hxxps://u[.]to/ZYF-IQ

Analysis

max time kernel
209s
max time network
206s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
24/01/2025, 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/ZYF-IQ

Score

4^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133822329359279981"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2312	chrome.exe
2312	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4856	osk.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4856	osk.exe
4856	osk.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
4856	osk.exe
4856	osk.exe
4856	osk.exe
4856	osk.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
4856	osk.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 1568	2312	chrome.exe	77
PID 2312 wrote to memory of 1568	2312	chrome.exe	77
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 512	2312	chrome.exe	78
PID 2312 wrote to memory of 3632	2312	chrome.exe	79
PID 2312 wrote to memory of 3632	2312	chrome.exe	79
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80
PID 2312 wrote to memory of 2924	2312	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://u.to/ZYF-IQ
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8dc13cc40,0x7ff8dc13cc4c,0x7ff8dc13cc58
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,419014878006815816,768091936679888858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,419014878006815816,768091936679888858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2152,i,419014878006815816,768091936679888858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,419014878006815816,768091936679888858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,419014878006815816,768091936679888858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4552,i,419014878006815816,768091936679888858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4424 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4596,i,419014878006815816,768091936679888858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4396 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3280,i,419014878006815816,768091936679888858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4924,i,419014878006815816,768091936679888858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4932,i,419014878006815816,768091936679888858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4724,i,419014878006815816,768091936679888858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5448,i,419014878006815816,768091936679888858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1040 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3292,i,419014878006815816,768091936679888858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3764,i,419014878006815816,768091936679888858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4408 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5500,i,419014878006815816,768091936679888858,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=212 /prefetch:8
  2⤵
  PID:4860

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4180

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1948

C:\Windows\system32\osk.exe
"C:\Windows\system32\osk.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4856

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:4240

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E8
1⤵
PID:2656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
fe2f0dbc97a5ba436eb2f1fa4efd266c

SHA1
0b2ce52dd98e4566d4d034c7acf3ed90c27e6cfb

SHA256
225ed9426ef6ed33c847b18c83a32a27c6ee48ea0835e4904c800aa7d55ebd2b

SHA512
28e6abc81a5537416966bbe4353ef26cd6fe43403a92c0f972481d44ba31d42d95872ed4597f5e7f4fe49d0f6321339cdc86ec09117a8bff7a9a43e9d083a69a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
7b49e7ed72d5c3ab75ea4aa12182314a

SHA1
1338fc8f099438e5465615ace45c245450f98c84

SHA256
747c584047f6a46912d5c5354b6186e04ea24cf61246a89c57077faf96679db6

SHA512
6edf4594e2b850f3ede5a68738e6482dd6e9a5312bffa61b053312aa383df787641f6747ac91fa71bb80c51ed52a0c23cc911f063cd6e322d9a1210aea64e985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
41KB

MD5
4a686349993965721f090d158a10a6c4

SHA1
fb0f61ba49cfd7e213111690b7753baf3fcce583

SHA256
65451d12c37acf751e9f4732e9f9f217149b41eebad5b9028eac8bd8d2d46d8f

SHA512
0dc571487fd798b62678378c2dd514fb439f6c131637d244c8c3dd48d5e84267d21fe633c5b20578e621d5e8fe2958c5e58bc18ebe2d4731b18669fec4031489

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
7c992c2b265d1b42905c8bd6baeeef16

SHA1
885ad21f5ba26f0c64184f40131e7acba94a8992

SHA256
8e1df68131b91102f7ad1867f60376b7aa83e271e4041db0a81b6ff538fa9d7a

SHA512
d3c52899fa79f00606748718c78803dd062b5ce65a435b274ad7c6493c56360588fdd239725e9b134352b653ad62ca4e2ba341f98e6c9f08de8817bf9255431f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
e1dfc8b96e7ad468367f2a65b97e9d67

SHA1
ce7bccfeb56f7ffdf1d6e141407cab035fbe8d37

SHA256
b57963a7ace6a086b4cd628979af3e8c2c9760a7874133e11d25c0794642f457

SHA512
c870b0cfb86a7758809ce827353abf23e76417203d6f9bb81af88cc4e99259689ea51773dee626ee64a4bce67a456bd2f5f58179ddfc2d3e0696287b806f6d4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
63d28c0e30061849b3453b85f4ee61de

SHA1
1c2890647d49795cab7235a3b3071fed347bbdb2

SHA256
6f5ace95700245ba3f011193d816996b7954b15d1469df5878c75e32b4950a9f

SHA512
3226375866eee6c0f61214d7831603f1682e352d6c542046a3a1030dc90cab2e5bca2d00b9e0aec9d224a193a0ededd9b8fa839e80398d4c2ef8bfa8680a2485

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
9ef39aaf903447b1f950f76a78b92738

SHA1
35d0cfd48b6d77848d0ebda66440a8f87028cd10

SHA256
4eb4ee58f9f1344eab8abc7a6c3c6b84c9625738b930343194d544cc69e52780

SHA512
a33cbd4dc748fbb4ab11a0d34ce56463003143f8187e3b9d514bddcc6772addbb2e31c0396fcdc42a58b82b12148cff11860d97bd8e199df90c760fa11859cd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
66d4286200c402ce01b9c65174af590a

