hxxps://download[.]tt2dd[.]com/

Resubmissions

22/05/2024, 04:29

240522-e39m3aca78 10

11/05/2024, 11:09

11/05/2024, 10:59

09/05/2024, 13:02

04/05/2024, 06:42

02/05/2024, 14:21

Analysis

max time kernel
247s
max time network
247s
platform
windows10-2004_x64
resource
win10v2004-20240508-ja
resource tags

arch:x64arch:x86image:win10v2004-20240508-jalocale:ja-jpos:windows10-2004-x64systemwindows
submitted
09/05/2024, 13:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download.tt2dd.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133597333800877944"	chrome.exe

Modifies registry class 37 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{F9A0DDAB-CE72-4113-BFF1-02B225EA690F}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2980	chrome.exe
2980	chrome.exe
3452	chrome.exe
3452	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4492	OpenWith.exe
5072	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 3388	2980	chrome.exe	82
PID 2980 wrote to memory of 3388	2980	chrome.exe	82
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3088	2980	chrome.exe	85
PID 2980 wrote to memory of 3852	2980	chrome.exe	86
PID 2980 wrote to memory of 3852	2980	chrome.exe	86
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87
PID 2980 wrote to memory of 4840	2980	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download.tt2dd.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5db7ab58,0x7ffa5db7ab68,0x7ffa5db7ab78
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:2
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2220 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4284 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1612 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5116 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4772 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5612 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5608 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5136 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5732 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6108 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5680 --field-trial-handle=1876,i,15836590191731067338,1221818747747315440,131072 /prefetch:1
  2⤵
  PID:2384

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1980

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
b20132586c8c09ca9da997290ab8200d

SHA1
06acb22b04cc706d7cb650efb1cec16530651028

SHA256
84683c5281d3b68baf14fc1f1aa7b4c339cb26421f934afa8158ca7780c59832

SHA512
41efac37eeefc19d6e9d138fd13018183041a0fbdf2bce6fc3bfb6d70297463ae1f927cb432eb57b6acc6fd5cf6fe22436f9c958f01e291f5b6180227d1b174d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7fe2ca073e4d91308396ac13892cdcea

SHA1
af2cfefffaee2dd9252f0991f45d0b90ab32a48f

SHA256
31590d9c7f3f21ae804e952b04d99141aeed24e87b2f1426b0d71d4dafcdbd72

SHA512
e34150a0bf02b995bb06b540cc127f344aa438a224bb142ace28006661ee9a69e19f8d1eeda508642d1b6cfac26457495fdad63bc7a8dab5fc69c72e022bcc58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
8fc6ad1741c82e275975fd65cf475b75

SHA1
776cbda55b646e628ff38fc291f78868e0848e57

SHA256
8c1719cee028b7c6f9e4d1b858cedc7b0f18371c85a85d3cdcca74e579b43030

SHA512
e0221ec4ff3c3bfaf8699ce630d46e8a69d161464455659810787409fd06de46beb5f24ea85b0ebaa30c5e617d05efb40e83f26969bb0a1ff82ea8f0c7723d16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e3c8c1891b4d4099db8167877f0ba99b

SHA1
7fb6355e07865bd9a7b3450669bcdfbb06791dee

SHA256
f1734be6e93a161b829fd1fb2265810e948f4c22a4a12bf21960ff92b639fe44

SHA512
23f9f99f3d56f22f4d162da8a7843b7575c2646a347ca9ac207f44879bcadb5870a79511626561068020fcdcdaa08305fcd2f0028a81785bd747ad004fddc085

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
91a5ec168882fbe5790563a7099cae78

SHA1
6d67eab4ca0ebcff0573771caa331b034e2dfac5

SHA256
8cb2a5267f4a16f272adf57b74235d2bea37a93d8dda011111d722a1684b22e1

SHA512
8eae5053fcd0970daec1a6a8d3d4dcba25788728f0ee8b611368ac4d5b9f327a08394dc1ba1d4c4b820f192be7a658cb7de3467b5b424a05b8cdff7437ff53bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
61e739fc6df6dd2d8803140546c51901

SHA1
1680e5355112bfea03cfce714f5db2e278525ad4

SHA256
76ca425e9937f8f5c7494e67b8d697ad2b44c8ad538282da04f2fcb82dc28f97

SHA512
3a3dc3496117812d5627b0c7b0d218d48a3fddbde9bdb8ef1dd32a56bd43ff07e6b70224d9c608d358e4a8f84c09f548205c7df3ba08fe990b4036bfe504a8d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
b0368e04454b90b088cf13ad8dfd98f4

SHA1
bef778ff139a5bd3498def825b3329c3b054a52f

SHA256
ea3f68cbc0ab5b0488c2a184830f96cda2f787ddc6c3799a8d181e2dcd84db0e

SHA512
200a0518a25c07b2245fd0dd5f113f060fc2f6978567e2fc480864c7540e03429481b2a95e932819974100849c578d8eadbeaf51af8f78b39960d25b8efeab6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
4b51732e9ba723289445f228add535ce

SHA1
ff1a54ee2b587a6501355183131e7f0577eea25d

SHA256
8b6fb1b0f1214a6640518acff029913da1a64aaeb4a075e10786f3fc052c6eb5

SHA512
5657ddd79b031e9ca4f1de08888fffa867e97cc45202e1f0cf73c67dad4ac1e9a2b06c2702fde2c5dbf176eed94a9788f6dc5315af215308fab8eef3022bcdb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c9518e5abd2974b1b23d55ae7d0075fe

SHA1
01f610bcbfb4fb48f21d908927d8c4936ca3f780

SHA256
34ab64f0ff435be6a98d8d040e5b9c8ad71051d88f48357b6f6de7df089b5038

SHA512
b2469bc6696872f4800aadb5ff9ee2826e75db5610abaaa28fd87d348f28db68b1cd1bb10fe343683c3e18426b00c8fea84068ce7bcc21958853406cd3b66193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b1383c05c0eb90fb8c5dd0d0ed7c4813

SHA1
b939c88be68fe2eb2530d73d602372adfb6c1ca0

SHA256
9656fe07905312709c81a1bb0103defc57ce015333166308e512e102c64ee90b

SHA512
900fcc3104313708ea0181a28029aab7408452b9ae413da96e210bae0a4fdafe0e3669af8d796351817aa86ee4e4d98e4cbf25d0e756b6cb28c83ffffb063815

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
34d5dffd3b44f46e1d3a34cc8f14fa1a

SHA1
99f604f67f17fa0c4cfe2cbc01ec201272e8aa1c

SHA256
0830e074758abecdaee7d6bca02a29cecf9ca3fb742199bc0daded77f1b92c65

SHA512
b1061988454346f884146337f64672a2cd0f303e8de0c324bf2da51c90defcec187f561d691aaf501702bdfa68d9eb1c29449ecb1c89f8d05fa40625bcc0a533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8d073dbb6d79f47faa95750b9576441b

SHA1
6b7935095cc67c8fcb5170d4b49591b07ab88768

SHA256
74bcc5e354105fc0381dadb2aa6f2c63498150f9ddd7163023ec55210e3ac5cb

SHA512
21dd0d81c35514b694c8723291be25c21adaa0cabb19c6d8fe9cd9549d3e57a00d8a1f3849f99abe836fd5abfe6783b61e49b70f1cca4bb1ea41aecfc204c7cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a9b66.TMP

Filesize
120B

MD5
2c47aea4b71623f7b0af4815a988241d

SHA1
1d05244b1ad125a58dd2596227ddece2d3891fdb

SHA256
84d55ff1af748d85909d25f0f7d2a986e0310ad10da26d0e53c98c22d072644c

SHA512
f71334d5e0a63ee4472979291ec05d8d4987527b1ae69a4bb590d3dd2b550b7d9dc25c981f158d4d63be4934e3b187b1fb30fb91fbc84ccc4313d341358dae3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
4264b58ce470cb841b6a5d8520d62193

SHA1
67bafceee127ffae254fc09d8d756df6ee2f95ad

SHA256
567c8db0ad4d69bdf423e2badc059a34b8a16d4de8b5a21c758488ba2367f57a

SHA512
47ddeb12079e938067233cd88a43d266278f937caab57edaa7e1bffbf7d9d36aba9f9d8a2c8b606b8585a336a2227ad5d93da122dac2fd8d4555cd9e42c47cc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
5b4c6c4ded12f1059015b528c826ea90

SHA1
3c59e7a9d56148797211010d94d4ef8ec6117eb5

SHA256
a1b793bc2acabab06bedff3935536756ee3fa1eb5feb939992afd4318e006758

SHA512
3fe8751f870ec0b1258a1f325d92fd12b508255ec403a55b243853d8822de033fa818eea51678430abe65f3e53cc76765e16a7f5cd3feed79e731081cf724ba9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
bf82c9ba8725df400c2fec0dfdeab68c

SHA1
48705805d13349668cbe359a02722b07b28bd5cf

SHA256
8e435c67a507e46095a7e0ca4f533f4dfbb9e8b8d9f0bb7149a08dbdbe2a28df

SHA512
aa99425c43be28bc41b58836f38881921cfb6e8dc9d6eb9d226b92809c2a47b422ed30004bad24815f9843598de23a7d7baca3eff45ff3af6769f850e64e1384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a326b.TMP

Filesize
87KB

MD5
cb26dfcf2b8a53b7a318f03b0b5a2e80

SHA1
e3e15496a2b28f06279687342f40a5b11c6e1f69

SHA256
552610507f02684937542d90fa0eb916f301860a7fbfa74f3104a84e6c778e65

SHA512
a4bd138051571c2050443977383e72ede63344169dee96bb6daf970877195e6ffbbac4a1d17cddab4ddc5b751be9cf0d5c8a3dc48da84429691b2dff15ed3103

Download Submit
C:\Users\Admin\Downloads\Manual-Installer-V4.98767625T76545R980G.tar.gz.crdownload

Filesize
2.7MB

MD5
712e95f9d0c5c7359aeaab697e099f9e

SHA1
9ff66a4d79e060d764093b70fe68949b62edf439

SHA256
d954514846c34e32e4cc7a29b840e4842a9dc7146c7daeb8ed454e301f52f7bf

SHA512
7582f4d0a001df350a0ae4da5e189388017c63345dc06e3c2656baa3e931688b4e8c0c127b107730f71dc3723e10ebf67fd1de17edac6fd29f15f23fed296b9f

Download Submit