bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

Analysis

max time kernel
70s
max time network
72s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
01-05-2024 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0.dll
Size

1024.0MB
MD5

8ad7f8f6de475f97e1235f125e8fab9b
SHA1

7e0d6982d04797030411e2cfa9e7140739ae45f1
SHA256

e0b4eda7218d77007ae6077682483a47bd3cc7502c6f4aa3cc78de5dc1d9edf3
SHA512

30a0bc69ac98616e919e947c8f53c3362a8254b029097df7ead63d1d0ebac9f67a1a884d1cff38c7a099dbb7265eafa303a4bdcc4e389bd9d3cd2db3a0c3f0bc
SSDEEP

3:/3PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPX:n

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133590639622305290"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\42.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4592	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 1196	5088	chrome.exe	83
PID 5088 wrote to memory of 1196	5088	chrome.exe	83
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 860	5088	chrome.exe	84
PID 5088 wrote to memory of 2024	5088	chrome.exe	85
PID 5088 wrote to memory of 2024	5088	chrome.exe	85
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86
PID 5088 wrote to memory of 4852	5088	chrome.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0.dll,#1
1⤵
PID:1604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe411aab58,0x7ffe411aab68,0x7ffe411aab78
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:2
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4268 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4400 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4128 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4788 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3360 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4224 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3344 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4792 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4992 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4360 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5256 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4868 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4860 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5096 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5352 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5492 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5600 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5492 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:1
  2⤵
  PID:576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:8
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 --field-trial-handle=1840,i,5560375751962919362,12509543488981096647,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1456

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5012

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4592

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1470ff90d80ca5f02e706d9dee01768c

SHA1
f22a5b6c072cce979c8227ac72e6b5629b3355be

SHA256
180aab226a8002604a526ffda04e282651a363b8d3a1baf1faafed9d52f43bc1

SHA512
795674e9f09cb1cb04c7dadaf622b07f0c27f6a5ebabdaa37a87f4295e1706b53e20e9ff208284811b134b883c23a35675d60b0e3e6e774d34c8a082dc3c4d49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e54c7c38257deb84bd1d6bf8d6aecb52

SHA1
17b9ed6b28bc50a1d8672a67f32c32ed4e632f4a

SHA256
accf3d97ac1d2bf1b2a82d356bfe73fb0ca1ca279c98b4313376fb1e91c42a86

SHA512
93dab2d359fcb3aa7b17e6923845db80aec36d40aac2a2b35074f87cf06e2f1a7749bb0f476e616e875f1b767c3cab5a5927fe8c69260cd51524d44adc61170e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c4da64e8413446abaa6ba473d011173c

SHA1
60553a0415e577a216ecfa630e81c2451b5ea44f

SHA256
a0b58ef09f7aa4c7058dc2ff2e1589926f014e8c9736d6cc13f0ef14c99c8a39

SHA512
36e4d81dadc23fe92fdf8d004af5de1532e34d3ec893f2f448b7ee8a7e2659a39e14d6dddec49f4e8712c7653153fafb97771c16b629cd6ba38ea849e82d726a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9faed0a6cd45acdd6d0a8ac188d75c1c

SHA1
fb5e217ef02e3e4c084099690c60d2563dd3c111

SHA256
60f1bce59473b6b05ae0b03a4b1b2acb6f55c9563b0dfe0b9615f97b2c297987

SHA512
2d9e0920ee9ca686a9bfb17d55b5bd4d728c447cbd0fa76d6f24c3fe8cc466dafaed6a39522b1eb3b6c0bf7de89875e7991f3abb1b604902ffdffbbb0b2bd277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bce511e347906182f241a677995a7273

SHA1
67b39bb57e6ead1956f80f61a38f8b0d8dc4700e

SHA256
f0f0b201c3cdaac6551924cad1f6016261195360cf76456edc3d6365605a7e15

SHA512
5081996af47468f45e360b927e8a8c7071d53b19b6e79fbb28451f9e4b428953c7ec0956b4b58318b361e3654eb71dbb33fe2113222db3de6e6a450fd0fbca81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
281da755c4435f2a37042ef272c2f1b2

SHA1
04a3bd21aac8102dc2c21fc8ca4b12557ad15cbe

SHA256
1f18b53a9f803917c6832aad8ba2788da96a0dc81d1376caa0b16c3ca5077e8f

SHA512
648a9675f2577ba81d3ee0e410f131751147d2150ef008e69dac6bbf07919297e0104394e6496fa3c63c0adb54cafe8e0edc3f5ef6524c384128d259dee0f1c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f022f3a85ead933568c7f18a60c3b337

SHA1
e55119aa3ee4e70ba9e788e7ddcce829f348f3ae

SHA256
38d472eb89935676ddf210e5302020f34090a64f6348df20df731f864572c7da

SHA512
d51518c92addbc3e59a00d431ca4ab44c7dde564278232cce99bfc6bd143a6cea82fc1515868cd0ec8395f0fd8e793c25bb95bc1daf867f498db829061999ab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
6fc8dff5fc68d5155850c01cc070d421

SHA1
291a318e3b0bb961c694de4efd57e61d96753ccb

SHA256
c9cd9ff095b81f235dda23ea1e0d3547a05a6f9d1468e2c3f1d105742c038750

SHA512
ed047dce66b84fd79d13319e42eaa5e981981456591b624fbb6a130c4512c2651086c6de20c64799457c891f7b5649f96973025189f9bdc9edd2d26a4ab36977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
c843317f0fda99c31c9a5eb3526531ea

SHA1
11ac587eb948464e24766848161178287c5d0e98

SHA256
2b51c097a10bc2b7b37a0195ca455da2c549fcb20059c49bb9aff699e270940b

SHA512
45ac535be27a8a9d198bf2e6b831f9495f2dfd8da3fc2ef1750f433a44bb1d2dd4c2844a68f0a08061245b8da53860be9a090b6eb1f3ab8ff8daf7cac1457c6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
4607ec969bff7e88fd1499fbde56ec69

SHA1
b15f60bfc2c115e8e3d9de8933ada9720f51004b

SHA256
192828044b4285acd51a731eefcb1b0e7a963faf6abc450eec1d01d9a2ff387e

SHA512
211cfbcc794831309bf5d67ae5ad088a4f00beecd70ef2bc5be20766b95e12aa85dec5dd314618be41dd3fe62a45e4991791886dc350d6c9622da88707820135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
431a9770a1adc9667e17c1f0e24c496b

SHA1
e62221cb95c78c22c60e097ea7721a986b5bb00e

SHA256
1dc58ae8dc17125bab5185ab7b5d52e6a66039dc1fbcb6ecfa96607d5d8af2f1

SHA512
8b04b2eaa1454ae9e9dd9f8ecab7ecaac06c208bd0ba9bd7286552c7b46d4c919322463fb3c436bd76806d3dd8f6fb2c7889e67c3a7d186931228074bc4956ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
470c5d7692f972a0a5353c0c85a54a78

SHA1
e07c238cc50a2879c12dd540ac9b9ccad1040777

SHA256
d312ddbaff83316539325df4f061f91ea0ac5875662cb6d491b88a08f3f3ddb7

SHA512
6c4f9393e1b2c0f0e03028b4acf59f9f536a4e356a9d4165ec7c4a2c35cb776093822bec058d09c678869a1b97efe07313cf98db68a87b4b0dae8f2b5d24387f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5813f0.TMP

Filesize
82KB

MD5
83465e92684be886660ddc496a5e55c6

SHA1
1ef28b0b1a5ed19e28ab68361aa11234ab8644eb

SHA256
c754f40a08e0d22c1092886f4f16c43649a7ae4c18deb8c0b14336065ed0064a

SHA512
2fc21c53818625b8b1bf304657576fd3af8d104fa63d8307ce0692f59ef432e7137c845d68bd75f04f4b80604c481496efd61d509a6b9b462c6cb749f5709bea

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
bca013349ea9cbfeae8a6a2fcfc0a968

SHA1
e6e8031627dd6efee732345a879d37bb8f5bbb62

SHA256
72996bfeb0e86a9816bd2521deb29d43117b8ea2dd12e81e002222131a40b672

SHA512
6adc3a35c751ee3aec51ffc33c00113e5c795b7925ea31cd9f412b386a9e1fec54b89a665678ce891e6877f01f981aa5c1c19a24fc9ee8687e8b72a39b4478e1

Download Submit
C:\Users\Admin\Downloads\42.zip:Zone.Identifier

Filesize
71B

MD5
faa3b0aca31e3a2934b39565576ac66d

SHA1
4e2d3b94e52e9e2a21ac3416bf7d6333962d27c7

SHA256
d76234aed309704e4f45a7d3ba0e4fc8693e2f5595d756ca8064b060f44c6e92

SHA512
c33700e5600f327c507f1ca53a93420db8fc2dab702bc2862220021622d0b96fc6f3b23d8c501cc1e8c6008927dfb0e1f980276a45f42aa77887aea55d385258

Download Submit