hxxps://cdn[.]discordapp[.]com/attachments/1087849368675176460/1088103716277723146/Setup[.]rar

Resubmissions

31-03-2023 16:57

230331-vggyxsdb7s 10

31-03-2023 16:51

31-03-2023 16:50

31-03-2023 16:49

31-03-2023 16:45

Analysis

max time kernel
159s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 16:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1087849368675176460/1088103716277723146/Setup.rar

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 15 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{3AB000CF-CFF4-11ED-BDA1-D660CAC54930} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3AB000D1-CFF4-11ED-BDA1-D660CAC54930}.dat = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133247620214154702"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2352 chrome.exe
2352 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

2352 chrome.exe
2352 chrome.exe
2352 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exechrome.exe

description	pid	process
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

Processes:

iexplore.exechrome.exe

pid	process
1620	iexplore.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

Processes:

chrome.exe

pid	process
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1620 iexplore.exe
1620 iexplore.exe
228 IEXPLORE.EXE
228 IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exechrome.exechrome.exe

description	pid	process	target process
PID 1620 wrote to memory of 228	1620	iexplore.exe	IEXPLORE.EXE
PID 1620 wrote to memory of 228	1620	iexplore.exe	IEXPLORE.EXE
PID 1620 wrote to memory of 228	1620	iexplore.exe	IEXPLORE.EXE
PID 2352 wrote to memory of 2416	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 2416	2352	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4276	4188	chrome.exe	chrome.exe
PID 4188 wrote to memory of 4276	4188	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3672	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 2780	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 2780	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4648	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4648	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4648	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4648	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4648	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4648	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4648	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4648	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4648	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4648	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4648	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4648	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4648	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4648	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4648	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4648	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4648	2352	chrome.exe	chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://cdn.discordapp.com/attachments/1087849368675176460/1088103716277723146/Setup.rar
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1620

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1620 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff968f29758,0x7ff968f29768,0x7ff968f29778
2⤵
PID:2416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1856,i,10820314305606993521,7751142892634324492,131072 /prefetch:2
2⤵
PID:3672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1856,i,10820314305606993521,7751142892634324492,131072 /prefetch:8
2⤵
PID:2780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1856,i,10820314305606993521,7751142892634324492,131072 /prefetch:8
2⤵
PID:4648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1856,i,10820314305606993521,7751142892634324492,131072 /prefetch:1
2⤵
PID:852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3316 --field-trial-handle=1856,i,10820314305606993521,7751142892634324492,131072 /prefetch:1
2⤵
PID:748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5056 --field-trial-handle=1856,i,10820314305606993521,7751142892634324492,131072 /prefetch:1
2⤵
PID:4952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5264 --field-trial-handle=1856,i,10820314305606993521,7751142892634324492,131072 /prefetch:8
2⤵
PID:4404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5420 --field-trial-handle=1856,i,10820314305606993521,7751142892634324492,131072 /prefetch:8
2⤵
PID:2632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 --field-trial-handle=1856,i,10820314305606993521,7751142892634324492,131072 /prefetch:8
2⤵
PID:1696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1856,i,10820314305606993521,7751142892634324492,131072 /prefetch:8
2⤵
PID:1428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff968f29758,0x7ff968f29768,0x7ff968f29778
2⤵
PID:4276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=2004,i,12511745636790018608,7283664956012291700,131072 /prefetch:2
2⤵
PID:5072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=2004,i,12511745636790018608,7283664956012291700,131072 /prefetch:8
2⤵
PID:5088

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3260

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
7c13b70d20025440f2fbcf37b8193a4a

SHA1
ea756982413218b2d8956046ddbbc0737b34546c

SHA256
674620a9f6da737699caac8f5878be8b77f892c8652ee813819c1e9bb637f7b6

SHA512
bf0ad5836641970280dc000a79aba4faac255ba97db4c261d1a964876a4dd04c035514b7d63a654820667bdeedbd4e1cc188a104a0e79b2489b8820abcced800

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
848a215341aa6092a23dcc52ffcaa10c

SHA1
4caffb98e9de3e28e3ed1fbf142323b1d516458c

SHA256
ec81a3beedf41e5b8886b287bbbfc875b4585295d0b2412560abebfb2f969e14

SHA512
aa530a045148b05bc116f7b96b838698bb67931fa65d05ecdb00b376f73c5109731a627da0cef86be3bb6ab9ee431a05ae9448e67f4d249bcbee4e3eded50127

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
094a832d2c4e99e37aa9c2050405d6c0

SHA1
3926fc326cd8db1fdee7922c11c4ad5b42d1c5f5

SHA256
1973105426b62d2c388be8bedb0c7e6eab2c26d09e3ce73257c8325c70194e26

SHA512
00745975d6cc7e04b08b0989003890405f963e48eea49a7ba121a0776198bb755414d2851a9605f7eacc289dbda312e51d6ad2a14f20fab95b13720271c1186a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
ccb0a4a68330144430662bd1968c0772

SHA1
3f150ec1fc36ee2708e6374487ad78559c914f47

SHA256
052c99d53f31e3267a36dc2f2d821e6752252b2da44e5b63640ea92d1607e9ed

SHA512
3af6a2afad2ea346dfe7a2a5adee9e5bd1b03aa3b29851f8c6037bd2fc1635846d0c77317d074cd1573619bb5ffb8d97a2fe6c436921bc4ec7d7a4280c6f2f72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
71KB

MD5
babee57c2b0859b65c1c340932a08239

SHA1
dc413eb8aa3661465baa5f09ce004dce2d6e6104

SHA256
4a2fd47640ac41d6148d83c371547ce625c4d7cc7484bef5f1e6bf2fbc7dc461

SHA512
baca74070e231de3de6a38161a728e7283f8ce074f9ce1934e1d0cbfd44c3148a9baac9c7543b325babd238284df890b21e857786442681eeeea71083bdd058a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
71KB

MD5
babee57c2b0859b65c1c340932a08239

SHA1
dc413eb8aa3661465baa5f09ce004dce2d6e6104

SHA256
4a2fd47640ac41d6148d83c371547ce625c4d7cc7484bef5f1e6bf2fbc7dc461

SHA512
baca74070e231de3de6a38161a728e7283f8ce074f9ce1934e1d0cbfd44c3148a9baac9c7543b325babd238284df890b21e857786442681eeeea71083bdd058a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
71KB

MD5
2291c5230f3648075244197a8f5e992a

SHA1
ea68a1ed79585645aa5c325253b878e49280729d

SHA256
c22a3193168c4e455419ba8acb05b32b36b80713be35e818ce3a2e517f833050

SHA512
c6d57efa2879a3700a5ef3e4d2ae8cb7ce521ee35f01cdfaf61b4c42a8202d5cc5d951f248cc4f96e6ce811e239fb890fa14904f61357eb76b196a4293f2cb8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
984322235a5968e27d6edfa78d33eb68

SHA1
3e5fea7e1d7e66abbb45303acc9c4967711cdb7e

SHA256
9412e6cbdd80ce25314864241a733be998d5928e9b9778676bef16d016d524f8

SHA512
b00d9e193186799244fcc3b75de861ac16ada65fa6a4ae7cdb97557ad770d8ed6f6811d671b2928bba3af22a072e9e93d164af6501bba019845977aff4b6b97d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
71KB

MD5
2291c5230f3648075244197a8f5e992a

SHA1
ea68a1ed79585645aa5c325253b878e49280729d

SHA256
c22a3193168c4e455419ba8acb05b32b36b80713be35e818ce3a2e517f833050

SHA512
c6d57efa2879a3700a5ef3e4d2ae8cb7ce521ee35f01cdfaf61b4c42a8202d5cc5d951f248cc4f96e6ce811e239fb890fa14904f61357eb76b196a4293f2cb8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
71KB

MD5
2291c5230f3648075244197a8f5e992a

SHA1
ea68a1ed79585645aa5c325253b878e49280729d

SHA256
c22a3193168c4e455419ba8acb05b32b36b80713be35e818ce3a2e517f833050

SHA512
c6d57efa2879a3700a5ef3e4d2ae8cb7ce521ee35f01cdfaf61b4c42a8202d5cc5d951f248cc4f96e6ce811e239fb890fa14904f61357eb76b196a4293f2cb8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
\??\pipe\crashpad_2352_LYEOJESGLYNNGWGH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_4188_QJXTVXIGNJHQJKCT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit