hxxps://www[.]mediafire[.]com/file/zk4sw8lno0593iq/SecureEngineSDK64[.]dll/file hxxps://www[.]mediafire[.]com/file/zk4sw8lno0593iq/SecureEngineSDK64[.]dll/file

Analysis

max time kernel
1799s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30/04/2024, 17:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/zk4sw8lno0593iq/SecureEngineSDK64.dll/file https://www.mediafire.com/file/zk4sw8lno0593iq/SecureEngineSDK64.dll/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133589732899821385"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4052	chrome.exe
4052	chrome.exe
5976	chrome.exe
5976	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

pid	Process
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4052 wrote to memory of 3776	4052	chrome.exe	83
PID 4052 wrote to memory of 3776	4052	chrome.exe	83
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 2376	4052	chrome.exe	85
PID 4052 wrote to memory of 1812	4052	chrome.exe	86
PID 4052 wrote to memory of 1812	4052	chrome.exe	86
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87
PID 4052 wrote to memory of 4772	4052	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/zk4sw8lno0593iq/SecureEngineSDK64.dll/file https://www.mediafire.com/file/zk4sw8lno0593iq/SecureEngineSDK64.dll/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffb0464ab58,0x7ffb0464ab68,0x7ffb0464ab78
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:2
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4260 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4376 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4676 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4712 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4964 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5452 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5628 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5796 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5964 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6108 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6412 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:8
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:8
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6416 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5260 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6392 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6648 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6824 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6420 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7128 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6624 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6948 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7396 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=1676 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7440 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6784 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7532 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5264 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7692 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6076 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7252 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7216 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5172 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5252 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7576 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7240 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7308 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:8
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6440 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:8
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5212 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7308 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:8
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1924,i,3728040185788361463,14293231836226133895,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5976

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
73KB

MD5
288e237007f65b0d88cca0a2c70e2688

SHA1
d858c9c8b26baeb4f71e4e276b595036a226352b

SHA256
63eb3036f3ad1840f922f83275f9203bfb08868977ebca1ead7eb55122a40754

SHA512
63bfcee327231285c52df7cedde5be98e0cd5823b2d9e2558df851ded7f70f33a7b875e591603d774020cc6ad55d45ba376b2a51f57b31942c8973ad7ae9274a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6bcfc579d9ceaf5c1775b52e740c830c

SHA1
f1615472816ddb82fb649549d330f9275d94f2ae

SHA256
d0739dede14b49cc0ab97c94f1471804324e25b73e853299d8c7f3bd4fa608fa

SHA512
09878851c25f53f0a585c1ddc5dfed3faa0f432ed79fe95224a2d0d70be27418fc5ed84ee276266d094ea2adf94d802b04f08b0fba601360f90ecc31d67e98b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8418e404a06643455def2f4c92fc2e9d

SHA1
5f64c10f12f80dae50349740c503877c8a06a267

SHA256
fe91397bc6bff81bea959c96011b01fdc104937e88c7ca7dea0c4c67396fea3b

SHA512
0ae83e866a5edd229bfc2312c7f3d5fc289a8f224fa6c4c25d69f111991a5f074085d73edbc0e4de55cd4714447394d0386e262c377c92043966b3a298170bdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
7d9ab86161204d81fb34ac09b2c8c09e

SHA1
c675f0244354e3f7e2c8a86ee76faafbfd8df3b3

SHA256
df801048d5aef82e6d6df1a24f8cb2a2f77fdaf72ff925b9f4e0bc3fa9f3cf1d

SHA512
103cb2c00ac2d4cd00f4d72dbeb22a9e41548ea2f69811d29504eadc4bfce631fc1db5b32a7e2582460714dc912b05dde21f94dec93b15fd3c18d3635c5c1d70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
73f8398b69bc466ec92c19823858451a

SHA1
69d4f649f103227309a7f05573257dc6a6b37736

SHA256
7babb0818f8b79aebe3a0ece56333ed9dc4ff17767370bace9789d2fb054f108

SHA512
cf37b1996572bc8e2a7e454b56bc7aa3b41eaa0ee292e27d875906a0ca8efbf497b68da32393db0169c9bac386444ec5ce490170c62743edd01d7d1cd51ce44e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
7544999e86a6b95b8a2ab5992fb1be98

SHA1
1e772f3ee26c19694d4a1c32b750f5a12621b661

SHA256
05f860c167e9ee4bee803e7822d7d0fbc08ae2c9ccf629738b8c0866aa3d0f6b

SHA512
7fb71d71d1f7e30f42b2b69511e74394a76f1a8398279cc26507d161a0fca0908662716928c799e7a681787af2215a3aa06050fc757ee2e39e0c615b719ad590

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
2dee4579e9ea5da510f9709b8701eaa5

SHA1
d35f3c50e6ba7aff5ab547888c99d8100ac715b6

SHA256
b4f342c670cf5ef6db4d54f097cafb04c39c41df719b2be6d78bb99efa5261c3

SHA512
a65dc5abf3b780f7bf6763ab3b0ab641d8a1432c94220666597ead069fdd00c6287d6224cf3ddf47c5f4ff2cf0ef20379e05b1f26142cf2b00e67b1c6d446a59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4b504b0ebbcc85c9cef6ad902ff21480

SHA1
4e0be3326565d72288abeeae9fcdb50376f2a191

SHA256
30374b4313620860855498aa7b27a96b7dd244b5070183bd377ec50435c82c62

SHA512
2f4d24617264f181f4cf195b855413fecabeab740f75689d4373541f53006605b5450ac1bbe597281463ce60b46a9d678516f17c05c75378eb05849e8eb25ee7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9a30e61a10c2bcbf257052f8b3fe1f57

SHA1
b3a7504e48b53fec1876f911b97528a9f68467e9

SHA256
1d61349ae8fbcffe7edeb0c8a5432ca06bf1582173bbb9957e6485d4eda9e2ca

SHA512
4a27253bae20a873f18d4b79dcdfeca33d4573779e67efecb1260874c4abbee5831de8f0dab1b6f2a9585ba848edb9d7e37798be2bd46cce5a6fa0d83577867c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
7c079e121b0e4d40c0ece324fe769556

SHA1
c45b6d7f5d23a8fabd073f00bb0ed212d488efe4

SHA256
9b8ef684d33b8dc18015f6c02ce405b995aca8438e25a6116b3eff16ac806870

SHA512
6b5aa6c5dd006e8e13af3fda9cc6057427fb25e42feaae151b43483998be81e2f219e07d221c4b7e067b33a1e2cdb4674b98166fda74a021c9da114a5f66efc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
8ed053011e9f8bf16155fb4291ad2cb4

SHA1
a2bab86f4ac9e0f5e48a4d903bf9f74a0ee7ffc8

SHA256
330612419bc917f4c5565d28a2d582c3a059ffcfe780ba081767f15dd378aa83

SHA512
bc9aaa86a6dfc6b3a11054a2d63f8cc88b1f8a061e9fffeaa6c598c6ff273865e1723285f928423b8c088bf57e6a766673b33e42cf32d9f572ec2b9d12f37d32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
393922aa61bcc7f583096e481f92e4cf

SHA1
6868d628677d6bb4de80df9b35829b31bff70f8a

SHA256
4b373f467f10b7f58b243455a8db5b99e1dbcf5caf10ff970cabfc7eab96b8d9

SHA512
af75b2728d88b621d4f5c0531b47c3ba98defc862612ec1d5f3e03f009342f491f546d8c789adf32435b5d409829dfbd23a8b74375d8a5a9e1b9864edc0f0563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582c1c.TMP

Filesize
91KB

MD5
bf2422651dd200c8c834c7d4f09912c2

SHA1
04fdf9d47c08cfaf8186cb0af0830e994d343fae

SHA256
a7fd23b8ede4f01cde3b3197be949f6055a36a5e35b8fc08a1969d5d4164896a

SHA512
d9caa6923c69e1a2f3f3402bd3c0b2a601b9c57422012f4ed1594e6f5eed43adc63df4a638b51165aa54e07a386a67586ffde5daf0d150b5f631ff34dee4ea29

Download Submit