Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
12/06/2024, 18:18
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.mediafire.com/folder/y02rnhx904wb4/Free_Installer_2024
Resource
win11-20240508-en
General
-
Target
https://www.mediafire.com/folder/y02rnhx904wb4/Free_Installer_2024
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133626899326811323" chrome.exe -
Suspicious behavior: EnumeratesProcesses 18 IoCs
pid Process 4864 msedge.exe 4864 msedge.exe 2088 msedge.exe 2088 msedge.exe 4060 msedge.exe 4060 msedge.exe 704 chrome.exe 704 chrome.exe 4756 identity_helper.exe 4756 identity_helper.exe 704 chrome.exe 704 chrome.exe 4540 msedge.exe 4540 msedge.exe 4540 msedge.exe 4540 msedge.exe 792 chrome.exe 792 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
pid Process 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe Token: SeShutdownPrivilege 704 chrome.exe Token: SeCreatePagefilePrivilege 704 chrome.exe -
Suspicious use of FindShellTrayWindow 51 IoCs
pid Process 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 2088 msedge.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe 704 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2088 wrote to memory of 4612 2088 msedge.exe 77 PID 2088 wrote to memory of 4612 2088 msedge.exe 77 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 1976 2088 msedge.exe 78 PID 2088 wrote to memory of 4864 2088 msedge.exe 79 PID 2088 wrote to memory of 4864 2088 msedge.exe 79 PID 2088 wrote to memory of 3164 2088 msedge.exe 80 PID 2088 wrote to memory of 3164 2088 msedge.exe 80 PID 2088 wrote to memory of 3164 2088 msedge.exe 80 PID 2088 wrote to memory of 3164 2088 msedge.exe 80 PID 2088 wrote to memory of 3164 2088 msedge.exe 80 PID 2088 wrote to memory of 3164 2088 msedge.exe 80 PID 2088 wrote to memory of 3164 2088 msedge.exe 80 PID 2088 wrote to memory of 3164 2088 msedge.exe 80 PID 2088 wrote to memory of 3164 2088 msedge.exe 80 PID 2088 wrote to memory of 3164 2088 msedge.exe 80 PID 2088 wrote to memory of 3164 2088 msedge.exe 80 PID 2088 wrote to memory of 3164 2088 msedge.exe 80 PID 2088 wrote to memory of 3164 2088 msedge.exe 80 PID 2088 wrote to memory of 3164 2088 msedge.exe 80 PID 2088 wrote to memory of 3164 2088 msedge.exe 80 PID 2088 wrote to memory of 3164 2088 msedge.exe 80 PID 2088 wrote to memory of 3164 2088 msedge.exe 80 PID 2088 wrote to memory of 3164 2088 msedge.exe 80 PID 2088 wrote to memory of 3164 2088 msedge.exe 80 PID 2088 wrote to memory of 3164 2088 msedge.exe 80
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/y02rnhx904wb4/Free_Installer_20241⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2088 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd244c3cb8,0x7ffd244c3cc8,0x7ffd244c3cd82⤵PID:4612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,9271662436078006887,13671183102869800313,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:22⤵PID:1976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,9271662436078006887,13671183102869800313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,9271662436078006887,13671183102869800313,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:82⤵PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9271662436078006887,13671183102869800313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:4840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9271662436078006887,13671183102869800313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:5020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9271662436078006887,13671183102869800313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:12⤵PID:3728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9271662436078006887,13671183102869800313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:12⤵PID:3612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,9271662436078006887,13671183102869800313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,9271662436078006887,13671183102869800313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9271662436078006887,13671183102869800313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:12⤵PID:5020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9271662436078006887,13671183102869800313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:12⤵PID:1060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9271662436078006887,13671183102869800313,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:12⤵PID:4300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9271662436078006887,13671183102869800313,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:12⤵PID:1264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9271662436078006887,13671183102869800313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:12⤵PID:3864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,9271662436078006887,13671183102869800313,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4972 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9271662436078006887,13671183102869800313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵PID:2716
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4232
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3860
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:704 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd1148ab58,0x7ffd1148ab68,0x7ffd1148ab782⤵PID:3524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1500 --field-trial-handle=1836,i,16170759301590959599,16707399259752757361,131072 /prefetch:22⤵PID:2424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1836,i,16170759301590959599,16707399259752757361,131072 /prefetch:82⤵PID:700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1848 --field-trial-handle=1836,i,16170759301590959599,16707399259752757361,131072 /prefetch:82⤵PID:2784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1836,i,16170759301590959599,16707399259752757361,131072 /prefetch:12⤵PID:2588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1836,i,16170759301590959599,16707399259752757361,131072 /prefetch:12⤵PID:2948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4236 --field-trial-handle=1836,i,16170759301590959599,16707399259752757361,131072 /prefetch:12⤵PID:4732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4460 --field-trial-handle=1836,i,16170759301590959599,16707399259752757361,131072 /prefetch:82⤵PID:4072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1836,i,16170759301590959599,16707399259752757361,131072 /prefetch:82⤵PID:632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1836,i,16170759301590959599,16707399259752757361,131072 /prefetch:82⤵PID:2672
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4048 --field-trial-handle=1836,i,16170759301590959599,16707399259752757361,131072 /prefetch:82⤵PID:3664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 --field-trial-handle=1836,i,16170759301590959599,16707399259752757361,131072 /prefetch:82⤵PID:4996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1836,i,16170759301590959599,16707399259752757361,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:792
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:244
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD5f41acc185392fbebc7e3bd0de255528a
SHA107a3eb73d16a22a69300f41eb2593df984a3acc0
SHA256d918042a0d61d64aba2cc1bfd99ce15998cafd98d0b21373a422a3aab543c1c8
SHA5126bae568634145e419ccb74bf9f2805208a8acbd4e6d7a752b7b1e6e1745e34aedc3941493bdb9b2f188ba293407529b362e4489be386fe8842f8163df920e0b5
-
Filesize
257KB
MD58c7fa2294cf19955a9a525ebf5ccc1e8
SHA11bb369de3c79e4d9cb2f14c3013bf774d583924e
SHA256e590d67d081fff446399dde470d2725cab7afe657611be1e4060cac888e50311
SHA512189a81e4708c587798fb02c61c68245eec918e17065d0749fe57d9ee7a7da879244820df7da9f6bf09ea7746ce1aafd570790ef3f83b85eb7447083e971f5512
-
Filesize
257KB
MD5b786e9293e08f91970adfb2bfd66b87e
SHA1a53e4ac4f1479c26584c6190a67dad16aec2fd92
SHA2560fcd9605575276b7ea1051829583036bdde196cea4a3940403a36935680e39d0
SHA51245625fc5dbd87aaf92d983b0d306ee4188d97744db46a377c0ac3c720c915b4118eef89fd2e33440f7d2421be6bba1b3ea3af6f3758fbddf49af7af6b64396c3
-
Filesize
86KB
MD5827b2d607990c3d19bb8b7d4d0caae5b
SHA15f4b8c1080f3be4b421b98d39c6eac05b0f329de
SHA2564ab063f7ae19923c6c7588f6c3bcef9ad59af93415b578a42872ffec9130da46
SHA512567e80797f9556bfa0033366e8e06342772e2535a188c249d933d2e11c8c06847e8a1ab878802aa321f01c185472d3cf7e5fddb348f04552023cb3d2ec276b85
-
Filesize
83KB
MD5456d53b4b2b193e92666bb17947c0dfa
SHA13e13d7031f7aeb3d83b861bd27d8dd9e391d483d
SHA256eba654e04ce11431f6369dc231a66080753ba1d30dfd948e328899aed6e7762b
SHA51263dfe5839663351db2dd745124b46d8e3960ad0004fe69ed968ca9e2df8e2f352264734de7f7e061c50722b5d295da49aafafb74539d0c222766d2ad65c31d6d
-
Filesize
152B
MD5d56e8f308a28ac4183257a7950ab5c89
SHA1044969c58cef041a073c2d132fa66ccc1ee553fe
SHA2560bc24451c65457abc1e4e340be2f8faceae6b6ec7768a21d44bcd14636543bae
SHA512fd5798559f4025ec3408f5550b8671d394b1ec83b85fdac8c005b0cc3e183272bdd07db15a156a572c9c5e5798badf235dc10aae62a052efa8dd9dfdbdca8189
-
Filesize
152B
MD58f2eb94e31cadfb6eb07e6bbe61ef7ae
SHA13f42b0d5a90408689e7f7941f8db72a67d5a2eab
SHA256d222c8e3b19cda2657629a486faf32962e016fc66561ce0d17010afdb283c9de
SHA5129f7f84149885b851e0bf7173c540e466a2b2eb9907d8b608f60360933328cc75d9d1b63640ea4ecc1e64ecc5dd7ee74d82903f96a8b4418ca56296641a8c0703
-
Filesize
5KB
MD5ef31a772e11d3e0da1c975c4a35961cb
SHA10d4d652528b3121b1bb998e77fdcb33d92653bb3
SHA256722d454afc26eea40d1a84455410c030d11f3ee6890395d53b26e9a2724ce37b
SHA512cdc596dda4bbae01596bb7860d79b6ccaee831ca4ed42c1d79ebac95cfab7745b8bacc8169a8cfc0903046bebb9c395921bfbd098b61ee4495edebdc6a5f1c80
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD531dd9c083683b7fb01fd170a6e895917
SHA196ef9970ffbba562ea26f9027513e1849631ce0e
SHA25699b2d4b7a7a8b091bcab05bc8962b8cb4ea6bd19425adf59d7a38b8c8762f6f5
SHA5126d2cbf0ea0c034ac7ab5b875458578f3ebc8251eeb1815cae3dd1871436c33f3c68aa5674d4e2464e707ba2f8e5f27d4024ff91be0eb91a4ddba7aa2e6a754b4
-
Filesize
8KB
MD5f1e1d8ffbd3fa5a1508aa1f6fb92e15d
SHA13195245525e899b6ad3c7b7e7a5df237ab3c9e25
SHA2561906c5a0e7d2fec2d7624f4eed2a5bb478181441171e249ae4811b0f3bc7427c
SHA512508052ce066a9783b7bd7c4699289d16e32678b48e4ebea3a3b7b20f0507a3d2611e591aafe2ee0e65289a2af21b488b3e37dd2489d763ba2de88a386683a8f9