70e4b9498db206311908582ae3a03e52663b50aeddf45b42438249fc4ce465a6

Analysis

max time kernel
731s
max time network
725s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 15:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.html
Size

312KB
MD5

6b6a2d42fef84ccbb9ee302a7ca1528f
SHA1

be1d854f45374018e58631152a6658bdb4c3ab5f
SHA256

70e4b9498db206311908582ae3a03e52663b50aeddf45b42438249fc4ce465a6
SHA512

666d4196d157bb38902f7adc5c1b94fb0de9db63d99aa905d98dcce48660a345e2565bdb06a36e454b8fc4dcf63d6ce83928f090e9087fd90548ec9bef94c17b
SSDEEP

3072:4iDgAkHnjPIQ6KSEc/ybHUPaW+LN7DxRLlzglKXVA6k:LgAkHnjPIQBSEBb0PCN7jBXVA6k

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643222964374424"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
5000	chrome.exe
5000	chrome.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1696	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe
1696	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2592	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 3220	4928	chrome.exe	83
PID 4928 wrote to memory of 3220	4928	chrome.exe	83
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4612	4928	chrome.exe	84
PID 4928 wrote to memory of 4936	4928	chrome.exe	85
PID 4928 wrote to memory of 4936	4928	chrome.exe	85
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86
PID 4928 wrote to memory of 4628	4928	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9255ab58,0x7ffe9255ab68,0x7ffe9255ab78
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1880,i,2583636776926696445,4616390169038007691,131072 /prefetch:2
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1880,i,2583636776926696445,4616390169038007691,131072 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1880,i,2583636776926696445,4616390169038007691,131072 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1880,i,2583636776926696445,4616390169038007691,131072 /prefetch:1
  2⤵
  PID:332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1880,i,2583636776926696445,4616390169038007691,131072 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1528 --field-trial-handle=1880,i,2583636776926696445,4616390169038007691,131072 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1880,i,2583636776926696445,4616390169038007691,131072 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1880,i,2583636776926696445,4616390169038007691,131072 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4628 --field-trial-handle=1880,i,2583636776926696445,4616390169038007691,131072 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4776 --field-trial-handle=1880,i,2583636776926696445,4616390169038007691,131072 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 --field-trial-handle=1880,i,2583636776926696445,4616390169038007691,131072 /prefetch:8
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4888 --field-trial-handle=1880,i,2583636776926696445,4616390169038007691,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5888 --field-trial-handle=1880,i,2583636776926696445,4616390169038007691,131072 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 --field-trial-handle=1880,i,2583636776926696445,4616390169038007691,131072 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5064 --field-trial-handle=1880,i,2583636776926696445,4616390169038007691,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5000

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2312

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4892

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_ukn-tool Boost tool.zip\ukn-Tools_Boost-Tool\start.bat" "
1⤵
PID:3772

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_ukn-tool Boost tool.zip\ukn-Tools_Boost-Tool\start.bat" "
1⤵
PID:1916

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_ukn-tool Boost tool.zip\ukn-Tools_Boost-Tool\install.cmd" "
1⤵
PID:4232

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_ukn-tool Boost tool.zip\ukn-Tools_Boost-Tool\install.cmd" "
1⤵
PID:5064

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_ukn-tool Boost tool.zip\ukn-Tools_Boost-Tool\start.bat" "
1⤵
PID:3936

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_ukn-tool Boost tool.zip\ukn-Tools_Boost-Tool\start.bat" "
1⤵
PID:3896

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_ukn-tool Boost tool.zip\ukn-Tools_Boost-Tool\start.bat" "
1⤵
PID:932

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ukn-tool Boost tool\ukn-Tools_Boost-Tool\install.cmd" "
1⤵
PID:4436

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ukn-tool Boost tool\ukn-Tools_Boost-Tool\start.bat" "
1⤵
PID:2008

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ukn-tool Boost tool\ukn-Tools_Boost-Tool\start.bat" "
1⤵
PID:3488

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ukn-tool Boost tool\ukn-Tools_Boost-Tool\start.bat" "
1⤵
PID:4232

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ukn-tool Boost tool\ukn-Tools_Boost-Tool\start.bat" "
1⤵
PID:5064

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1696

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ukn-tool Boost tool\ukn-Tools_Boost-Tool\start.bat" "
1⤵
PID:2696

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\ukn-tool Boost tool\ukn-Tools_Boost-Tool\start.bat"
1⤵
PID:2316

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\ukn-tool Boost tool\ukn-Tools_Boost-Tool\start.bat
1⤵
PID:3572

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ukn-tool Boost tool\ukn-Tools_Boost-Tool\install.cmd" "
1⤵
PID:4212

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\ukn-tool Boost tool\ukn-Tools_Boost-Tool\input\1m_tokens.txt
1⤵
PID:2140

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ukn-tool Boost tool\ukn-Tools_Boost-Tool\start.bat" "
1⤵
PID:2696

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ukn-tool Boost tool\ukn-Tools_Boost-Tool\start.bat" "
1⤵
PID:4436

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ukn-tool Boost tool\ukn-Tools_Boost-Tool\install.cmd" "
1⤵
PID:2124

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ukn-tool Boost tool\ukn-Tools_Boost-Tool\start.bat" "
1⤵
PID:2004

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ukn-tool Boost tool\ukn-Tools_Boost-Tool\start.bat" "
1⤵
PID:1936

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\ukn-tool Boost tool\ukn-Tools_Boost-Tool\start.bat"
1⤵
PID:3916

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ukn-tool Boost tool\ukn-Tools_Boost-Tool\start.bat" "
1⤵
PID:4464

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\ukn-tool Boost tool\ukn-Tools_Boost-Tool\start.bat
1⤵
PID:4244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
3ea070e60e7d429e1e61c8db38c29e6c

SHA1
5e299ee911c837db884fb5fef2f5abfe4e9e8863

SHA256
b2a5745d6bc2caf9e182d87fe017e223f6237fdd3768705f02a67a10b4cc2d66

SHA512
bd55194313210c91259cdfbe4e6cbef7eb74adf00b7bb292cf8bdeb109eab962f8253ed0277461b94fe7eacc644648318baed002cca9af07b27b00e584fb7cbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
a578ba445314555d05a2ede8ae13ab1f

SHA1
2cc6e090d21bc2285e5c4ee25440a11ed7067b9e

SHA256
46e80c0f5cf425ddfe20cbf7f99bda14ec7fe931901b9a9355028291c121a6bc

SHA512
c889afaed6a458711a5d500744657c6810a58b14706960fe963383f816be3b982e047f84b67f8310d4cd379eb0838a3bbab38c28ac02dfb46a5f9587bc99a80a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a41e2560c777db45452086c60780b3da

SHA1
18bc3794224ccbce7e2f9a972fde0d07c05a42b5

SHA256
43633509fe3d18b78a7559fa004fedcc62b3d657eac8258bdee4d9d39458f7a4

SHA512
20642916f55dc07a6eadb9c6f6b01981f19c1c68bf431ea28da71272f4793fb3309af3445346fefe01841990e5048b3e6fec11908d8804d88ea2c06dc33139ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
59610ecc91cd2b5ee9923d4eb4bacb86

SHA1
1ed8ca334fb196cd153b4e73045dcf984f7bd177

SHA256
c6404ae844af51dc2929646050761bc4c745baa26404b21088e3c19c0d65dc1f

SHA512
416d43713f369fea0b0978b4a91b04d2ec6e8b169c79ce45d7c86122e1540ba5161ebb07b2b66da07d7809ab035cc9b52abf441554a4a6d172548f4deac31f15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
1b5b38937894c2685912945cf81f0e46

SHA1
4482b09a98f81fc530ba655883e40ecb2fb0e245

SHA256
9837641628adeb1b8e9e60b28ba6f48831f88f106080f01233af5f69175bdb2a

SHA512
461f3dccdf93cd108771abc8929e8512c83d52231bc8bed6d4c7c52aaf56fd6fdc8f26c6798ec14ffe9841fdbb733044a5e63fd429c19f13224b1a4e1d81c711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f9d795817ff3d41123f21ddc55ed05de

SHA1
1e7c813904425203810946566c6738ce6129c9b2

SHA256
d5d4d4f8bf5327a1b6a65a39bbca93ed9dbd4f43259b065dc7b1475ff05e3443

SHA512
53d54e021a7ea84f4e3c7dea1bd096016b999e09d0839adef64e51afbe8b8f0e4083e0d70ae8692dac89f82167526c87bd24300abd0b8f80f30e6b27e430486d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ced2d388773435d532403d6c0c32d26e

SHA1
71d1fae81cefec36f803ed01ef99f825915b1444

SHA256
d01b17c2fac248e83c004444dbd08d45b2c54800b94dbb3491f0b26e34cd3f94

SHA512
9cf7a7d91d20764df608396ac0f3e9f83ec30e4d2c65446c4bdaafe7923f92bb0da5913dc65a23848c3776d20d110567075abde71632026376a9fc9a53dfa1e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e594968abf01de194a39d70650eccdcc

SHA1
77b9aca2bc6593a76a247efa015280238f745554

SHA256
b4f686a9e60c6f8d61a99ad33e106162c559332b4285a87079cc95456c66ff70

SHA512
da87cac816825dba339047c5176fe77901363d0da13623bec8fde960304c3c8c84a347176be57ddce3c55838865fa695d114d8cc9dfd3359c91755c2d5e296df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
efb6116281af8a5be81e145781514982

SHA1
e4f6e4634bcf0087afb267e3537264e7013f2dc8

SHA256
2f2316e8a239d2b4227b0c7f8ba1dffb9200a262a92a70f5f22ad257c2a2a8a9

SHA512
997f68c49fd9cc49f3d9f294a395568f6f97c276471e59c4d3c277b8168742b656a9ab4362969036fe219b304d6dcce14371faefd723d6eaf60282cc8c0a3723

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
8b546ab18dfce451035788b1ef835d59

SHA1
c6aa43926e5d6269bc9e6a0656855fb0a5f2cc6b

SHA256
82002282e60b78f30f23ba728bf935753a43a59eb175cab49f2de7499a1593e6

SHA512
07d4e914b8be2a34a3bde34974be1524edc2774f5ec7001e755bdbcaceef07d7f4195c740300fc06f9e5b67fe314f1e2dd4a5039f1e9d9fcc527a0ae74ca3336

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
f9ef89584dec23eddd7a9818cba970e6

SHA1
a87d072c1c932a1c80ba3e8768460ee6997df5d7

SHA256
65ae8747636452ae104b16d5e4fdd8845fcf260fbe834b9937bc0458da87b8be

SHA512
e2c920dd2fb31dbc0416d9cca79b840607da3d69f723ebdad9b53925f9ffddee7ba4e05d3b7d9f144f13136c63fed4f47f95d307bb2f8161035dbe379cc2f493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
0365e2449b124419e43432df37bf60a6

SHA1
e8bf2b8da073ed5ff8976bbef9397837db3b9974

SHA256
a67299cb07772e5690d73d1a962566cafd3a9a18d49771f86185e6da65b38b8d

SHA512
e8164d0ea7e1372107ec2522f2e46226cada9999e7ad3a23e614854d3020043dd5929b7ec258e1c4afeb5d4215269e2bafde6634436dcfabdc601b0c4e323f78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58d934.TMP

Filesize
94KB

MD5
e1d1f78fa9893067c79b7a923c5c1923

SHA1
11ba3ef61aafd772305a0c6ef972db9c749509ff

SHA256
b3c1366195c67c88f0d9f58215868c41f2730cf5e680f7a8f2e31681ed5b4cb1

SHA512
df1b1cfa09d07bded5b0cf7e21b72e80c8a166433c8038694105171bd60eb80bfd88de68868904d154340763460e051b6c9e831233720901ea76ca9bc86b341d

Download Submit
memory/1696-213-0x000001FDF2C60000-0x000001FDF2C61000-memory.dmp

Filesize
4KB

Download
memory/1696-212-0x000001FDF2C60000-0x000001FDF2C61000-memory.dmp

Filesize
4KB

Download
memory/1696-211-0x000001FDF2C60000-0x000001FDF2C61000-memory.dmp

Filesize
4KB

Download
memory/1696-217-0x000001FDF2C60000-0x000001FDF2C61000-memory.dmp

Filesize
4KB

Download
memory/1696-219-0x000001FDF2C60000-0x000001FDF2C61000-memory.dmp

Filesize
4KB

Download
memory/1696-223-0x000001FDF2C60000-0x000001FDF2C61000-memory.dmp

Filesize
4KB

Download
memory/1696-222-0x000001FDF2C60000-0x000001FDF2C61000-memory.dmp

Filesize
4KB

Download
memory/1696-221-0x000001FDF2C60000-0x000001FDF2C61000-memory.dmp

Filesize
4KB

Download
memory/1696-220-0x000001FDF2C60000-0x000001FDF2C61000-memory.dmp

Filesize
4KB

Download
memory/1696-218-0x000001FDF2C60000-0x000001FDF2C61000-memory.dmp

Filesize
4KB

Download