hxxps://controlc[.]com/7d7c051b

Analysis

max time kernel
389s
max time network
382s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
19/04/2024, 15:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://controlc.com/7d7c051b

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133580139073131123"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	Magicmida.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	Magicmida.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Magicmida.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Magicmida.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Magicmida.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 0100000000000000ffffffff	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Magicmida.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Magicmida.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Magicmida.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	Magicmida.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Magicmida.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\0 = 6a0031000000000093585a7b10004348414f53427e312e310000500009000400efbe9358597b93585a7b2e000000e9ac010000000a000000000000000000000000000000baf730014300680061006f00730042004500540041005f0034002e0032002e00310000001a000000	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "3"	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\0\NodeSlot = "6"	Magicmida.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\0\MRUListEx = ffffffff	Magicmida.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Magicmida.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Magicmida.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Magicmida.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	Magicmida.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Magicmida.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff	Magicmida.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	Magicmida.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	Magicmida.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Magicmida.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	Magicmida.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000200000000000000ffffffff	Magicmida.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 0000000001000000ffffffff	Magicmida.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Magicmida.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Magicmida.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1	Magicmida.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\0	Magicmida.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	Magicmida.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	Magicmida.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Magicmida.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Magicmida.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Magicmida.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	Magicmida.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "5"	Magicmida.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	Magicmida.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Magicmida.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Magicmida.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	Magicmida.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2796	chrome.exe
2796	chrome.exe
6080	chrome.exe
6080	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5508	Magicmida.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5508	Magicmida.exe
5508	Magicmida.exe
5508	Magicmida.exe
5508	Magicmida.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 3804	2796	chrome.exe	72
PID 2796 wrote to memory of 3804	2796	chrome.exe	72
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 4688	2796	chrome.exe	74
PID 2796 wrote to memory of 1200	2796	chrome.exe	75
PID 2796 wrote to memory of 1200	2796	chrome.exe	75
PID 2796 wrote to memory of 1116	2796	chrome.exe	76
PID 2796 wrote to memory of 1116	2796	chrome.exe	76
PID 2796 wrote to memory of 1116	2796	chrome.exe	76
PID 2796 wrote to memory of 1116	2796	chrome.exe	76
PID 2796 wrote to memory of 1116	2796	chrome.exe	76
PID 2796 wrote to memory of 1116	2796	chrome.exe	76
PID 2796 wrote to memory of 1116	2796	chrome.exe	76
PID 2796 wrote to memory of 1116	2796	chrome.exe	76
PID 2796 wrote to memory of 1116	2796	chrome.exe	76
PID 2796 wrote to memory of 1116	2796	chrome.exe	76
PID 2796 wrote to memory of 1116	2796	chrome.exe	76
PID 2796 wrote to memory of 1116	2796	chrome.exe	76
PID 2796 wrote to memory of 1116	2796	chrome.exe	76
PID 2796 wrote to memory of 1116	2796	chrome.exe	76
PID 2796 wrote to memory of 1116	2796	chrome.exe	76
PID 2796 wrote to memory of 1116	2796	chrome.exe	76
PID 2796 wrote to memory of 1116	2796	chrome.exe	76
PID 2796 wrote to memory of 1116	2796	chrome.exe	76
PID 2796 wrote to memory of 1116	2796	chrome.exe	76
PID 2796 wrote to memory of 1116	2796	chrome.exe	76
PID 2796 wrote to memory of 1116	2796	chrome.exe	76
PID 2796 wrote to memory of 1116	2796	chrome.exe	76

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://controlc.com/7d7c051b
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff899379758,0x7ff899379768,0x7ff899379778
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:2
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:8
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:8
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4888 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4964 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5272 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4484 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5536 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5228 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6116 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6264 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6132 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6904 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7116 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5880 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6504 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6564 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5696 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3832 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7204 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:8
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7340 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:8
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7316 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7436 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4588 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7032 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7644 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=1608 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7432 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:8
  2⤵
  PID:5936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1668 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:8
  2⤵
  PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7332 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6840 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7160 --field-trial-handle=1812,i,13321494080989836804,4172810219110024010,131072 /prefetch:8
  2⤵
  PID:2076

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2036

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5224

C:\Users\Admin\Downloads\Magicmida\Magicmida.exe
"C:\Users\Admin\Downloads\Magicmida\Magicmida.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
20KB

MD5
8b2813296f6e3577e9ac2eb518ac437e

SHA1
6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86

SHA256
befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d

SHA512
a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
26c04d01f7c201659c052b8c3ec79092

SHA1
370f5fa1c0eda61aa067fdc256d9d414745f287a

SHA256
11aede9847ef7fb3eed3ce71631f880eb8359ca9b2a4b203924c00ba26171f50

SHA512
1ab97330c12d9c601cbbdff58c409f3e1b59c38742f696b72b0b782537dbb7c7200d51dfed6e85fb0acb1b1bce1307a72c89dc24ea237148169ebe9abdcf9c35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ef5eb33a940fff6b7ef086b82366d0c2

SHA1
802f255de65aad4c6d089b75c19e5e5d1ad61863

SHA256
aaa92dc8e9351f761d2f7dc128c6739d7c762dec6309fc94e665a03d253c80d3

SHA512
c415370584b3cf0be169cec92cf04fb83b5c3ab2a0a89b2b0d0e13d8cd1b47ee7dc005bf397696e5117f5685c3bed206cbedae97a556e0094cc03f5b6f76817d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
aed012613c4938b8b9b77b4c5d4e0efb

SHA1
4fd30d7254daf4fc0c45d78b2b063054922a0a24

SHA256
cc7692cd5bb880d236e5361ddcfa67bbb8870980ac98007c6b7869eadcc171df

SHA512
8c7a33f5dba88a8bae3353711623300701362ab15855fac11d114e60660a4aba06de750709ef27b2382f1fec66418c3bb23bd9827d1ab2e03af56a1d00b1a161

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
71fc8798b28329b0773d9009ad0dc087

SHA1
c9c6a37c12d1c775893377c80d9979827995e7fb

SHA256
457eb5002966755c8e179953ce42bc361395e0bc2af73e875aeb2661319d3abc

SHA512
8deb71983ff4699496a1cdb7887be4f579e1b77d9e542c21169e654edae8983f351bef20043896302e54b93ac66af17a20f5b7ea5acc6a2e1d7f4a6c528463c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
adcd74781d4c8806e53d4ca78271fe6a

SHA1
4ebabcf34f4697c7bbefc7ceaf2b53094ac2efa8

SHA256
bbb263a1e56ffdae940a6e7aa79889ae658d3ad57456c2a94173341649a528e9

SHA512
6ec88b64266a7eb340ed35ee25596d5b718ccc517f43ab304dd66b69e90605d5cf1da53932c878c0e388e7a7cd72247708a4a880c2a3f2211c8299ecb4585b69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
411e6d66b6e80376152a70bd9edb3666

SHA1
4a90524d62017d582a4a3cecb50db27d9a227145

SHA256
3bb72f4c920f2c61b9b699bd01a5bd8c774c152bad3c4449eaf8df94985f2117

SHA512
b7baa04eab5b3e222938f3a46f11a7bdd67f249a52ab4c52fcfc8b5be798f6f078a1f3b9f460a35cad952311cbb2af0c74d8ae44dd54ff6993da11cda21ec873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
76d8bba70c58df657e9089e63f2c2e4b

SHA1
7acb5282f43b2377ad4dff8e65410f95261f5222

SHA256
a9c95c8fc7c254f31293bc47df45df6543b9bc2e3170e85af88cd49b96360f34

SHA512
14d07040c473f4f5e8409c1a1245039af00c2f86fb4f1a0c62275cd912b2dfb1736b29f72f44851e840f113fd553a7e8750df031f4e4eb8e519a99a36ae90080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
56dc5e974997a38e90dab8650898999b

SHA1
2c3120fdb9eec353f4e91ffeb34048656b11586c

SHA256
d7d9040058a964dcc554e576e8e6abb419246a757f6dc510a7d75ea6a380be82

SHA512
6ccd3f7114d716b13ea43aae8a6d89c6ea940018cb1e6264b0b1ca6b51b9deb003b03a3662c842cb6c06469d314655690adc41fd7662ac27576c83c340393c4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
0255eefe3c3d1ba3ad45cac2da6ec48d

SHA1
f5f77c35a185d0f077f38022a29117de69fcdd42

SHA256
3b62f38360bb56451eb82aa8e055e98ef68cf4119fdbca70b6424bdfd8d1b154

SHA512
3951a899edb57c9808f47357cccec68cc3e89e7a98ae581c92e5553c19e82a37dc0ea48bf14db3daa49f371acea72f352ff10e9c26a0860275c45773e14f84e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
3f07dbfadcc50c31d16d53a3e8ab66d1

SHA1
dc74f784dd6ee5e2dbd568aecaa9edbb9d82701b

SHA256
6e9a6290fdaa3f453ddb60b6f7f982846e5cb165aafb6786c84b83c1dcbb94bd

SHA512
4f8ee43fa6bb50733fecde7d2cecb0ddbe362dcfa7a3f81c70b72a398d4c8ec73a703e6f2df68d7697052bfa6e202fa8132e41c57f7025999873ce426aed1c82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5de19b3985f21cf473ea611ae50a2849

SHA1
0728f47c7c0e9c454617ab436d8b8dd6df414e94

SHA256
182470a439472e0c49f8ba9448fa844dfee1b960885638ed30880c81cf1e3d6b

SHA512
d37eb9f6bfd38e6fb7bd1e92e339099459b8bae01197c30e84dde39d6a3a2f3d47c693a1ac29832318b335fc6943c8eada1350d2fe9f913ea827b3967fcc7519

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
93f945f88841ae28db41636d9348bb6f

SHA1
b790da42fc462e1aab0ac96c4f591ac8518e6ced

SHA256
89ba8f66cdb9d8dd043f255710aa9c8d46ccce82c3b1da47d2a21a34965f814a

SHA512
bd6607d9652b63e840e2bf5cc8ea2a512ce39e57f8c5f6025f52dc68990abc982e752b75de3ee6d5c3ec336341b49131ce0bdca99d352cab835ea14e4186b164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a6fb2a5f5da54c7b3705a96126cf19e8

SHA1
1a5e0692d299c9e5c0fb2007905549272f2c968c

SHA256
c0936860589ad0fe5731921581baa508fd8f9886f7097531f4b7a939c5262523

SHA512
8ecf5ecb796f6d0dc829499d934c162d4e51841327420c80bf624c20770973023610f503e2f350c7946d04de9db13d8c08b1fd78cdbe8b13ba4c84a2785f442c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d1f5c0576a3e2465dd3320ee5febef48

SHA1
1e9cc8d1482cd5b8cc781ef3906f231c8fe8609a

SHA256
c9d34a402c060d8b609cc5736660b8b501f71998d426c13e4bcb32a10b130ed8

SHA512
1c8a43dcae4c7970ab75beac0dd324dcacb11ffc694f07d16fd71531a7f09908fe993c1bd38eb06de1cf739ccba5fdd0320b1a99e92d05b0a1c61cbd3d066021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7953d16e31467fa14a5500d9132df394

SHA1
bbef5df0a3f8ea42b9ffd72244055e82f51b52ec

SHA256
99aadad6788814dce8a5cedc0415dc9f43f67fdf67d70f1fd543496bb2bc659a

SHA512
affcdc3d6a800e89630af77cdebc0b251e8e7b6ea7da2d2d5bc3eef60cdb39c8c4b5000fd50bbcf470edc4ef5465aca7058468d7167adaa401306c335ae12c4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
983399448e889d51e5ad5bc886692783

SHA1
e286285fa1fab2d363f1ca2e8e48747dc8f5a46a

SHA256
a113274d06e3807d2a8d52a3673d7face6c7ada1b1eeb17aacf48c20f7fa5ef7

SHA512
17767861af823862cef79e7817acca5d6880206fb748eb443889efae94fe492b8829b9341bdd07b2d1f7dedbe146e786d8905bb05284515b47aca4f3c3a32b21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bbc6d745484332fc104d426d2cad652a

SHA1
0a4ffbf54bac710b1f1325bcc901098e9f6dd168

SHA256
f77fac12608ed3517d3382de17ba3dc1d688f0ce1d57d2a5628e863e9ca3974f

SHA512
937d7325b7b24181f6c3ae5255a69a25691b81b3e46a256734f1f720be53688582da500bd63c076a48c89bc6c07d00a52a81f90cc01bcee3ce63cee1ba9929ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ff93ab3205673cc94f7a7b5e20a3d4bf

SHA1
2fa6b8f7cc4062092468783ed0d09ab3d5cea0ce

SHA256
78b47350df1f9a92030612b0aa42e3836cb39f1c75b571fbefa3b012dbcec95d

SHA512
f12f325bfcba63d15b1177df5801cfbeee2ad97fbae7df2657486c9270fb4b5d022182d9f286fa237d90d28a0a3f9cbbdd010317980d0272a152193dffb740fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
17284b6068563a1e39d6e70b4527447c

SHA1
8f528988a387b5701bc7e0d89e133b86c85c3081

SHA256
bfd52015b48313176930d2d27997703bc61223266af914019c8ca76e15ea7656

SHA512
475d08ef3bf57fb5fa06e24aea3d6de9dbc2b53243de6148ecd25f6752e387b24e6e903f07529cb8712252afe631072ca7634d2b2487a6ade0fbd7ab6b221170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
5bce089bd11ce4db1bdb8bc64d48bfc8

SHA1
b2ba800eaa6a71e66ea886aa94e86ddd2ba90aba

SHA256
6dc15e61efce85f906e186554c30eb23c920b99ca068f2a150c46296aecea080

SHA512
ff969b514d5f392a946c442e1aaf92793b840d851dc8d2f72313b3b2bc406b6593cf97c13a59784938713b3419a7eb54471cf1b7847cb0828004aa1e30b06b8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
155790f5a746038f0cc075d35be04296

SHA1
29e38809e3b9e5d0d30a82956d91b5d195d4e07a

SHA256
b593d0f656d5aa4af3cb32dd25eda6d03a11532f18bb9b7b63ea342013441260

SHA512
714ab8eaa26df855f86c415a025b8f375654f7819d969d9050c0047d65c37259754ce07e66c43a8a26658126968b8565244cf018aa9e9621f9692c8536e2968b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
043a44fc8af924b763ef9a6ec89a5073

SHA1
3997a57c6bf4e7e3aefb0f278e8cea050d0ae25b

SHA256
cd3d995894b5658825c5918c7e38cec0c0e2fe1d7ce7575ad2d347d69b545c3a

SHA512
d01c91a111534f0a815d43e0ffbdaac81aa34354a9674a10c58063c8516c6959ef4e74a7758bb8494d7529fd0807012870dfec5a6331e987d163c70f51bd0a78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
77a1fc50f00ba9609201a2b6d0d2c87f

SHA1
f4139abc6e5e28144f0286a3c21409100e1bbdff

SHA256
618c31373570336602e15ec30599b4e3d9ea6b9bf6f0df0bdf9a15d6fbd942a6

SHA512
275deb5bd12479d7f1be68cba191dcefbedae139026a1e5c75d3b8867475f9a36cb7f9f0a5e60a58b2cc2efa6cce7fcf4e757e9b3abe998ed639dab980679975

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
c7953ce4548ee20d4688a29a4ef152bf

SHA1
fa04263e7f122c9afe571d4c019235914216771b

SHA256
234fc759a5e89166b15fab55c1974ae63932783502cd3192ffb4c7ae7f1554b3

SHA512
5dd4b78d1533db6a0c996ff059df3507afd80ed22743e141f223a0a604258604c4e371b3783a27eaa822e5b000ee54bba56dcfd37bde4b83730a1caed9c77b8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5895f2.TMP

Filesize
101KB

MD5
d679049d2826c25e28788aa971e4b153

SHA1
97448117097cf79af2adf28176629b7ed83a8ae8

SHA256
6303da09a8d8761c095b9a1571774dcc6e64b5414d7ca3d8e82cea3493d00380

SHA512
14decc3717ba1cbe52ada06ccfe13bbb388998acb4f4eeca3ead57766956a793393793bf0bba8bf48868c13f2f9597e8bdc74bdc067c4dbb19bb15eed93f49cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
205fea441e54f5ff4340c787b8ebbf7b

SHA1
3fa0ccc4adb9a93ae620dd7288b7153650d790a9

SHA256
4bd272310009354cee81b6f4fdba879170ddaf51d7c93f215ad09c4cb7a385fd

SHA512
04cbf7393847b72d690a4d0e4aa5e0cb22aba5f79fc944b7d74d7ca482cf929e2fef87df1a6947847164d7b6cebc2ab389c274f9c4ce00ed84a79684b3105698

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
11KB

MD5
004a6469d61e641cbeaf193bcc1e90a6

SHA1
9479810c5ec33966eb125c152bf531463cb3c9b6

SHA256
89e6f30075ec59d0cb4a2514887e7b8de771e95a0446b2c2d29bcf4abbec8368

SHA512
e2513585b6f94590436886b8c7cdd86a575587568385217c382277e57d2ab54e938438c6418c583233f65612fce2699337c7b481651f6567527fe24cd1464e5b

Download Submit
C:\Users\Admin\Downloads\ChaoBetaLEAK4.2.1.zip

Filesize
14.4MB

MD5
b73cbecd213572f76482ddc770d28e60

SHA1
bcb5686a6f765eaa47db4f3a0653bf510a8239ea

SHA256
507ce727aaa302cf88292e0cc115d3331094bdd7549715a5afad25c7ad790b24

SHA512
03e09fab84192054d6a745e35f0de8d4fdff0d814d78a63d9fdc8251bf1ba0f62d71942c9beb8b5912430d599ed83f70ab2ce0ecd41e69fb367797aa8061bf5c

Download Submit
memory/5508-568-0x0000000000400000-0x0000000000676000-memory.dmp

Filesize
2.5MB

Download
memory/5508-604-0x0000000000400000-0x0000000000676000-memory.dmp

Filesize
2.5MB

Download
memory/5508-591-0x0000000000400000-0x0000000000676000-memory.dmp

Filesize
2.5MB

Download
memory/5508-586-0x0000000000400000-0x0000000000676000-memory.dmp

Filesize
2.5MB

Download
memory/5508-585-0x0000000000400000-0x0000000000676000-memory.dmp

Filesize
2.5MB

Download
memory/5508-575-0x0000000000400000-0x0000000000676000-memory.dmp

Filesize
2.5MB

Download
memory/5508-569-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/5508-540-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download