2a80323ac1bea7971fa2b72afc29efb7232

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c2962f65cc91c6e125546850d7e4fb41

SHA1
9c448a39484b8965bbaf76c4e713f623336140c7

SHA256
2af3ac73b73d1ad76f347a7b54d16461533d30bb5728fa0686d7ab7ad78c1585

SHA512
80dc821527b347ce393a93e17a8c3d69b33dd8d4f4978e2a886d701ec3868e8989c881de41bbd4a10be6f20715196be083480378291b3074562631258e4cd2fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c2f3f542f6932138b803a292f655e16c

SHA1
4834ac2478b8d9eef2311c6ddef0910f6286ca49

SHA256
2f710ada2ffecbecd07eb2c8d48c79d7cf119fd6f9ff3cd85b7a89d086dc0ad1

SHA512
3bd28d545f649847a8dd7edabd9786ae2cc5bf96e5b3e145a008c7a5c0f9429cd4ab284e3141eda57fe1faf29ecf73d8b9e39d3a5f0a49b4401fec8a300cb4d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
39e58625083c4e196c8026c7eff501de

SHA1
d1d17fa54e11cbf66f97f56518e01bb0e94398a3

SHA256
6569afb2754fbdc9de101a96653a25782bc5c13be3f2dc81d70ec73182bac720

SHA512
a004a26d36fc2d07098769c7924a45e3b003942bad31dbeb9f56aaa29640932cf3c1e45ced7a3ce63e9b930cb50a5b68d62beb04d0a9ea22ff894af8a0595111

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
63e66881ce978fde095e2e6d433f0956

SHA1
64756f39694c16cef6e0fc11724cc4802f1d4561

SHA256
6659e9b21f0be1aa785ad35786f6f13736b3d43fcc5a19ecd1ecf39409c1ca3f

SHA512
f3ebbf5e9cb20c910037f3c81506b396f67a0e400794f96e592de08d4209b85c7ac203ca95964fe93c9ca4665bfbc56a838e3ea452459c039a6d0924cfc08050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
3832d20df611a6b3ae48217fd4bbf5bc

SHA1
807e31aa61f10d9a26d9bb4dc849e203fe7bfa46

SHA256
aa2fd37f6d46ae1346f720389425781935a7413b5fb46bd8fbe905c998444f57

SHA512
b66da53fc64c6de75fd253f390c5b1c5b58902f16893503ba0ef2d74b0df94efdcd47120fdf811af4536922b05dd76cc14db8e6b7edba7bcb088fbf25ec8614d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
d83de09cf62318c020124a4da70b2fd9

SHA1
0933d5226b2698f3dbbe7c3818f6cef4e40f1df9

SHA256
c4a5e9909f809bb4b5dc5f689062462313e63e5203b96d849d9d5dbbdf1db5f0

SHA512
83189bc0845ce798964fe74930dcd92a42f7e82ca669ea28417b74c2f12ca8d197ed1c69944be74edf74b87ae8b3740f064f26b660250ce24d118f5d9252b073

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
c398e04513078c839ea40186af092f1f

SHA1
929f2f20d63531f1177351c6b2b102d679fa730a

SHA256
68760b8fbea35c083d3cb9df7f0ad722ee6501ab36d87f58e7b86ca8fec0b853

SHA512
ea046720d2202e80084f1ddf09d109a8c7c409285c5117bc2fe98d4f7e2de6f75bf04fbba431076d1cbbeb1593168ae3174e66140f0c1a5ebbddc049d045750c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
8e1c359e0af665355c7865e530e1cd64

SHA1
c0af5be13e550249a8982c13ad1902b38a5724dd

SHA256
fc01e2a8bdb5aa82ce81d39dd49cc4f2e4e064e0af9057efec2030f57f9c1341

SHA512
834ae3942fc9d4da9a406724c7d8e6bc183069554a88c689aa5134a0a45d3410f416177e52caeeeffbc4c7dadf56608f45bc7cb045e74679bc35d2d2f831b3fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58a747.TMP

Filesize
98KB

MD5
34f5368fb7451b90f2433f7083434763

SHA1
981d6a2c61bf00a17911ba29fef82fe03082a176

SHA256
b8af367571ef922772652a29edfe306782085dd8d5bdce490ec8b89f65d0f433

SHA512
c48ba321b24880d1d6ce7c1a30b9e5ec9e5e9732814f0d665ca9427d5221ba155bd98e68fa8e9add4c44ddfa9ef90ebf08b7ce6140cb660b242ae4f616179f36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\cro.epg.rar

Filesize
5.9MB

MD5
9c8fe49f67bbd7eff299279a7253c214

SHA1
e3d3d18c39282c27ab6b43f52e42460762574c27

SHA256
24a51f00e03d9110dfd26a90b84746372ea06c93fd9670ab6572d00467e70506

SHA512
8331af4e762d71aa708c6d4ad9e43062295b2db869683783cf88e09de9cd60e850209237c357f84c33ed85074041cfeddfcc61311ebcbf2f703cc1a976235067

Download Submit
C:\Users\Admin\Downloads\cro.epg.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit