hxxps://www[.]mediafire[.]com/file/2xxcl3u0zv8ienv/MonetizationVars/file

Analysis

max time kernel
38s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-08-2024 23:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/2xxcl3u0zv8ienv/MonetizationVars/file

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133680655303986286"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2812	chrome.exe
2812	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3760	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe

Suspicious use of AdjustPrivilegeToken 28 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe

Suspicious use of SetWindowsHookEx 23 IoCs

pid	Process
3760	OpenWith.exe
3760	OpenWith.exe
3760	OpenWith.exe
3760	OpenWith.exe
3760	OpenWith.exe
3760	OpenWith.exe
3760	OpenWith.exe
3760	OpenWith.exe
3760	OpenWith.exe
3760	OpenWith.exe
3760	OpenWith.exe
3760	OpenWith.exe
3760	OpenWith.exe
3760	OpenWith.exe
3760	OpenWith.exe
3760	OpenWith.exe
3760	OpenWith.exe
3760	OpenWith.exe
3760	OpenWith.exe
3760	OpenWith.exe
3760	OpenWith.exe
3760	OpenWith.exe
3760	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 4052	2812	chrome.exe	84
PID 2812 wrote to memory of 4052	2812	chrome.exe	84
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2756	2812	chrome.exe	85
PID 2812 wrote to memory of 2956	2812	chrome.exe	86
PID 2812 wrote to memory of 2956	2812	chrome.exe	86
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87
PID 2812 wrote to memory of 2896	2812	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/2xxcl3u0zv8ienv/MonetizationVars/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe8dfecc40,0x7ffe8dfecc4c,0x7ffe8dfecc58
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1608,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4556,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4696,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5220,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5388,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5544,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5676,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5904,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=6028,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6164,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6116,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4936,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6364 /prefetch:8
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6368,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6520,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4700,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2592 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4800,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4764,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6768,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6788,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=7080,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6784,i,5808436670757897033,6106104288966188045,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:5204

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2552

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:760

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1888

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3760
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\MonetizationVars(2)
  2⤵
  PID:5036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
eb942bdb6305f3315f94ae3c05f48dbb

SHA1
7674299d7f21d68d74ebbcb1de993f2c99ea6a1a

SHA256
e306a68470836c921619dbbd8ec7c697a25625402fc95add71250d41231787dc

SHA512
1509991d75b19506b3c4fbee4b75b5caee8e5f1ec7c810d4cbe21ef9ffc32b472851c25da616fcf8cdd9a4b4e57bc5625eafa3d1803f2e41c888d449a2972c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
08ebd374ac21cdf9745572eea0fcfaf7

SHA1
0d1c88f2206954238c0b008730e83f58427df668

SHA256
b9394793631482aa6a38a3a61efc651d3d711856300bbcbf90557e956d637b09

SHA512
16c0042f4e7c5e403f30adfb89bb0ee8f9be46c0bc2246328a62f20816301004a216a808934d80f1ab221faf8b555015aa4c2ce8b970a2849ddad363926708d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
359dc2dfee82b08bacac6e81acf14acc

SHA1
9f1513e0f8b31fbf02af93c536c7f24a7d0e7eb0

SHA256
1ecb18aba92df9ae5ff6219882347b352c0b3b2cef7fe4afc69ae2a0fdf0ffaa

SHA512
62d057ec35c77f39b4cb3303bfe96b87f9a8078bd8adf3c14921152b5f54443982712800111420d238d0a84035751cb00406f1635add35a34656d28ba8f8f055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
90ac714ef0c739281cecf5a05b398450

SHA1
7b4f422ff64b48689c20a296d0cc7fe455f5484d

SHA256
301d9601bab490c5f01ad99a113198497c9b9e7596f94c834207059e9dbccea8

SHA512
78905107dad40afe5f62de6d99c1f825b428f6d0a26612534c6c7152b1b547f66ab8140ade99a2203194523032f7e3a9312077f544cdd4cea75d50d7dfdd80aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
fb72781d0b7066d602be6bbf391f5bed

SHA1
415175433b8163ef001b31c068821fb0eeac000d

SHA256
a98f6835006d1edf8c60dbb030a3a174b21feec9eacb04b3c757d848001f5424

SHA512
cd158df11d75be3b10845c6fef8d9f4c558da9eda71c7a93f713d952ed30ce5aeeeea1e0c64ac0470e92941b0f7a5e2cddb43539bb0e887952b4f321915b0fc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
8ab7c6ed7e8324ad155e2d902048ff4a

SHA1
0317ab81c4997425fa8f65cfaafcebba819dc56e

SHA256
702f0d03edca8a6aa46ca85796a53585f5cdc4505c33ae013b2ac4773a4a0ba5

SHA512
174c7e8216f52b55900acf3f8ac4671a3597da3bf665f055fd819b05361fb4303d379f1b424665f9108b3f610d88189c4e4f917cf4bf732cd2c649e792aacbb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3689fc1926ca3d7a3030953f09c1c0ba

SHA1
26b8712c9860c868d4fce978787043859adccd81

SHA256
034777219ad95a89011097ef106536375879c6413cc6c3ee23b8c4f56b6295ab

SHA512
f38962d0c5721e9ea29cb63617f277e135db002f92a70778db78497098c7698e306d71dc9aba14fa3ffec74aca4c4e922357f3c2cd583f53771d0462635e39df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
3ea9f39f1be9ed9320de17c527f3ce3f

SHA1
d2307a63cb8705b6acfe181432d5aaa1535581e4

SHA256
b571173310e7027a845522906a71ca38358096dc19a7e766b7755c1f819de786

SHA512
369aece95c3b3f449a3a3dbd6e086d589df76d508ca637550cb029a67163a1213e8f473d5265dc4781d80249562acd1f383137421b0b44ef7885f7c7e9d30bc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
cf644a34a95f9560a99191625b6167af

SHA1
c217afe979e7db7b4e178ccd32c209e177f5f2b6

SHA256
45a3a76ee21d6300e9a2d680c6c74504f03a70d01e3ac4eaf9f8b499aea9bbff

SHA512
bab06f8b13fbf8081146872917a8a05d9be03c58cf27d0244c08c05a1b8338bfa73fdc7e6b270fb5f41f3728854fa0674a074086853448b6f490413b58e21c7f

Download Submit
C:\Users\Admin\Downloads\MonetizationVars(2)

Filesize
8KB

MD5
53fceafc4fe4279dc2e4a3d74e7b76aa

SHA1
27c50106dc6b630bd37cfe05131d7f13914275a3

SHA256
0b25571a61618b4e0744a2ad8ed536a77720ed3009434c1edbe78ecfd0eeb92c

SHA512
707dd6c734933c566e0280f55e019dbce9c04cf2169af5258e3abdd421547a33e4109a4d32034a9ed7d4ddb9fdd17905a198bf1475203faccd8eb94b9117b2ed

Download Submit