hxxps://gaminghypes[.]com

Analysis

max time kernel
80s
max time network
83s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 00:53

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://gaminghypes.com

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 11 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "137"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133597760004856705"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	mspaint.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3100	chrome.exe
3100	chrome.exe
1640	mspaint.exe
1640	mspaint.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5012	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1640	mspaint.exe
5012	OpenWith.exe
4020	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3100 wrote to memory of 2448	3100	chrome.exe	90
PID 3100 wrote to memory of 2448	3100	chrome.exe	90
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3428	3100	chrome.exe	93
PID 3100 wrote to memory of 3724	3100	chrome.exe	94
PID 3100 wrote to memory of 3724	3100	chrome.exe	94
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95
PID 3100 wrote to memory of 3516	3100	chrome.exe	95

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gaminghypes.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9496eab58,0x7ff9496eab68,0x7ff9496eab78
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1980,i,9938610684669343651,9278318524618148574,131072 /prefetch:2
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1980,i,9938610684669343651,9278318524618148574,131072 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2084 --field-trial-handle=1980,i,9938610684669343651,9278318524618148574,131072 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1980,i,9938610684669343651,9278318524618148574,131072 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1980,i,9938610684669343651,9278318524618148574,131072 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 --field-trial-handle=1980,i,9938610684669343651,9278318524618148574,131072 /prefetch:8
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1980,i,9938610684669343651,9278318524618148574,131072 /prefetch:8
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4536 --field-trial-handle=1980,i,9938610684669343651,9278318524618148574,131072 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4596 --field-trial-handle=1980,i,9938610684669343651,9278318524618148574,131072 /prefetch:1
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=1980,i,9938610684669343651,9278318524618148574,131072 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 --field-trial-handle=1980,i,9938610684669343651,9278318524618148574,131072 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4844 --field-trial-handle=1980,i,9938610684669343651,9278318524618148574,131072 /prefetch:1
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3364 --field-trial-handle=1980,i,9938610684669343651,9278318524618148574,131072 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5032 --field-trial-handle=1980,i,9938610684669343651,9278318524618148574,131072 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5164 --field-trial-handle=1980,i,9938610684669343651,9278318524618148574,131072 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5144 --field-trial-handle=1980,i,9938610684669343651,9278318524618148574,131072 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2412 --field-trial-handle=1980,i,9938610684669343651,9278318524618148574,131072 /prefetch:1
  2⤵
  PID:4460

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4104,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4160 /prefetch:8
1⤵
PID:4224

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\GroupTest.jpg" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:3732

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5012

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3903855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
934707db0c41ca9c46c9fa11c1dcdc46

SHA1
e10f94c65a4e1dee0ce0750275371b609cd596f9

SHA256
e78fd7033baae58a2ed46bddd0757e3a993da977d3ba612818f8d35b2b75d560

SHA512
75e180a97c9d013571fc6ed5e4f13133b68229d19ac4ed27074fc33eb043073e7481af1e6d30df3e733617fe44b09d6b320ba62069e08ea3ebc4010ed12e6791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
3ae576dd330538736e28c2603933cd02

SHA1
d42af50312e2e5f3f6650931f0a48e5fd8e42df5

SHA256
f99f8b1b57de549f35deb10104075ffae53b6433ec9cafb925abee84d0e20d9e

SHA512
79cccf60433b7ba44337aef2bdf2261752889144626465f9d1cf7b89cf13f98409079880491f5a86f86c07c9c0e92be4aa1653568007c2793d2e9872e9a5d29d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0f95cb3ee8e4ef6fe0ed1ccabc4464ff

SHA1
d491d19f8078a86afed0e2cd35e1c91ecf89df60

SHA256
baf21c57e516acad4470dfc9799c4faf3351b56890e31d63cd848794a8026d7e

SHA512
cc0f551086ae36177f06962ec6014b9b3b26da5d43693897a8b26fc1bbd242e4d6ffcc3c1d6ba7b383ef97cbd007598ff06e8c1a50b747328a84ce3041a77f3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
09118d53dfe6171ba7c675553c153f78

SHA1
da9a58606fb8ee2cbd5b25a318df29fa9a339fdf

SHA256
15670ec15000c25cea58b140cb0493262d21b738306ba44e1c463f5ea5b4a8b7

SHA512
2cf09ddfbec15f699bc188a8401f80a95c855cef5ddfea7fa811914fb3bf565aaeeb0b2c49e50831773e0a3028758ba9a9f54c34fb204c940526eb18f82e52b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
11b9cb6f99341800cdaba49138fc6490

SHA1
7559e999eeb20c7c1920a69772c0d3321ec7b9e1

SHA256
f2faf97d0280c45a74056a8dcf5d4ea4c61690e10eb11e4a4b24d2e7468605d1

SHA512
738a2666eed31589d6135172df1234b5271debaf7ad6f0af5b7aa545fc53b208505b1245fa1591d6b45532c6babd780480aaae25bc9372f634a38b5d0ef11050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bd9335e11b88d1c1b94997b5059aef3c

SHA1
9dc6fd4cb6e6d42c32aec5c3cb771298f1c62424

SHA256
9dbf76860a820367cdd97f6f4d6e6affcde5589fa8c21285ccc07a45b350b4ef

SHA512
6868a04868955376ee9bbee4d8afcbdb1cd10c0b74936273cfe117b80c47b5817a414d4e0911f7548ecd1e8f2ebfc73aa15b597afa5c00aa477b78d56c05ddc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a0f6ee9d9b0abb20dfa7bf60d1f6b94e

SHA1
8b591dab33e5633c805ce22bff8c58ffa4fd1fdf

SHA256
08fdcbeef62d6ef807e3b183e28498fba426a7c1353a4ff4f550a5376504ea08

SHA512
0bb145d5eecb85eb4617744163e20869ab529a183252718e756a75b44104ba2bb9be5f492695ae3953fe1382595058f1b589b124b6a1435759d4fdc42e2eb1be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
049227a166eba7a9549af378fd56df62

SHA1
1a662e714ccb931fb984c9c837250cbe60707642

SHA256
b8c3b179e438c7345f4e20b94b263382c26213021d6ee8b29d848ad0ac1d74fa

SHA512
9fa567038ab9021d03c41df708a32d3a6e7b23bdf0084794e828224f7b520b0893dc7e80675d832884f072d54291509108a03c73a51781081be443a377a9ecb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
46634f1b40c80a0ec83038eedaaba748

SHA1
f3f91eb154aca7d969025bc975b452d47ddd963b

SHA256
8e33283de9251d241a3f89869051d3e95c40ab9c92c92d7acc4dac3725d97df3

SHA512
9482c9839b29f40559b37b82b03ae746ee770737759330fdb95434a7e43e6e6b55431ba33c1495cf1d71696273bfbe5930b680887da3a6ee0f0c3121f1996caa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
9c2323dd069e76172583afb0677804c5

SHA1
abb3124cb3e3f2e612bd1f945803ac609aeecab5

SHA256
f1875e44fc587be5cd2bfbf4b87ebcf9270d5806e729af837a2e6babb29de7af

SHA512
683a05d5e070d9b1a51b5f54f315011e006f5089f528604dbf78c40ed80efc2b2780fe6f59fa9df0e6dd2c06bb30887b75b0c781621ca99475c9a145457defe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
28ec2a564ea17af9ce02fec97aa615d0

SHA1
03bef1038a9e6abfb7bd80f0e29e9fce0c94ba0f

SHA256
d17b68db6400d6b0270b7a3df0b9c2c6b8dd8c2bdd22c2642f3b85a7967abb5b

SHA512
0d3581a14b43fe4581061677ac4573421631ffef85c659285eeed45b6a439a504d372119407816e374ba732805e1fdda0e8e1884d0527c48f94b5fd2f595d44e

Download Submit
memory/3732-284-0x000001D35D260000-0x000001D35D270000-memory.dmp

Filesize
64KB

Download
memory/3732-288-0x000001D35D2A0000-0x000001D35D2B0000-memory.dmp

Filesize
64KB

Download
memory/3732-295-0x000001D365560000-0x000001D365561000-memory.dmp

Filesize
4KB

Download
memory/3732-297-0x000001D3655E0000-0x000001D3655E1000-memory.dmp

Filesize
4KB

Download
memory/3732-299-0x000001D3655E0000-0x000001D3655E1000-memory.dmp

Filesize
4KB

Download
memory/3732-300-0x000001D365670000-0x000001D365671000-memory.dmp

Filesize
4KB

Download
memory/3732-301-0x000001D365670000-0x000001D365671000-memory.dmp

Filesize
4KB

Download
memory/3732-302-0x000001D365680000-0x000001D365681000-memory.dmp

Filesize
4KB

Download
memory/3732-303-0x000001D365680000-0x000001D365681000-memory.dmp

Filesize
4KB

Download