a693fff41c4e738cfa6b7f0e9bcf51ae341b276b81189fa698f0c0ede4a8a54e

Analysis

max time kernel
149s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 21:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Kiwi X/Monaco/classfunc.txt
Size

1KB
MD5

bf32e93d11011eb780619b3e17fb824a
SHA1

f0fa7dbd2577b83a5d5a81622557ca05966d292c
SHA256

519da000de235c331f10660509fab51a1815ace566b8ae5b511b75813922dcb1
SHA512

5d0b4cc09c5966b3cf806b02816eb95dfc42c7e4c2056b37d254d835459444c796759795e64c3171453b5bd9d70d2705775e7200a0283725676f26a39323dc9d

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
428	winrar-x64-700.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598511409446023"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
948	chrome.exe
948	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2236	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2236	OpenWith.exe
428	winrar-x64-700.exe
428	winrar-x64-700.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 4632	948	chrome.exe	102
PID 948 wrote to memory of 4632	948	chrome.exe	102
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 3564	948	chrome.exe	103
PID 948 wrote to memory of 2656	948	chrome.exe	104
PID 948 wrote to memory of 2656	948	chrome.exe	104
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105
PID 948 wrote to memory of 1056	948	chrome.exe	105

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Kiwi X\Monaco\classfunc.txt"
1⤵
PID:2340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4068,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=3964 /prefetch:8
1⤵
PID:2524

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff94bb7ab58,0x7ff94bb7ab68,0x7ff94bb7ab78
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:2
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4224 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3612 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:8
  2⤵
  PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:8
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3948 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4792 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:1
  2⤵
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2748 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:1
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5080 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3096 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3504 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4200 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2992 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5620 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6064 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4164 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6112 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6020 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:1
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5824 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5224 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:8
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:8
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5824 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5224 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:8
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 --field-trial-handle=1688,i,12156256563008036422,14660370868587859748,131072 /prefetch:8
  2⤵
  PID:1932
- C:\Users\Admin\Downloads\winrar-x64-700.exe
  "C:\Users\Admin\Downloads\winrar-x64-700.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:428

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4888

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
64KB

MD5
475b50689dfe5ac600b3de04ace088ea

SHA1
fbb328c285b985d98e436e1a2025dc2ef814f08d

SHA256
bb3580399452f7fc44aa591302242cc83e1a1c5daad646fcc2d1d3e81b9b7bc1

SHA512
55bef283c23fe00a25ab86c8e62df455236bb4a114d72da8986d0ab51b46567f195d35f94de1e133ae61e95d121de99938aa02e80abfd38c3c841fde9214c381

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d50733caf4c7ffb51da6c7991df4f82c

SHA1
1ea0beebaa73ce8b168866f77b35b697e18a2dcf

SHA256
b14626152b43b6177dc58787f8e3b906a233c4c79ea57f5b274cc0a6dc0b1aac

SHA512
b07fcf6424a35cc7f20ee21144a0d60b51f354a83a96881bd8a2ad011b02447577d92208540cc3f3602bf0808d7deb58fd1a0f9d65b5dacc4751d52f9fafba93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
86e5482db685a008538c5c7686330dc9

SHA1
7e85cc0e4a09a083ad7252263f2361f106aec2ee

SHA256
e1340256951244ad42b26ea842bfa82ce654e216e9d088e7ad86b78d31588ff3

SHA512
ad840559b8559d08fa830bec2b4dfcf588028b9c61fbee79de20a0e88436ce2365d06ab0e7deaeafd11fdf1ce9b9e83f1192b408776498a82d1d148abf295643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
15d3ff7c7b25c3f1b90db3b65c76b3b5

SHA1
b9759e3e92ce0acf0eb57e74707b3f6ac0ef29ca

SHA256
f30a6c3b2afdc426e1978815be32b80d4b040ed01db1b33177e3184ace2d227d

SHA512
436485417246e53fa514d984af2afaa94d3e54b50b4b5ae902f89c9f35b2b6c5e68c1323a1ea334ad70e09d34807975b7e2a4346512001d269c3fe60bbcb8e9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
94ef98aa491459c5abfa6e2b98223df3

SHA1
23d7f2490cbe6f7ce67c75aed4fdc866387c09fc

SHA256
8e4d1e35270d6d7fd5613a43f6084a348287828652326d2ed848cd5709081bd9

SHA512
ad8d79e7d2c397888e2a4ab6fec0adfd4d53f4b280772c3791fc74228fa597ebdd2e28c21eb4f2e67e5dc7b5215a4d40672fd997ea2105ed08518e8d02f3e978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
779ed410f3d1637272d70691088523d8

SHA1
1444bd15227096a78eb9c06d39148fa31ce06351

SHA256
e1475d103f232e354ee989ca697133cd2a05b6fbb30eb489aa5d125e94f39e55

SHA512
0fa04faf81e4f8cf508eeb2558930687ed20b806d8a367940f9a50b7e606327dd640f81c6067ab7c2ae1fbcbc079083f9548b475231cb9aca2bbacb58d8c824d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bb8e563d51e034a154a5280f73911b9d

SHA1
bd8aeeddfb7d3a26bde27e12864513f02c80ec6c

SHA256
5bdf303d13e5d44cba2cfd156fc2f7587996c020274681bee237adc1e7c1f9aa

SHA512
9a5d6dff00675b5fca0e40be2301a8d283bf1cc050fee0aa5fe19de16f85ba5b9e83711d3615145e6fc070d6a3c67863441387ba0f70f6b87e13a4a521ab523a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b884e0c4be2cc760b0dc147e91d68883

SHA1
2948755715605cdf38ff157e586741a7c1eaf0af

SHA256
27b0bc8df97e162b794e00188dbc7cbce189e9608428288f82685328ed6b0bbc

SHA512
4dfda50a2b0c8ecbc1f233a83bbae573711e19ae23f6ad94d31c2f31c23886dff33a824a6f1ad8f9d6fe58bf46f546e5c9c76693ba65e2277c6feb88335b0791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1acade3e55da38606acb56b0e719305b

SHA1
31cb425d3f5948ad89b5c61f2d7cc3ee0d5c585e

SHA256
afeaaa517e9beeed37b5edc4ef21fdb5450f369cae6d0c254638a4f9249a0c0b

SHA512
d279c41f350ed8e447b1a4c6d619242a309555d65d0cb206bbdd11514e76c97ad29b39ee9da397fc210c2887f0bb4f5b60e4ae3ebf0d97fc7cc41f48900ab230

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cd8cf87266d66833bfbc0947be3c0dca

SHA1
123920e8e0b1db516f251e51e48f3d33cf14e339

SHA256
11173471918b75d69b06d05e37ac8122bc2cabb891a6d6d04a9b3527ffe90c5a

SHA512
eff05b3c11310dfb6bf7b2295b8f2d0b737f03f65575b8eec6306a20e011558a988b4d3709fa42cc3c9b134cff471ce270db7c3eb3eee8e4f3e3dcb3273205e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
07a0fcd0f742ba8ca3be48b36ef962ed

SHA1
23dde8bef70c3d93ddada9a3d7184ebf87963ccc

SHA256
2d47bdc556dcfd754429aaba4b823eb43dc4417236bad9cc2e6d974aae2fe443

SHA512
5f2b2dc48e4525a7ceb04749e7a542f8fdf897784a0fa14ee6184ca99ef254da72922d29540eaa2c8f1d1db2819d8eaa8a235ac64df4d49c043ff9412dc4ae0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
91173e86b8b6ca29da86b40dc4d2fe89

SHA1
d93e44b097456cee7edb6116597835eca239da20

SHA256
476840ef5fcde56d0e4c14738eda22d9ca9ee52a4d937aec11122f4934b44373

SHA512
6954f0f16de0b126d6699f5d8340143348a0dc0163977049ebfd1e8dbf87e7c218726f50bf2607eb35d5675af0ac0348af36174f79f43c6728795edb45a17bac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1cb1b75880077cce4923401fc73a2867

SHA1
a1e5683597437acaf53b119525c15cc2ba782008

SHA256
d7feba6500c655b92416a4df53029e78ebad7752da2153480d34784a1de75f97

SHA512
9f9e1de363a0bd3a7b478508e05012e2dee3182e8f765333bc6e1a982b0e061331b614fc815c6797bf0d1d44f9a046bcbbc58d385dc395822a6b9ea941935510

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
61d0783352d30285a9e5d4ced3433789

SHA1
f4395d081342a03449fd2db586e993f2aab9f7d5

SHA256
5a48ef20de261dac820600857d25cb9bac62c9fd31e82eb9a9b6ef46e3a634a2

SHA512
406e30b3aaf8f7d00d5fcfc30d6e1122ce0f2fd2510bfb6c1cd86e2c4df092bdcf8dee46b8ba0c6074a8ed108d6a11e56dda13177bc8e4f7fe3c56c03c3bfa5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
c7e95d8e71c3c564b52cf04591a16793

SHA1
d312fa2b2ca65221c06238b88fd0cf25126ca446

SHA256
0f602f2d3fdb4807d1e2f37010a080c56a341d5d9bf30876e085520ad5433ba4

SHA512
ec04836e07cffdaa9f2fd779cda8fb67a646687d67a84a44dd146d70f8e2cd8a7667a09dffb8404a45fa07b9aa495ce48a9085591129304aec612ee16b13ceed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
b1b08dcfe3b395b29862972ae460fa19

SHA1
6ec827fd36c8002926c522ef5fbaefda49ec4a28

SHA256
29de1b1b0a7c82a6586b73119f687af7b34e319fde9f903decf1590ba30b15ec

SHA512
5d13101cef484f38e081695e49f8a810885a3c7970747ef095595e3491216926c9f3e52e84d8eb98ae26b62ab32bc7fa54444d883a314ceef0309a2845f70169

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
6c0b1550aa9100de0cc66fbc09d3f742

SHA1
2555a7d852e6709ad7e5f2cdd84655494dc71a6b

SHA256
298e5b103f4a0e0af8c71d8450a036231b6d0ccc4bde2ac5cbfb490e067ddaf6

SHA512
fffe00403b2f7b06da929230fd171b8c329782f0038b4694ffb5ad898b306daa89f577cfcc378b4cdfb9bdfe6d123a0d94ecc81f4daa15503790cc2f16d17206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
322fa359120d3f4fe2511ddb499b31e0

SHA1
f5eb86107b7df558be6010fd8c6d58f8589cb02c

SHA256
d34eff8ec125b4612a5dfd8cb4ca39f477e5a2d863431f14c5b7625db71f79b2

SHA512
436bc0f91960d5ef06bd88ace6ecaa6418d155d32581c8cdc99564bbcdd7784981386437cd8d9d737fbcdeef46244011197afe801d6a3acd646dcac05c121b64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
b99ca2fc940776ca581fc66cd94277f1

SHA1
07dea0a18d3ced186355e131a21ba17fec37280b

SHA256
ced6e6b83e2183a0b59343c9d5bfa4652c2500ce22732f2b5ae94ba256aef0ad

SHA512
6f40a6a141d44d2edd2f2fb8cc2a8441caf8312f400d9c6ebc17979c20d4a9bed5da4c72c3d7e4cb82da1da345ea10dae8a4cb5bb8d80b8845bf378c18b36eb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59966a.TMP

Filesize
89KB

MD5
3a7177f77914830712cee96174e7e51a

SHA1
3c656684e94d4e9344159becb8812135045784ad

SHA256
4ba892e2f5b5efadd61445c86dcaa9c06f0e392b5f592933c1ae8a9ad884bdef

SHA512
03b0810727d0e6b39012ee020f2a44dff198bf44e0c6d098ac34d2d6e6143e041380a72b985f930c772240cc3dcf7b35cff3ae5d8cb6cd97baec85e7f60b5bb4

Download Submit
C:\Users\Admin\Downloads\Kiwi X.rar

Filesize
28.5MB

MD5
0aa7defe6f32e1e2e024f62f72178af6

SHA1
d8d318688cbc73faac2adfd8609e110997ee2c68

SHA256
a693fff41c4e738cfa6b7f0e9bcf51ae341b276b81189fa698f0c0ede4a8a54e

SHA512
c8e0760d60495a2a9e8e7762132cdeba8ba535effbb58fdfc26fa3fb9b13404f92b7af85b54a185157b43bd5411d2d626048983f02b50cbf9610ce8aad570802

Download Submit
C:\Users\Admin\Downloads\winrar-x64-700.exe

Filesize
3.8MB

MD5
48deabfacb5c8e88b81c7165ed4e3b0b

SHA1
de3dab0e9258f9ff3c93ab6738818c6ec399e6a4

SHA256
ff309d1430fc97fccaa9cb82ddf3d23ce9afdf62dcf8c69512de40820df15e24

SHA512
d1d30f6267349bb23334f72376fe3384ac14d202bc8e12c16773231f5f4a3f02b76563f05b11d89d5ef6c05d4acaacc79f72f1d617ee6d1b6eddab2b866426af

Download Submit