Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file https://download.tt2dd.com/ was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-11 10:59
Signatures
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-11 10:59
Reported
2024-05-11 11:07
Platform
win11-20240508-en
Max time kernel
222s
Max time network
214s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598990031064236" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download.tt2dd.com/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaf6bbab58,0x7ffaf6bbab68,0x7ffaf6bbab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1800,i,575479221801509109,13409107658844644862,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1800,i,575479221801509109,13409107658844644862,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2120 --field-trial-handle=1800,i,575479221801509109,13409107658844644862,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1800,i,575479221801509109,13409107658844644862,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1800,i,575479221801509109,13409107658844644862,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3756 --field-trial-handle=1800,i,575479221801509109,13409107658844644862,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 --field-trial-handle=1800,i,575479221801509109,13409107658844644862,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 --field-trial-handle=1800,i,575479221801509109,13409107658844644862,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.tt2dd.com | udp |
| US | 108.178.44.242:443 | download.tt2dd.com | tcp |
| US | 108.178.44.242:443 | download.tt2dd.com | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
\??\pipe\crashpad_1912_SGIJITBZDSVIZIBR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6654c458a1015cbacdfdc539f169c04a |
| SHA1 | 8e6877458dc2a69ff9ccdf744d335259ddc0e7f2 |
| SHA256 | abe58600dda484c337419b0a58b59da1a4e26210f7caa9e79f7c02f2dfcf1459 |
| SHA512 | 2ccf9a6f398e12e72dbf5976a5e4ccee2ac3a64d9bef2d9a417ba1e4f6480afc60b03e726f7e3cf0d840a19488c6ed59b34f6c521c0e852cf780381c52bf0700 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2f8c0c9fcb61db95edfe767f65b93574 |
| SHA1 | 6d61b69852a930fc5b4d00a51f56f7137f299246 |
| SHA256 | 41788a5c3a85fa833b258dab915a2b50d056eb2ef486e98714c30ee015fdf628 |
| SHA512 | e612778d7f9b0adce65816195a8dae33581fddd327601eafea54ab9450f9a03fa5edd79cf6f478720bac1701c5a21a327e707550d86e4be375a94846ff1fd8c2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0768562facc4caca018cd6aedc7d52dc |
| SHA1 | 826f81768ebad842cda004d920e30945fe053da8 |
| SHA256 | 03a646a45dd3a0f2fa14a2766cf9ab0697127c7fcb28dbc355d197a29f588df0 |
| SHA512 | 967492bb62450327830baf7f4e5296eb908f6f243f1fc36d9d72bd6b78aa4ba9af7eeb3090524bc4dfa5cb99c1c3652efbc37bbde5a748524aa62beacfdbb09f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3829daa5dcdc18c7b98a69d2194ae15a |
| SHA1 | 30b83a1705d1f7544bf9994276adc06ebae15c6d |
| SHA256 | 2fd2c0feeccc465654f0cc3b6f32c2fa77537a11bf65f8e97b9efbf9ec49185c |
| SHA512 | 48077b0feabab0bf9f3737da0b54e4c64580d4fdfff51135c8408ae2686274c48fc9d11734fd0fd76399a9d509c0151ad437c8589b8dd276808c6a40f0337fc3 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-11 10:59
Reported
2024-05-11 11:09
Platform
win7-20231129-en
Max time kernel
211s
Max time network
486s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download.tt2dd.com/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef74a9758,0x7fef74a9768,0x7fef74a9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1204,i,16384722898800447252,15664482456825266044,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1204,i,16384722898800447252,15664482456825266044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1536 --field-trial-handle=1204,i,16384722898800447252,15664482456825266044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2216 --field-trial-handle=1204,i,16384722898800447252,15664482456825266044,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1324 --field-trial-handle=1204,i,16384722898800447252,15664482456825266044,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1476 --field-trial-handle=1204,i,16384722898800447252,15664482456825266044,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3340 --field-trial-handle=1204,i,16384722898800447252,15664482456825266044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1092 --field-trial-handle=1204,i,16384722898800447252,15664482456825266044,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 --field-trial-handle=1204,i,16384722898800447252,15664482456825266044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1220 --field-trial-handle=1204,i,16384722898800447252,15664482456825266044,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2576 --field-trial-handle=1204,i,16384722898800447252,15664482456825266044,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3992 --field-trial-handle=1204,i,16384722898800447252,15664482456825266044,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4128 --field-trial-handle=1204,i,16384722898800447252,15664482456825266044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4284 --field-trial-handle=1204,i,16384722898800447252,15664482456825266044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4404 --field-trial-handle=1204,i,16384722898800447252,15664482456825266044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4372 --field-trial-handle=1204,i,16384722898800447252,15664482456825266044,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2304 --field-trial-handle=1204,i,16384722898800447252,15664482456825266044,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1220 --field-trial-handle=1204,i,16384722898800447252,15664482456825266044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1660 --field-trial-handle=1204,i,16384722898800447252,15664482456825266044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3724 --field-trial-handle=1204,i,16384722898800447252,15664482456825266044,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4332 --field-trial-handle=1204,i,16384722898800447252,15664482456825266044,131072 /prefetch:8
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05112024.rar
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=1204,i,16384722898800447252,15664482456825266044,131072 /prefetch:8
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x564
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05112024\" -spe -an -ai#7zMap12350:150:7zEvent32077
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05112024\updater.ini
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05112024\em_IKWliDMn_installer_Win7-Win11_x86_x64.msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 31E9DDB6A359BA85DC4E1C5C49E9ADF1
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 56B78651A7BF00CFDC9603B8B1810E91 M Global\MSI0000
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\SysWOW64\cmd.exe" /C "cd "C:\Program Files (x86)\ITarian\Endpoint Manager\" && "C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe" "
C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe
"C:\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\7ZSfx000.cmd" "
C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe
"C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe"
C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe
"C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe"
C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe
"C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe" noui
C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe
"C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files (x86)\ITarian\Endpoint Manager\RmmService.exe
"C:\Program Files (x86)\ITarian\Endpoint Manager\RmmService.exe" --start
C:\Program Files (x86)\ITarian\Endpoint Manager\RmmService.exe
"C:\Program Files (x86)\ITarian\Endpoint Manager\RmmService.exe"
C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe
"C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe" noui
C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe
"C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.tt2dd.com | udp |
| US | 108.178.44.242:443 | download.tt2dd.com | tcp |
| US | 108.178.44.242:443 | download.tt2dd.com | tcp |
| US | 108.178.44.242:443 | download.tt2dd.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 108.178.44.242:443 | download.tt2dd.com | udp |
| US | 8.8.8.8:53 | khairulinternationalhotel.com | udp |
| US | 66.206.15.178:443 | khairulinternationalhotel.com | tcp |
| US | 66.206.15.178:443 | khairulinternationalhotel.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| DE | 142.250.186.110:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 142.250.185.206:443 | play.google.com | tcp |
| US | 66.206.15.178:443 | khairulinternationalhotel.com | udp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| DE | 172.217.18.106:443 | maps.googleapis.com | tcp |
| DE | 172.217.18.106:443 | maps.googleapis.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| DE | 142.250.186.138:443 | content-autofill.googleapis.com | tcp |
| DE | 172.217.18.106:443 | maps.googleapis.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| DE | 142.250.185.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| NL | 216.58.206.78:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| DE | 142.250.186.46:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| DE | 172.217.18.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 216.58.206.78:443 | clients2.google.com | tcp |
| DE | 172.217.18.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| DE | 142.250.186.46:443 | google.com | tcp |
| US | 8.8.8.8:53 | e2c39.gcp.gvt2.com | udp |
| FI | 35.217.17.196:443 | e2c39.gcp.gvt2.com | tcp |
| DE | 172.217.18.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| DE | 142.250.186.46:443 | google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 216.58.206.78:443 | clients2.google.com | udp |
| NL | 216.58.206.78:443 | clients2.google.com | tcp |
| DE | 172.217.18.3:443 | beacons.gcp.gvt2.com | udp |
| DE | 172.217.18.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | mdmsupport.cmdm.comodo.com | udp |
| DE | 35.158.222.3:443 | mdmsupport.cmdm.comodo.com | tcp |
| US | 8.8.8.8:53 | farmershub-msp.itsm-us1.comodo.com | udp |
| US | 3.217.172.108:443 | farmershub-msp.itsm-us1.comodo.com | tcp |
| US | 8.8.8.8:53 | xmpp.itsm-us1.comodo.com | udp |
| US | 34.227.128.175:443 | xmpp.itsm-us1.comodo.com | tcp |
| US | 8.8.8.8:53 | s3.us-east-1.amazonaws.com | udp |
| US | 16.182.66.104:443 | s3.us-east-1.amazonaws.com | tcp |
| US | 3.217.172.108:443 | farmershub-msp.itsm-us1.comodo.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | api.dragonplatform.net | udp |
| US | 35.222.52.117:443 | api.dragonplatform.net | tcp |
| US | 8.8.8.8:53 | crt.sectigo.com | udp |
| US | 104.18.38.233:80 | crt.sectigo.com | tcp |
| US | 104.18.38.233:80 | crt.sectigo.com | tcp |
Files
\??\pipe\crashpad_3040_TYTXDIDOPWWEAVCC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1462504a27c4b82ecba28bc4b12217de |
| SHA1 | 3088d8162dec2b85ef598b3e50b7f2b0ddffd6bd |
| SHA256 | 6162e9dbfdb83e23af75dbebc2c6813273e91196e277b6a5aef73696a36d1c6b |
| SHA512 | 03abce2c5182e4bc3a75e94f4742862247d9ff9f05825157661ee549812e816a1ddff1045ba3f84ac408cad728b2447557dd3219fd76f78ceb43e66a284b2969 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 67adb48cf39900d499403c941f2e46b8 |
| SHA1 | 551900b8a85080062d86588a1fc4c8039f1f1e2c |
| SHA256 | cd628bbcf65dcfbc4d46c003306321a4aeb0f3fce7430735789a55cfe60109cf |
| SHA512 | edb9b5dd60651cc7d6be533f1811929c353241d5a42c1fa62b151e0ded4203b6889238fa611668e04662768360cd7fa4edeb417eeba8e25f68f5ca554a10921b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6e0836f3856f53dbcff4d4ee1152e125 |
| SHA1 | 2b679963c34087f0e3f8c664ce597462cb7bc152 |
| SHA256 | 222bb7deb28af713b05b33e6e2eac451c8f3d0ca926ca5df84650df19c7fcf95 |
| SHA512 | 962a722738615259c7a3eebeef47ced16533a0ef867eb09d8333f80e5d6e9692dcd5a04889ee1893c61bf29e887ea718ef2f89cbb764120bf3bcdf2f6af6cbb5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e7c4f4d3799f8f6f072c3344a40df185 |
| SHA1 | f412bea40d719274795bffdf9784055206bc4a5a |
| SHA256 | 97f55b98f4fe88a6d2ca87bab698a965638c63074d5a36e8ebd3bd916c655de1 |
| SHA512 | 8a02d8db3eea89750a7ed3e9ae289b448999db756156927419b37bb12d3c1bec54aca35447ff8c6beccbda4573d6e54fd7b73b02d7e5204d0ff2f1b125a30db7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9490797990c04f2f9c03cee61894d989 |
| SHA1 | 59976fa550d71bb5a2e2b7dac010936940839ca7 |
| SHA256 | 4c878bd6a4c8f34b14dba760f6eee8447b9dfc3f79990940887305817f3c2bce |
| SHA512 | 8631fdfdbe3fd3e289abce2130453c1a0188088cb1c49ec64d27567eeb6880acdf96bccb1c1d47bbfdf2f9e07c56099e7849665d898842928d96dca38371f7d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cc80d9fdd30b0efc1501154ddaaf15c6 |
| SHA1 | bb24a62f4932bd9068cc9d8496a19fef92483b20 |
| SHA256 | 13b5e6e1e5984e1e6541d0016c457ba4a60c8f3c16a81ca0c16731f2d7de27bf |
| SHA512 | f664be7484fcba97d6e6a15f58f9a192bcb9a3eadba931a038b6ca4db7f021c2b02ed1c061fef07bd6281aac395685d8244110cab27eb398bd1a80619ef3c19c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 1eaa9e26eb528a457394c639501643d2 |
| SHA1 | fd2db358c11feae3c2be0f7d94df7f5cb27a9ec0 |
| SHA256 | 5281ae5965f59bc16e8b4ccbda28efe122ee334e4518d10e5a2805ae154c4597 |
| SHA512 | c59cda0f7253ea65648804bdf1a41db85e2d22480f2508a5a404d7fa29e0a5adcbe52033412eacdecd471e51be126f4879f651d98d92a7aaeef063c4d990a78b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e26182ad6ded0f2e805b1277e4f09904 |
| SHA1 | a11d8e9e24cf531e5cc5064e062628b3ad28b56c |
| SHA256 | 73dac79b75b42dd26cb7feb0bfc3a782d85e6acae8360b1ada1eb51282754ea8 |
| SHA512 | 1e07d3d1c9f7f70db829b8fec608e00274deb275ea957efaffcf4b378b410acf9157e067869131257b09c0fb1ebbd7213724c41ace9f743500a3ebf0ddc72414 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a090c9ae92a4716ccdb1b993d8a21ddb |
| SHA1 | 2493fd187851b59c19e5640c94a331fe7fbfca32 |
| SHA256 | 684d81e4ed1d26cbf32c37412101043d76ceb7458b004991e878f213057d83ba |
| SHA512 | 33b8f6d7a2be42324cdcb1947e50b548b257af597bc60197ef37db848648fb58147eb877ec55e24f4641793fc9d01d9bc6feffe67a883da1819386ba633d900b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 87a983e378acfa9ad08832be7915b93d |
| SHA1 | b88094a617d11a0383ff6ba59c2a59429c59652d |
| SHA256 | 69aa45ee99083db331fd343d88ee04ecc9718bb9e06ba9ba8acb71aed0679ead |
| SHA512 | 28aa8c2725a3a9c43ddc7eb65fc6d473823351fe13bec9bf745b04fff3655d867cd96cde8830e87a6ea9975a26c7dbff8f1f3353b49196d56eedf4de9d2ce181 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c19be0893943e962bda69b9014c48392 |
| SHA1 | 0008169d6bc67e06ba9f1fa4adca1df3e93d3659 |
| SHA256 | aa93b2bf93d74d7f3fa9acf522f7947b005063f17151e413cae36fbb3b34f883 |
| SHA512 | 5df963806d7c11b8af0e677a5e22c2f974bf6aea46e4f7bb597899de6ebf5ceb3c3e0c19049454ef0c68e8715e827fde8e9ee13f9832624e9a922229b17d5879 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1eff41567ad9a709ebe44cbd9605e7ea |
| SHA1 | db0c245d1cdbb3fbed9fc0dcbd1dda2fef74b17d |
| SHA256 | 8370bd8e996976f195f560b858069bbd411d9b2f0ac7a8b6771f9b9e1b4d74cc |
| SHA512 | 0ff510a7a4b6b2e42c47bd36dbbc23a1d9d799fe94f92a81ef0873ccb05f7e4e0b1aae1841fd74a8caab5cf5aa757ec71b8be0cf938f1911698fd8f108bf9bee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 87940b2bd36d403eb7aea03d9679f18d |
| SHA1 | 0f75021cb897232cfc7725f3d3cd406c3779292d |
| SHA256 | a3dd6b3d8dc53d7e492d237a6dd74bb50b1c2585431c861a40cc27e4341a6c03 |
| SHA512 | cf61ad3a84c593e765b96a009a5735a1d022fd00eb656345979d0a1c2fb376514498f7931a0c27d6fd17e9ad5caa8f2fb4ae22d19ca795a58beb9d99752d3646 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4aa412dfcac9b0d12a2f4d808ef4093e |
| SHA1 | 1bddf40bd2b679e736f5c07733c3584a1ee3b623 |
| SHA256 | 7fcc927eb343dc3bcda55e3fd0dce6ffca3f21eb8583911ece5e4ade2bf1d2d7 |
| SHA512 | 46e82de2cf65f7ae5da49ca248da2d09363521cd86cf7d486ff8f5ff22bf345a0d30026eb074c40c9720adb891b50d9c56760539927aa6b39e7c286e03351cfb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 686b416bd9f934947814c4a46a116ad7 |
| SHA1 | cab25cdd350ac5db6faa5347a75da21f7a7e1832 |
| SHA256 | 88da7b9d8b9e4fd018a16eabdd1e3f309dc7d67a58863794e65687e06e7de121 |
| SHA512 | 1be5899e9d8e117f1a16754e204f9c61c42d891bbaf303e8ca5887e3c6c9cb9ac4e7760440179eea165b4bd88c87d691013bb10d2651ade02eb7245d306c6e63 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c850134b764b245599cc41979aedbe16 |
| SHA1 | 13f7344ba48a40f820fb7431e08397d1b03367a7 |
| SHA256 | fd8f8453b7b040b2f8a5ad493bdb9fffef4cb46ac9693fedfd36f61cc2a18760 |
| SHA512 | 0f6b84c891d78764b36ce746e3b5e7b24f0787f44a03032be5a76379eb9178dbe669263e5f0310c8db1d071977c6c7587c3b9e36448ccaf457adfbd77d345a44 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 967a84c39a4ab472921c74cb4b6c9110 |
| SHA1 | 1efa6c2c34345536384e76d0cedf35ebf492f90c |
| SHA256 | 668b84c83245b7b1e81974a5e32d71e7419827f845a7e4e0182c38e908149076 |
| SHA512 | 845ac6244b219f24042b4371d11a25cbbfe2938c5f2a542c93bd7b0520ed933f5c153e5aadbafd4ebea53503e490971db8f78550f382446c8672aa077ef7bd6d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c1d73691162f092c620ffa12dd2190c3 |
| SHA1 | 54bf0af3b4a97566ebd082d55db6d2325aea1dd3 |
| SHA256 | bd897698d6111d41989abefc4c79ccd2aa9ca2c75cdb6a42765b4b7a53eeea3f |
| SHA512 | 09672f5f7e499b44ebfd4afe2653902cb17f68ea29b6829f28f09b478bbdcc710fc68541d608cf86098855ec5422603a65c0474db6ede964182eb9f071977355 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | eb8ab28d3adfb923e8896aa4bc54afda |
| SHA1 | 023ef8187c9e2b951cba6bf33d909d2f1a8bff3f |
| SHA256 | f834511a998c2a77f16831b1ef97070a3b309d96f0d690849d5dc115ab911465 |
| SHA512 | 590878b8c3ca21c03ab7e3e6a2e540fffadb7363a626ceff77274e35596d23fefd625ae044e25e8467048d324d1273fd83ce3e40bca92582f43b6c58e64b37cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8fd9dfff-f218-4df0-be40-7f1975f1fe2c.tmp
| MD5 | 99749bb65861639e758ffd53ad7b2743 |
| SHA1 | 4c071ddc4148562dc4d53f3f48610b33f675f04d |
| SHA256 | a3adc13e2f8aaab897bb4fbf2256e10cb466feb9a25c22ef48396f9f582e984f |
| SHA512 | ccf5c9f9ff30a45bc992de126319c0ce13339ce5c72b03a6df1fe461fce194bb32c043497caae01786a56163e18937e84072e10ac867b51bba82128100b16ca8 |
C:\Users\Admin\Downloads\Manual_installer_Win7-Win11_x86_x64-05112024\updater.ini
| MD5 | 91e2d2af70ed5e2abdfa2df50fbfaf35 |
| SHA1 | 5d444597a4f6a46ea709b970ac8b117015685706 |
| SHA256 | b2c04a568ac068f8bb2214307e5616468e2a53dbfca9f57e2ab90d140bc29e1a |
| SHA512 | 0fdc99d1adb18b39a101b4fb0b214b34534bcc616c142a985be1915825ed70426d2bfbbad3b0e227d4369f3de4ea2cace6f7e99f6e7b083cea3f91dd9d03f61d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0015ee3764637e2538e2ebb456bc2fcc |
| SHA1 | c4f23898bfc2a5f94382a084bb580135dc196539 |
| SHA256 | 608b5a5aa964083ab393cd173f4df87a3a1c436bd56a80e553696ffd0d509a89 |
| SHA512 | 55286e7597291b4c7de7dc6e4c62305ed0ed8fa0b2ab7aee7a2fb869b6670cfcb94750dcdd2057aef26b9330ea94e9c076ed6469a365ea633aa4662c54c480a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 189f5cfe0987c3fe3c824a79b9ba6dd9 |
| SHA1 | 3748ae58620157ba9dadfa682110627aaddeb3ce |
| SHA256 | 752371efae4b3e5a32e4579f7fcf963512da98eae0a18a4fe656d2869f65fd0d |
| SHA512 | 23e36f3ff01d69dd94cc23c4eab8062bedd661640f9680151c2fde02bfdbe3bc09d0cc8c29a54936a23067db7b160c28ad78d26fa7b3fcb7dd5c597d755dfeb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 0404c757d4137bb34a603960932c919b |
| SHA1 | 5bf9dc20093138967bc0921d4f46fa27d14e85a2 |
| SHA256 | 81920ac62bfee46f3242d7464a927ea8b6e368712884da84fed4d33af90c833b |
| SHA512 | da1531510539391584f38b1f9d9c9b4173887d1fc68e5bb0acf7a6361ca6dabce69f340cef93e64d9a6513e8047c677feb7282b4b8303095dbb60387085d22f2 |
C:\Users\Admin\AppData\Local\Temp\Tar2C32.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F
| MD5 | 80cd831133d749a32dd4d9e5af7fe6cb |
| SHA1 | 9430113b0faaec25375fda1330adc54d737f9576 |
| SHA256 | e5d1dc0fde2f428a030d6cb5920166ace6843606e19efd27a537276ba158b2ca |
| SHA512 | 6ee02944b12af936f2cc804d9d0eed57411877f419185ee39c1d12b5b82513a2b2b60bc5b3da353dae4620f4fbdf4afe36afa0d74a78a0c1a74eb8078b2ee266 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F
| MD5 | 543f380bb5a4307e72b011e9a015564b |
| SHA1 | 26a06119b1257d5429f8a8e03faaca711059383c |
| SHA256 | 45d445a40f93cdf26a15a1376e2656cae9d2dcce8a0b21fcd57cfcd6d6272760 |
| SHA512 | 89d765811aad21ca748b249dd088b0a57a0a50cd59677f721971f7c084dc44fa2c66bc1f56a0f53dac6c13ba78fefb35060bb8988f1a2a400a5fa0de270e5d0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB
| MD5 | 624817a174230dea484ca47779c57822 |
| SHA1 | bda4cbfd72c7b90a3afe8a01785f8d70b7acc5bb |
| SHA256 | 1af5cc30273c992f06be053ba01b0f66d06397d4e2dd35b7192de02b296b691e |
| SHA512 | 81145d4813e20ce8662f5deb0a5aee74630b1f0ce4e3d45d5a465b23b7f5ca2702dbec1727c00df0e0241862a2f211224f53ca4a8874e98d2b650c71e48fe1b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB
| MD5 | fc54491426ec080d9fb51ee8be67b28f |
| SHA1 | 96c553e74d768d09461fa4c59cf7c9190fa616be |
| SHA256 | b296e5f5133d1080b46205e21e9fa944f314ba7e84e6cfd2e233ff80755b2ff3 |
| SHA512 | 8c6aa7cedea9489797d686b399c7324444e838439c7e9030d71939c44854c9f38ae2239280ad57e50502a34a8ef32fcfbafd4f65e25aeafd96d2307bb534533b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_8627E3B7B7F53AEB154CA2955D073D2F
| MD5 | e886128953b639557b7a8231945ca3d7 |
| SHA1 | dc3fc06b68177a57752289410919e9283a89ac14 |
| SHA256 | 6e646f20b3f65b237ab5a0428b34b52df91ffb06f8b676a14d09f78bfdaa933b |
| SHA512 | e2ae58aadd81459204b5fea0f9ffc79442788219dd13202e131104f9d3def8e40544a2c3fcaa88e2de9ff93d774a4b923ef10e02513e0f1a109ac66d5188e226 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_8627E3B7B7F53AEB154CA2955D073D2F
| MD5 | 0884c76fd599c5d30838334f17d487f5 |
| SHA1 | 5b27a8ec65f9741a6e38dbd8f90a9adf7aa76741 |
| SHA256 | fc2ce6b313ba44fd26e64ac199f649e3b74a980e4de11439d17f05493c98c854 |
| SHA512 | 5c2672dee9d5d10a0e72be8e6a312546cd85b21fc66eb3321dc8c39a27809b2a2531baf63b0a66d2fc967f4b3981b50c970f5ac598df4b32c03abc7543a809f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2367aa57496d2d897e5ee2162243601 |
| SHA1 | e5f33b59021713daf914c83eb0f47cedeaa86712 |
| SHA256 | aab3e994b10e1fd5e68cafd74002164d2115f33edf68b321eb13c4389d1e471d |
| SHA512 | 37029a322a6d9ecd1af75332a49df3e83c61fa68c6c32f474725567d9d55d7a00f59f0542dea9e07355b958a827a7630b2ca4a63dbebf0d88f8e8e8185fc6e9d |
C:\Windows\Installer\MSI9BF4.tmp
| MD5 | 8d992a2126c1d93fe274057e6d4fb1d0 |
| SHA1 | bab132d4923c48b88b746f48114564cfae8184a5 |
| SHA256 | 6c435a95b9ded21a2c27bfdfb096de2367a9e4f8e002a3dbb6aa6f52b6409276 |
| SHA512 | 136babf8a8f2053e0c4d1d10c345b4b47dde10f15e230a4e914f3c72eb1144ccded421b2d47ad428a02c4273ac124a86e3e32222b0f1b24f69e22a221001869d |
C:\Windows\Installer\MSI9DC9.tmp
| MD5 | d53b2b818b8c6a2b2bae3a39e988af10 |
| SHA1 | ee57ec919035cf8125ee0f72bd84a8dd9e879959 |
| SHA256 | 2a81878be73b5c1d7d02c6afc8a82336d11e5f8749eaacf54576638d81ded6e2 |
| SHA512 | 3aaf8b993c0e8f8a833ef22ed7b106218c0f573dcd513c3609ead4daf90d37b7892d901a6881e1121f1900be3c4bbe9c556a52c41d4a4a5ec25c85db7f084d5e |
\Program Files (x86)\ITarian\Endpoint Manager\python_x86_Lib.exe
| MD5 | 5c6bb7660240850918b681d7db03d537 |
| SHA1 | b0eafb948aef588bffdc04698e13a621bcfa4026 |
| SHA256 | 746ca047811f552dbca21660310513b3a53181bcd8400c24743f72669b1988ac |
| SHA512 | b1ae5b3cedf3f5b92a771134c2eb13d0f7ae945f6088d4ae52b245456f644ac73539f9d8374be96e9642c56415244c3ac4eac06882115dcec293a085d323496f |
C:\Program Files (x86)\ITarian\Endpoint Manager\Lib\site-packages\setuptools-18.2.dist-info\zip-safe
| MD5 | 81051bcc2cf1bedf378224b0a93e2877 |
| SHA1 | ba8ab5a0280b953aa97435ff8946cbcbb2755a27 |
| SHA256 | 7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6 |
| SHA512 | 1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d |
C:\Users\Admin\AppData\Local\Temp\7ZSfx000.cmd
| MD5 | 8f45e0ea664b30edd40e277c6eb8fc89 |
| SHA1 | 9742d05a0eabe8c4960d80bcb24e51514e77a803 |
| SHA256 | e2cdd1993e117f75ecd7833a86becccc3ecee73d8afd7197971acac88408c4d3 |
| SHA512 | 6dec7f7a59cff0533eee2f50c44eefff880f1486d8cc0c3fa2884bb222d837dde26d7a21f4879b3ed2e4081dee6580529bbd3f23b93efd2e80609bb37b85f00d |
C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMAgent.exe
| MD5 | a223cbdc0a058b5158a7b46cd2c5d06c |
| SHA1 | 3376c1f6a9d28791c259623846604979ddfc70dd |
| SHA256 | 8382bea9ebf7638cd1c5170444330cf27e89eb5e96f76d7a89b47b3ae21425e3 |
| SHA512 | ea26b077355dd4000dfb698c1a6d68eea93bc96afd4b1d9e98c3ce6fc597afa7ec436b903b419f872dc2c0d082dee0f75b42b2a776321f26bb6f27883086d5f3 |
C:\Program Files (x86)\ITarian\Endpoint Manager\ITSMService.exe
| MD5 | 38c0aeef07c40a5ca17923cd91863019 |
| SHA1 | d9e349796dfe589e6e9f68f5a64eab989a62a923 |
| SHA256 | b0e21d8ec7942126ffff069640f2918f45ab8ecb0f42bf129efe87a9539bc61b |
| SHA512 | 756502a96a6408b48bddb625d8b80fc98c914cc7d1aa4adc5e0f153d122dfca19cc7780e9e2cd5b94aedcd1d876ddbfb76426a16c262406daad0755ebf8c2b5e |
C:\Program Files (x86)\ITarian\Endpoint Manager\log4cplusU.dll
| MD5 | deb3f322eb7ca3c0b6daf4090029c9b8 |
| SHA1 | 32cdfabfe95fc0a9c4b978574ef9445522cd0184 |
| SHA256 | 658079c48d9b4b953c7076f3f77aeddf7f2b7433c42b35e69b1f510e3bee7c8d |
| SHA512 | 3657b9f0749afebc20bcdc79122afe875ad4b8f19e505d53c4e1a974d0bce580785a8b8de6e4383f0f8f80ddfa4ee6259c7b7feab336cea581627b5db9c8bae6 |
\Program Files (x86)\ITarian\Endpoint Manager\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | 047c779f39ebb4f57020cd5b6fb2d083 |
| SHA1 | 440077fc83d1c756fe24f9fb5eae67c5e4abd709 |
| SHA256 | 078d2551f53ca55715f5c6a045de1260ce331b97fd6d047f8455e06d97ef88dc |
| SHA512 | 95a57d79c47d11f43796aea8fd1183d3db9448dee60530144b64a2dd3cd863f5b413356076c26101d96dd007ebf8aff9e23cf721ba4e03d932c333b8e5536b73 |
\Program Files (x86)\ITarian\Endpoint Manager\vcruntime140.dll
| MD5 | 1a84957b6e681fca057160cd04e26b27 |
| SHA1 | 8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe |
| SHA256 | 9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5 |
| SHA512 | 5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa |
\Program Files (x86)\ITarian\Endpoint Manager\msvcp140.dll
| MD5 | 8ff1898897f3f4391803c7253366a87b |
| SHA1 | 9bdbeed8f75a892b6b630ef9e634667f4c620fa0 |
| SHA256 | 51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad |
| SHA512 | cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03 |
memory/588-5843-0x0000000000220000-0x000000000022A000-memory.dmp
memory/588-5842-0x0000000000220000-0x000000000022A000-memory.dmp
memory/2624-5848-0x0000000000160000-0x000000000016A000-memory.dmp
C:\Config.Msi\f7c955f.rbs
| MD5 | 11e23c0d4abb1baaada6cdd64d589a8f |
| SHA1 | 63b645037a6e2826ff51b98aec1ddf0a7084c9d1 |
| SHA256 | 47fa5a40bd7b803d14f25eb71e11970bc653c521cf7ac5f962322edfaf75d672 |
| SHA512 | 752ba5cdc3e99c87a4a76f078bba1642f2efda35d9eb5541bea226bb503c5beac7cb7e52e997cd7c126912a02c30e7a76af74627a8e3351c0397ff09d6840d8e |
memory/588-5867-0x0000000000240000-0x000000000024A000-memory.dmp
memory/2624-5869-0x0000000000180000-0x000000000018A000-memory.dmp
memory/2624-5868-0x0000000000180000-0x000000000018A000-memory.dmp
memory/1236-5895-0x0000000001F90000-0x0000000001FDC000-memory.dmp
memory/1236-5896-0x0000000002EB0000-0x0000000002EFC000-memory.dmp
memory/588-5981-0x0000000000240000-0x000000000024A000-memory.dmp
memory/588-5980-0x0000000000240000-0x000000000024A000-memory.dmp
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 0c44933b9e188915cb2e8e954216d7dc |
| SHA1 | 1eedb9f05a7659b9e784283f199c67295f7049b0 |
| SHA256 | 27647b1fe049aee145baddf1aa0a4e340efafaa92bda100e2a82658b1357b271 |
| SHA512 | 9a117c8e3a6d6ba2a549e46b33aa099d3a2a0f6aed7aafd6c23cc2edd770f18d45d2b30bc162127875e06568db2c2ba4343ce6f1d1b1b16ce2b735c1bae155d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f6bb8e8dbd03aa5bb454f0cd58533b11 |
| SHA1 | 3cb55bcfc318e11f15019853b6244b001be0ac4d |
| SHA256 | 370eef1c565e9b2b110e68621bec760258c2d17d02a9c5f86518fa7cbc9b6588 |
| SHA512 | df1bc1363ed8531f9c1a25ba55b26be4e7634cf37686ebb59269edb769b0e5bf60104cb5e43e61564be1b0d7cb5970a14396fb1af96c939db09e497865455d71 |
C:\ProgramData\ITarian\Endpoint Manager\oem.rcc
| MD5 | 534640f3438b7fccaeb7e4759b47d4e8 |
| SHA1 | 8b5f23bbdc250bf3ab52ee2694bd7433a4cbc39c |
| SHA256 | ab175d307ed77321fd440de58c96af85f9134c1868905aec5bd7977336ed1d65 |
| SHA512 | a185ebbd630d633a803c7999c6e39db6af5da1d5474cb303362ce12f756d01910b593958b4fa4f8ed4653c1586a1c65e3f5c4c876d3910242c4f1bb30938ee52 |
memory/888-6295-0x00000000001A0000-0x00000000001AA000-memory.dmp
memory/888-6294-0x00000000001A0000-0x00000000001AA000-memory.dmp
memory/888-6308-0x00000000001C0000-0x00000000001CA000-memory.dmp
memory/888-6309-0x00000000001C0000-0x00000000001CA000-memory.dmp
memory/888-6329-0x00000000001A0000-0x00000000001AA000-memory.dmp
memory/888-6328-0x00000000001A0000-0x00000000001AA000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-11 10:59
Reported
2024-05-11 11:06
Platform
win10-20240404-en
Max time kernel
306s
Max time network
305s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598989136777405" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download.tt2dd.com/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffff55f9758,0x7ffff55f9768,0x7ffff55f9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1832,i,14929414872013743735,4637572613100040030,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1832,i,14929414872013743735,4637572613100040030,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1832,i,14929414872013743735,4637572613100040030,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1832,i,14929414872013743735,4637572613100040030,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1832,i,14929414872013743735,4637572613100040030,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1832,i,14929414872013743735,4637572613100040030,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1832,i,14929414872013743735,4637572613100040030,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1832,i,14929414872013743735,4637572613100040030,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1832,i,14929414872013743735,4637572613100040030,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1832,i,14929414872013743735,4637572613100040030,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.tt2dd.com | udp |
| US | 108.178.44.242:443 | download.tt2dd.com | tcp |
| US | 108.178.44.242:443 | download.tt2dd.com | tcp |
| US | 108.178.44.242:443 | download.tt2dd.com | udp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 242.44.178.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.206.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 131.186.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.162.46.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
Files
\??\pipe\crashpad_1768_CJFFYBCQGCMYOCPJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 60801fc627c1ca02d531c6c6519fa100 |
| SHA1 | a0fe1499da04b2ca09f64c72b5456f69040b6283 |
| SHA256 | 56a3b43fbb5165ff7198acdf314c5b748ecc7809dc5d442525783ac13cb344af |
| SHA512 | 9e9189681def1c7966948c1b236f46f90114527b6ca0c0a0fea53d9aed834d83399e181054e16508d90cbdf7106e6842cfb942049a9daaba40857b27578e3f8d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3d8fc247fcaa1d9d880904d140e90015 |
| SHA1 | 94b9fc1164fa304739705b647c3f77baee6942cb |
| SHA256 | 30763895b2c8d3dd13f0c40678adc29dd3d51d6cfdc7342414ec6a8ea34d634f |
| SHA512 | 1a1bb7392a2e9fe4c86ab25f6637c161bc313f8df1283ad506b7ef455f3e99a0f1dec0ad58bcda255ffc897d2ad710091ace8e2b8ce4aff6e731ded85078c352 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9961b70a54c527e9f0be30cd75118512 |
| SHA1 | 8f4cc67f0fe3fdf546d56dc38dbb2137a2079a5a |
| SHA256 | 7303073d22143380e8c2b9eff7766d90c923cb1513dc19bfa96534a6e4c31ba3 |
| SHA512 | 7a9936a318a1ab81ac4dfe5c58daed77da430187728f941792162f94abe823163b8c03097703b564a7674d12de1d8cc44b33b69391723e011d7666eef773e440 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 313126e167659e3cd551a97b9c359137 |
| SHA1 | 81fa197525a9132d72d2f66e86c1d236d7fc9521 |
| SHA256 | fc0dfe508e3ab6c2f34f61d15c7e2e2dbbceaa2de1e0c27ffe170e52f4fc7a90 |
| SHA512 | f78fef581f64e736f00f306c0023991a1c0d4acdeff3f993371862364b315b0fd600505644161a59b826fe7df27e25846d47827318aeb3ac1db8349b025f1537 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b8857404f76ac5d28724be66dce189bb |
| SHA1 | 70971e957526cd3111fff4d1c0b0071f3d984966 |
| SHA256 | 96c3f1cf3027d7735a4c0f418b9bb0bdaaaf2c24cb68409730da9c8a1cb24661 |
| SHA512 | 65c782102c6ee0a193d6364905a19395fe65b34db8c05f07f19196f62d64bed2c1b0e91ade5dd84425c2af3423fcabb971b9e581f0361b105709df90a1383d13 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | bc8ed12a7929cfa42f52da75e8ba9851 |
| SHA1 | 9a537bf36848254edda25ae8ac0027759d30fa75 |
| SHA256 | 376b951b5e1e0b780598422cec8a61e3fd157d35c51c06420231a9b63f1933ae |
| SHA512 | ad8d2706eaa49b33bb04d160f1d08049447bb17856611de85009b289f3f89714da0cd068fa4e8ba77e49a1f4ec2010e1c7a5e280c981bf3b7e24ea484d9c69b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c8c746308df195938898916c0bd0bf99 |
| SHA1 | 4906c59a77867b023c6afb0325a8ed352dd58776 |
| SHA256 | db41f7ec09c7cfe20b221db4f129aa8c4e237a47d8e3a8c5c46a14d371dd883c |
| SHA512 | 939f698b8407c6985f1d38b5807f61c0388d3fd6c0c02c14292554423c0a93cc82ce451a4a01271a39d0a87ea5a7eec2281d08d02210ffc5e7fb0ec7f61086c9 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-11 10:59
Reported
2024-05-11 11:07
Platform
win10v2004-20240508-en
Max time kernel
222s
Max time network
202s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598990010802547" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download.tt2dd.com/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc001fab58,0x7ffc001fab68,0x7ffc001fab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1856,i,18327352852931571652,3188693796669516248,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1856,i,18327352852931571652,3188693796669516248,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1856,i,18327352852931571652,3188693796669516248,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1856,i,18327352852931571652,3188693796669516248,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1856,i,18327352852931571652,3188693796669516248,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4440 --field-trial-handle=1856,i,18327352852931571652,3188693796669516248,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4280 --field-trial-handle=1856,i,18327352852931571652,3188693796669516248,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1856,i,18327352852931571652,3188693796669516248,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.tt2dd.com | udp |
| US | 108.178.44.242:443 | download.tt2dd.com | tcp |
| US | 108.178.44.242:443 | download.tt2dd.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.44.178.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| BE | 2.17.196.96:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.143.109.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
\??\pipe\crashpad_1144_XXOGOIKRAJDPRFGB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2dec0f0bc95ed9cd85b08e4b9e804208 |
| SHA1 | 89abfecb7a07fc4e6f6fab72da67749a4c9113b8 |
| SHA256 | 7f6507791743c9c2f8a162bd23a065bae2e98dab5a42361c278224abba28ed06 |
| SHA512 | 8b48d8ac58d57091afa0f9bb6b68e786a92a93b2e02e9f9b25645666ccd24ed1512cbc150364ff577139cb2fbce39d31f2b59e6af2d4c0877e2fb02d15bedb9f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7d35e89dfd7c5703b1b99c1101ccf7a7 |
| SHA1 | ea313577976b5ec5edde547d45478c4331b80467 |
| SHA256 | a331d2e457d25ef062d737086abff03d4edcebfd66729122ccbb95c43086e5b3 |
| SHA512 | 4ebce7ad5d1944a07f61fc62446f606596575cfebbb3f64761e184206f0c04a714da81c607ac81fc8d1e1489f7593a8c074f8a0bceb38772bccdab7a142663d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d85ec4654d7f38cbfd14af7cb7f49b1c |
| SHA1 | aaacd0b3ffcee73fe0fc87da3189a55788eed42d |
| SHA256 | c0cc1681fba3f7d4ac6222bf19db0c3d361f8ef804c772890e418dfac28c5c97 |
| SHA512 | 986e1b40caf5e7f2fb84ebe00e51c08b3f33721c39e6827a3e7d5236a6a0312d13ff52525fc0f8913dd33fe40c0e37c7ac5771abf797d1f9cca1d48d5cc67753 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 00c439027db4e17399fad36211aece2e |
| SHA1 | e94e5afe09071c02860a99ae5089b832f4249cc4 |
| SHA256 | d1273b9ac1854cf080dffa3671dd773f8be7f45ffc863571eb1b68af30b337b3 |
| SHA512 | eb855e548d01d3098ddcfd738f73b4a689f4c491a4f52ac1f3df0bea7f9b21f4e806776bb0511ba231f1d8a876e86c9eebd358ef95302e342d4bc8755280aef4 |