SHA1
c4a6c17cc602cc089689bb3eee11be7290e8fde2

SHA256
fe7b68006b0078199cba13c913e7064b00970c0a5e6c99ae06336efd56c3e49e

SHA512
8edfa2335a70b44861948dd82413a8cc553017a1980f791173a97ac375606d4d846bbc7074b0c060a14929087bd9fcddc2e19ebc28b4cab04d5db296ce7952e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7c857af5af9b687a4fc6d7cc9a722822

SHA1
8f5b780be8e16d8756fbaa89be6f8c6d7d3676c4

SHA256
d77c68ac37d7d644ddae56067e528a4c56437d3a39cce49ac0f2d258017feb24

SHA512
bcad72e0e2528c99ca84481bdf2c31aca4fa692458def17b12ca69c2c1a8193c05bc06075c792c1ccbeee2b13ccab7a04457db5d36b868cd71acfab7b90a7c89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
37bfe048307e492c847cbe218b383568

SHA1
ecb71e1ca3858ad28571617a1127b70d45722f63

SHA256
a6be36fa9a4acda0709b2e4f3dbfe6c0e94f62eda3de29fca2a692c2870d6319

SHA512
4cfec4d09cd0d9550e0461fc4de04b93ca334a6ed988435cb4db56d57e433c9a9122b94816093b76c67619db6555dfc107fef6a254049fc438f689a12ed0bfc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
2afbf5188bb7cfa8167c01a8ba0949d9

SHA1
3383fb7cd9d7e4293ff1132a85f2ea5f8a755f5a

SHA256
63f9f7cdb0d9c9f03b7c4d33d1d0038accc52b899278353461e218de5228566c

SHA512
fd0ba4b3eeec7dfbed90725801dc4f35dd2cf3c3875dbcc854bb62a8e80feaa2bb40cf6a52437b507158ab2d257b21abe7979069fd91ca5322fcc496b788057a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ce7338288fd17d7c29616a5eda28a08e

SHA1
fb7a6b256d4036d3cb2551ea1dbf705af5ac1273

SHA256
620cbb5e737e03934577c45fb62519c262b6586f23056aaf603bd95fed43f0bd

SHA512
b59d7c879ada34c40c9004b9af0609c5132348f7ec9a4940fe704e87022161b8b7fde5125519f50c79874ac1e076ac399fb5f2d1747f2758235ed0af2e494f83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0ca6db5bd92f942cf071b186f17a39f1

SHA1
f8522057ed05f376c1c53376c5f203c5d72ec048

SHA256
a1f4957dbb9c7e7a9e0e4aa0162acce66efac82bf2c758df719aecfa918c0d88

SHA512
04b29c1628c6fd18259a634203a4a35a30676b21faa891bf709f50d06a873620907e98eb0ba49114a0c793b45f296ed527c1a8713c8cb9f7528d7c8506945d9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6af5978375f28b8b1207750293f7507d

SHA1
2c2b625b61149a0a58cad80d551f56a4006b1381

SHA256
dca124c857e56a367f8d7ac1c6d7fa159340b2a56dd46d1548dede8d12923189

SHA512
0bd7ff6ad1f42b3c34f91a3c333841b3ce44896d99ee126145c1422965ae305aa0604ef44772c63e6312bb7059ad3b76add1a424e3945c3112d6eb847b4e1a91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e12f0cbe63e99fd03a91c0c257729e2c

SHA1
9d007898f22fd6774681c193780f12ba1487f4bc

SHA256
166ba7509300e8f07d8a8a615159244453f8480638c7fd10e98dcadefb394d9c

SHA512
88019e0d539713b698037778a81cb6bce84f4326355e3ee39fc7dd0e652df88ed82cd10a07a2b3028b86d7ff419d23c75d4146dd1f379e0daa9a16e1181528ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e26debddce31cf01070f395ff02da1b2

SHA1
da87615bff6837a37dc0ab35e1f5c9f1aedb5b20

SHA256
16fd83ccad52f4419c9898bcb7877300e3d48e4004b3f61898bc292201c7cc34

SHA512
8f3ba1d319657580606e2ae6fc3169510b79d01fc1b1c043e9a0e5d91f0d3ab47517ac887af70ad16dd7a2d2d32cc49327e014d306d3547f119240b395178983

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bafa649293b60d47c4fc68f18e21669a

SHA1
922056f22db0b20376a7deeb70be8b8a6199dcd2

SHA256
607a157b3e76f287c549e930a1f6eb3537e2ea5548e40af32853c6d1beb3442a

SHA512
02985ede219e52d5f16bb6bfec8d015787d35b4157a5fc8bc8f66c5811e573c81c2e5243a70babfc239e24bb55b2759ff8299d1d0699bc35e99ef9eb8dceb356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b894e7f26154a84952a6ef644307367c

SHA1
7cb4dcb7c89c72ccd03fc40f1967b90be87ebee8

SHA256
62784be327b57fee32a36648d6ca6530bf402be47ea1c7f889f5abdc8cd44ff4

SHA512
c007ad18061ca8dc5688e43c251a9fe7f4ec5b3d6582b25c1306bf157af8420cde3b2f53038b858b9979c5f8fc6dd82d790f990cf21e44d4a70abe2a649a801c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1c02148cffa6dba071a76fd2a774b60d

SHA1
f9ba9fce5a3c36d24c72e869ef72968b07220052

SHA256
4475b3b55fa71ccb33b2c149a3a0ebeb7bfc04f55160ecafb80cb623afc28926

SHA512
7c137a94e6c284de0e6dc79bb648a615e86498a015d1b8ef72fe5e112ed848da9a9c3d781afa036d4cbcee0b776eeb594555ff4323a7064063ab3af6ecd2a4ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7b5add771e057e0883b0a25f91c4d024

SHA1
1b3e75ed0ab48e8baf73651952ec832a23e1dc89

SHA256
6ab7d5157374a21f9a5dcf37cd2719107ba392f225e97664263424031dd18fac

SHA512
28e2edde95b00fd67aa185a302bb9aee6997ce47298a3428f106cfa0919963f1feb97bdfba16f409acb55d015f109a68088898922da4c0ad5344b90e05afa8ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
821d6cba4e5d97d8beb044d2b51e50b7

SHA1
1c908f5933150787fabc86c829e9cb95f24421ab

SHA256
696a9bafbf118b47947cf0b3f03865412e583029567bb3d4caa2a88da1150a96

SHA512
cf311ec3769c8e9d5a65933271d2414445d23e43c215e98218b96dd9a9f0bec18e4931384a805a5f543b6978d472c85c29875ddb97850f245c2a783ee484e24b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
21f7a76c218a31eae57b9e8434d8805e

SHA1
8d41cd4e55fdc62f0ece4c5944e74d8212c55722

SHA256
f0aff1ec332b49ebcff6680bcc83f92654fb5e56849d8aa81ae44612d89196a3

SHA512
bf778a00201a30749c681117625c10bf0663786735a357efc805ca5a5cf6fc43891fae84aaf78929d3fa95cacfae65df3da4ee93161603528284c2ee7a7d8049

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3a36e6c42534780184cbee48b0f62f73

SHA1
70b88db2edacd2fd7ab70e7e8170627917b6af18

SHA256
99710c49a04b4887bdccd6f3dbda207b62c66006ddc75dd9ebe8c312ead89fae

SHA512
d7dba44567dc4761e375add099e3ac9705ad6bc42e1de446e875ed2a99f4b04c53f4e3777280905cfb197782317279fb1c46772f84238199d8fdceed2c6716b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f1babe8c46bc6ed99d4881350eb8f0cf

SHA1
a24a372bb744b202cd9ae7ff8b3cedc055106fcb

SHA256
5adf9a207429e7038df10a17a48fb33cda63d1c8504d830ce3cfde6fb8987781

SHA512
36bfbb9b4d4ca9d457aa10c4ec5e93638d278a3f2e9b65a4021a7158cc952625240f85e4ff363ae7dcc149c42735e8c7d13dfdfdb482c5684443b165a0d2e6f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c4f553f47222d93dc3c9867e5fb39173

SHA1
f4340dba39f5460020c476713db3c3af020e9e18

SHA256
0bff24d2910363604b68cddab94ba4b4cef7fb5c9067fa994847657b33e707c5

SHA512
4483db4d1fe3714a33418d82041269bae1146db5faa8e67ec87c576c097844be4989a5ec2517766b1e927ccc4215f2b532b1102e02803f056d05442ea0fa2728

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
125f0d6f84235e536d9466e5be3e5b20

SHA1
4c8ed02bcd44c8f2c9f21e08ed086c9a56e01d71

SHA256
0002e5f9aa19c363c33aecf2c82969527b3e6958ee7bfc0f17b92f68a35bed3b

SHA512
276455d87fb0735fb1c984c83973e51bf63d1404818f3ef33d3d5703698a6e8bc9cfe4a91ea1f50b5ebcc0e45b7cc0b56e8ef3391dd0aad6c6a7d501a60c64b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
cde283d67c5166b7246a52b5d029f69e

SHA1
fc453c7d22b102548b562ce315c7f43b1ca80da9

SHA256
4add3d29f9f3330f1ff326f794c6b53b8088679d9d146a3d737490b4dd2fcded

SHA512
cbce302cb6abc6330a32dc8dfbd181532017a4784f12e3ef75803bec95792a91f39f321d56ed4b84e5eb65ab6629218f21421c1ef6f3418e49bd1f564a374a28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
f9b48b6bf0849640fcfe25a3514195ea

SHA1
4f24e05a60e5c35ad3b3be59c74ac53525f73b8c

SHA256
8aacd71a837f512e7c290bde61ca9cc4a37d4b44e633dd386773b7b4129509b8

SHA512
d9ff363c0f03a7e5f1b85249b99b5dfcf3f6ea4b308ad21090f2c110d0e3e2486af873e1a48c32a721f907bc0782759fd743490e81037809327ae0b83e440176

Download Submit