asyncrat | hxxps://anonymfile[.]com/6N7N9/tdpremium[.]exe

Resubmissions

29-07-2024 16:49

240729-vb54kayepm 10

29-07-2024 16:48

240729-vbj64ashqf 3

Analysis

max time kernel
152s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
29-07-2024 16:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://anonymfile.com/6N7N9/tdpremium.exe

Score

10^/10

asyncrat tdpremium discovery rat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

tdpremium

127.0.0.1:4449

tdpremium:4449

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
false
install_file
tdpremium
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral1/files/0x000700000002350a-357.dat	family_asyncrat

Executes dropped EXE 1 IoCs

pid	Process
3000	tdpremium.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133667454288492472"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 1500	4104	chrome.exe	84
PID 4104 wrote to memory of 1500	4104	chrome.exe	84
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 2880	4104	chrome.exe	85
PID 4104 wrote to memory of 1700	4104	chrome.exe	86
PID 4104 wrote to memory of 1700	4104	chrome.exe	86
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87
PID 4104 wrote to memory of 1916	4104	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://anonymfile.com/6N7N9/tdpremium.exe
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb03fdcc40,0x7ffb03fdcc4c,0x7ffb03fdcc58
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,7181576106369083947,3294290657309042720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,7181576106369083947,3294290657309042720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,7181576106369083947,3294290657309042720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2464 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,7181576106369083947,3294290657309042720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,7181576106369083947,3294290657309042720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4480,i,7181576106369083947,3294290657309042720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4544,i,7181576106369083947,3294290657309042720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5104,i,7181576106369083947,3294290657309042720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4332 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5392,i,7181576106369083947,3294290657309042720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4584,i,7181576106369083947,3294290657309042720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5152,i,7181576106369083947,3294290657309042720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5532,i,7181576106369083947,3294290657309042720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4652,i,7181576106369083947,3294290657309042720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5388,i,7181576106369083947,3294290657309042720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4660,i,7181576106369083947,3294290657309042720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4512 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5124,i,7181576106369083947,3294290657309042720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4408,i,7181576106369083947,3294290657309042720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4916,i,7181576106369083947,3294290657309042720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3164,i,7181576106369083947,3294290657309042720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5676,i,7181576106369083947,3294290657309042720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6380 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5708,i,7181576106369083947,3294290657309042720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6408,i,7181576106369083947,3294290657309042720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:4100

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:876

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4968

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2432

C:\Users\Admin\Downloads\tdpremium.exe
"C:\Users\Admin\Downloads\tdpremium.exe"
1⤵
- Executes dropped EXE
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2373d0de403e50976828b922acf08a9a

SHA1
d1fcea295617f511e8826312a5c08edfdf337e51

SHA256
350b9863761b8f2df36c6215f4dfb5cb8b65d8b3e11b814bd84e51bde29d5025

SHA512
025b682d1ad55ab140a58ce44ec8db07a13e233a2b9e4fc1297cbd0388ed31a4fafab081f6ab043bfa2f303049d57b0c1804952af3ef7ca11fd8b2d83102b582

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
9e5985abcd9a1013418a14ed9da30bb5

SHA1
dad21d046c7f80696f1359d85e997c75b33b782b

SHA256
c2d05194859855f30d6180accfeb829702082a04d69f2d2dd4b751fc6fac34b4

SHA512
286c02f929ba3849380be92130c51b88b30be46c664307f7d73bd3d60536d8441064b679683862f949c15e0d37b62998152ae49bb54547ecb1c2adc56b5d091c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
11e8fd7d56b27b2853da1fdb66c9ef2b

SHA1
991e36c1a76b80af3465872be2adbf8b1bb740fc

SHA256
7a4175cb9910d89ac26bc30edb3b563d31d5c3ff306885556325fd2aa0d02b02

SHA512
6930ef2e60afa943275dc1ededaaa70d926a93196e521d057f95fff1a45032f74082221e7c614ee4e7765e6f15ed47677c3c3bec2c515fc64ca2db6170223fe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
34472bd05f6ba8f9ef73154079455745

SHA1
15c9adf39b824469373750eabd981842288686c7

SHA256
921676d3d03f90bb25d6136dfe3a82a883e6bfa30d14c3a2674487fceef9e9b3

SHA512
93165dba2823164f31a62c8b9246c0fd48862a0c7330fd879fe6f27beac3c133e5d30a5843709b9ef4e4b0e1df30eca6ae25b55ef8dba2e37ca176ea35b6751f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
735f0a80b9da044cabb6e7b0da63b0d9

SHA1
fc79c09c4895af1694b64887feb715fba50747b6

SHA256
106a57faf997d4feebd714fb776e5a0e5fbebee18140d679d4a10f2d35c11a6c

SHA512
000404425bb4461494b64386513132cd0b954656088223b6e1c4fafa448126b84777fd164e2d88d6fad92bf88ce92fc030d03f452b1e621f12598859ee823a09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
69efe5d980364aaf89a4377f47dc678f

SHA1
fa15b2eada424686789e56c396f1bc30e3c444cb

SHA256
33730dc96b7627fe71c53fa643a4882309723bd0eec40694d6cff866e808dcf2

SHA512
5c91c8ee392fd1771f8aa34743013b3e3b6b7bdb1689574f4466114fe4910c396c95eb1cc12d5e87ddde0faeff5d7655fdb8f3783ce6fd092f2bc84a19265d69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5f9ba00b49e7d7afb031717c71847c5f

SHA1
59a24a6053e51009a79754193e1b764945e68438

SHA256
5113e4ffa9c9f0c98c5482099dc4a14407fea80d35bcbbfb7305b9ef8aef9806

SHA512
89ef4de6ec47701c8bf0990154ba7af5cd1fc3c9c6886310cfd78a46f9402e95a2f019cf194c41c23f6f55d87e2825463c20e30741df1819abb19c8a1a71730b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
747bac8f9db7798aba4c31ba2c9fcb9c

SHA1
b4e3c94ec7e992eff6de6e1cfdcb5fb44f7a673d

SHA256
f4db33f533fab85e6f2589f579a6bac30a1e6720cc5de99dd57815f8af2fa94f

SHA512
0b647f94fbea51db32285fc9bc4ba5d605df7a474701b08d1344e75d6f1387875128084a2c11ba7a112c2836311f4e23032e7cc6202c5212bafa5b966c8721d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
823204122a7d291e6405d16ece430e95

SHA1
d4f0b630e54c40fc2ead91189f707850b9ddd2bd

SHA256
d597f0f645970bdbbdfffee0e106b97a33d4f0346db6c90017ec1be10a74a503

SHA512
013681cf63114b712cca058620284c99d168de46ef796a232e72a1e3c8576c15a9f0152b51442afa8469b0eebf162a9b6fd9248fd4d4d12b0fa95ef3a8062b90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
afd3ab2bb3ad39da75b25d5afb1bbc69

SHA1
87be499261ab93c6eaf33f8a62bc41b46cd67266

SHA256
67a14173d291071cd7def450c24b613ccba67ed324f578c86f791129058a36b1

SHA512
dc0635667c0a1ad5d19e668383a3e888aa48b0240ae26bc795958577610b5e97c2a82278302cc0edf619788f55c8145625a30612866e57ee11ee675aebd868ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8baabf704dfdc60916e5cb3dad6a89d8

SHA1
dd6914f5fbdab340caea5bcbf61a2e3e055d40e2

SHA256
87b05d51a54f88816eb0459f399c8714c3bf8fd42f14a89a16030634544dbfc3

SHA512
1cc674820b911ec5ccb0f161352ce5df144f7f9f2d59dfa09e141f8b5381db36fb1d0a7b6990ca75dfc93a821e62d0ed56a0b9dcfa2106ba54b87c1ffc8a4ec7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
62618c8e9f77279201cce45c28b1648c

SHA1
01480cd1032bd05d146df496b32f8b88c403bc53

SHA256
42311ef4c6c8e7a792c8f5012e2db23c921b347928c860eafe93f7d683866df7

SHA512
6f5310dd9f476dcc6f689910c8884faae989f007a9fa8d4f7b27c8654858263c7754b1d20cf8d04837af70364addd66620c29922cce46ba5fa79a83e59a63b5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d80798feac49b06141df96c2837b515a

SHA1
523986dc4bce5efa85f124c08cb87a03a2a9f90c

SHA256
991a49408135ac718c05d97739c332312774875d12edcc876aa5b542b9ac087b

SHA512
a6141dfc592015c3c907876638a1aa2dcf660dfb632b69eae8279ebd4007af9efbd4e4f00c263e2cd7883fb2bfa78715cc9cdb3ff094f46f281471d895b33765

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
76959260fd27d10b318d7badb9dfdf8e

SHA1
9e93aa666b2dc7d1dcad32b386da2506e0cf9abc

SHA256
bd9e86916b178b3ca7130b5886db6cea0e21b785bd472cb3e1ea042df7d26458

SHA512
f9196cf763915511a0089fd611120c66f818616f272deb9f73ab044783465f1c3f051c55a160f2e13ad3b989fde3f63b6ee07fadcd14ecb10ded72caadbd3c59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
423c4a17bcfd98fb21e299fbb0d6c009

SHA1
5092c2307c14325ecde0f5d4455108de4c8f2d58

SHA256
13ca0641a04880dbe5ce2845698b41954c6b69c83612223278d90df0e8afab78

SHA512
6cd4b453eff67f7a0002f5f1b02391cdfd984ee23230d9f971a4f00383876ba73da1401afa40a5a46a9411ab8640ba4246e421d4129bb8715ed63324c49d50e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
72f8b7e5c37a238a22a6a311788f0954

SHA1
e22ecc7880f84c357897b1c4f3325fdae9bade25

SHA256
4308de20407ca62e94bb3b2d0e0f6ffe8194e3f821b6e7253fc484afbd5bb998

SHA512
5843677a87bf308364e027cd01bdba5a42c37e4059823db15691fe8065e11a76ecceba5eaa0f2d6a1c5bbabc13ac66bd1af9b78bc4ee01d0ab84d3d109df9dbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
ebe2bea85bf14d2b6d2f19f1ac504bbd

SHA1
6a6f66d10cd6feb6cd60c26837d951173ec0d990

SHA256
40f8f03e2d483277d64a68ac01756e53bda04a252e9f1cf912c67a96af7000b2

SHA512
45bdcf57e5a5fa8c0b14449b9817675a9343b0bb032396ec125e29cde0ff7fb2be12d20f30ace61795f36a25b39209304bb0bf8b31aec6008913029200ae1639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
d2ffee5be2f215f7e2faa97ece021bfd

SHA1
ec4cbc144a87db3bd532ba32f3dc26689bbd8737

SHA256
dadc59e61f05ecb654416df2f7187b2382e083c0b463a2170cac2b538d979ce7

SHA512
4916615ebb68fcad2ec5cecf2d0c0f8907fc27681c895cd3438c18afeb84a9496ab31425686855e8391e6f074872011388e990e32750a52c12e20595324c5753

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
4a2edc502dd423b062de5e89f9863114

SHA1
4ad508743df91bd94a133c6b47dd57f6797173be

SHA256
96d9d85ae261c94a8be6b2dd5df28b546b0857cfb8b0324515c95ca3f496585e

SHA512
846408575fe96ebccbc405d9ae39c472fffe6ce0dc6a2c6a501f702edb85b39e765fede52e6bbf5951b23c21baa74bf1a6eb9235deb5c97c9eaf34a5eedddfd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
c6fe3102567f5f9d7b0d5aa4806d140e

SHA1
f7f95f027b6b918c1d4b956100782b85df530cd7

SHA256
c8fee9a24c9a5eed0baf7d38833e39f271695dd75d5a54f3c8311cdecb1556fc

SHA512
b77bcd75e952bc84fbaa064a8beaf8091fe0099a486193f4789b41d3fcf46146870bc45a67838ce7f69f52840ca43ff764cd73dc45a2c3319da5bbe287a34be6

Download Submit
C:\Users\Admin\Downloads\tdpremium.exe

Filesize
63KB

MD5
d941f6c4049e424a09d3c69fdec84ae3

SHA1
871f2ae6ee3eb69d26a65e5df6711967330a7118

SHA256
63e18705d415277ddc4ef5bb54bd745f9117e12d5d571a78caf8f5116a363e32

SHA512
317c41cd56f5465c1ff02cd6aa44b260c9d9a31cd955e3d3a43ea37b996fffd4c21c85fe7447ac4b565b12fcdf90270b1ddab6902503c17c4715c71bcc9b3302

Download Submit
memory/3000-359-0x00007FFAF45E3000-0x00007FFAF45E5000-memory.dmp

Filesize
8KB

Download
memory/3000-360-0x0000000000D30000-0x0000000000D46000-memory.dmp

Filesize
88KB

Download
memory/3000-361-0x00007FFAF45E0000-0x00007FFAF50A1000-memory.dmp

Filesize
10.8MB

Download
memory/3000-362-0x00007FFAF45E0000-0x00007FFAF50A1000-memory.dmp

Filesize
10.8MB

Download
memory/3000-363-0x00007FFAF45E3000-0x00007FFAF45E5000-memory.dmp

Filesize
8KB

Download
memory/3000-364-0x00007FFAF45E0000-0x00007FFAF50A1000-memory.dmp

Filesize
10.8MB

Download