c2a1b97d657542e949496bc96e5a6c4e0beb101a629e7591519d0cb7e906dbfa

Analysis

max time kernel
810s
max time network
700s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05-06-2024 08:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm-V5.0/MonoMod.ILHelpers.dll
Size

6KB
MD5

6512e89e0cb92514ef24be43f0bf4500
SHA1

a039c51f89656d9d5c584f063b2b675a9ff44b8e
SHA256

1411e4858412ded195f0e65544a4ec8e8249118b76375050a35c076940826cd0
SHA512

9ffb2ff050cce82dbfbbb0e85ab5f976fcd81086b3d8695502c5221c23d14080f0e494a33e0092b4feb2eda12e2130a2f02df3125733c2f5ec31356e92dea00b
SSDEEP

96:XC5172VL9HZNBrfq7LgcA6S8I2DqDXGnADX62WuauAuRt/0:q8xDfYLgcAMtAXG+rPVL/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133620499435607495"	chrome.exe

Modifies registry class 1 IoCs

Processes:

OpenWith.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings OpenWith.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

3884 chrome.exe
3884 chrome.exe
3884 chrome.exe
3884 chrome.exe
2700 chrome.exe
2700 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

2212 OpenWith.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

3884 chrome.exe
3884 chrome.exe
3884 chrome.exe
3884 chrome.exe
3884 chrome.exe
3884 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

chrome.exe

pid	process
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe

Suspicious use of SetWindowsHookEx 11 IoCs

Processes:

OpenWith.exe

pid	process
2212	OpenWith.exe
2212	OpenWith.exe
2212	OpenWith.exe
2212	OpenWith.exe
2212	OpenWith.exe
2212	OpenWith.exe
2212	OpenWith.exe
2212	OpenWith.exe
2212	OpenWith.exe
2212	OpenWith.exe
2212	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3884 wrote to memory of 324	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 324	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 3852	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 1720	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 1720	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe
PID 3884 wrote to memory of 4144	3884	chrome.exe	chrome.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\XWorm-V5.0\MonoMod.ILHelpers.dll,#1
1⤵
PID:2548

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe869cab58,0x7ffe869cab68,0x7ffe869cab78
2⤵
PID:324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=2044,i,9223988931706070491,14227881156360592346,131072 /prefetch:2
2⤵
PID:3852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2044,i,9223988931706070491,14227881156360592346,131072 /prefetch:8
2⤵
PID:1720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=2044,i,9223988931706070491,14227881156360592346,131072 /prefetch:8
2⤵
PID:4144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=2044,i,9223988931706070491,14227881156360592346,131072 /prefetch:1
2⤵
PID:4080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=2044,i,9223988931706070491,14227881156360592346,131072 /prefetch:1
2⤵
PID:1272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4304 --field-trial-handle=2044,i,9223988931706070491,14227881156360592346,131072 /prefetch:1
2⤵
PID:1172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=2044,i,9223988931706070491,14227881156360592346,131072 /prefetch:8
2⤵
PID:1792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3944 --field-trial-handle=2044,i,9223988931706070491,14227881156360592346,131072 /prefetch:8
2⤵
PID:3240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=2044,i,9223988931706070491,14227881156360592346,131072 /prefetch:8
2⤵
PID:3492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=2044,i,9223988931706070491,14227881156360592346,131072 /prefetch:8
2⤵
PID:3252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=2044,i,9223988931706070491,14227881156360592346,131072 /prefetch:8
2⤵
PID:2944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=2044,i,9223988931706070491,14227881156360592346,131072 /prefetch:8
2⤵
PID:3804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=2044,i,9223988931706070491,14227881156360592346,131072 /prefetch:8
2⤵
PID:4560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=2044,i,9223988931706070491,14227881156360592346,131072 /prefetch:8
2⤵
PID:2420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2816 --field-trial-handle=2044,i,9223988931706070491,14227881156360592346,131072 /prefetch:1
2⤵
PID:1648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4504 --field-trial-handle=2044,i,9223988931706070491,14227881156360592346,131072 /prefetch:1
2⤵
PID:3804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1604 --field-trial-handle=2044,i,9223988931706070491,14227881156360592346,131072 /prefetch:1
2⤵
PID:2500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3116 --field-trial-handle=2044,i,9223988931706070491,14227881156360592346,131072 /prefetch:8
2⤵
PID:4700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3616 --field-trial-handle=2044,i,9223988931706070491,14227881156360592346,131072 /prefetch:8
2⤵
PID:5000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2636 --field-trial-handle=2044,i,9223988931706070491,14227881156360592346,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2700

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2244

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2212

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
b746aba135061784efc3742c333d2781

SHA1
5711fbdad18720bc211a4fca99190b63ca5992e6

SHA256
15cf858b40552103d2de5b241556d9cb5366c47c475498d23436acd35e6c8dca

SHA512
b0581947dcaedf2c5860395ee947291175d8f1635bd953073b7e4ac36e6e03fdd1d4e5bbcadcf9a63db35f0101787b5fcbf60a0535319293d15a2458c92fd76f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
19a300289ce439be36446b1e0388d5d2

SHA1
3abcc13f0d5a936f0bb53205c5a698fc473d247b

SHA256
76e2468f877c70c385cc6feba10474cae9092e99eccc5a7f4ecaff3adb7bd45c

SHA512
1790432fe4a8dbb900250249b4d03ecd6fbacad1b38fffc3d7184f49687c4e1b50754b68aafb29169c76f186e8bc1fff263801ee4f1ee8c91cc70903ea9b7ef4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
ebfe9973c149a78116d0bb6f35f3db8f

SHA1
5cfda60341d47cc34230c3deac239167249bd223

SHA256
06a8813777124e2e428d9e5087aad138f69e978ad2c9c38068dd82795aee5db4

SHA512
181735ce5b7ee4b37b49b028f9625859fc3dcce452a0dd0f7ce6d101eda87e9626e9f42e242b25d288e3194a544c9c79b4d8176888e759976b43c5ec992c7918

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
586593d4df223d1e32719d455556edfe

SHA1
2d12d47bf288bad4ee1eb687434dea362bb08b20

SHA256
31bb7bcb655ea1cdc2be13e2cd231164d83ffdeabd7e31ff4423ef0c78880f93

SHA512
1dcf9abb974155374ca3da22212c74099d393387a4732634c8db89f2938114864658a1c50368ea1cff59124460b98df34004cedbdeea53079f151a624a4244eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
690B

MD5
92ebcc25a23be3ef98ceac902fa240c9

SHA1
f62a96d4ae2e348b3ea84e1b4d2a0b53fb2bd705

SHA256
3537cb8ca1a33e0893a3c17e5e7cc59b99b1f3eb4ca32081a154e9cce4500b6d

SHA512
4597822981b013489ec846f1470b5a5475881709f3f3e4cbd3e90630e5b1e1744af303a6c8281376cc7f0ce456c21b9a09b82e5e24ad19d1351c04e5563080a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
1b04d5fd75e7e18093cc4b34bddc3643

SHA1
daadf9bacebdafadc927d2ee716cd8456389b56a

SHA256
279b0252b56c9c6f50aef2a1bfae0ecfda94c8c1f695447961a5949174bb642f

SHA512
80349b153ed71f456f54d51c21c823bc11c96d1d68d844254379171f2ca15b384bcbcaa073d0a4a75b0287a6d025200478de7b94d048531a65f955c7992a3c89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
773a4966e236595b553cf55e7d068c27

SHA1
3482fd5d6dd61df166d5445727c3a92723611786

SHA256
b53b3f36bf38e8735ddee733d0aa1acaf8c6326bf8d726ccb842ed13317f42ef

SHA512
899a08f22a4d6aac03e0cad37d1f12eacb8dc2542391870354eef4585ba3fabbc75cab629eec955bb1ed9593d4fb49200e09004bb4624e67ca92c68013a13715

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
c487a207b43cb407423a1b617fb2e17d

SHA1
16039118f70fe80c7ca0d39bfedd2700e43fd638

SHA256
1da86d14ea22716f9f7f0f9e9312c0da7fdea8f7fc02b9de92564ef8c1fea474

SHA512
1bde7521d2c6fba1c1f3d4d936bcc13e300b7435b81507e4862ce90138f5a98739227182cd78fdc04720057d2f16aa1ce39f8cf3e79d170cbc11e83eb84d4b6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
967535e0965a897131770f36e4b41e6a

SHA1
f33bfe38ef82055953db1b0fde38cda8f3eadaf4

SHA256
f63a2ff06c46a169078ab194d4ee0a83d9a625edd6f263ada286782d293b50ff

SHA512
ea066b9a07f42cbd905a246b1c86dcf25dc2ebf9add6d71fe303eddf26cca0fd89ce031b21d125d22b40c145ae915733d2c83d2d6a86fecd95747304fcac1e9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
263KB

MD5
3d8c83be6bf3881e53138a52b7def19b

SHA1
c9305bd86ac348dc2c5c0a7c166c4e07ad684e96

SHA256
7b8cb077d244ede607bedace7dca3a708d8b0bb7f5ecf2f1384b39c2770ce234

SHA512
d963ff403861cdb28e167b07ed5c4d2c65ced1846db8f744d4da63e3762505d2bdb6e78c6070abeceda74c7156548794d66a9e6584e0291ece725824dea5cfd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
283KB

MD5
4ed96e5e73ec27f527ea27f7059aa238

SHA1
99967b414779572291b1a8484875e5d14e7f4495

SHA256
10979c30c167fa24d1bf927a340f2ec7829aeb5e7423db548f3682731772c93d

SHA512
61558a8bc85e79d26f71460a9e64c0729a79eee3d2f886a00729e5815e0d657983c52191ce97776bc1cf2db4cd171548636fd1b73f4e9897c03cb83f8da0f9b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
263KB

MD5
d6f01f532f76fc60416700dbe234eeb7

SHA1
55903d9bf90c61bf6c1128b5f60ee692df3e928e

SHA256
2053480b0cb3518d5bbf051619df6dc5cdc8e165e579f91afc1a0326955875ad

SHA512
aead7f321c89a508044dbf93aca42e0d127c3aaa913f5bf3a355b49778d583a7a251aef62a9f3cc6bf538a838bf385507f1c13699aa5f7dcacd8c776cb0eb57b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
92KB

MD5
a60edb2649b3dc88ee9ab8ee80675139

SHA1
0a4fea31c1a6d020e36aebf542f2f6d5946666fe

SHA256
577b819c13aca3530436c0d6ffedf1f6b0a63f4bdd67c029fa06dad88a48c0a5

SHA512
c08579face19c92a7443356110d08eb63215914884fc8df0b4114fe7a19428ef3c8329191a78e1cc82fb09ad32cbe878bd8b666cde37d2c3c531d9984ef1c2b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
96KB

MD5
397d069b7295114aec26209de406d710

SHA1
60bef29245f0123eab50f8f9f6f645765345f691

SHA256
054daab51a670b3c67354321232fcb5d07424bb43677f8ff81700fd53fc246cd

SHA512
8065ad78b77f4a0ff1f4b946053bb965c12f9a74c68cafaf2f54149a508e6da459fd37c3c6f80ac2f20d5fafe22eebbd79cf4c27a97e5adda7a8c2f8013da3de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe594e36.TMP
Filesize
89KB

MD5
e1937bba1e674cfa8d1c2624d695a8e9

SHA1
3b04efd6d9fe5d97a68e83f006e1f7a2805ee744

SHA256
658e3c139313e32104b32f727853ecd1a4c2049aa390a630b95a0ffbd5b7bc92

SHA512
6862103aeb794d88f676fd0bc77898552cf54b8adf6c26aef1e65b4d96e5276ba5827bd36fc5a5de0e1bf6dbc26deffd91814b6db999ec0c3f8bff807dffc7ed

Download Submit
\??\pipe\crashpad_3884_PBGGAGBCEQJBHDOW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit