hxxps://coconnexion[.]com/comcat[.]zip?&audio=623

Resubmissions

31/03/2025, 20:39

250331-zfkewazqs3 10

31/03/2025, 20:25

250331-y7dkzaxwg1 10

31/03/2025, 20:23

250331-y55lnsxwez 4

Analysis

max time kernel
112s
max time network
112s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
31/03/2025, 20:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://coconnexion.com/comcat.zip?&audio=623

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133879261992250059"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\comcat.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4560	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3572 wrote to memory of 2952	3572	chrome.exe	81
PID 3572 wrote to memory of 2952	3572	chrome.exe	81
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 2332	3572	chrome.exe	82
PID 3572 wrote to memory of 1016	3572	chrome.exe	83
PID 3572 wrote to memory of 1016	3572	chrome.exe	83
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84
PID 3572 wrote to memory of 4208	3572	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://coconnexion.com/comcat.zip?&audio=623
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb63abdcf8,0x7ffb63abdd04,0x7ffb63abdd10
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1924,i,704232704893164295,14081418613055901070,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2208,i,704232704893164295,14081418613055901070,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2228 /prefetch:11
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2368,i,704232704893164295,14081418613055901070,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2500 /prefetch:13
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3192,i,704232704893164295,14081418613055901070,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,704232704893164295,14081418613055901070,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4276,i,704232704893164295,14081418613055901070,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4320 /prefetch:9
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5288,i,704232704893164295,14081418613055901070,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5300 /prefetch:14
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4280,i,704232704893164295,14081418613055901070,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5308 /prefetch:14
  2⤵
  - NTFS ADS
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5580,i,704232704893164295,14081418613055901070,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5860,i,704232704893164295,14081418613055901070,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5964,i,704232704893164295,14081418613055901070,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6116,i,704232704893164295,14081418613055901070,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6148 /prefetch:12
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5856,i,704232704893164295,14081418613055901070,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3240,i,704232704893164295,14081418613055901070,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3432 /prefetch:14
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3472,i,704232704893164295,14081418613055901070,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3408 /prefetch:14
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6120,i,704232704893164295,14081418613055901070,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3460 /prefetch:14
  2⤵
  PID:2640

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1780

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2008

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004E0
1⤵
PID:3952

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:1128

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4816

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5b95f912a1591f2f7e6778da8ce18448

SHA1
88ea90773fe1bb38139b769d2c7b2bd8515c374e

SHA256
d5c7ac9e112071c6d27d22ad8a65cb088aabf9b6e8ef2355ed28ec13a1f0e81d

SHA512
2360e990bcb01ea003b1f632342a9aa05d09e73904573d4e687de2f57a9093d5cc488ae7e71f2ff29eecf839c65d2eebebbb6403939711e4efc0359c91e36d01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
76c9e63a836e422d3206efed58bbbfcd

SHA1
8fae29606d88c7526ef5d5fbd7049da7874bcc8a

SHA256
15ff4d8e73f27804ad9f9ff4cc5d2b13c4f2f5ccd9091f8ae1fbbcec2ca1d923

SHA512
42dc60d2e2abae628bb5f731b26feef1cc8f54c153fdf5b7480c44bb9f10784261c10e49ae94e4bce040b897033005381c472eff668871b61eabbc5a80a30e81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8bc38b0f0d1c3638f81c6a71587e0b26

SHA1
22db96d6cb987c18e14a520349dc5dc7c3a1fdbc

SHA256
8ab0bc14934955e85b4a1e0eddd6a8e1e8a17006f44aaa9db6f40f65c5a4c676

SHA512
98646cd8f06516d548dc8691e55b16dd7f0e64ab089e850ffab99f9d27de30459cf71517f3ba6003196b71535d31756f07c9423fa40e324ff6b4abab433190aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f559248f786420c613b61d138e9a386a

SHA1
f22b578699a006897a2c3448f7d84a48ec92cb8a

SHA256
e06b000402844d732229f7af4d19f106460ce39f3112cb06f667de60db7452fd

SHA512
dbca73e6bef7f75ae46a743123fc501de4c072a4a847ada69c271221176cca18b538914e59e3c1549fe169e894187e1fb513cd16f9bf7736493769ccd572529d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
dd45c6cf4f77a8ff407576118d5dc9e6

SHA1
5ed3c3af623ba04cd9102b53e8852cc12fc8f7be

SHA256
c2dcf7e77af77bffdcbe3bfbfa1e8704b14dd828daadea4b7e58e1559675f4f1

SHA512
d0e2b3556031ba461427553993a042329c017f00885f0811f18a5eaa95fcfba2634c1390eb4308e6c31e1c78dbcb7aecba37a9b147e71ca7376648e85b652c3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e7593cf90cc601c1b1caa2929e12d972

SHA1
91b7b6c7220319d5a4acf4b6321748f424c5eab7

SHA256
9920d1709e628e2b0051b9011752a82b96b6fa518b4f80f573c0fca4d484502d

SHA512
bc3b56c9d8db50726631b499738c0c5f50f76b4157e5123738225b46378c68c0d32fdc743c143fed2ada5e423bb570ce46d8e1d5e73a27bdd38934269d4dba94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3571d15084c4d183cc4f3141240a77f6

SHA1
04c948ee15e0d901ac1ff4fb08e1bc9efe2429f1

SHA256
a327969d4ba718b3d6b01cfc9fd3572a1cc04642881168f8ce6fe663dec258bd

SHA512
d11ec375ef2151e28573b283e03e9ac3fca54bfdd65c4bf63b59e9ccd1d3d31fa21dfb61497c84b1d33f9bba53e8378feefbfa07ee004d1b5f5c10a2f045ad2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1dea21772a44c4935f0319efe4976df6

SHA1
8183d8813291b1df7ce23d89896354132c3651be

SHA256
5458a2b9c2fc7e85989454700f61b03c6f985e17526c05ffb102b5d6cd558312

SHA512
2e33736c86bc162a8c0b99fe476f9c52b707ce133838249b5daa5c2ee0b9ee12a247ddacf20412dd52bb8b9e523fb7838a7a0a165a2c73374ad92eaa350c9e84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f776c4e3675b5f09e8aa6aafc936809f

SHA1
481a20b296282aa260c4f34dc5e62b17aeb54f73

SHA256
ada7615937ad1fa61c8d07bb12cc068f3e98985b1ace4c2880d97c9eec93270c

SHA512
6428ec7fd43dc3f15423dda277394884439f57385ae8093ba8f32153431c12583d58370e28db47eb0515316042e0dd1f2f40039615f54fd6aebd3b857fe7a7ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f59b2a7ae015d5764b906b05ed505089

SHA1
8019aa1815fd9c92cf5a7760aa3ab1c9174d1abb

SHA256
cb3ec91c3cc058817b7bc25d8cf5e84e23a2bd1d6395fd30441095f21bccf4c1

SHA512
40ef6b7055dc67982fe8879638a77043fe223662e0ed028e1cd2119c8869b18834283ad7323d1419bbb6f9a58152a2f5d935542190701d481bb4fbf02d1dd9fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3bd0f1d59f5435ab89c6f0193e29992c

SHA1
339c86940588b31d0f0fc5b22f39e7e2be1bfa7e

SHA256
57d600c2b8e60c78c988f4bda42d01c8ebb7e6e8e3f99fdf2082b79dd1dfb2b9

SHA512
e95b3a033a4174dc7aa149af1ea569b3593240ce0fd10e3edf40be5aeb804dc18ebfa0153a89ac0eeb1311ba15eb7c3890fd4efb0462c9e080a14230834785a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c4d6.TMP

Filesize
48B

MD5
cc079421e51e5272a92b73d786ef5d8f

SHA1
24c2f113fb77e826a69c26e0c2e6c3d1eca92d2b

SHA256
5a50145f553d36edb0c22e2e96530781d0f07292e091635d80f0d4041f4a8336

SHA512
ac504690a15ef61eacd9f8dce677c7642f6e3a2e6dee5acd0c2396f887587c9054e3884ec91c9cec45a484e7bb284b11e40b7ecd219ff1b0dfa3537094da0701

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c6d6c4e2-884e-4fa4-9f50-75b92791ca4d.tmp

Filesize
10KB

MD5
55cc77f5789204a9a2c35b61ba1884e7

SHA1
2c03aa77d87fe6a3ac7d91d813f00d2c38bdd308

SHA256
cca530b7b802cb39fda6cf09a4d1506268911363f50400a7e56d287eb3318199

SHA512
1c07f96933e4d12b4d34dee3619a26e8af3a4186d70f48d5285256d99de1677c61fdc84746739d8e1ec9909403f7e3ee30eca7b05ca0961f4f3ab59c50bd61d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
8893544480f95e7686c8187855785566

SHA1
b3b597845bdbd701e0bc989818a5c5c44c625933

SHA256
0597a471c41d7a05e7b08127e95c32ad628a641cdcd76164306364ef85c3c683

SHA512
74a29c5829d568c7d1a1656c9127b900ddce3f463fa3dfa6ddd7a20ba3b373fc1b8efe2925d03ad5d92c16f6c958a2ccfd8fae640e67c7bfaa45b25c387bacff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
3e6b6ddf18a007b1c4ec54995246dd4c

SHA1
bbf7cb8c3783d0c9b15f7cb7e8af011f4dd6e1ae

SHA256
c41e69b8598ce10f59b31c479768163a09e770beb3604eced3b952f1b37951d1

SHA512
0acb2734b2d061f1077bff7831738dff676bbe74c00be2dd714ee5a58bc1426323daac413c834db0fb879a806fdb0dfd614d7d2d7c3406f16ecf30296b4d8ca3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
23dc211ac2b2912470f6c1a9de8e93d4

SHA1
d4df12253898257799b2f7b943211151daa0fa4d

SHA256
8d8c67e1963e8060a39b9fddcbd04fe73bf286cca5267ee33c7e4416713457e1

SHA512
84e6fe42577503bbdc0441b796a3654a15887c1995b120355aa12b9022a986809526bc07fb8304c86bff303399e3015523bfb887716dc711a4a6e099fe8b6f3a

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\f4fccfef-4668-4753-8c63-9370ea6e320b.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
22KB

MD5
88ae3e5ae5d8f07d6f2da60942cc50dc

SHA1
cdb4aed3ec05fbd6aa3221c92f27d286b519b267

SHA256
b009fccb5d7af1a8668dee153e52901b28ec85fca99bd8d5795de73c4f72e968

SHA512
10f5e8482886e9be888db5190d87ce9070183ece74d8f61fa4b8e1714d9d12d6d152c108f1ca78cb121aeb2d3344be4b3c05089b83a0c149d2d0b7d2529664e0

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
22KB

MD5
1eaae9c0d8c48b6d2049a960fa89a0a0

SHA1
c3342c658e2016e5f0d8fe50181b0abc9b3471d8

SHA256
da4fcb7bd7e2265a161693745901255f0aab3e1dd4ab09ca47a541d00ad8bd4c

SHA512
c94d7fe9e6f08a4f38cb69ee033e2651affece3a2c698a97c9dbcf609c69912fd685942f23025c5a66b96381579afd1e2d2d68554889aa2af18847c99c703aac

Download Submit
C:\Users\Admin\Downloads\comcat.zip.crdownload

Filesize
3.7MB

MD5
a931850be10516b7357eda47ff30712d

SHA1
651ac4fcafb2a73dee0ad70c0c97f1d648723b98

SHA256
12b15788820107bd87654629df386c64cd15e7125bdb8de2c647c8e63dc319a5

SHA512
b8c614c03a4b3dd66681ace00ec963b2fe1281c27c721702f181ec2f3b5c140626570d01d1d7df9edf255569bf18896d902269ef7e8ee555193cff904922be41

Download Submit
C:\Users\Admin\Downloads\comcat.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit