hxxps://u[.]to/cDeRIQ

Resubmissions

28-01-2025 20:58

250128-zr6ggs1nex 10

28-01-2025 20:52

250128-znwg4s1mf1 10

Analysis

max time kernel
229s
max time network
227s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
28-01-2025 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/cDeRIQ

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133825711619020199"	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4776	vlc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3696	chrome.exe
3696	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4776	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
4776	vlc.exe
4776	vlc.exe
4776	vlc.exe
4776	vlc.exe
4776	vlc.exe
4776	vlc.exe
4776	vlc.exe
4776	vlc.exe
4776	vlc.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
4776	vlc.exe
4776	vlc.exe
4776	vlc.exe
4776	vlc.exe
4776	vlc.exe
4776	vlc.exe
4776	vlc.exe
4776	vlc.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2080	MiniSearchHost.exe
4776	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3696 wrote to memory of 4052	3696	chrome.exe	77
PID 3696 wrote to memory of 4052	3696	chrome.exe	77
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 4688	3696	chrome.exe	78
PID 3696 wrote to memory of 2412	3696	chrome.exe	79
PID 3696 wrote to memory of 2412	3696	chrome.exe	79
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80
PID 3696 wrote to memory of 4984	3696	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://u.to/cDeRIQ
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe874fcc40,0x7ffe874fcc4c,0x7ffe874fcc58
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,8809510917064349720,5504911286143730163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2040,i,8809510917064349720,5504911286143730163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,8809510917064349720,5504911286143730163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2372 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,8809510917064349720,5504911286143730163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,8809510917064349720,5504911286143730163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4288,i,8809510917064349720,5504911286143730163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4704,i,8809510917064349720,5504911286143730163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4368 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3272,i,8809510917064349720,5504911286143730163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3700,i,8809510917064349720,5504911286143730163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4372 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4672,i,8809510917064349720,5504911286143730163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4924,i,8809510917064349720,5504911286143730163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4888,i,8809510917064349720,5504911286143730163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=740 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3388,i,8809510917064349720,5504911286143730163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5096,i,8809510917064349720,5504911286143730163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5248,i,8809510917064349720,5504911286143730163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=212 /prefetch:2
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5316,i,8809510917064349720,5504911286143730163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4976,i,8809510917064349720,5504911286143730163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4672

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4372

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3552

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\StartDeny.mpg"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4776

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1456

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
807a5b575159b3229bf36cd9b69f7600

SHA1
c081e1a6f3f3dc1f82dddf3031b119c9e69455ef

SHA256
f1dfb3cf93c5275a48e6d6e1119f8d4c93667fd4f51a99c25f5edf22202c6d51

SHA512
add947e184942599700abba47738e0a3a635efdffd9b806e0397c29a87f991d3f9f5d413226a2f19297ba273c39fcda853eaabede6329ac25fe56db715b344ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8636315b35d2880f243bec0e10be056b

SHA1
36be6c80cc777b66f18cdd43acb422702b16f60c

SHA256
80c9f4d2e0aa979548df8523b4f8dc15363fdc5449dd15c4fcc205085ca990ef

SHA512
d16471ce286b3d82f403fc46a9ab5e943f6be7b6ef323a7343a12c55df450bfd528af777f829409c738306249d4bd99446eeac5938da1f7276dc018aad59516f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
bcd55d65d4523ace0f7f07d095ba36b0

SHA1
b0826dfee2f2b3d5e78584fa25a225e630ebd386

SHA256
8dd9ae3af9f6e590c5a21c2159c03541751db83127a25435dad49dfabe791f9b

SHA512
03c3c5c0ac322b53fd5dbf569c70a297148858a68fcbdc9e5c308419453a5c2b13b45fb5ba2159c706eac6f033ca4804ecba3500723023cac874f7ad747537ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f085f2d08c4b5c8f402772057d2161b3

SHA1
766edc1df51816092a59eef49c4e70f335d38de0

SHA256
8bcade9b7482f7b696af3a8f6a3391d078c568d6481a452481e3b96383256c0c

SHA512
8373d00e42db2e0eb1c309c9b1ff5a2f06d9a6dc95f3bd482586d49ee26a6b9ef08a43d122a08954edce93f766a6f42c8c5d7e4c527a04627b92c126164056e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fb8ae6e57e87b3e514a48ca588c057e8

SHA1
9f57afd5ef1d122edd8825b056235d207ece8cc6

SHA256
208bee0bc571a4392dea3db86becab2e55231d7de3cf6892112426af2b02dcaf

SHA512
21d334b2554a6e5ed44ff957b41491de000b6b20c59dd942446736f9736ae205cf81ed6ceefa096cf4c053dc41f2d97a5a57a82a00accb2b8b6039dac44ffbb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d53679f7b34dcdb2ee64a13a757a8ae0

SHA1
e4b77df1cd1b41db18fb8e91e6ec7dfe3939aa8a

SHA256
5539372d7a4ee8eab5745fabeac71b540d2b32e2eb9673ded7e9b75b5163f254

SHA512
3ea15bd20b1ee38dcd1b07ba14c59b1c7d445e7932e1f396510ed58a8e6f836a53d9db73d70520aa569b9e313d819be152ebfcbda5b0068e012692f615bea15b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5b28d56f0c81ae2096fe5723a439c410

SHA1
6e69aec84e2c67e31ae9cb60d3c5aefcd99ad418

SHA256
25118957d4ccd7e46ab86addcab82bff9e6f608937b5701c5a4d0b831a9407f1

SHA512
7f8f18e75c9a1463cdb6f0569a5e78919a6bd619741928e5f7799a28173de177f0a4732e8059c72364a01e29914f230ef18151c72b23a3ec229bf13b9da5f606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6a067d5cbd3ee2ddbfbec1814c3279ad

SHA1
d2589902562feab91585a2d3ed843641f56b82fc

SHA256
d3b587e8918a09c201e1bfc1d2b3988d660df40eea441165ca59cd7979825db4

SHA512
0614d525b8d5676ad93724cefd4efee37d194e3d667d5a5aef11f72b1ebd984144193201c7376fd7a9c441e00a42f59cf2019a0310e26acf9ad859488fb6917c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4710591eb46e0fb55bf3addde164dff1

SHA1
afe789ffce7115081e87f43beab5880d7203feee

SHA256
d4700863d4581a877856423303a33aec8b07324b39e2ac6d8e2938fbc803fce4

SHA512
1a2aca8575a4c9d099f50055fb90fb22d418852898bd0f0dc0366a55ad6e65a0a746df60cc518e59b125d6ac2c3db0f946ef63d9a0fd8559222a984fc29d3153

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5f0d7464c7d5d10850522850cb502db3

SHA1
ea84ccb51c9de481ad463cdbc9e555b2fd889295

SHA256
e2ab2e89750ae424178b1daa0f7a138e4d7b1ab750ce980bcbf63b53e235e2f9

SHA512
b756c6a3fe607889b93bb7ca8457188a66ec07893add84fc90211cd420aef7f129313d78cfedd400ecb16af6f9512ba9f75e3c61d8bffc8df9f7196697c2e639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
07621952cc39846a8166f71144f2ab81

SHA1
ddb86667f2aca37206e544e65c72b33f14b7b995

SHA256
ccf28abca2881ce1591b3e01e1dc8d05d5f8b1d4854de34035398ba26ff1ddaf

SHA512
f0d458829c6046c02ffa5d84773da7506e1663f2ef7af6d22cfe9d8c93b9fb1d2d52163296a906f346edbb4e7a4f76c34d5fad0f90c4facecdf88436e44f590f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
660c566e783b69764ee25e0d63d61555

SHA1
af4a0c43c0a54de4f1147fcd6d0e1731d32f2dd8

SHA256
33b8c29aa2a3bb300fd57eb31d97507d551aa1fe6a1bc421b2b7758dd360f4f4

SHA512
b03b1397c5e1b5802f030d706922c4bdc3eee5384e3d640480f3dcabb11516790d27636686ca676b4fe3b32d2db9f70a0c66ac14fbc1192d9dff1f443187ffed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
931559c8bba572ed2dd822381e0b7902

SHA1
dd00f422e1f57e297180ad46eaf96af4708e6063

SHA256
f8b6c7af4b1724517ae28a9d1440640cdca1637d3b14f0dd15f27b87eae07a12

SHA512
7bbf3acee5429f5629c145d95ceb5eef5597aa5ce698441c389bcf423af45a314b4641783277af53035e919a2b0cb94a580573835fff20424fb50573b942e966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aa4a4a9538d81c625de243524f8f5bed

SHA1
08b8dd083a7e2d7db3c9b5b0f83953ac31a74651

SHA256
32f95ea2db8059b3e3f72fa10ecbf218915c4a7df4cd3a6deebb8caafb0a18c1

SHA512
c9baf2c9b09e565eb28dfd14850a0ceff9a92cb4fbb5c3708910096ac98241a8aecf8f9fb5c4df6f997cd4151c943a1affe192b1a8f0a2e59dcfe25b72e39e30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e70c2699dc1769a01c95002e7abd3c6b

SHA1
afee23a71a522906182df981ba4b8c45b953f899

SHA256
dda4c813dd3bff46fcc3f4618dfb584841ad7ec22bbd1d62e66345c5218ef5fe

SHA512
759fcde6f8687142624a7ad6abfd309cc10dad882dd91e65ab1b4f03a33324b2a21aff100224e0ccb8cb30e29aa49a6647b9b169ea781b9c63b9941cb73163ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1e08dd4931797e27a8d4841180bd0fe1

SHA1
dbb16ba2e36194d70ed0e7f584cf4944a5ad089e

SHA256
ff6da3af8bc792fe5412340fe936f3ba783a0e7dd0b1125d2483c358a0da79a4

SHA512
bdbc60d7428282b29e60b16ef1754733e3d574119e711a3c6b76bdfcd76997b7108c4fba6503a5e919767ade9d7d745dedcc794b3faf7b1784c8790da0c761a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7d976068b0aed64e195138a0833b559d

SHA1
2c27115b3445a98f116256b0b510c9a30ccc3acf

SHA256
e6f3464822b3116e7f7b52df1e53bad4943f20b5b7ba2afd657aa4940408eef5

SHA512
2e6fc3d7ab505bdae02a8a8a9ed0426851d30c68370467de7fb9500f2a4f880a02c812daf04e0d09c9840c457af86eed5292b1aa69bcff3fbe6e70705bb03344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
165aa3fc458e88b4e9484d2a4388bf8f

SHA1
7df2e4b7340b3fbd63c8def80f9fb5b18400c6f3

SHA256
2ece3c0c3abcf5f9f77b19e9415f70d6d08b00effef9547833831a5c031483b8

SHA512
f6bcb148ff55223c8e622b1e978b52d9f6ebc1cfe08a715fdd7b71a35e7ffb67dd65735a23bd741e49ae66046fcec27779536e206144cb41d961c01c3df4e20f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
ee47a01fab25c274acb5ec5d53c1f142

SHA1
b7e105fce292b38cd41a18645db0ce0a5639a486

SHA256
9a76ee867926cfa69d73353b8b5ee28b48bfd33522c8d8e2306e87ae3cdd55b6

SHA512
3645e919e100485fd699e1739ddc3c4de147ae6bd3f7426e92a1274bc419dd348683ea146ce1ed3f43a9a2817382c5d9517488d3ca66d54954f6593a1b180f54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
8e9a1ed82a2efe4dbb5ab152f475acef

SHA1
c9ab0f3ef6cdd0499289073b8443189dd7ad6579

SHA256
5930951f1f068a5941b27c3aacb48466fceeb8bcc3bb3bf95a4b458f5d386321

SHA512
f988b49d3ab9efd94dded233c74b5fb58919657a1a88f473acab0fae300ea78e173935547cc58ebc3d7dc1de260c66675b49586766d72c377661bfdcb0774fa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
c8e315298056745a9429a73259851e13

SHA1
d3dc651ccd71b36a9f292bde074e099bc485be06

SHA256
c81ab24790be9a224536d5e4b338251956b02ce920c62f079a5a02361c53d690

SHA512
6634781db55b183d59fa1b5658c156467128666cfa488b54671f8e4445e78f890e667c21093454bd1b18b5573ba27313e50351843d5c5bf5a855f8440a4ee9fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\5eca0145-de48-4483-885b-99f5c7d30cdb.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
memory/4776-140-0x00007FFE709F0000-0x00007FFE71AA0000-memory.dmp

Filesize
16.7MB

Download
memory/4776-139-0x00007FFE72260000-0x00007FFE72516000-memory.dmp

Filesize
2.7MB

Download
memory/4776-138-0x00007FFE877F0000-0x00007FFE87824000-memory.dmp

Filesize
208KB

Download
memory/4776-137-0x00007FF6A7030000-0x00007FF6A7128000-memory.dmp

Filesize
992KB

Download