hxxps://ht3[.]hvacpartstechnician[.]com/downloads/soft/New_Taskbar_Themes_2024[.]zip

Analysis

max time kernel
328s
max time network
331s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ht3.hvacpartstechnician.com/downloads/soft/New_Taskbar_Themes_2024.zip

Score

8^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell and hide display window.

execution

PowerShell

T1059.001

pid	Process
2872	powershell.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	[Setup] New_Taskbar_Themes_2024.exe
File opened (read-only)	\??\T:	[Setup] New_Taskbar_Themes_2024.exe
File opened (read-only)	\??\U:	[Setup] New_Taskbar_Themes_2024.exe
File opened (read-only)	\??\Y:	[Setup] New_Taskbar_Themes_2024.exe
File opened (read-only)	\??\A:	[Setup] New_Taskbar_Themes_2024.exe
File opened (read-only)	\??\O:	[Setup] New_Taskbar_Themes_2024.exe
File opened (read-only)	\??\Q:	[Setup] New_Taskbar_Themes_2024.exe
File opened (read-only)	\??\S:	[Setup] New_Taskbar_Themes_2024.exe
File opened (read-only)	\??\V:	[Setup] New_Taskbar_Themes_2024.exe
File opened (read-only)	\??\G:	[Setup] New_Taskbar_Themes_2024.exe
File opened (read-only)	\??\H:	[Setup] New_Taskbar_Themes_2024.exe
File opened (read-only)	\??\J:	[Setup] New_Taskbar_Themes_2024.exe
File opened (read-only)	\??\K:	[Setup] New_Taskbar_Themes_2024.exe
File opened (read-only)	\??\N:	[Setup] New_Taskbar_Themes_2024.exe
File opened (read-only)	\??\P:	[Setup] New_Taskbar_Themes_2024.exe
File opened (read-only)	\??\R:	[Setup] New_Taskbar_Themes_2024.exe
File opened (read-only)	\??\Z:	[Setup] New_Taskbar_Themes_2024.exe
File opened (read-only)	\??\B:	[Setup] New_Taskbar_Themes_2024.exe
File opened (read-only)	\??\I:	[Setup] New_Taskbar_Themes_2024.exe
File opened (read-only)	\??\L:	[Setup] New_Taskbar_Themes_2024.exe
File opened (read-only)	\??\M:	[Setup] New_Taskbar_Themes_2024.exe
File opened (read-only)	\??\W:	[Setup] New_Taskbar_Themes_2024.exe
File opened (read-only)	\??\X:	[Setup] New_Taskbar_Themes_2024.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640423623988250"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
5048	chrome.exe
5048	chrome.exe
2872	powershell.exe
2872	powershell.exe
2872	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
4204	[Setup] New_Taskbar_Themes_2024.exe
4204	[Setup] New_Taskbar_Themes_2024.exe
4204	[Setup] New_Taskbar_Themes_2024.exe
5048	chrome.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
4204	[Setup] New_Taskbar_Themes_2024.exe
4204	[Setup] New_Taskbar_Themes_2024.exe
4204	[Setup] New_Taskbar_Themes_2024.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5048 wrote to memory of 464	5048	chrome.exe	82
PID 5048 wrote to memory of 464	5048	chrome.exe	82
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 4948	5048	chrome.exe	83
PID 5048 wrote to memory of 3592	5048	chrome.exe	84
PID 5048 wrote to memory of 3592	5048	chrome.exe	84
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85
PID 5048 wrote to memory of 5156	5048	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ht3.hvacpartstechnician.com/downloads/soft/New_Taskbar_Themes_2024.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb53eab58,0x7ffbb53eab68,0x7ffbb53eab78
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1772,i,3329340155723890789,4983593320246557160,131072 /prefetch:2
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1772,i,3329340155723890789,4983593320246557160,131072 /prefetch:8
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1772,i,3329340155723890789,4983593320246557160,131072 /prefetch:8
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1772,i,3329340155723890789,4983593320246557160,131072 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1772,i,3329340155723890789,4983593320246557160,131072 /prefetch:1
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1772,i,3329340155723890789,4983593320246557160,131072 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1772,i,3329340155723890789,4983593320246557160,131072 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1772,i,3329340155723890789,4983593320246557160,131072 /prefetch:8
  2⤵
  PID:184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1772,i,3329340155723890789,4983593320246557160,131072 /prefetch:8
  2⤵
  PID:5468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4476 --field-trial-handle=1772,i,3329340155723890789,4983593320246557160,131072 /prefetch:1
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5004 --field-trial-handle=1772,i,3329340155723890789,4983593320246557160,131072 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5176 --field-trial-handle=1772,i,3329340155723890789,4983593320246557160,131072 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5180 --field-trial-handle=1772,i,3329340155723890789,4983593320246557160,131072 /prefetch:8
  2⤵
  PID:1800

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3460

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4248

C:\Users\Admin\Downloads\New_Taskbar_Themes_2024\[Setup] New_Taskbar_Themes_2024.exe
"C:\Users\Admin\Downloads\New_Taskbar_Themes_2024\[Setup] New_Taskbar_Themes_2024.exe"
1⤵
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4204
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" -WindowStyle Hidden -ExecutionPolicy Bypass -Command "(Get-CimInstance -ClassName Win32_VideoController).Caption;"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:2872

C:\Users\Admin\AppData\Local\Temp\Temp1_New_Taskbar_Themes_2024.zip\[Setup] New_Taskbar_Themes_2024.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_New_Taskbar_Themes_2024.zip\[Setup] New_Taskbar_Themes_2024.exe"
1⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\Temp1_New_Taskbar_Themes_2024.zip\[Setup] New_Taskbar_Themes_2024.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_New_Taskbar_Themes_2024.zip\[Setup] New_Taskbar_Themes_2024.exe"
1⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Temp1_New_Taskbar_Themes_2024.zip\[Setup] New_Taskbar_Themes_2024.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_New_Taskbar_Themes_2024.zip\[Setup] New_Taskbar_Themes_2024.exe"
1⤵
PID:3788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
82217b467f158276be067f6b64e98e30

SHA1
542e7c09cc278094e0fa296cdf76fa6a07c06fd3

SHA256
0245e24e49039b9a99185b8c0ce151cb23c6274b22465f435d8018d4facd60ce

SHA512
89cc7d46ea73e73f33fe4cd6658bf577bfd2dce7d42afe1e59566e2901c0ea3cef5e38704c9e297b35c69e9278f0d82f4cf3eebdc0a1e640111a950c8255402a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
026121a27e808c174f11de60ba677aa1

SHA1
d3236e8422cc7e2529ac6bdadf234399e6f9fe2e

SHA256
f06d52593b5184a660ef03469928ac156912e523735d40d327306a829dd6613a

SHA512
7c1a9aef3c3d0ae8d47d8b08dca1c70e054861f8d0455d52318d1cdfbea876d05dd5b26f18baa073f10854079dfb9000757b26413c4a30aac65cd2ea84e2b55a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a10c08f7b58a5eb9c0fc91e89529003b

SHA1
802970aed56e49b06769a910719ad8fa82974a49

SHA256
7212d5dfaf0d5ec4defafadfaa852e0dcd0183ea4a798cf22c91f56c0763dfbc

SHA512
876a297d5656f70684c6ad877237b4347373b7a7acb0ed58d99e81868f65c1153a2601075934543efa4340543a795a0ee2490e434238909901fb74067acb2e7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
5b36ab62907d57e7d6111378cd7c5b52

SHA1
c2965756a428b3e1a17d84ac8029e4f030208020

SHA256
f5e31837754c8fe65f11ec5a0939ca9ebbad9194ebec75d058d836d294d23b26

SHA512
e9ed01f91b39d057249e428f342f9c412e1706c9b153ad082fa3930ef233a15668739578920dded1d5982bb706eeb7cbf51ecf2e597c5826a397d78b8d745d2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
302b52dea2612248bdf2bf688193924a

SHA1
60d22c63b1f0ccba60e24d35a41b81d4ff028d57

SHA256
3facf3ca17a1cd1384a721cf92cc3ce4186f87899734e9becc3038173b5369f8

SHA512
de5937ecbb80f18b1eb2eecd29da1d18ef52d04716bd83e06923091fa71c511b313220abede96c5cddccb82468314623d067781d4564f5c9a491fb8c4799a94c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
54df24a1a2fb81d00955681b5d33a4fa

SHA1
e70e81d30b95f8d7ade1645b15c400b635f4c53e

SHA256
19f7b59da9be67aa6c225dd7a302a2b24fc217b31f86b256bd40b1cd7f5849d1

SHA512
73a2f72542ce5c17270127f62babc723cac134fbf6859d658220ae437384d587a6c5b848bd5a923b1c15be2c9c40c74ef686c2f0f3fd673efc6c31bda7bdd871

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
916301afe46696fa131557635e8a1108

SHA1
04e03f9cd533a5d39e75b69e532e14e8191a213e

SHA256
68bcc3be2512e6d7db7b113470b6ac27f9bfe87f2b28692f5d2862c0561741ab

SHA512
5d9d071b608a24dfb200cbeac5ba513b23f657b1ef5c0fc9fc59f2cc5f97614b0dacc53e6b8ea5c81122f52b4c8ff2059dbd4f9199a4d4f4cc598cc2f4273f24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
5e577f7884baeb35467bb650690d0a57

SHA1
e768caf15f1cd1ca573627e2e7c63682fd97b00e

SHA256
a92285cc353e30460c7d0a1bd9f777d7be9ef6fcbaf0d637da4f56775a60f084

SHA512
ff1cb68180ccaf7381aafe8aef003706818e7e24bba249a12796c4237b7144807938085db5c453b60a9674941ce6a235b116bf1ba3a0b72c0a81b674fe8bdc4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
733b443d20345a15f0214616a8abb34f

SHA1
6383049f14a186fa39f041fbf868fa3a1d7f953e

SHA256
fe5064daf91250dba1f82dedf5af722a1cc53b1ddefd37a21e9dbaf6f14621ea

SHA512
7798e32d7ad14ae080d3c340edc57b02fc13ff542b0170c36de2bc74a6f8b84bdd1cdf464753da1919ecc0403897ea388f45b69cb01b225a87fa125eb8b29726

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57acca.TMP

Filesize
94KB

MD5
702bcf2bc47524cc60610b9ba3445535

SHA1
003576d913aa157e1859b55a3cc2b10ae9c51f36

SHA256
9ad9eede3a7e006240d38a07c3a4be5289879e48dd981e71660001a3d7488f4b

SHA512
c58285e777ba479d40f9eeb93f219378ac80dd75e9eb3996f26c158adb5d162e77cdfcab2cc842daa0dfb3616813f11bb04913c7d9c388698290332a1e15e15c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wpypvt1b.4fu.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\New_Taskbar_Themes_2024.zip.crdownload

Filesize
11.0MB

MD5
14fac80ecbec9bcac55bd3131ed02076

SHA1
4fdfe9e78cf23172ef222a3ebe23aa829c2620d8

SHA256
3262f80e64b0f6cad1f3308d4992edf971b383f2dffd2a462c83734cef784cff

SHA512
9f7140408d7686783302ec766c26c88272c74104c6dfeed35af907d153f6b57326d7bd6c88aa6375961ae037e7199ccce01d7c6c529d05e88d4a3af77b25161c

Download Submit
memory/2872-108-0x00000246D4A10000-0x00000246D4A32000-memory.dmp

Filesize
136KB

Download
memory/2872-110-0x00000246D4A70000-0x00000246D4A94000-memory.dmp

Filesize
144KB

Download
memory/2872-109-0x00000246D4A70000-0x00000246D4A9A000-memory.dmp

Filesize
168KB

Download
memory/4204-81-0x00007FFBA0903000-0x00007FFBA0905000-memory.dmp

Filesize
8KB

Download
memory/4204-88-0x00007FFBA0900000-0x00007FFBA13C1000-memory.dmp

Filesize
10.8MB

Download
memory/4204-86-0x000000001BEB0000-0x000000001BEE2000-memory.dmp

Filesize
200KB

Download
memory/4204-113-0x00000000212B0000-0x00000000212E8000-memory.dmp

Filesize
224KB

Download
memory/4204-114-0x0000000021280000-0x000000002128E000-memory.dmp

Filesize
56KB

Download
memory/4204-116-0x00000000206C0000-0x00000000206C8000-memory.dmp

Filesize
32KB

Download
memory/4204-115-0x00000000206B0000-0x00000000206B8000-memory.dmp

Filesize
32KB

Download
memory/4204-117-0x00007FFBA0900000-0x00007FFBA13C1000-memory.dmp

Filesize
10.8MB

Download
memory/4204-87-0x000000001BE80000-0x000000001BE90000-memory.dmp

Filesize
64KB

Download
memory/4204-85-0x00000000026B0000-0x00000000026C2000-memory.dmp

Filesize
72KB

Download
memory/4204-84-0x0000000000E40000-0x0000000000E4A000-memory.dmp

Filesize
40KB

Download
memory/4204-83-0x00007FFBA0900000-0x00007FFBA13C1000-memory.dmp

Filesize
10.8MB

Download
memory/4204-82-0x000000001B3C0000-0x000000001B4DC000-memory.dmp

Filesize
1.1MB

Download
memory/4204-80-0x0000000000500000-0x000000000055E000-memory.dmp

Filesize
376KB

Download