hxxps://u[.]to/25xEIQ

Analysis

max time kernel
177s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-01-2025 17:35

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://u.to/25xEIQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133812633580616305"	chrome.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "226"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2396	chrome.exe
2396	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
924	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 4576	2396	chrome.exe	82
PID 2396 wrote to memory of 4576	2396	chrome.exe	82
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2712	2396	chrome.exe	83
PID 2396 wrote to memory of 2544	2396	chrome.exe	84
PID 2396 wrote to memory of 2544	2396	chrome.exe	84
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85
PID 2396 wrote to memory of 2984	2396	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://u.to/25xEIQ
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7fff7649cc40,0x7fff7649cc4c,0x7fff7649cc58
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,13891474010883869985,1180894233624850831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,13891474010883869985,1180894233624850831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,13891474010883869985,1180894233624850831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2452 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,13891474010883869985,1180894233624850831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,13891474010883869985,1180894233624850831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4572,i,13891474010883869985,1180894233624850831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4580 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5016,i,13891474010883869985,1180894233624850831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5004,i,13891474010883869985,1180894233624850831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3848,i,13891474010883869985,1180894233624850831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4844,i,13891474010883869985,1180894233624850831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3480,i,13891474010883869985,1180894233624850831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3452,i,13891474010883869985,1180894233624850831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3484,i,13891474010883869985,1180894233624850831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=724 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3436,i,13891474010883869985,1180894233624850831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5200,i,13891474010883869985,1180894233624850831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4852,i,13891474010883869985,1180894233624850831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5148,i,13891474010883869985,1180894233624850831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5336,i,13891474010883869985,1180894233624850831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5512,i,13891474010883869985,1180894233624850831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5496,i,13891474010883869985,1180894233624850831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4872,i,13891474010883869985,1180894233624850831,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:5100

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5040

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4376

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3942855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
165837c43501c6771cf1fc9eaf1a0400

SHA1
edf96e5573d01de34f895e4be4334724dea2c8e3

SHA256
fcc707c6431ae289602c31cb125f7e064c6ac2f44bada2caca4034fb310aa0a7

SHA512
92409ce3f1be3e39d198e1f8e9e5eebaef7cadfec2702ae7acb832689db7b4f6dabd306e9036398839d5533d3e6433958a51c50be2a134e4205b915d7ad103f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
137KB

MD5
a2e56147e70632fc3d96c4fca73736f9

SHA1
bbb5147cc98e462b76eda3ebac36da98b87919f4

SHA256
5b2b06c9c3ab874b9d431944952776550ded4ffed3421a5550154f11afa634e9

SHA512
85bcb3ef134efe7d1d3f7427f977ee8b50fc80bfe52674e5d3964086506709f05de9727f0ededf730425af30a7339c84920a8e881b05322e4e301babbc0e9405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
51171f45389968f9aa978e1f4b742669

SHA1
54cffc861f6948fd0b2efdf4c2a1ddcb45515687

SHA256
ba252e48684390b9808ae290a004de9f42416ac0f8033cf646cae35356a6d8f5

SHA512
448ddab383c0535dbc0cffabc3b1e8caf6ac52e4274d0b977b67d10ac2478d23983ee9ffa72f1e90f6ecceebf401b2f48a0c5d0e7d04cb3d07b13be1138e6178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5afe70c21d8f3d25e9ca87c17b793662

SHA1
05f6490b14937563cec25231a3b9611c267d0ead

SHA256
22ffe6af1fe42695b44dfe40f98bc84dae10fb95ce666a1c8417ca883110a9f1

SHA512
ef0c20f7795eba4d6e373a994fe83f8e00fa59d2725dbb2988308576c446f127e69352ba88c8d3880e9f8dcb46ede41bd7f591198cefe916ac36379632621d2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
495e604c84892ee766467458f2235079

SHA1
3aa7c37ab231320f505063d40c95c49b10b5e2d3

SHA256
11e1c60dfbaea9a3b40467ec035895486ddb4ac04b4430bd3e34ea3f7780c393

SHA512
11bf72aee53f371f05d7cffef66f3e6d9c3823912b4106205591543115cd1210ec698223c1b2a6697e167f9a086136185ffaab5e72248ccc021a7941fb40ee36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
5f4fa5965f9b8367ba5dd03ecc3fe18d

SHA1
8444441ddc6bd127bda2cfb944c6552fa5dbcab5

SHA256
bcd5e5ecbf5451b4a6326690c6cdae27dd259fb6c1c7001e027ca08f6699252a

SHA512
07a0306b4f7fa5240543eda8815e5c5c8af19c2d4d71b632f75dca5bf9a835db4193fda4f2ca7e9aee043e890fa5f27b948f79253e335adb31637c58819cd63c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1023B

MD5
2c5ba9234e2d20827b98d9e8219d47fd

SHA1
9d8cfa72ffe289e3a8f54b28a3b174933f368d08

SHA256
a7a5ccd5dee5aae6bd6dfedd07fcb3ec5676772bd1ba8ca2f618ff7e443ac1a4

SHA512
52a7a26ff4eddaab938126a4e2dabe07be0d44fe14276e193e84db8db3d9b24157c0092fda802add5a6c410e71176dc9eb7933c28dafb46bcc3237640236dd5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e6ff5a11f70c130ce2864106a069a362

SHA1
6044d1adb62d80f86ff206b506b6969e4bbb8aae

SHA256
041ac32c6fd15c07307d60052dbd0ca2b93f3a555d1b7de88e12202834601b2c

SHA512
dc50c5f55f9dbdb1d37e077130ab739fcaf9d772031f8a223dd67e8fc918748dae1158eb2f3b1f79c85cea3f2263f3c33591bf932ac0415dc8f6cca88dfd0f92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3812b12bb207b3fb64a9ac95d2f403e0

SHA1
d49be045b96ab2be1927546e301e4e8eb3f23e3c

SHA256
3560faf433f48dd49fd3f30bd9cb866967b72a78298da1521d0da2da07265c48

SHA512
0e78e6c8cce5e43e9f2a994846c74c991115f1d5b0b46a36ac9a64f4b27e7109655cad2c9a204cebe83c2d8f66a20a719f15be5d3443ae3fcb8be53373c06587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
64309c4c5e178368f13666e996ce898e

SHA1
290906d6e96d9c6b79a5261f0154ad9557e45568

SHA256
b4fca61480cc13caa19225edb3546e85add2f346d90dba2c978cf1ae6929f8be

SHA512
29426a448bbb2783300ee02184f25b3ff6caf73f401dc668c365729dcf66e3905eb80cfe39054f8ff3e00a583fd4f2355e577c5e2e750743dfc299fd186be0bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5951c10d6f777ee14b75ce1037653663

SHA1
53c8388ffd704567617044a030f75b09230984b1

SHA256
5cc81b2d710fdf1f93b2b4d987ebb77feaafe6bc302e119ae97560cca5e4fbf4

SHA512
43bc5d72b1881dddb35f1547cefbe3f89465e88820059de102223116df1bc46bd641756b8ace23f803416e0f2e2269cb1808c21458dd55399658ee9712308579

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
abab239f7ea8678522cfa9de8ff89341

SHA1
b518449aa07d7012ee57592fb73fa0be85281b80

SHA256
e82827c6ef4fac27979ec2d57c4d7a80fee3b1d674addac9576dc3d155941c9c

SHA512
239f19ee70404f11cdd28f63dab9358b3ae5a34939d8f41894ec79f3c614b8dd2d81147c45f1521fcc3912d6ffc6477e1b2b22ce16738ab3bcc18cdc3c2b9b7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c8fc86cd8e4f5ba4ecdc15d786d373fe

SHA1
9cd6e245604f6000e65d650ea34b0983542833e4

SHA256
b4d8061f5e060e0ade0716a755fe4e6ea8e95104a52bd2931a8d0e5f1f01c169

SHA512
bed5a8b4495f089387c2f5dd748ff56aab926aef62961d597c1ed8cbfbf400e63ae1df22d1073a9f486560dd0b70c6b836137d0a60be013896c3a3c91a055cc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e0612498a4df1ec139aeb21398e6794f

SHA1
ff4b885d02a108c8a1d120205fa38ab329db29f9

SHA256
69d56f9cd50d0b0c90db382baf3a7a7b25bbe4ec772423b43916eff798398ec6

SHA512
229dd5edb1b83ab09f42df89487f2fdd8612b3a34f913fce61fefdf0f7d6130b89a3a75e6f099c2734c56b5a6bd608a28e228031bc1467b321a4b363f8317648

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
372a7dbfb957df3bec4a2592c9b081ea

SHA1
ff94133cbd73e4f6399f2b97b49b960097240cbc

SHA256
0f0e88db9409e1a129016695618cc981dd4276fd2622e214b3aae799eccf40dd

SHA512
79321fb87caabd48d63f35641fdc84ec7ea1bbbb176e54a500cd76653cc62a06bbd7a862273cd3a8b2e767ecdc88cd64e092d5143e26642c6157bbbf8e2d4971

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eca929162186845e82e697da764d824b

SHA1
c5b7db941d90591c4553c72081a603364e01d283

SHA256
b593a63ac9bb492d48ac541381095158c600da276217ecfc0d7b1cdd90790116

SHA512
753298c828ebaf015ebd39d16284a49e371e0d1bdc71c30c57ff3a3bf7ad9547ef6413aaf98dc02f9f7bab8e13312f243554f4ef452acf71b745b94f6562fecb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
532c56d9073099acdd09f1ad72005cb9

SHA1
5ca98e58b25417304db509fe30a57e53bb1803f7

SHA256
1f3ae4ea90286b47b66121e752a0fbd23cb8c1650c9190e64b27805619c0fe38

SHA512
187aeb29d6b6a6cf260ad4a1ea5ba033897682d01c2111cfea7a090bb17e69a9fd5d34f296c8a11883f0fcdbfd6f733e6e19c000c64bca7dba1f6913c1d5267e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c75f29838f17010668711f83a7a62976

SHA1
89b3e519fe1e7f73e8991fda9c116d64b07ab847

SHA256
d0071c88e8c0d13957a8cf33aa688a6ade8168445e0a64309b0f0080a96642f9

SHA512
a2bcf4a0a82b9f7efe1d93f87544ef7b5b38254e13968f2c29790db9c609aaa03c8903df3814fa09790a95890a5d7cefa1d924f89e2b002d054e5908f9df8ae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
f697cbe0f743a1a4f1d1f927975c04a8

SHA1
58303489b60588a67e590d5fe1fd8b4d385ab706

SHA256
b8886f51c278d4e03ce96b119078576814488851a3564540a0177d883a87b629

SHA512
64b7e97336d38976fd66d76331d7d25cfdd0d0ebb9d5f7d6a520748975d0ec7f2de49a4261b862b65348e3a32201579c574bbd4b772009c703ecfc1d33f3fe59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
a08920e5cfe77bdd92e3550c4157fce2

SHA1
85e9e8e477e0cc6fa3989410ec104e64c2470dcc

SHA256
d4d924cfdf7916db34ccea2eb94b63ea213f84b3d7bbd72325b5b3c420092e7a

SHA512
d4534b1fda22086e86801df02f5363e0fc9f2a7a52143cb481a4cc8fd70bec3f34cab6de0e60c627d8c96da4a5f83cd963e9f43a4bc07d09bb37eb27347688a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
6657809588af31d54e5a7961ff7f07bd

SHA1
4dac90ee58cf92e36bbd663cd23516f504a01ff0

SHA256
c78bfa9c22a84ac9a51f8f8364e1ccbfe3867f90cddb1dbefd4a380469424585

SHA512
0c0080b5cc03b393b55be294e08a50f94532731d7aed0925bea0cc2cf5742cbf70fa8584afaf54fb39ed9b7028bffb17e9e820f99d62db4c90671195d5371713

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
5683d7e0c1ec523b6b81e83dff0be2c2

SHA1
05e5cf112f140c4b50ee283bab4d7b1cbcf2e07e

SHA256
7d003809fe320029ea8b7056c8eaaf30e9484f69b6ab58f28fe3ba36a48f838b

SHA512
86b1661eed49bc559513c12a5f3f957ca1e369de6bc6d7dc3842206f08665a75c7c57c080d9f7f7752c2722112efb92ee125ee11e35cc9d7f30bb95aa7effa30

Download Submit