hxxps://www[.]tuxlervpn[.]com/fr/download-windows/

Resubmissions

31/05/2024, 13:53

240531-q643jabc58 8

31/05/2024, 13:49

240531-q44c8aaf2t 8

Analysis

max time kernel
94s
max time network
80s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
31/05/2024, 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.tuxlervpn.com/fr/download-windows/

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133616372294408182"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4932	chrome.exe
4932	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4932 wrote to memory of 4592	4932	chrome.exe	74
PID 4932 wrote to memory of 4592	4932	chrome.exe	74
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3988	4932	chrome.exe	76
PID 4932 wrote to memory of 3904	4932	chrome.exe	77
PID 4932 wrote to memory of 3904	4932	chrome.exe	77
PID 4932 wrote to memory of 2180	4932	chrome.exe	78
PID 4932 wrote to memory of 2180	4932	chrome.exe	78
PID 4932 wrote to memory of 2180	4932	chrome.exe	78
PID 4932 wrote to memory of 2180	4932	chrome.exe	78
PID 4932 wrote to memory of 2180	4932	chrome.exe	78
PID 4932 wrote to memory of 2180	4932	chrome.exe	78
PID 4932 wrote to memory of 2180	4932	chrome.exe	78
PID 4932 wrote to memory of 2180	4932	chrome.exe	78
PID 4932 wrote to memory of 2180	4932	chrome.exe	78
PID 4932 wrote to memory of 2180	4932	chrome.exe	78
PID 4932 wrote to memory of 2180	4932	chrome.exe	78
PID 4932 wrote to memory of 2180	4932	chrome.exe	78
PID 4932 wrote to memory of 2180	4932	chrome.exe	78
PID 4932 wrote to memory of 2180	4932	chrome.exe	78
PID 4932 wrote to memory of 2180	4932	chrome.exe	78
PID 4932 wrote to memory of 2180	4932	chrome.exe	78
PID 4932 wrote to memory of 2180	4932	chrome.exe	78
PID 4932 wrote to memory of 2180	4932	chrome.exe	78
PID 4932 wrote to memory of 2180	4932	chrome.exe	78
PID 4932 wrote to memory of 2180	4932	chrome.exe	78
PID 4932 wrote to memory of 2180	4932	chrome.exe	78
PID 4932 wrote to memory of 2180	4932	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.tuxlervpn.com/fr/download-windows/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8f87d9758,0x7ff8f87d9768,0x7ff8f87d9778
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:2
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2828 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2840 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4908 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4876 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4628 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4388 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5784 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3156 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3020 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4972 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3024 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:1
  2⤵
  PID:200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5244 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4340 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6364 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:8
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6448 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6160 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6792 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6924 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6976 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7092 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4348 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4572 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4812 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3156 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2968 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:8
  2⤵
  PID:2148
- C:\Users\Admin\Downloads\MEmu-setup-abroad-02bf66ec.exe
  "C:\Users\Admin\Downloads\MEmu-setup-abroad-02bf66ec.exe"
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 --field-trial-handle=1848,i,14672392764598204939,4255751549114815397,131072 /prefetch:8
  2⤵
  PID:1872

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4280

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\GrantDisconnect.cmd" "
1⤵
PID:4296

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\ConfirmPublish.bat" "
1⤵
PID:4948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000050

Filesize
65KB

MD5
6593fb08e941adbe4a342ba22ef78356

SHA1
27348fbbd385f328960da9b5863cf8c28ee66069

SHA256
afd127c2f758872d2afd7a41f3ea0489f3cc11cd73ff4b9f200a75d89ded039f

SHA512
c066004a823bf0408037b7fa4e2efc5d230bcdfd189f7cdbb67f9fa437feac7b6d4eb731b61a882559afb867505ea620dfbc757774b661dbd5784044340e5c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000060

Filesize
19KB

MD5
c762f1cf0daf6a1675ae7c35e00e01f3

SHA1
81f894d230a2d92d3154b72b5de8b277ed668b8b

SHA256
4d140627c3c720506210ffd8a8b88f38accc5b706a77e552a729f747f04ebc38

SHA512
a21dff3516cc1763d55c498928270764b42658f0243220eea3db92d2f79dc3e837971a4b47ca7cc73e986e2dd9744c057cc73fe1ccceba83c799e847957497ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6957e85112d94a194805961d9c445bbe

SHA1
bab7bf69cd71f346b0a8db677575ef6601b004d6

SHA256
150438951e00426113fe547d92e5ab0ba832362d75cacbe2d209e2252f224fbe

SHA512
8001beed0ba4153c713d3b488d5c37ba978c83c699dbc710f1a770882f411b03e7c4715e5a3deb275ca38d401bfcb15209f3ac9bfd63ee7d0cedeee0ffb3fbbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
c0b649de309d191cc3610baadce161b7

SHA1
dd15403bc3c753433152e702f2fb005b00236feb

SHA256
443e1aea338a265e49a8ef7171eff016fda29ca383fee2c12f4610aa9f317277

SHA512
a626c40b22836860a55ebe4558726b7884db731612a2a8e15f76a5e2d48d942813e8b016a76b7ccc5e0f7d6124667725b0753dbc56bd14b56f719a1ec76de738

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
987B

MD5
7f2a6162cc530e765d3400dc50459cd9

SHA1
ffd4a860de307deb9ed03164dbb19e8ab686456f

SHA256
2263430bb3cab807955dca1d79d30ffae47b7a04ee7e82f74b148f4fd0e6f21d

SHA512
2adcf31ec857154579831d994a96585c422b3f35af060805e650cee1cf9ffc99eecb2d76f2847b7fbcda601ee553221bfe81b60da24982d3b8f6dc55b9fa0cca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2d972ad4cdad26b294e4e806ca71f1ef

SHA1
8f4067ecaaf8f73103e8e73040deff8bc27ada6e

SHA256
9bc4753f5a513e224925579706b4b172b62d446b137a3cfa772c1dbfc29d0ec5

SHA512
fc008e08ce685d38f258d8495c44343ec93e2c35803b103ab1cba5553a8756ad7032134ab03cbed375b3613c75500c895c938d4e359b2bf295afcc9f347a664c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0d0634e6b15df234771ff9d3d68e9a22

SHA1
c52e707abb2db90990e14ba5774f689f856185ac

SHA256
adf22e18060234564b43558ea40e47053b05038663ffa6e456895ec8be418044

SHA512
9b40e264284f0c7854b56bdfa9cfa98f8b1552c780c4f9c165915b966c21ac0a0add4e5a6ddb6c307ed0c393314d39227533702bbbbe89d3410e1ba62daa7ae5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
40d898041953f21e09cd3433095c97ba

SHA1
9fade564acdcbd11a13e44bb3e9baf2ff715391b

SHA256
0e2af81bf9dfc9d91de54f2ac354cf584c8eb0322fcd6b05a5aac3b52bc4f476

SHA512
c4d8060ce0855635bf89800081a663996add7da0abf77b08bceb395d3adf24e1a6dffda7e30fdde8102d46369de605f4cd6aa246d50b27f90af4fe839358465b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e303b1a674cc948a788c41efb9a1b8b8

SHA1
dde20d2ecb5110195de94ab4e25c50fa4baa719a

SHA256
9ef7675bd7ec1381d57aa5136deb3e6174145ea883208c03e2fe3ea78b70d7f3

SHA512
81ca49769c99dd131ff9901ea9a6a4686f72cf9a6a35eb64b21898605cb4c8534d7fc6790b82a28db0cec8eca326f37cd91c6d2733ebc9babbfd287a7752b5e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6c3c3a8c634f5c61db9e80b00215b61b

SHA1
abf1c78c7a339b7ea9d0b7003d3f7efb112c3202

SHA256
d3691f56d819e24543c7c810598f62fd2286913b46a7473cded347e30004956e

SHA512
f8fa6b0daef5e188ce17c2a189e1d8a101a60a0ef5a090d3cfae390845ae5b5f9f949fe48e35c8aa951fc18235fe7e564b9ef3327854f7ceff9a04164f6d1e8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b03aa6040957e4bfe9adfff2b6e8a905

SHA1
eef7e461ece20c3c9145894f4a993247c5024d38

SHA256
e30af8add65185b59570b56d9142515139f585a4d9e278651b49292adc967b05

SHA512
d903540bceff4294653303f30ae0262d3c58e1fddc747ff6c2e9c988f89daf59f85b9232a8de41f2ce8ae7573161f8c1a2ee5bb9cba3bed1b2ffe31961d26c79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6fddb9695d87d4613bcece7c174dbe09

SHA1
d27059dd2b775858fc7af2c0e347ef30e6aee763

SHA256
7cb39ca1f67804c236a7d4535260707f5430efb937fa3a71d591de73165fe337

SHA512
de09209c5233579fcceb99be13d5961ec05662de7e6fc48253ae502957dc98968a433b3691287ca159063e8a025873fa657d019443545ab2247a06f3abb9e77d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ac74a73acb311bfa23cfe222fb77015f

SHA1
1e640effb23182680eaecca5aec32c72689d33d6

SHA256
a30afe322a260dd581275e39381e36769de44f84ea2ff39c75d15b814cee0eb5

SHA512
874c78e97f690ae9e77ecdecb1ead3723b93672ef2711eb202b524782db939698c4c2e3b736eebfe9feb28c1222e77fd57f253b965bab0a56622c56ea1f65638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
69f0892c1d82ad6ee28244828b6eba4f

SHA1
fe3834757a9145c69c087bb0f676a63ba924422f

SHA256
c847f838d08aebb641097e7d4d702cc57e4c8b8a5dfaf426ccfda783878a5065

SHA512
a4ecb54cf1825ee7c61a9d4ecd84e71b56916d2fea42b2cc776c7313379f4a843db112f0695a1cc28f41816d0b588d6fbec6f798ab9e47daf0150290e890a635

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
82a86a40670a3649af01b600f01a40b4

SHA1
4cb30f22beedfe1171780fbbb920199f81dbab64

SHA256
1b662dabde42e88f3a7817e497d256b6a3b0a70ff6c5b6e736d83d6379d23407

SHA512
517e8d3338cb6b16c3647cf28aae48e4dcd80347a3fd716c78c3cfba48463de1a1092c4a7f07b23dd7f5deae87cb7cb11c5508a418f5422d1cfa960cd082efab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58028b.TMP

Filesize
120B

MD5
69c305e9952f924f091f4d4b17489191

SHA1
92e5ffbddf6d0006ee6abbf20ac32492c25a3bac

SHA256
4ec36cb80cc90abfab2142b82d8f11a5f9e9ff85cece7292807fcce1ed51b120

SHA512
afd7ae2833607d427ca794e56c967935a2d021bcb8d4898057b176c50c78f64f59f154e4352a94f2c2ba68c89533a82b82f2473bc9f52ba82aab50ad17ed5fd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
234fbcfd4e39b25ecc85e34b3915b6cf

SHA1
45934630ba6f7b050b90f1d35748c45237afc189

SHA256
0c365240216ac1d849ed838f888a27ae46e4292bdac5e42d72f5f26a4d492f62

SHA512
0f608a7c9a0128f76e6038450c64bf7b75d7c04f1fb4bf24a3d4a99c824321e2660ad9aeb84b2824aff1587056fb61e88ca2019238ec531ede7af99f8d6f5fc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
0aa2657c73ead1048a04667863085f45

SHA1
36041b9e3f2bd282b09c8e6f954a6c1a705b2245

SHA256
9a0d8645b91a0e8c5da75f0f247fa7d6c59ac5499706d7059c257fda69e8fced

SHA512
1cd9633d8e0d9bb68cb787c6c4c05de87c608171a26b3b01bbc912be5c172aef8f80f36a906106e2d9e1b11cc7d60e2563122248085fb8e64e043318de476afc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
42f554b0f435ed9e662ea9c40a2e9a47

SHA1
16c32542062172499356bb6595bb11ae63ccf028

SHA256
aee884cac7620c7dd3db3f3e179333424826da6ed9070755282b3f8b0c9e17e5

SHA512
9ff3569086ec8ed349613ca56eec1d36a59ebd2c1a9f2f561684437ec44e64ddfadfc917a9d76ff6f5c79bf51b33e579eec153a1a5b1297490062bf1fd4cfd88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
4b811be546af113346f31fb6e3ff5464

SHA1
2ec159e3ea0d4b0891d0ca66056754fe02e5066d

SHA256
366588790701d3873f94e5e84b41bbe70201819944e8f8c33641ed9e8487585b

SHA512
064065e890a4c0bf2f415264e2200cd0631bac3503dcb595a76004d1e8fe9816b46880895b873fdc4c0e165caf1f6170469efafe9d02ff03a9c9cd25f8d944d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
8e81fd95e42775b0d149600549822de8

SHA1
27468d423ddf79ad680f538420cd59545bd6d28e

SHA256
0d922c6457a816a891aa12e642d86e9f5eb822a4a5bae5c15412ec15bbbf6a51

SHA512
00371b93d14cfed476e0f2b9dec0f004c714d1827c9a1be0017e1bfa177cd765baf9d073f97ee1b90b8c1977c33395795f9988c0b9a0989cac2e9a257e8157a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588bc0.TMP

Filesize
98KB

MD5
bbe4c60448c2fd5f3e88a77af251d79d

SHA1
54b34ebac75147754be9d445dd63dec8bd42505e

SHA256
2081146d2c9fe66dba9360a9088740ebd15189f00f353d30b7e848dd23110561

SHA512
16cc9bd4b5eb59f8ebf5f01c893894197890cec7bdcd13f19f7385fe2b4fc2d5571ecd5644f22df53ce99e9f7ec0a9bed744318269693a1dc65349b845612cea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
ffb3b4b5f73e6fa4ae8ccb84a94dace7

SHA1
ea6f7d043427bb1454db68666dca5fe1e27f6f14

SHA256
ba87b524838a70946129c19d3f09c4628a035271ebebf0da7a9c36fbd56c87d0

SHA512
06c78cf98925d1ff4f0c2cc9104f16fa39624d76fec96bf77e98ad1eb7f30ae3e36bdce8a9d79d3dea3a756d3e35c282d7b3ed8b8f74402dac78b09c2f8a0648

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit