hxxps://download2293[.]mediafire[.]com/uiqaqgqi71cgF8qNybSCWLhJ2nKC5BwXKCZdRBd_D2_bQOIChFbXDVS26ttXE-B9ylItIqLq9dHvvMBadaRh3iYFUUk8S92V7zx7owy1H2j1TCgrzreIm54I2Pya8VObSsPBD75DYeY9hrKJH8Wh95OxIHLWKfhBbHOWMBIWYxhV/dlx59dqiof7w3ka/Software+2024[.]zip

Analysis

max time kernel
96s
max time network
92s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
20/07/2024, 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download2293.mediafire.com/uiqaqgqi71cgF8qNybSCWLhJ2nKC5BwXKCZdRBd_D2_bQOIChFbXDVS26ttXE-B9ylItIqLq9dHvvMBadaRh3iYFUUk8S92V7zx7owy1H2j1TCgrzreIm54I2Pya8VObSsPBD75DYeY9hrKJH8Wh95OxIHLWKfhBbHOWMBIWYxhV/dlx59dqiof7w3ka/Software+2024.zip

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133659209085925200"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4672	chrome.exe
4672	chrome.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
4672	chrome.exe
4672	chrome.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4672	chrome.exe
4672	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeDebugPrivilege	5056	taskmgr.exe
Token: SeSystemProfilePrivilege	5056	taskmgr.exe
Token: SeCreateGlobalPrivilege	5056	taskmgr.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe
5056	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4672 wrote to memory of 3928	4672	chrome.exe	71
PID 4672 wrote to memory of 3928	4672	chrome.exe	71
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 3812	4672	chrome.exe	73
PID 4672 wrote to memory of 1048	4672	chrome.exe	74
PID 4672 wrote to memory of 1048	4672	chrome.exe	74
PID 4672 wrote to memory of 4604	4672	chrome.exe	75
PID 4672 wrote to memory of 4604	4672	chrome.exe	75
PID 4672 wrote to memory of 4604	4672	chrome.exe	75
PID 4672 wrote to memory of 4604	4672	chrome.exe	75
PID 4672 wrote to memory of 4604	4672	chrome.exe	75
PID 4672 wrote to memory of 4604	4672	chrome.exe	75
PID 4672 wrote to memory of 4604	4672	chrome.exe	75
PID 4672 wrote to memory of 4604	4672	chrome.exe	75
PID 4672 wrote to memory of 4604	4672	chrome.exe	75
PID 4672 wrote to memory of 4604	4672	chrome.exe	75
PID 4672 wrote to memory of 4604	4672	chrome.exe	75
PID 4672 wrote to memory of 4604	4672	chrome.exe	75
PID 4672 wrote to memory of 4604	4672	chrome.exe	75
PID 4672 wrote to memory of 4604	4672	chrome.exe	75
PID 4672 wrote to memory of 4604	4672	chrome.exe	75
PID 4672 wrote to memory of 4604	4672	chrome.exe	75
PID 4672 wrote to memory of 4604	4672	chrome.exe	75
PID 4672 wrote to memory of 4604	4672	chrome.exe	75
PID 4672 wrote to memory of 4604	4672	chrome.exe	75
PID 4672 wrote to memory of 4604	4672	chrome.exe	75
PID 4672 wrote to memory of 4604	4672	chrome.exe	75
PID 4672 wrote to memory of 4604	4672	chrome.exe	75

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download2293.mediafire.com/uiqaqgqi71cgF8qNybSCWLhJ2nKC5BwXKCZdRBd_D2_bQOIChFbXDVS26ttXE-B9ylItIqLq9dHvvMBadaRh3iYFUUk8S92V7zx7owy1H2j1TCgrzreIm54I2Pya8VObSsPBD75DYeY9hrKJH8Wh95OxIHLWKfhBbHOWMBIWYxhV/dlx59dqiof7w3ka/Software+2024.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffab10e9758,0x7ffab10e9768,0x7ffab10e9778
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1800,i,9195951923024316777,5434236589588763559,131072 /prefetch:2
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1872 --field-trial-handle=1800,i,9195951923024316777,5434236589588763559,131072 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1800,i,9195951923024316777,5434236589588763559,131072 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1800,i,9195951923024316777,5434236589588763559,131072 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1800,i,9195951923024316777,5434236589588763559,131072 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1800,i,9195951923024316777,5434236589588763559,131072 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1800,i,9195951923024316777,5434236589588763559,131072 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 --field-trial-handle=1800,i,9195951923024316777,5434236589588763559,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 --field-trial-handle=1800,i,9195951923024316777,5434236589588763559,131072 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3800 --field-trial-handle=1800,i,9195951923024316777,5434236589588763559,131072 /prefetch:8
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1800,i,9195951923024316777,5434236589588763559,131072 /prefetch:8
  2⤵
  PID:2020

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4408

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:924

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
677B

MD5
5278044ab724583bcf271dd3e3544e27

SHA1
e38e88b8faf6a31e505f8535388b3c9491dc55c7

SHA256
1e4545b9790a9a3ec2efa90e36be66e1f9778d10403755f31c6443894c54c449

SHA512
1e45a9729ce4cbc9789b1daabccc0767b136a941ac28e85a6f830a3a32285cd08a9ff914c177f94c8325e39ba63cae11bbe309762fee33bcfd6180924bd3e861

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5d45e992da360278e1e0fed7891b438f

SHA1
0140006d7f64d23a2e5234b5a13397638d01b3f7

SHA256
48b2ab50953979bdffa35a6263d907a3c3dc6fb34e7225430b6aba9709e6495e

SHA512
5ae70b03644412d1b258367c225589a6fb713bb327e90efe65d9953f8428edc88473c4940672100b3c64a52a26fcdf10ed68d35d5cc73a3695d576d297d122a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
677B

MD5
ce9c4d861887563a021658e735cb3d4c

SHA1
de0b2cee8c3f74a37968b160e77b75d0968b6570

SHA256
0dfb8a92ac2de8280279137ab0e1650eabc032711aa722428b45cb682699a13c

SHA512
c38a57850a1cd94184f58298231b214b47f6538753e89e92fee3b2b68bc9fb783fdbb4e0843b1ee85956ffd941b85f9eb55b493d9538e6d5d38457bd7b1db8a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
eb3a2821ab80450c9b14d1995bb0805b

SHA1
3c8d8cec982744c031e815e8635d1ac91056c451

SHA256
275b1a5e5144e4afa93191421c836e3ae3f052217a3e054897419f6c9aae13c8

SHA512
98d4fd5bef173ab12e04aeafa83efbf0900a959b20243eec7678cd274d6f17c2d34f1897d83e39fa1a942273b785f7b25ffff76d1c128e8cea2e363c7a395ceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bd8a6d018ccb0d649974f908d47eb386

SHA1
d3014238a442ffffd0fecde6b99ad639bba2ae9c

SHA256
3e76c9669374c45dc2f99db849a3431301b30302e69b19f184a03c26311f20d0

SHA512
629efc2ad3ef2ac134f5509c8f4132019959eb1208b8dd23f0fb851a8c2745a40d68fe7515410144882c72fffac4ec67634cb565896b6e6a5e453295781d3e62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
72d1eb8477b35d2946b0e542cb2657ac

SHA1
edad4aedbe26099c9c7d7fd36027a84211d401b1

SHA256
cdb035cafd7e3af263036d2e25269e3bccab7daaac75620e8fe4588d51349941

SHA512
9b1c7ded407f13b2e4ec9184c522f0a1305ccb3003df9ad0dee71df0a53d154b1f6552eae7ba3e06d68989c889791cdc4337f89dafbca1f37ca71cc81cac5bf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
7c4ed34cab6ff630e4153301df556e2a

SHA1
e9efd328209ea0bf3f297c66fa4214eaaccd03ce

SHA256
b7e9e918a2f6d68dbe4548be6d72b54ffb628a88e4f6d420e615ae01dbc9fab5

SHA512
1e3f22f754b952264160eda0cdca40bd5ea4473e1d1bc2b310d1ab54f0019b77c93ac12d1392cd22f1d9d37b07573fa38bbd164dcf92470b9aafd305bbd7f566

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
3e7929aa27716878472542288e43ed62

SHA1
8d2ae0526972e96aa232c06af92c8e1ef877fcfb

SHA256
33cccd10509e8fac3df2dbfb06eeecb0536923e43ff8b3a8cb2ae412c8d41fe0

SHA512
a3ae031036d72d0f5f39fc2bbbaa4b4d81ae52d87e2f1d554c634eb01eac5b3deb199968ab3ebab46c8595b19e1e6d16e7566866d32733f04553344d88de201c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
79fbfe1110d9bf322d1579550054709d

SHA1
d222ef72d0ddf49eda6d16fcd22d8f529cade6d0

SHA256
b5cd4db0e163c0683007cf26ea0a9cad3d75bfcb5ab1c11ee840245819622158

SHA512
3faaf46d5427c576d98036d97b11ed4742f49edf164c7d6515789904478bd73baaf1996cc1be75365bfe14ada716cd61b3a1f95340cabb27366ff7a75484cce8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
47ee3bed7e1d86f813034c8e1f8fba41

SHA1
15685d6e65b0e9973e53efd3f917efcef7a7cf1c

SHA256
05e1108710c5f579dac79c26af64b54004c57205c482b6a85f699c848e594f05

SHA512
6c2cf70dbb79c123a3e86d4dfd900aa0c89cec5e7ddf5e77c872110ea617044ea0613b0b32491672cf7296e0c6dde03e90d1e9ffe13e00f823978e343d800a4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d5fd.TMP

Filesize
105KB

MD5
1db1b5a0d16930574fccd782445607d0

SHA1
6f4a9e7271c7c964a0ec7e8e73686bbcac5a7cc9

SHA256
a393c7e5038f61d7b0f63df6a7ab97e9de38ca8ebdd496d6a71d6f481d5a712b

SHA512
d4c35a852214e0e27230852b443df1ed9cb4ead712e6b4576307de11d0b2736b8995823272f64a0a0e0354f3bf4b01d24a67f25c8306b30d06dcfc7b449716c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit