hxxps://github[.]com/Endermanch/MalwareDatabase

max time kernel
137s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-08-2024 23:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

Processes:

winrar-x64-701.exe

pid	Process
868	winrar-x64-701.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

Processes:

flow	ioc
53	raw.githubusercontent.com
54	raw.githubusercontent.com
55	raw.githubusercontent.com

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

Processes:

chrome.exeOpenWith.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid	Process
3452	chrome.exe
3452	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid	Process
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe

Suspicious use of FindShellTrayWindow 44 IoCs

Processes:

chrome.exe

pid	Process
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	Process
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

OpenWith.exewinrar-x64-701.exe

pid	Process
3032	OpenWith.exe
868	winrar-x64-701.exe
868	winrar-x64-701.exe
868	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 3452 wrote to memory of 4928	3452	chrome.exe	81
PID 3452 wrote to memory of 4928	3452	chrome.exe	81
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 1428	3452	chrome.exe	82
PID 3452 wrote to memory of 2200	3452	chrome.exe	83
PID 3452 wrote to memory of 2200	3452	chrome.exe	83
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84
PID 3452 wrote to memory of 3972	3452	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff96da7cc40,0x7ff96da7cc4c,0x7ff96da7cc58
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2096,i,936460844470542122,16182635003465721415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1872,i,936460844470542122,16182635003465721415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,936460844470542122,16182635003465721415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1800 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,936460844470542122,16182635003465721415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,936460844470542122,16182635003465721415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4588,i,936460844470542122,16182635003465721415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4632 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4972,i,936460844470542122,16182635003465721415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5168,i,936460844470542122,16182635003465721415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5460,i,936460844470542122,16182635003465721415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4892,i,936460844470542122,16182635003465721415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3272,i,936460844470542122,16182635003465721415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5768,i,936460844470542122,16182635003465721415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5260,i,936460844470542122,16182635003465721415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5868,i,936460844470542122,16182635003465721415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3320 /prefetch:8
  2⤵
  PID:2884
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5320,i,936460844470542122,16182635003465721415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2196

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2424

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4716

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3672

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
dc26299c4103ac84d34926c206facc32

SHA1
57ebf720e25a83a4a7519841950d7ab6c766deb5

SHA256
d5169b62925fcef48f79212eb72851b4db3ff5ba3c2858302df0ce6c6203a389

SHA512
8fc91c2cc92011087f85634d21191d266434720fe6f77cc10dfd034e5d8798793b0a5728482628f3a6a848a57ee0daee668a14a3f8cdd6856ecfce2bb5e53342

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
77e23398a40c0e6c923789a4398e655d

SHA1
b95c8a46777309aff9ebc08cd8c5184159296248

SHA256
b9c65da9a19c1d669e38669923261347842848d94678c6351b77d8c9e3d629b2

SHA512
ba152449a7633d35494831e97a32e8b10ab24f3334302f1ad11ae63309b5564de5a1766290e690b01401b44b6298bc025d7da85a509969fbd724788d4b0f1b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b1b6bedcfd87d0c596277227428e110f

SHA1
6148548168b099af6b9f6c3179e5d027078b4a5d

SHA256
1b87663c9b2e6fb79c27b6d98020ef019401578b86688b0831da274b1ceb81cc

SHA512
b10399c6ccf3785f4c3f4d5e080c727f37e7c40b891f45786e7830154f026191ad136ed33c33c084044562c9b954626c53d8393cc80a7c9caf6bc25c51c4cfa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c7b26f3c44d2046b86230320787cd409

SHA1
d2e726f1af54dbc33ba6861ee644df356a67e817

SHA256
cd15e9a487720eea174af24e42fc62992b40dc098e90b4978c9fbf021f5b3dcf

SHA512
4e85ceff2e49c4e5eb38309d939bb240d49c13f8d233222b2900389d97f0cf8733ad15bc1a087c08c48051602a48abda46f3202b779e349161d86b192df5786e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
d248f19527ddd59783643f5885d5a74c

SHA1
2b138af3b5d6102648ffeec7f056f1d21c2e7e43

SHA256
95fc4d632e579d3b3c11db90b829039f3f4ce7a5ce3b5e63e3d894a7768d2e57

SHA512
fbdcb21aee1313d527b5409e003525cea9ddb68b1867319a09cfb16ecbdaec8c32c962c431b6af1b3f7a49da57812e45dd9d8f4375534200fc8d5de9fd780786

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
810808d33ca9002c28535913fb300c51

SHA1
ca73506bc0d9b16a2f5fb1ad03df36b0458c0886

SHA256
5218edf6620194a1d0b4412b2f8b333a4a9e77ce3a7e6ef1d12202dfb951efb2

SHA512
efaacf9b0150ca4f13611e412fcb5501b66e077d7ed60b8d59bca04381c90a826112eee827c5493979c57836318a63d3793ed5e60585eff2ab725b4913e4b29e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
307e5be48ae007d2686f7b5afa3da2d1

SHA1
fb45faa8255c046809da23a264ead8fb6a35659a

SHA256
eb48a657bb73c276437ab514904bd610e9c6da608d0912f66031f4a4b7381667

SHA512
6f1992946440f3f18a8ef9bebe2fde9a4a0375de73d8787dfc252b1aa0420c880b3410a6951b939ec44871abc5b414c3def5d6aadfd2fd753ea85187416ca81d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ee67dc44eb8355dc2633c8b537422066

SHA1
78bff6c389cb1a25c4e913b63f590fe3ce938011

SHA256
fd6bd0ebb14503a082e4830eaee11482b8d6f774a8ea2d26b23114aae516640b

SHA512
0ebd69ad3515f86e692202141d1a7e6b77e74155c44bda205e47b7002c75c84683325c0f40df2d0a89822280d5acccdc2aa8b8e82195e742655574aad254b567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6a8510dfd3442bcf12418a9314a340f6

SHA1
a94fa8a6df3c7a8ef9e5334694fc7624e1b8597b

SHA256
32c1731c01eb19081edba390ccda57759876608fb4d43fe2a8139e77c24cf9c9

SHA512
159c861d0dfa36e2a00380e07156abed337acc66c64e3865710e0830bf63be1b302c1541a41f21c14ea02141d0092d1d6f90b8ef3da4039ffa1ed752d92009cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1c5c577c49c6d864126abdae662cb3e5

SHA1
e36f7a1c96767c4e77f5ac95d498f8ccb72f367c

SHA256
2d537d1dec74b48bec8b63f0e5e8691fb4905f5fafcf2ef332e896146c045374

SHA512
723866580a00a8be289831c75f993c1cff299e558bdcf1a4502d09314b61cadd5bbea2440a1f5f3f6510efd5392946a6759b02b9f651e7e1d5511cb4e40a5eb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
552e75c2b1ebcfb41a99c5702c1e29b2

SHA1
67fafbf8d4477382bc8451aa738f5dee30b9d8b9

SHA256
222ab4271262ed1256cb94c549256572b5bdf7f79d280ce01af78ecfe567035e

SHA512
5b1ab8c16a8e1dff83cb90beeded071836b8403927f16750706ae43a3f197df2bd2667cfd99376117a598965de4edc11b9ba52cb977d251089774151df8f3b05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ce2ac41abbfd05906ae27fc579e9ffe8

SHA1
80159ccb9ffed4ba6dc76d3ba7f88920f92dffe9

SHA256
b544d8f01cae7ede4f10286c0a28c62ee67a1b112b57f320d3a47d21c3f46346

SHA512
591aa17b43ab7043b9458b2b54be7c19fe0a08859a9880756a816808248360ad5e3e1a6ebb575b54101e153d6214bed3660ed3b37cd6e068b8a1d199788c86e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2fb193e576bb66e611c091016ffee09a

SHA1
a776dad08063f8f20881aeddca71432bf80e0bc0

SHA256
df0a4a350bd9c9f26540e671483156a15f05735cd45b84d1eb7a8639169889bc

SHA512
e7cd2967c66a08eeaaaedf81983e4981777f528b699f1c3b508a32999b7dfb77c20cb2c6f351036d057913889cabfe440fb788ebf020e1758169872eb9ccd879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f5f7067b9737902dd2505a080b1c9f12

SHA1
e2bbcbcbc05e6a5eeebf62f14c87cba8ce3c36a6

SHA256
2aad88453eb030b87cf3797a84582a6422f6350d6465e4526ad1ff9a1dbb5d74

SHA512
94677aed1e14aec12e44193887e84fecef37a8abb1f75077fc87672eafbb551116e496723989c9cee0fa734179ff3ece6f8b679d21c0c13b70c889570f4d62e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3ce043b9558efe23761501cc62e00896

SHA1
bf4294f570786df8ae147577cc660edd3f872de0

SHA256
d28207ad660674e4e7017ee6536e565192066a15c7444ef0249351cbca67009c

SHA512
238b4280a5079f3c677ce363283452c6def9ef37e79c0ebb173aeaf1a3b0b1ab882b759af31e412794d4d60814d5757f1ec7e8cf86e8fd0bcf02a6c403322df1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e93f29278ef32cd3e8c5df89c7cb80c5

SHA1
6dc384e257c62eec53da74b11c733e61884c0b94

SHA256
0d77be4362357df1f994347a06e4c41c54858ceb0a301a5fd5e16d4dec9f0550

SHA512
02be58a39189251b3a6dff6eeaadd64c44edd77a949373aeb1fa3e7aa437689eaad6b7955f67742fee625f855fed1020f8918713044a63bbc0981cd0f4bfa13d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
64886cec71eee44fd58c6cb244896a09

SHA1
39f78b7a2ee84e9731ad2d137fd7863da3f9c70f

SHA256
96efd7efab90134baf24973ab63037356c3be66fa82cf9fdf84111a95dedeed2

SHA512
861c4133b4d269267c4d00418b9f81738ad9d308a25cca4a97117008d0ddb869ae31b7fd2c77f7c639d6e46ef76da904f314eec0b4774416af8c3df739384448

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
89507673fdca89ebf8446e19b24cc850

SHA1
a8b1aa45e29ff437e0a42ec5a6bfbafbc3e69444

SHA256
dc947a2f39f5fc0115b77fcdcf89d0b015c13f8eec2cfbebca904e5c863e64c6

SHA512
84792adaa57fac43b0597c8a77d90981f65d87f6ade355637585e2c4a87e59d02d3662b49a46f73ed323d30f490731c039058bfa045fae600be515fa4a00e970

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
348c4773cc2370765c12862322589486

SHA1
64bc6762730be60a579beb11e7694a0abff0c301

SHA256
4b112eb009391547322ff1fe5831f92e96ed3b59e00447b4f1efd9c699698ec0

SHA512
ed06529da57854d3935f188ca1975b49f1aaf993f6d4548f08585bfcf0f650b49e49b9c16460512830184bb086849c19ffa6f1d4966de252efe186dd91557727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
ff90d92286a8f93c39a4cedbe1942b97

SHA1
d82f2e1f017fe35506a7c4c331a9e6a7cbe48963

SHA256
eae87a153e6691d687d89f133d1b9450c8116d0bf2cfc8aff6bcf7987f0f9297

SHA512
6e7b9e0cd7fd867fe3b9ac411e240d969d685cd93f7863da0f54ce1409cc8963c776f36c81e892f8e6626c3d5a4790382bc7f5ddd0c31714548ea897c030189b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
f8648fdfd7957b1062ea67730c07ede7

SHA1
e9e6ce9dbd080dab75ee30de421158d47d540e1a

SHA256
f21d88fca691fde7122ded3e9f253ac0c6b193228af99d459d5a210628565448

SHA512
5e0a1639182abdece7e90043901292613635dfe3d90d877f10eba73139cc7b4708b948f22320663c233f1e5ab80b3b96c7989d28b5eaaa2c1de109642fc9ca53

Download Submit
C:\Users\Admin\Downloads\MemTurbo.7z.crdownload

Filesize
2.5MB

MD5
12ee5bbfd573d887065155cb252435b2

SHA1
38226b23a5a71eef78f9624b7e36c0c058689475

SHA256
4b235bbc6187bde92b3af9adabab0d43e73b73a3b37b1708ccc684e3fe6d06c9

SHA512
21daefd9e2e83fcc9ebb7e9eb67b8ae6f44f3ed42373796211a50c96ba4fccdec4b226570c74d3fa0a2ca85a3d3f8c7c173fb2744a3d0339815de3a48dc596cb

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
\??\pipe\crashpad_3452_YULIMWHOZEDJJQBI

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit