24d0fbed27eb3ac262a56211591e61b9ddb2ce45d9b9f34be78dc75f69e5df0a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 14:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Select Your game.py
Size

199B
MD5

ec0f787a40ea8410fbcdd5a89f7dc4a8
SHA1

ced37cfff90c35693ff7cafcee1974af9697d72f
SHA256

2310424e2cacbeafbb655273eeed4ea831588e69533556eaec8a35979c0513ea
SHA512

b0385971e3effa048eacd91010e2502182fc69c1276d6fc92dc278c545a35a96744dfd8179570d4204e5ee260730c3cb2a758101c32b253b94b5a497f3fc8f9a

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133580120980049825"	chrome.exe

Modifies registry class 4 IoCs

Processes:

OpenWith.exechrome.exeOpenWith.execmd.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1388 chrome.exe
1388 chrome.exe
2868 chrome.exe
2868 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid process

1388 chrome.exe
1388 chrome.exe
1388 chrome.exe
1388 chrome.exe
1388 chrome.exe
1388 chrome.exe
1388 chrome.exe
1388 chrome.exe
1388 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

OpenWith.exeOpenWith.exe

pid process

4108 OpenWith.exe
2152 OpenWith.exe

pid	process
4108	OpenWith.exe
2152	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1388 wrote to memory of 4992	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4992	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 3252	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 1584	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 1584	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe
PID 1388 wrote to memory of 4068	1388	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Select Your game.py"
1⤵
- Modifies registry class
PID:3348

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffc2306ab58,0x7ffc2306ab68,0x7ffc2306ab78
2⤵
PID:4992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1964,i,17666927658373595067,3291291429175167372,131072 /prefetch:2
2⤵
PID:3252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1964,i,17666927658373595067,3291291429175167372,131072 /prefetch:8
2⤵
PID:1584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1964,i,17666927658373595067,3291291429175167372,131072 /prefetch:8
2⤵
PID:4068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1964,i,17666927658373595067,3291291429175167372,131072 /prefetch:1
2⤵
PID:2008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1964,i,17666927658373595067,3291291429175167372,131072 /prefetch:1
2⤵
PID:2708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4264 --field-trial-handle=1964,i,17666927658373595067,3291291429175167372,131072 /prefetch:1
2⤵
PID:1020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4480 --field-trial-handle=1964,i,17666927658373595067,3291291429175167372,131072 /prefetch:8
2⤵
PID:4900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=1964,i,17666927658373595067,3291291429175167372,131072 /prefetch:8
2⤵
PID:3928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4564 --field-trial-handle=1964,i,17666927658373595067,3291291429175167372,131072 /prefetch:8
2⤵
PID:4744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4788 --field-trial-handle=1964,i,17666927658373595067,3291291429175167372,131072 /prefetch:8
2⤵
PID:4072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1964,i,17666927658373595067,3291291429175167372,131072 /prefetch:8
2⤵
PID:220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4924 --field-trial-handle=1964,i,17666927658373595067,3291291429175167372,131072 /prefetch:1
2⤵
PID:1460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3320 --field-trial-handle=1964,i,17666927658373595067,3291291429175167372,131072 /prefetch:1
2⤵
PID:984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3220 --field-trial-handle=1964,i,17666927658373595067,3291291429175167372,131072 /prefetch:1
2⤵
PID:2932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4964 --field-trial-handle=1964,i,17666927658373595067,3291291429175167372,131072 /prefetch:1
2⤵
PID:1380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3176 --field-trial-handle=1964,i,17666927658373595067,3291291429175167372,131072 /prefetch:1
2⤵
PID:2336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3344 --field-trial-handle=1964,i,17666927658373595067,3291291429175167372,131072 /prefetch:1
2⤵
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1964,i,17666927658373595067,3291291429175167372,131072 /prefetch:8
2⤵
PID:8

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1964,i,17666927658373595067,3291291429175167372,131072 /prefetch:8
2⤵
PID:4340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5460 --field-trial-handle=1964,i,17666927658373595067,3291291429175167372,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2868

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4344

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1424

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Full Versiyon Decompiler\" -spe -an -ai#7zMap21174:110:7zEvent13630
1⤵
PID:4548

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
984B

MD5
7aa3c1dd070b989bb0073bdae216dff2

SHA1
31ba5d2084cd47ac3cb3d3124c58058d19b33f39

SHA256
ca94d6cd0d5b2822a0a883f8c62f53223aa252556c26aebca992c100e3c59a46

SHA512
3e356b566ec27099ab54275c6ac303ee2c322da8386c3504c5183159d27de1806f460dfbaf67b6a5cfde0eae7bfe90f5f684fc5ea8edc57a6e793ff3bde5bbf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
106991a25d8fdb260513b46c7f213f44

SHA1
77ef8db09c16689a0545be57b6e1acab8e193fb1

SHA256
a79d78f9e06b416f91e323443610061eeaf6782f00cb331ec7a6a0d6851a432d

SHA512
fdd5712ee6f3cfc0606037d8a277975759393c6da34f1376fa79ca90bb4be57375cd87616edd769b34b4a9793ea3e090ace1b84baf6617cc3940f599e832b8ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
f4aa36f578bdc8e3ff8c267dbb9f0678

SHA1
cf1afaddbec1a924fbc74f2e8157e38770fb6e02

SHA256
a2c870ecbd0047eb19014311a93f976330eefd7087692abacb0240934c8d067b

SHA512
3c9ab00760de24ee647ce7d9afbbeb62dcd10cc3d085351b323f331427669196a88f85f6e6c6ba44c96ae79b19f85b1bed8a48b35bc91bdae4bdac55bfd8be8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
1724b552540b0dc67599c82593ae960b

SHA1
afda3041509aff18466ff2b4ac2b1a44c594d6bd

SHA256
5ba1d8e542823f65b2d4ac5759c401228f58b03acab2b1e61fda7c6d7ce9a592

SHA512
a8200786da78987d65cb721e850713194c16c458eb4d838915e9e55959a2d93af1f28c6254597e88c80e9245475d6379883aae9b1c3d38f1b7e1208a879d3f64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
9c586c14f26b150e83ba4a8f4591dbc2

SHA1
d69ef37729d33f0e35fb96e58594bf27cdd8f6f9

SHA256
57039d234b14aeef7104a8db53afc23c05e3328043f98e10d62910b54aae5d34

SHA512
2847a9007a5c15abfd3195eae72b3ebedca1c138256538128f645599f58f5e836ce4ed7109c00efddffc63c7d0da5889be668682f9db468274b58ece35058d7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
129beba2ff182181f30013f7041d3f38

SHA1
0a89e4251034b953b8f1cd03d299e293639399f2

SHA256
cfdc2b7a4703c197e9335b59a114430dcd41258cc1c73bb37c7152e72717fae1

SHA512
0df53d7c1b4bb98917d0bc22be2382fb6e609e3620eee775374e623509a12ac74bc1b3d5173cc06445b360296ac8191fa01a61e4a704813fbf5975ae9516b8bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
c13080bea9b91f00207f5c2a9ca28585

SHA1
cc319e4fc0c0cf773aeb3389699593629e3b89e0

SHA256
95e0a37a47a657df798cdb8a9106fe5e9c5362360a26582cc60a933044ea310e

SHA512
7b9edd4a44dcb2ff35788709603dee8b2b09a5e0c80da53a61598aaa218f9563c1de143338fb12764c28468cddf1b8a2bfa0986ad913f836027287a1b0ebe2fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
3bbf39cb43a5320bcae01224e382bc8e

SHA1
228ecbed9effbbc1a7e97834c343cb0437b84a64

SHA256
cf184257f41700207ef1d75bacc3dc56ebbc2af67f81c5ae35393e4cfb2bf9e1

SHA512
eee32e6d2e12e216dbae31db2f00942317ee67a0d73658569257c7e3c4358a61c772c7d54022d19acab66715a65b5cf733a2f260fececabcb372b317007fb9fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
2de0cda46b1cb512b2c6907424ef79a5

SHA1
a8ed58e0d3894563438e24e0043ca8c76148e63e

SHA256
cea252135e080716052a73ef870bc691fbff36a57990f43d99734381d98cfc7a

SHA512
861e5511c7dae2471fc754a74b152939bcfff21be9303947944e2376b34dcb8fd35e002b392a101cbf314df41360fb08d2d246a102745b808a8252111ba79961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
94adf3fd0d8da26e23b096290e02d003

SHA1
75ed8870c4b7090c3bead1dadd12f77e2972b981

SHA256
232b05f906192abf2edeea15d5688ccce18afe0737e06058d8454bc7f747252c

SHA512
7ff681dd37e0ee88ef0d2e916e5c1502b3b49c383d587b02a946852d105cf36d00877f274b60ac624c0bb9aea2b276e60ca18a2ab4706e0e8efba558c830cb5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
1debeccecf4e4b8bec461bd0e977cbaa

SHA1
6f1138496ab2092b480d3ee51e79ad67871d8274

SHA256
374325a76f2f0ef991b13aaed4e3fd0261a88e8d5e89cee76b11ffe92efad7df

SHA512
3405ccb8e8cd1cbc26678560af3b1f868b2356dfaac6ff4d06f5413486a0a00706f605b2e3dd37778ec56acf0a549affdfbd65ce326922496641e310db8bbfd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
a6af2c01b93f00656cb3f339489f43ce

SHA1
5d87ec3cf91118690f309fd36cc2240fa50492fb

SHA256
de73b61327da99c7dc0c691c4334a8b34ef2e34921de313ca68646deb7b23b50

SHA512
96315af1b306304d28e8fd11f670837f86899ab24d7591c73a6f60a7058527877bcb64d84d7079e8107fb32e85dc28d38d2761944a245c7e34454c7d8915fd35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
252KB

MD5
6275974dab76711252db485c3c9cd604

SHA1
d2a1c018707145c30ef6ce8b4757a0a237bfa7a8

SHA256
d443d2bd44532342ecdbddb4729fb45108354d08f9556c17d266ab1533773586

SHA512
972740b9df9746ed177d5163ce288b65ff80b8967be986d98e20bc957996a77a3ab69f0f2515a2edfd18c8339db63c07223366bf1b9e479c8bd3765fb174ae3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
100KB

MD5
2b899298ab124d6adab6463a794d1969

SHA1
651c897b2e70c195e98e26ecdcc9dcc81b761934

SHA256
66d4c8b9b928af7a49f5d4ac287749c6231a4663aecec3a0c0a053b1d502278d

SHA512
2e0389a81855246deac5ea97e0c32abff3472b6a8ce01cd1db20f10771121f20004501a5b0f4acad5612cdd698cc2e822e4549f5d656c1498029735116c6a38d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe595e33.TMP
Filesize
89KB

MD5
92a4ab70cc0c175ea5008485dd840b89

SHA1
65c9cdbef4341da9aaea2e121d3755375665f14d

SHA256
448f80fc1dbfdb8355d93c10cdad4beee3463a006b6c184766fa8955c03ae04c

SHA512
e3c1ef87564e6f9fb3f47fdc47071641b1d97253d1531429f7108525ac9b12be14873f57be7ce50cb67174111d3cdb367e9c61d207ab0abbd88612845f26d842

Download Submit
C:\Users\Admin\Downloads\Full Versiyon Decompiler.rar
Filesize
31.0MB

MD5
05f5cd0a3a1a4e5db2f34a704379eb6c

SHA1
18243f6617ec2517452219a5e1d3cee2e5980d39

SHA256
24d0fbed27eb3ac262a56211591e61b9ddb2ce45d9b9f34be78dc75f69e5df0a

SHA512
0fb1d987e5796fba35509f957d01b9a7cd19363092a137d84ae3bdc18dded40fdba75449e8f526f8e06620f6f2f927dea7d3d21dafb59a7c48d54fc41296521e

Download Submit
C:\Users\Admin\Downloads\Full Versiyon Decompiler.rar
Filesize
15.1MB

MD5
c73b06fef6e25a3b454e22e4180f49a4

SHA1
3d66c7b742cb30cd17371eb261d50c1532ddf485

SHA256
915689ff13f289230c4e796c09224956605c755fcdbf64e4a8baad4bc0e0f653

SHA512
0a18873f843aa12de08e3ed85a5e5d246f9704d2f23966110d979adc2828c81b3be0fe3cca24ace34702c55a811b7dc3b9cba6275962f832ee1058156f422b8a

Download Submit
\??\pipe\crashpad_1388_JWDYOFORPZDVLOTC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit