deadf947dc6be85497b30473dcd6ab9a711b2e0a02df847c25f8fd15589a9c8b

Resubmissions

28/11/2024, 05:26

241128-f5dh3stlbl 10

28/11/2024, 05:24

27/09/2024, 19:50

20/08/2024, 17:46

11/12/2023, 06:01

Analysis

max time kernel
168s
max time network
170s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
27/09/2024, 19:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SeroXen_Cracked-main/SeroXen Crack.rar
Size

8.2MB
MD5

a28bbc6271992ffc4dbd706fca6034fe
SHA1

6a8f5bbce1d17fd37f7dfb59fffa1c16c3fccd17
SHA256

306d942083d3df861ab01b8ea413c8059df0e9ef95b73ed0dddfc8be5a8567e7
SHA512

22298e426eed578fa73585461033e3d1a597f7e93640d033e3d03d449974c4f25a70da463c0c69698faa1d546d4e75cb13312ac17c0d9ae51c69e32a0d20c213
SSDEEP

196608:Hi1/tl0L6Tt768UDVRNvlzZVUuphoFPgEHB4+7SUTAsI1SMLhR:aVl0Y1686NvpWFSKLI1PR

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
3120	winrar-x64-701.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133719404250972568"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings	cmd.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4744	chrome.exe
4744	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
884	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
884	OpenWith.exe
3120	winrar-x64-701.exe
3120	winrar-x64-701.exe
3120	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4744 wrote to memory of 3920	4744	chrome.exe	84
PID 4744 wrote to memory of 3920	4744	chrome.exe	84
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2392	4744	chrome.exe	85
PID 4744 wrote to memory of 2876	4744	chrome.exe	86
PID 4744 wrote to memory of 2876	4744	chrome.exe	86
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87
PID 4744 wrote to memory of 2460	4744	chrome.exe	87

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\SeroXen_Cracked-main\SeroXen Crack.rar"
1⤵
- Modifies registry class
PID:1956

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffe298ccc40,0x7ffe298ccc4c,0x7ffe298ccc58
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,7278308433844307439,13879960881208218444,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1436,i,7278308433844307439,13879960881208218444,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,7278308433844307439,13879960881208218444,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,7278308433844307439,13879960881208218444,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,7278308433844307439,13879960881208218444,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3572,i,7278308433844307439,13879960881208218444,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3652 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4576,i,7278308433844307439,13879960881208218444,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4452,i,7278308433844307439,13879960881208218444,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3648 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4900,i,7278308433844307439,13879960881208218444,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4448 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4316,i,7278308433844307439,13879960881208218444,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3460,i,7278308433844307439,13879960881208218444,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4788,i,7278308433844307439,13879960881208218444,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5144,i,7278308433844307439,13879960881208218444,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5224,i,7278308433844307439,13879960881208218444,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3200,i,7278308433844307439,13879960881208218444,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1324
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5976,i,7278308433844307439,13879960881208218444,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=224,i,7278308433844307439,13879960881208218444,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:1724

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1648

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1968

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\039e49b079ec4ac3a8acb3556c2e6f05 /t 1336 /p 3120
1⤵
PID:1772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
78983ab991a60fe001006bf5e0c6cfe6

SHA1
eab4bd35c820a32a4785e018fc67d74c1fe92d88

SHA256
0d497964d3ed07d0d39a94b1aac633ca2d2c582434662b385bea606b5f026baf

SHA512
a9d886f620a4cf63857d5a08ecce2395ea8ab70c55ab6725708dc8e67a23c2944d0194dcfeed79b4b187d3a5194bcb7f00b78db75c0ba9cb7dfd602dd60ee230

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
a8b6db284aa7bf8523532599fd4dc0ea

SHA1
f135006255317f72b3dd2d70747f77323de246af

SHA256
91af1421abf2f9e7eea03757953908fcebe61745c1cf7ae2ec4494dc607cbd1c

SHA512
22cad3b51e795f4abe296e3248f0620ae3c2fce1cc6d291be4e586af482688fe3a9c211b29dec287c007b7c42b28d368cda699e3ceb47b9da97e38818c124113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
2ad250cb3e639d967a0827831faaa4d2

SHA1
ba0be1c290683277588b169e11a4cc18be8f5497

SHA256
7d769beb1653f92ff6bfedf6858da3c0038b670be9ef9d10c07d84add5e8cc76

SHA512
b4085b29741ec230f3bff52849469fb4dbce25c6f59408b49aae539142b7db4e1a0741b7158ad886fb3f5f7d83ebf4bf6c047c3298a103bef06b5051f139d6fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
78137b9be4004907843b937d330d9790

SHA1
175ff368874671eee10455dcc23ee3dfbb680d98

SHA256
3cc1137b389553f9f5ad11be06c16a3b06deb6eef41fa8ca3797a47f4fb39186

SHA512
50fc71cef238f6fc9d90265f1b3c05438904c5ad16e795855c7da8204f5533e46bb6880307a81ede361358a3c180283b25006cd735db93c786fe4e7c36208faa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
127c25d27ba13c06fe9b21b8cad4f751

SHA1
9cf4f0522ca7fe1446e1fd3336ddac0346e3dd31

SHA256
3d655092cdb9805885adf90871f581fa9836f2b58a7b0096850e4a1ade517982

SHA512
8312fa477fa37fec9952315928c88775e1ec647d0bc64373579fe58d8defe4d1659410713fa8b5cca995bbe1600db74745cc52528a7d94c7f5e81e4e1de5673d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
362e52ead398c294356bb9fc89c425cb

SHA1
2d289ec8c3d5d5bb0203e98c157b973745b59edf

SHA256
29ceeb987d626e8fb8504cee35b6e485e9569538578fca4e884558ae9c5bc348

SHA512
7bb96294c6f80a91383b6229dfb3fe2bd31233c84834bbd549bbf46f8a37a0d98598dcad4fe5b9ebd89700ccd6a453da6499714f9a50757e2a8e07edffcab61c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7dd40d9a98ccd7afd6b6f0973fa230a1

SHA1
d4a55d0eda1432aee4608932b8065fadc302211b

SHA256
c8b3fb107f558ddc199c40fdee817ddf0c95db4e3f794c4fa134ad3d3a898f2b

SHA512
4fdd9d07aeaad5dc76b65ea7cc32fb38616fa24f29e457c835085b8cc456c21ebc7628c0a10189b1b18b07184b935c05bd18894d473b64cdd671cd0ce830f047

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
51007c4ee9c15988acd873c8b6fe58b1

SHA1
7a9caa0b7672e13d31ae5bfd6b2c400db9e93c5b

SHA256
f5bc4cee9383eb98ea3f88a6e5b3b508d6c1e96d7d14a3ddd8de0d5a1136087f

SHA512
4fbb3ed5ae21679a5ddf2c7be9eed7ebd16ebc70e87fcd3dabb3eaeb9d9110770aea0154e0fcea1fbceb41fce705924a69931f1feb4be45e24e484513886cb37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
b4222d95015ff86c6e9cbe6d03246368

SHA1
ce39ac9b3e7d7479aefd16ad8571961c0f08fe4e

SHA256
e949c6e36d37ea6a63252b1fb3c4f7a1f95e0b851150f767e0e6b91898c5fdb4

SHA512
cb77af5c477894e02469a85b9ab7a106a0e9f36d5ef2ca7d9bb8cd5d3d920f24ba7615c1713f8c19b771ae67cf19ac3c788ede28ece22be110a286bf520829be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
85578651f5a9e66352cb1d50a1e2028e

SHA1
6ca53cf04f938d3bdec288991fb0a9d7378f16f4

SHA256
798dd7d3ac2b4037b0fc753cff011edfe482f3b368f74307d8cccee4bef5faf4

SHA512
17f1e6f27f78703ca5bbe31fd7909f0525a1979ea0d49fefdb226289eda765d7cd8b70b6c135208c987bb0b4b25954d2cd84e343692b153e29968538ced16a1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
a2b7f334ceb46907599dd5bfef31ac7f

SHA1
6c988ff36826ca187e19435c028326bbaad53a2e

SHA256
fcdc49dea27498a6438e453b505fe4412fbf7d50612196ab507dbb7f4c5d7b35

SHA512
750668c7d1fdb18f15f74887b3a3d437e8fa7182cf96a0fe42b53dc217f0cdf29884f8fc8c469b194a8de71f886b22dbe6c5bac37185be3d0eb98d381a8f5934

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit