hxxps://mega[.]nz/file/CPYUgA5D#_WBRcjNE-aU5pAol8k7czfWhT9jK4XOEJwPOOO8WK5A

Resubmissions

25/07/2024, 12:16

240725-pfk2as1dqb 7

25/07/2024, 12:13

240725-pdtkna1dka 7

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25/07/2024, 12:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/CPYUgA5D#_WBRcjNE-aU5pAol8k7czfWhT9jK4XOEJwPOOO8WK5A

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4148	CMDBITX_Crack.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133663832101378983"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe
4148	CMDBITX_Crack.exe
4148	CMDBITX_Crack.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: 33	4404	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4404	AUDIODG.EXE
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4148	CMDBITX_Crack.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4916 wrote to memory of 2688	4916	chrome.exe	84
PID 4916 wrote to memory of 2688	4916	chrome.exe	84
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 3476	4916	chrome.exe	85
PID 4916 wrote to memory of 4104	4916	chrome.exe	86
PID 4916 wrote to memory of 4104	4916	chrome.exe	86
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87
PID 4916 wrote to memory of 1904	4916	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/CPYUgA5D#_WBRcjNE-aU5pAol8k7czfWhT9jK4XOEJwPOOO8WK5A
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb2e03cc40,0x7ffb2e03cc4c,0x7ffb2e03cc58
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,3176458170564733297,3573645051414909587,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1708,i,3176458170564733297,3573645051414909587,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,3176458170564733297,3573645051414909587,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2588 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,3176458170564733297,3573645051414909587,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,3176458170564733297,3573645051414909587,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4652,i,3176458170564733297,3573645051414909587,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4660 /prefetch:8
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4696,i,3176458170564733297,3573645051414909587,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5220,i,3176458170564733297,3573645051414909587,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5224,i,3176458170564733297,3573645051414909587,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5232,i,3176458170564733297,3573645051414909587,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5264,i,3176458170564733297,3573645051414909587,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5952,i,3176458170564733297,3573645051414909587,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5572,i,3176458170564733297,3573645051414909587,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=728 /prefetch:8
  2⤵
  PID:2272
- C:\Users\Admin\Downloads\CMDBITX_Crack.exe
  "C:\Users\Admin\Downloads\CMDBITX_Crack.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4148
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Downloads\CMDBITX_Crack.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
    3⤵
    PID:3116
  - - C:\Windows\system32\certutil.exe
      certutil -hashfile "C:\Users\Admin\Downloads\CMDBITX_Crack.exe" MD5
      4⤵
      PID:1648
  - - C:\Windows\system32\find.exe
      find /i /v "md5"
      4⤵
      PID:4564
  - - C:\Windows\system32\find.exe
      find /i /v "certutil"
      4⤵
      PID:756
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Downloads\CMDBITX_Crack.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
    3⤵
    PID:4012
  - - C:\Windows\system32\certutil.exe
      certutil -hashfile "C:\Users\Admin\Downloads\CMDBITX_Crack.exe" MD5
      4⤵
      PID:3320
  - - C:\Windows\system32\find.exe
      find /i /v "md5"
      4⤵
      PID:620
  - - C:\Windows\system32\find.exe
      find /i /v "certutil"
      4⤵
      PID:3364
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2296
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4780,i,3176458170564733297,3573645051414909587,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2364

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4504

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4008

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x4fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
573f178cd1346e97d6d48600f091b146

SHA1
efb16289f86b01d6ac5936783efe8975d8b48615

SHA256
facb1e84287d7c0aa084e281c98822be1a2b92ee90849548af64d6b6506f7f1d

SHA512
86379145835f5f57442abe8176f6ca18c16815c1bb22f12902e1ee5b5c957d18a5488d294ba46e25c811e6c96606d12866edb87d19960d2cd7cfd7f882270f7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
f56cb6946017f3ed22089e7a5b5a5c5c

SHA1
53517ca5057d3e8014c7ebdd34b374aa0442ad89

SHA256
2ba6869cc27bd76712ffee07f5d59ec297b7291c687baf2f894a5e67a359b849

SHA512
ba16d49ac4a3ad9dc1fcd8bca37408e7ff93cd7c3b05dc9c766199252ad1608a48aa624a2c2aa4f991fd011b2c2fcdd5be0b986f8afacdbc24865b3c619ef9a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0367a3e86c55228b06039c0c6be86b79

SHA1
f0c9a31498017d3f323a0036bde43ceb33424c34

SHA256
89cec7112e4243efcced603c252111532123fd4c393fec4062bdf8fd69d8a71c

SHA512
263ef1a7a9bedfcb20ec17555624c6dd453ccd386299dda8a365b3a55167e1ca8a43bc1ced284d1bd29872ac1d623767ce2b68cded5fa8af7b8ba8303e5121ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
dc6f614ac07c4ca03b92780bb3d8ae57

SHA1
be17bfb7fff4a31b54a67c11f7e9ccbf31d4a1d0

SHA256
ff1cb7be5cfab3471bcd258c9261b384eb7e23bc6c3ec702a9f03986f29e8615

SHA512
f3a374d1abb31681e16e1e9d05ecf97d3259ec55d9bed7331da6cdb5de102da2bdfe6d949fd2fc427de2862abde49553df27ff97cfd8f2aaf91b7d6d33383e8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a04003677ec044437bcb429c5e91c901

SHA1
ca6a5c19b55c689c3f57715540708ed35828c025

SHA256
148b103e9f212cff67c0d446da46a2549b489febef4acf5550d5f6a46f007186

SHA512
5dee9e9371634372f5f049aba448c66cddb97189b8eb4e03324a9e896bde21bbd1090662930bdb54c21246b1a0b26c3e12935188276fccd39d6560190dab82a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb32103c112e6bce52cefc5afc0d79d9

SHA1
5f57fe7abc6006e452ed2a753af1675500df1425

SHA256
5efa74143dcd50f57dfd07c2b220d78614c27efcdf5338451c0f863b87e5390d

SHA512
851d57befb0a39f04cc9bf0de8c629a92d9bf82b1ac2df685696668c579e28ee01590d6e52889c66271a050c1b70e3022b4e888936ec5b1465c09e6ea9d75368

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
90565ef39a1f76dd5a6ed21e1df965ec

SHA1
849855db281ba5c564b938d91729e404e7d624e8

SHA256
99846d225ef3acc5bb642a86c69631fd49d03f5bb186550beb7f961574d5cf14

SHA512
187d5757f912c14779258fa4846bda9cf9e0ab1da788e21939a3f95a2ac62757b74b315732bf904f7eaa79357047f9db042cf6b87ab618e41fc7494661d9c459

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8058678ef2f80227ff6f900da879a65f

SHA1
4a90902c9d74efd83efd66a3cd86bae9716f3719

SHA256
29d71f824b2e30a07ea01deda25e0344c08398acb0f62633736bf66f3d4a0311

SHA512
2ede4bd7af6f7e325fc3d05ba4e8d135c38252db14ba0c59856e42842f95e62501e0e9af19da6979332d5f9e6d2efe1f443875139455889c9868bb6da208ab53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
31e22028863a37ec6ee4ac9a2c647c8d

SHA1
a606c6ef42d386eedd4eb60a220f4d9c14075dba

SHA256
ea3bf2529580787c905eacc1b5b73f2c63e8611ec55716cec88f3dd48274a240

SHA512
3118bbd69c4fef9004a969e8d09aa72fabf658b994c58789834b6c505267c0b7bbc80c317c754429a16df24fc5bb0b70f03e24db03fddc042f48f34c3cdcd2cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2c0d49cba48bc3b38df03a9e9100fe98

SHA1
5be3ad9612aaa6da2d178077649cbf20ca8337f0

SHA256
fc36225ddc8a574254a9c5775389fee6d6c1eb5321d8984bbe216163d1ce4aba

SHA512
be3a6c073ace0b8dc9f33033eeeb8ab981142eba5fc5956939b3d27dfcfa0c383add21bd1d7952c451278d2f8f5fe422881e3bc42febd2ddb038d4dd74db38a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c38574af218352777653d2f8e39168c9

SHA1
479c5c4c9507d447103c717db878b5dafc1ab956

SHA256
444cd6f31ab30a3543838502bf8438a4dfc034c3e39a38f1eec8b2ab7c6585a9

SHA512
8e912a73d8b040f71e1181ece8dc6f5a131df5891027247670328a0dd220911cdfedb11bf8e9b09158767acbbee31e289b4b52302a6da4f3877681443529ac62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7ceafa7a3fea1c967e2be4c3feecf04d

SHA1
35a9767f64492ec492532325d205f2fd82c75df4

SHA256
e46b9c072601d04d9f0dcf7325fda99de22417c8e3c7cfbff5e679e3d6a6bd16

SHA512
afda8aa8446c4d0ce217a277dd607ee6d40387200e08dfbb9aa9c18786cba72a212f1c37deb00ce576ad23052abfb4f4eaa5e4e0eda967d2ef478b60229346b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e5920ebe63a16203de1b8e7ae9f040e3

SHA1
f1d32c3bdc8d80f4960d18185c0b8a9de8614684

SHA256
9bd607d0dcb5ecc46aabfd1365b11f36f0282d4f42eadd3b03e778d8c8be30a9

SHA512
7648056a7466d1a12c85b6762af6a07ca139390b944193c08592702aaf43175d388ab481f832447d774ea0d78e47023f1c5b426c875f0fa96707be3f2f0100a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eded3348cb27c715a5dcec885dab7a4e

SHA1
ba9d5a7bca21549638ba921b2d6d4766914cfb86

SHA256
82a68186d3007d4b889569b4db5a63a86819873f03cb7d3c060d48302833ca23

SHA512
93b53ea2bc7161ed189351013a97a497a17eb665faae602cafefc158086ed48dd5bd5894dcf1e48a435d7f1475a858fa52afa98f13225deece7ffa45bbcc279a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
3892eed63533e05dcf625fb8aa75960b

SHA1
03daf9d0a4b59d183169add121c697f82cd55dc6

SHA256
bcd8c27dfe860fb4f723444e25bf145a0a4d8be947070cbe69ea00bfc80e48de

SHA512
743a57ffcfd108a6732e25ac17a41ffd536768c6f7934efc155733906506bd32148dc5c2b800f23881f5667ffaa50aeccf8e2099a7d55aba62d826ec90bf14f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
4e5964b145e998cfbaaa3fbb5a03f7a3

SHA1
94cce0520e0e97052600624a491f7bfe1094f95e

SHA256
283590408c15006d94ece2641203bb59adf68639b0f78bd2ed38ebf4b4ccc463

SHA512
739a9d22751e675e73e9095756c8f02222140146f80423b159932d46158d7a68a0e50f786e103dba15e71068fc62aa02923f52042888f2b61bf4612262174a9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
29c50ad169ef7ba25e3682bbc4dbd222

SHA1
c5f02a40362abb0418d6c0bc8deffb46b884a4db

SHA256
160531296b28f91a3ea1ea31cb19cb66cf19d7de748b63357ed7cb76b6544d06

SHA512
0b77d7fa08a68a120d31eb31d16c65d485d72456d8a31f20c6b8fa1ff06a5011e0bfb534a7d4a608bdd8ad25fe16f07dedf396a67fbf2dff1df93d890130415e

Download Submit
C:\Users\Admin\Downloads\CMDBITX_Crack.exe

Filesize
662KB

MD5
a96f69c29be4f8dca0ae37c23b0871d7

SHA1
342ef9f522296677bdfde9f742c18066e6e91bd8

SHA256
d83949893ecc04098b92a5439919a0bbd95d47d825f1bb0ec5d735fd8795632c

SHA512
ea47afea8af644963c05b9cd32c4e49eefed875af1883ad255b3c621680902ca3e9b8ca68e12626723547a804e3295f73d02c7ef8bb44caa9a2322a8cbad808a

Download Submit