Analysis
-
max time kernel
159s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
13/03/2024, 13:46
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://app.mediafire.com/uzg9rt06apy3o
Resource
win10v2004-20240226-en
General
-
Target
https://app.mediafire.com/uzg9rt06apy3o
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133548112371745256" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings chrome.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\PASS_2023.txt:Zone.Identifier chrome.exe -
Opens file in notepad (likely ransom note) 3 IoCs
pid Process 3200 NOTEPAD.EXE 5360 NOTEPAD.EXE 5676 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3128 chrome.exe 3128 chrome.exe 5516 chrome.exe 5516 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
pid Process 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3128 wrote to memory of 3672 3128 chrome.exe 89 PID 3128 wrote to memory of 3672 3128 chrome.exe 89 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2324 3128 chrome.exe 91 PID 3128 wrote to memory of 2352 3128 chrome.exe 92 PID 3128 wrote to memory of 2352 3128 chrome.exe 92 PID 3128 wrote to memory of 4380 3128 chrome.exe 93 PID 3128 wrote to memory of 4380 3128 chrome.exe 93 PID 3128 wrote to memory of 4380 3128 chrome.exe 93 PID 3128 wrote to memory of 4380 3128 chrome.exe 93 PID 3128 wrote to memory of 4380 3128 chrome.exe 93 PID 3128 wrote to memory of 4380 3128 chrome.exe 93 PID 3128 wrote to memory of 4380 3128 chrome.exe 93 PID 3128 wrote to memory of 4380 3128 chrome.exe 93 PID 3128 wrote to memory of 4380 3128 chrome.exe 93 PID 3128 wrote to memory of 4380 3128 chrome.exe 93 PID 3128 wrote to memory of 4380 3128 chrome.exe 93 PID 3128 wrote to memory of 4380 3128 chrome.exe 93 PID 3128 wrote to memory of 4380 3128 chrome.exe 93 PID 3128 wrote to memory of 4380 3128 chrome.exe 93 PID 3128 wrote to memory of 4380 3128 chrome.exe 93 PID 3128 wrote to memory of 4380 3128 chrome.exe 93 PID 3128 wrote to memory of 4380 3128 chrome.exe 93 PID 3128 wrote to memory of 4380 3128 chrome.exe 93 PID 3128 wrote to memory of 4380 3128 chrome.exe 93 PID 3128 wrote to memory of 4380 3128 chrome.exe 93 PID 3128 wrote to memory of 4380 3128 chrome.exe 93 PID 3128 wrote to memory of 4380 3128 chrome.exe 93
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://app.mediafire.com/uzg9rt06apy3o1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3128 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8ef29758,0x7ffd8ef29768,0x7ffd8ef297782⤵PID:3672
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:22⤵PID:2324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:82⤵PID:2352
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:82⤵PID:4380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:12⤵PID:1696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:12⤵PID:4608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:82⤵PID:1664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:82⤵PID:1964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5604 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:12⤵PID:2816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5652 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:12⤵PID:3836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5780 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:12⤵PID:4208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4852 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:12⤵PID:5800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5584 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:12⤵PID:6076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6196 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:12⤵PID:5768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2704 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:12⤵PID:6008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6492 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:12⤵PID:6044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6652 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:12⤵PID:5084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7024 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:82⤵PID:5496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=7332 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:12⤵PID:3604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=7340 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:12⤵PID:900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6148 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:12⤵PID:6000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7608 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:12⤵PID:5468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6312 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:82⤵
- NTFS ADS
PID:4860
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\PASS_2023.txt2⤵
- Opens file in notepad (likely ransom note)
PID:3200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:82⤵PID:1756
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\PASS_2023.txt2⤵
- Opens file in notepad (likely ransom note)
PID:5360
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\PASS_2023.txt2⤵
- Opens file in notepad (likely ransom note)
PID:5676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=924 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:82⤵PID:5784
-
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\roblox.7z"2⤵PID:5892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7832 --field-trial-handle=1944,i,8173314656546168869,16746626206772308463,131072 /prefetch:82⤵PID:2648
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4088
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40B
MD57f652922f004ed965b78a444360adb45
SHA1c681cba7ca5514905f53cab070f45fcc549b8efe
SHA256e888caafef4d1107a5ed6749cb7520e7f7eacb2b0f2cbac9f8ba4882167200a2
SHA512f9f79f1360f01ded2ade45a14af8755f9d76d02bc82eb643bee7d1ddc196b6502047a34878e90706878e15ed25ba85b3e32cf0325e93f9a90038e429b87ec294
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
62KB
MD5aa41473732f30d3b58deb7b994624a04
SHA1785555553919d805666b4b135ee0cb79b3aea51e
SHA2567a3ce70f6a14dbcffeb2aeddc3f22dad500abaa0d18b387e4930e36bae09ed51
SHA51200bc19d8266aca5de6b551551d8baf8f537b8e5784566109cd9c24cc6463a652ef7d1466588e0401a7d52c226647454e5f992c4581b2166811294091e3040af9
-
Filesize
288B
MD5274efd17192b14a26fd50ee9be7453ec
SHA116b7f494e6ac8aae7f2f6c38412d1e61b341159c
SHA25630de954d353d052ce505f8824bd19a2b6cc89d016264bce9e8394e5fb689e888
SHA512aef780b1e2ed36500e91457cac6e5b1478c88700e5ad4f1828b97736c2854dd874c017e48f598566d7e7e065578211e2589c4549a378d91065a23b35f206e9bc
-
Filesize
1KB
MD579e3ed1b80f05dee3f32fcb1c9aaf447
SHA10d1dd1102e11b6cbe8d7dd98bbcd52845303629e
SHA256f4a4767d4408745c3a13edcbe61b20e7ba911eace0d586c8ec1cb6559654da91
SHA512e7a47c909106a1df100ee1a7ae114a649787365c0abc26da59169ef9bfff9447ebe32dc683f1ded17bd6775cfb67f1451d49fcd970fa83149e43f7cc7b43b209
-
Filesize
7KB
MD55ee51ae38ba4b96222ed3899b5016334
SHA16332f44680607085675f7f81b938c94419964242
SHA256ec16e7527ebcd73a9af8c229866e41967ef47b02f47906ada336935ca978833f
SHA512d65bbdeeed037a6cf3d51a004a5383ad1a153c523d0bb922d70481ec74507f42774d08f820ee21a19bfc6e33d411d9a2d9654ed5394266caa8faf8ba9d60e6a6
-
Filesize
13KB
MD5f03149a54955179a1e6ff2a5f478e092
SHA178ab5db7a4f7ab183ff1da2d981b356c6663d70e
SHA256ab01eb118cd36f72d995802c93a439a6f54a907a0b743a0e45532c1ce48afa79
SHA512ea65b9f6c87a50bde5bfb9c7b72238cee6ae3cc0689b9d95b89cb435b5111188f48d5499d9a0bba22f2822809b13f38d3813f8f9cb638adca2d88e1da2587155
-
Filesize
1KB
MD5dde37f2abdd0151c034d4e930efe62d6
SHA148e7314aa0d4ff4ce7510b03c3590113eb5bae2f
SHA25688a737f0a9455a3caca4a0cc7fc6def9d0e86e43f1ba01e9929db2cc97d89650
SHA51208f0b54296fbcf692c34048b1d8ae42679b1d756a249ea058375e7c7ac0bab2d10a79911a5973e94d8cef459bec3ebbfab5d2bf772a61a3318583e6313d5bafc
-
Filesize
1KB
MD59d47d5fa50afba4b6bf5cda25ca4ac24
SHA1da2442224d0ff34ee8abfcc688af85be4c404299
SHA256ab48d6b9824527095f323dd420ea2a433da0943eff3ec1ecb11b1f094f372e73
SHA512a51bda9c72959509de13e56a37df15044c768fb45037d9ae91dd398af799f17bc8d90868349a3b57579701408d32d49f2a05d39a6b9e7cc9c24135c160756aa8
-
Filesize
2KB
MD5aa7f6edfa39b2acd39c75925abead25a
SHA114ed8a0e3726419e7f851a6701971ef399c1f11e
SHA2569f313bfe8863eda86bfb07482a75bae7c850969e831df637cd174119d7f74e2f
SHA51220fafae02c8914447505f8127340a5505595b44fc4c36176c992f1ea6b5ff43a7071289a8a9d309d58ff845b88b6b455c168177845c3fc3ac96279a1ebc02451
-
Filesize
1KB
MD5ebb136c035b1d5a50eb6553884756211
SHA1d973a13b9fd26b27c22d1a08664dde8b39998140
SHA256c9acd7f2579c30ea6cdd1bea36b1a48cf43fd01c15de9b92fb006aa2b7d1bf36
SHA512eb343edba7f57a6fb43f634f303ad3a9884720c23b35433b57f83e339a3a4cddb4c5eefd03fe433c669d856585775d9311a509c0b37bd5d2df1554df63371c5e
-
Filesize
7KB
MD53996ce5435649fa0afc05eb87e9e9397
SHA152ada8006cb0e844a94474751649bc5194dd8fec
SHA2569a411cfc8dc799b96c1889cbb6d1322c78e973817572e997e9053e704e97e52a
SHA512922653dde4e53c629fede7aece855aef00461edbc1020eec5dee4d681945aac2659d34fc70b2011af212ff6d13488b5bae636a8a27e7bbce6148b9d0dcb8ab7c
-
Filesize
6KB
MD506cd14bc8887567c034d6d7f1096327c
SHA1a79e4ee5d5d8042aa89ee8e01b3cae5a5d8de997
SHA256742b30458f29ef2e6f8b2d2702d1215c068a5cc572932d1db4507ee9b78f1634
SHA51244671c7c554781bb7c51cfdcee26a5d0b3a7dacca9523b20ce3086ec52ce908cb6c754b8dcc94c7e5dd61523173171ab3f0d36940ef5fa76190001fb87833df1
-
Filesize
6KB
MD557a262279c62e30d76e135e00c2fde9d
SHA1ee8da855c0abce2708b3e9546ffce058dc521ae3
SHA25627740b4a6daec32e40e98a4ffe23c8e30f554f4a432bbcaf665a1f8a86d7cb6c
SHA512768310e81eb044b4bf378d70e47b90906adae098912e7ed043e9aac84d970e46ae819f60f365c34485f065a4792159354485d4498dbb13e001b1a204dd30cf74
-
Filesize
6KB
MD5ffaf935325769ed161ef5018567147ef
SHA1e063ed1bc9a65be9de4d6188823b5d98fc8624c6
SHA256544496b3c8fe2a3685be3a28077ef943d2cbb4fd8eff86fddf28ae3b20fb6cad
SHA5124a85b203df108d6749f900c7816964e72d8d67e7b2905d621b8bf3419c3b2fd798e642a75930780bf6030701b6e8a482604f22b9a31027b5b3963d53a37b0710
-
Filesize
7KB
MD5cabbdb196857fc4c507f848d18c0d81a
SHA1529194e4b5a362a51daf5d48dea3e366c5c9aee1
SHA256073fd94e4fb75285c28a8838b1f2aba0740d84261ca8d4cd3fbd34de25a1f2ac
SHA5128e1925d2b93e6387229354232d70e72e4457c8eab70a244dd45ae13e9dc50091a914dd3c48297fc3b0c8d1539739fc1d9aa9da9c3249923e115707b60a7f88ee
-
Filesize
7KB
MD5e061cae66cc3d6d6dec56aa0e8ae0485
SHA1e17eb08738541317bc4c77fc1b044d24270ab66a
SHA256d11370f7032248b6512eb6ba052d310732af813b5440047f2c36736edaebbf40
SHA5129cff41a020c58c5d0e12a19df8a39ff1c62c9f7ad0bb64ddef7778fe305732978cedd29881802ad5b6a0fb424b29056d8160432284093f9f574383692a33071e
-
Filesize
253KB
MD59bdf243ae814a8520a743e2c57517427
SHA106d2d5cd2507c53020d499c2cd4077967171bdf3
SHA2565efea8ba77271105b033259563d00830aea59f1e514a88c23d6efcf9632ead74
SHA512298bbaf1b69769e00a5b3f4aa4eee042298789f8b8dd98155271f876f991d74f47d92b1f5c4ffe0e70e07555e6a2ca817fbf95e9ac03ef390ced5c9019ba6fde
-
Filesize
253KB
MD514a75668ff755f14e5cb89e25715e9e2
SHA180fab2507c7a30930d6f0ff66270a098b3301505
SHA256b79aa82c4b8f84d39094b6e70563857061f6afeb812d825ccc6229b34ec83570
SHA5121d8ff7419d6ec0ddf6bbefe7e37214fed650f6771ff7a983ee3d2d816dfe6b4cc031ecf2003c5de1599c4ad5ca0a96a69484bb058c56fc3ce2e94c3f013c32d9
-
Filesize
253KB
MD5dc0f895773ffa90e743c4d2ff27aec92
SHA1e1b27c756d2f812808ca603475f9b7eaa72137a2
SHA256734f4f215e8ffc1b65619f4d162495e0a6da350e672c3b76f1b84fe9875bb6ff
SHA512a00590089bc4f01e0d8a5550670bd345170bfcbf5d9a8a84e8f2b28cf8a998a3a153274e6c841c138108c54ff9396bcbb6fc8adaba948e680cfac46e88f02f44
-
Filesize
109KB
MD5e275f829805a2b53b500ce50460e19ed
SHA1667a994b84b22d03518676630e3d073494b71c16
SHA256d37b6f1617206af22ecdf1777b9bc44c3bbe7631109e3b5aae1b5b28af6ef366
SHA51266d460b65236bc1bcf1c3d43ae184bc6001e01ccd7d741a4c844f25bfb7a158258c01e3f4b04fb2c0e5ff1aabae708e7f3497bb0ddf2b245ccea7db298156957
-
Filesize
116KB
MD5894b0c38c66791d6e5eca49fad18c62d
SHA13404578f9e27bec13697f8f15964fd45a7f5cc6b
SHA256e03f130b3f72e80b39cb818177e50954379a3deadeef3dd024e1897eaf269e03
SHA512af7ca3f5cd49b2671b6b6036949cb7a478c5861038339f3d428dd6622118aad8d56f7cee2cf5c6ac9e12f9e7978a359a4abbffc91a51a731bf8d9263888851d3
-
Filesize
103KB
MD565249712a4f6ea7a51593a80d4e02092
SHA172980376991f1a3fdbcd4449a9b4b82c86914f50
SHA256b3591725a51bb042451e71245cd7982c435b0e8c52f3600af87bad9d983a5cd2
SHA5127c3683f0afc3dd6fcea060cb1d5b52ae215603f26e7901310a07e9c483820bcf9f7b13aade3bb08b14861b5a460221432f22698a79bd95c8dd73f057c6712e20
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
8.3MB
MD5b2d6b0d1babc365dcf7fe66d6ad958e2
SHA179776e8df4ce1f4d79b3fad67da3a4c2665fadca
SHA256deed075831932d463d5111d9222d52943f2f887f2e060a40dfce7be881b837d0
SHA512a3ec921919d40823f03a651aa7defd32a5244efc4fec2f8e2fa2d45c7e8e95ad3964eca723532e12e0b430eb829d7c7c17e367319ddd5ba0bd903931916aedd1
-
Filesize
4.3MB
MD5f1ad59b5a1119bc5386ad42c85d23269
SHA118eefc02cc5401a7ab005afd40872547328c7ef6
SHA256a67bf5edd4719a7d0079c410e164f962efddbb308206baab5aa07666a0dce4c3
SHA5122afe38dc8aac35edcc24f23d4740ec4498165b185fb390d8704ad119fb05d19308c23c74c8db8f2bc4df0f380f3218d1fadc43a0293f3db711b96b9f6fb86ca2