c295513f8039e735f708336e0a92b47ef37e37a1ce5bcbaf44b1de40deb765b7

Resubmissions

03/08/2024, 01:46

240803-b6579stdka 5

03/08/2024, 01:43

240803-b5ad7stcmf 8

Analysis

max time kernel
146s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
03/08/2024, 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-08-02 160027.png
Size

218B
MD5

c9a2b752d6aeb7d634096d93e44c90d0
SHA1

3a14783a317dcfafe650200403df1f1858414a07
SHA256

c295513f8039e735f708336e0a92b47ef37e37a1ce5bcbaf44b1de40deb765b7
SHA512

993ce83a75f0b2ccd0603cd2e4968c034defe5d8aeb2e721564e3731478f57d4ca29fd29fa882b8a03a95f10bcec27594a01264ce7afdd250dcc59c7d81e2357

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "2"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Applications\7zG.exe	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Applications\7zG.exe\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7zG.exe\" \"%1\""	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 8c0031000000000002591980110050524f4752417e310000740009000400efbec55259610359d30d2e0000003f0000000000010000000000000000004a00000000007a4b2800500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Applications	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\TikTok ViewBOT Python [upd].rar:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4636	chrome.exe
4636	chrome.exe
904	chrome.exe
904	chrome.exe
904	chrome.exe
904	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4700	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
4700	OpenWith.exe
4700	OpenWith.exe
4700	OpenWith.exe
4700	OpenWith.exe
4700	OpenWith.exe
4700	OpenWith.exe
4700	OpenWith.exe
4700	OpenWith.exe
4700	OpenWith.exe
4700	OpenWith.exe
4700	OpenWith.exe
4700	OpenWith.exe
4700	OpenWith.exe
4700	OpenWith.exe
4700	OpenWith.exe
4700	OpenWith.exe
4700	OpenWith.exe
4700	OpenWith.exe
4700	OpenWith.exe
4700	OpenWith.exe
3320	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4636 wrote to memory of 4032	4636	chrome.exe	83
PID 4636 wrote to memory of 4032	4636	chrome.exe	83
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 760	4636	chrome.exe	84
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86
PID 4636 wrote to memory of 2476	4636	chrome.exe	86

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-08-02 160027.png"
1⤵
PID:1188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd6fccc40,0x7ffbd6fccc4c,0x7ffbd6fccc58
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2144 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4364,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4444 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4592,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5068,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4788,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3308,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3780,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3384,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5396,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5576,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5708,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6048,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5768,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4256,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=1172,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6404,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=872 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6100,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6316,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6760,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1128,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6752 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6868,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4888,i,3214857913228279667,7045758317058762325,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6304 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3320

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4628

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:400

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4700
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" "C:\Users\Admin\Downloads\TikTok ViewBOT Python [upd].rar"
  2⤵
  PID:4644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bd16a469a2f384cca65c4880add00f20

SHA1
6ce5bac367836facc9df6a687f7de6f479697e5b

SHA256
1bc3ea81c6094652b7c8b0f3c09394238ce06f7ac9ebc94394fe3024bb24169f

SHA512
3091254efae254d49da2e59112d963c4fd86e70464dbcd1fcff7e61dba632f1c4a69c6270a15b33af7a5d95ae9569d0365e5072afd9463a8ccce0a3c719990ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\243d727d-a6c2-4829-91fc-cab33ea28c2f.tmp

Filesize
10KB

MD5
866f7331da8be0e076e054b12bc0f37c

SHA1
332129e91853ab4d9b09cb656a5aecb506f0c141

SHA256
211b9ffd334317b28ee8b1dffa895ad50cc9d438d4064e69f6d85cac9cd72e7a

SHA512
3a778e4070824f3a0f27413ebb15a5a7b1e1b6df17a792fa7c2513fb8e8909ea8522bdb421b72248f698b8c1314d6e5134a52678f41cabfbeab4b217fd08870a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
28KB

MD5
c3df0abcee99bc052cc5de9dc1b57bc0

SHA1
3047a6d5642cd367ac1c9f81e2471d3e31724854

SHA256
52742406fffddb5df0f2e85ef551557bdf1ba9e0a97c1bc8d534a02223452352

SHA512
72cbb18d3334e7955a1c7538205019b2e735b5016dff23ac66671b43bb1a47853e319f2a40712d2254b5e2ba71791228ddfc20c9f04f5b3a524535c7f7009594

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
54KB

MD5
910d3f173cd5f956776cc26dfe3d9122

SHA1
30e6a153fc22202b86d91544f378b0fb22e65894

SHA256
69e2964f47d781bc5398acafaac9608e4ae46771a24852fa6acee3bb0bec8384

SHA512
740892b81c31664018fd1f85e683f377eb1fba08e1a5607b3420fa99773819247cf162e1f8c744772d0c547087a22dd814291f241ea9a8d8c75595905eebfa92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
467b42d2e013e62c843f1cb368a648ad

SHA1
5994e24852716fceb6cc4d097fadaf0a23ad2b17

SHA256
61bbdcf65f74f1b8eca564f9eaff28185c8d8fe9cf651c083f90a7c5cbacd6f3

SHA512
0be0c95720f35cf1ba01fabf49446f7addf23ee77e093264f09970e3d172e0ed57e2ff2fb79bd4c08e488d9198956dbbc5ad6b8e3d78ef9f0e6d51d3ef14e402

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b4e159a1ff4c8c7bdf843034362a774d

SHA1
283ea83b0883cea23d7b59aae1dbbdf949ce254a

SHA256
0003eed93866d70edfe4966f0140aacd0bb07d050ef582cc2cc7ef60418852f9

SHA512
c65aea61d2bd6d8b54d66d1bd7b82cb20a39634a64b2e37f1f56708f66c12d694013ecff56e448ec80fd2b266cad26e461bc4d50a8eed89e8a711f94c3b409bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a86847974d11dbde20c119b72dee7bf6

SHA1
c25d4586486555a8bc387edcb6089fffedd3542f

SHA256
c64a507dd0b7b010de4afc9cd1ca03629f76509afb1d2bcde680e3984129e880

SHA512
f03ae6e1c16e289dda4624aaa498839013892e3781b42330680f4e6a3266d8c4ebd4558f00186db00259799c41ed9a9ac564854e97ebc062af38bc0341b6e7dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5433d2fa428cd53e152652ea16906aa2

SHA1
b002bb001d27e4e50b63e8067327499cf71b1037

SHA256
40cd056f5e6c305477d70d06eaa2e4404149528759fbc74e073df3da5c1f0acf

SHA512
7103bb1ff6b2e195d42287a2a97cd1288f858d6654ee97783f1e07e13848c116bd54482d8863bb5da5767f45c327abbdd9c934e9d007c21b4d5aa30781fca75e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
23KB

MD5
aaf5c3b0e228fe311c52d39f6d4e35cc

SHA1
454a98fa7b096cb205736f7d804a82a7ac574875

SHA256
99763c580e98ab6577b4aff83d004e417108517a4f7a4ef4fd5e45757f66b8a0

SHA512
1faa28732be2f0941c61301690c312699169ed8f62ad77656846f89585748e8d63a98aaaa856f36c5ae868df493da5c3510e73bed632fd3209b123c3796173e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
19KB

MD5
d66b933b7d35ec13f1b8b34679dbba4c

SHA1
2bfc5c5d66a34f2b12cec79b2c0510122920728d

SHA256
931b2be1d3a10cf9ffbae5653f33033bb4af9d952ed412da497a6258c08f5963

SHA512
fe7cc6905ec0b86f5401ee1342efa2d2aad3987559d053f739223817f27383f62bfa4eaa943f5cca57dd05f4de28084dec09abb1294d5d66d2637b01529c89d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
16a23c59c2bc003dc500ba424668e3d8

SHA1
d312fb3eec0833adc60afc564742c6e001aab517

SHA256
8e90d1d231f385d6309e0a3299ec88f091593cb208073961a95d6f068cce3f9f

SHA512
44b6da1d3a29280eb8bba0f8f2c7549b4be67fdb81601d26ef71115fa5432927479cff39757c9a90b515db1088d35134bfa0512cb0f96bfc8526ebc4d2005075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1a884aaf651b2b81514bebdc10183f52

SHA1
9265815f1ad61c822612f90c21ea71e3ffa4967b

SHA256
ec7b7934d1a8a4b123eb6d3b9904c8fdfd0a1455f6313a0dbd3c47b31be526d6

SHA512
4b90bc25c00e5aa55166afeea6e649d90d4a2fec3dabb4c7d6193e239a46303d7a8b12c0edd394701c489d35e853b0b30eadb797ec4457415edbcfc1bcc8e19a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e96c581cf0c0e51246fb1b63730bb02a

SHA1
f842e28356d5a51eb09f60bec857890d7ec3dfb3

SHA256
d2b1302b801ef1acc8b5412ce50b7e6e38741ba3f3e4fc703ecf46abd61d3815

SHA512
1880aa37eb992daa75ab7afa8254fe9d113d3ec298eddc0b5e7dd154ae4624f2c86d1b7b32a506ce7179419065183a4f9c8d0374f2a50d99f905f27a828a8146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3635de1ea9c086cff0f659a0595cc10f

SHA1
392a591336221e04abe82c7f605ee27c9025b6c0

SHA256
681af0607a9046360484b1ee9c8afd4d32df9beebf3df95f009a4e5a7f507f9d

SHA512
b0f91085a939c38643d1cb3a60e2837d15332c5bb2321134dfb0ff9f0a8b96baf8f4c5df33a9e76d5c780c3f56c16dc19bd3be436cc2bc54640060a9fb65eef8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0d9876239bf4bd2c6cf57eb0d1fa3ac9

SHA1
41e58d01597d8d8621b08072c3a5cdaa171445ca

SHA256
783e5377900ac2729ff6b6d078cd104da1dfc0c3fb848c057da3f9d1e1eadc50

SHA512
ac0b553fa0537957f9166782e4191b71dc419267ee0c96f6027a2f52331a07f97f18c9fb4cf91408d935a69cda14f01bea3e9098b1d006efe89a77e5ee71e2e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0f2d7337840f7ca49820e0d0a1a282fe

SHA1
86c0d8ff0199924f9fda0f7b35cf024f4ea997b8

SHA256
3341ac5cfa9c384b2e8d2965466bec2fb182ff521437c4fc377b72ca9ce2a1b2

SHA512
ecbc26eec8aad9f17ac497243ea96c8f874e196dc2ab585fee07bdc2306a5ccd996d0a576830e40d6099fd69bcd24ea0c4e16e8f144f953742d5551f0a0848b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c3f5208bf498aaa360da7e35135a9bdd

SHA1
e6043577402c5ddf70617b652e7fdf07a8954565

SHA256
8caa6297df78ee7bba1be0bee80c4c32155e58449f47b76304c8bb4ed6958c12

SHA512
634086b378a0083dbef7f68b0af3e3c58635496661eecb21381a260073525291497656f9dc2fc4aa13785f0d91da64bf999fee28ecac20fc49b6f1851858270f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a4b9d04a886f0fcaea6182cfee7ad243

SHA1
875192a0c351c86556caca366a4c8010acea2d2e

SHA256
0f24d5f44835fa0122d445943a688eaa0f5c5e193b486ff1532184373cbc7bd8

SHA512
4f5516102d3a3de7370f49b37d137e4f98651ebbe3e4376eec278020f0f72a7324ebe061a9e6bfe9421f1ea64f73434052a3cb003f4febb9594650d2760295d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f39f5ee89f55b6086b55c9e734bf9cef

SHA1
f25d8007da74cdcf380699a96a6df16bcf26fe24

SHA256
e62306ca15ff9c68a8e5871b45c570a088f6bc47726c0636f31e0bb4b711af44

SHA512
c1d2ee127362387ee774b3895ee38b5d9563248387725b22a3e39421ce07dc333cacf987fc4a6f37145d3fcc5e13ca30eee902b4ea50753c2fc3ee520cde57eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
383b08c51cdab437a6d971ab562bf9d9

SHA1
043617ea716bcced134514fe8c24daba9ea57ac0

SHA256
56f1d9dcd6c13d9f7e771bbb7ec1a918150bece382a6b211c111b8a5f2218b43

SHA512
a08842a07403e5990680dfd1337d9035a2ffad1ddb63a8371634568303c78e8d2607d5ba397b811acca54fa3f2e65ebb36c5981f9921fbfe1d80b2cfd0d9d30c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
44354edaddee214b90972ed9af1269cb

SHA1
bc5b1b445023d54f53556339412265f273b1e86f

SHA256
68c0864040d190273b0bb94b90032a3ad95b8f7b9bec6af34889a68df26486a6

SHA512
7f35df5472ee99ed93e39426f3e3abe6dbcee26c26a481230427547046706ebd238cf5191d90957d997b88d541be2d7583fda3a0e096b2726430a7f287692032

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
af585660be8c7051a4d3e8c4fc4d27e5

SHA1
d743157222a4cda3faad5cb2bfee70dc1e3dd2a5

SHA256
c130536036755c7b176aea4de71ea6a3c763933efd1c53172b1b4760ec60b704

SHA512
6a92e52f1df5c6e2227920c1753dd6388b4b2ee9eae1bd77be10b8b828d143c9208c47f1fcef5c59a5276ba6a6b8fed6b477d3cf9b316914bbb15311aa0de7c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aa3dc9f033d03d35cfece56655a71714

SHA1
302fe0c114ad549d8c6db8870290a5bfd2278d02

SHA256
8be42eefb26bbcbe732e1da969e56ff1c6b47f1dc6d8877475766f8c8a97f8b3

SHA512
0625e482d9313dd04ed672c754b24116f746c5c1c2bb9f78ce4b70a372fb14c5952416c1ae7ea975ac7bda4e663e687edaada445f410ad6a0a773f8e96b99800

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8a13eea0c12b005c679cda6de1e81a47

SHA1
7a163c475ebe0f86bd3c4c817803e13931b7963b

SHA256
ec0d54cd0800ebef99a21d49722de611d73583c962b3aa522560d0fc7c46db0e

SHA512
a6a86109e86966e6528f9fc6cf960859485caf30033a5834c72f88bef9e5b79bfd31c6b5d3f6312ccdc5b40cb87fd68504d05615958f9b3386e1acc9915c7d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
06654531e26f38597ef104a452c33e0a

SHA1
5ca4c93c119e61d087ea5dcd8f094690189b3f90

SHA256
cb77f642666b18d34c0580b03ccd47964231bf789016576865b4bb872430d10a

SHA512
1a2b26f228c9e5a91b566b2c0a4e1050b34845e6208758650db1eef00cac7ff97dbb523c4f7e49dacb0f94ab589755fca62753e57d1be4ee0b7a003f46c26321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
9bdcabae7f4e532f498db189d3782436

SHA1
e4b8ea166237e7f60ea4b3d26a0cf9c17452e83d

SHA256
b7e9629ccf58f434bdd8c2fea2cab31937dcbf8f577d8d56dd7a8dfe6f50c8cc

SHA512
ed0ed2958bf18555dd5953ae27719dcab38fceb7f708569536cfbf634d8896eb61a9fe0178101c4c2363387cb41c3419643f61474319d044813aeb43608432c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
28fb155ba5f9a15b9a651b8c1b77e661

SHA1
a61a01c1f8b43cc4d36703e20c1fc52ddf0c24e8

SHA256
1306492a040b0f93975badffd37e353cef6bed92d50c1f85fd009bc9f6ce7f6a

SHA512
caa7ed7f7290a078adda3eeb25a4446b8b211f54c9498f67f017e5d4a3973d609a54ba9295cd67ec4ca0c104a962a5c1000c43c8e947ca33262fb6ec8f651dc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
424364c3ab0699f263cd55585de8c8b9

SHA1
2e63c92a13dadaac4110a1cd86286aaa9694bbe3

SHA256
629483baac0368874ef3237c3279621290605d228b0bee390615e0246d42a844

SHA512
92181419be426dbf2cb7382a08cfa14b6c257a7ecf7d25a1aa20422645da21e0cab7902c5fbcfaf48103123c0a333ec62b9a402f69148b268df3aa2257b1fc4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
a80d81e3e02076419dd2232ab2a393d0

SHA1
5f5d0abb12273a033fd7e4525eaa9636b1a13122

SHA256
c459b167c056d197c6244756a83691a2b5602236cc6a8fc62c7269ffd9ce886a

SHA512
9ecd6ea8e0a4cfa04a77dba2621d5c6223f304d38e004f795a07d2d31fd4bf6066aa687d6153bff4f2671d5be37d7afe50ba79d1c82da27c365d99a05c370a2d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\TikTok ViewBOT Python [upd].rar

Filesize
2.5MB

MD5
74adb63a8cda15a6869c03a1c0f6e61c

SHA1
35d4d49a0d087556342fb8ae3028f09f784f65ff

SHA256
459937e06c48d282d206f7fda6d3a10617677d212860dda6961b52c896a68224

SHA512
0e7b31e73cfbf4a13d224777b3d9d470896a79eeafeef32d2ea037232d3212f938f9ce43f216ba4c4ec138bb50fc7ca690f4d3ab253b44b8953b6ffaea93ec61

Download Submit
C:\Users\Admin\Downloads\TikTok ViewBOT Python [upd].rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit