hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqa1UwaXNKUDl1ZklrcUNIcy1SUW5QTmlDYmpWd3xBQ3Jtc0tuQzJGYUR3ek8yS0hBX1dURld4Ri01VU5jYTRTWDZkbG13R3hfdjZrSnFTeFV4MGhtZlVuSkRvZGJ6TUhUd1ZkNmI5Y19jME1XUWNqUTNLVncxcDQtNndPYjhKYkpQS0xGMUZ6cGthVDhMWGpzdDZBaw&q=https%3A%2F%2Fdelugedrop[.]itch[.]io%2F3dash&v=sjq_S-dPT9A

Analysis

max time kernel
150s
max time network
147s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
13-06-2023 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1UwaXNKUDl1ZklrcUNIcy1SUW5QTmlDYmpWd3xBQ3Jtc0tuQzJGYUR3ek8yS0hBX1dURld4Ri01VU5jYTRTWDZkbG13R3hfdjZrSnFTeFV4MGhtZlVuSkRvZGJ6TUhUd1ZkNmI5Y19jME1XUWNqUTNLVncxcDQtNndPYjhKYkpQS0xGMUZ6cGthVDhMWGpzdDZBaw&q=https%3A%2F%2Fdelugedrop.itch.io%2F3dash&v=sjq_S-dPT9A

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133311423368967760"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3668	chrome.exe
3668	chrome.exe
320	chrome.exe
320	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2524	3Dash.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3668 wrote to memory of 3644	3668	chrome.exe	66
PID 3668 wrote to memory of 3644	3668	chrome.exe	66
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 2204	3668	chrome.exe	69
PID 3668 wrote to memory of 4428	3668	chrome.exe	68
PID 3668 wrote to memory of 4428	3668	chrome.exe	68
PID 3668 wrote to memory of 3864	3668	chrome.exe	70
PID 3668 wrote to memory of 3864	3668	chrome.exe	70
PID 3668 wrote to memory of 3864	3668	chrome.exe	70
PID 3668 wrote to memory of 3864	3668	chrome.exe	70
PID 3668 wrote to memory of 3864	3668	chrome.exe	70
PID 3668 wrote to memory of 3864	3668	chrome.exe	70
PID 3668 wrote to memory of 3864	3668	chrome.exe	70
PID 3668 wrote to memory of 3864	3668	chrome.exe	70
PID 3668 wrote to memory of 3864	3668	chrome.exe	70
PID 3668 wrote to memory of 3864	3668	chrome.exe	70
PID 3668 wrote to memory of 3864	3668	chrome.exe	70
PID 3668 wrote to memory of 3864	3668	chrome.exe	70
PID 3668 wrote to memory of 3864	3668	chrome.exe	70
PID 3668 wrote to memory of 3864	3668	chrome.exe	70
PID 3668 wrote to memory of 3864	3668	chrome.exe	70
PID 3668 wrote to memory of 3864	3668	chrome.exe	70
PID 3668 wrote to memory of 3864	3668	chrome.exe	70
PID 3668 wrote to memory of 3864	3668	chrome.exe	70
PID 3668 wrote to memory of 3864	3668	chrome.exe	70
PID 3668 wrote to memory of 3864	3668	chrome.exe	70
PID 3668 wrote to memory of 3864	3668	chrome.exe	70
PID 3668 wrote to memory of 3864	3668	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1UwaXNKUDl1ZklrcUNIcy1SUW5QTmlDYmpWd3xBQ3Jtc0tuQzJGYUR3ek8yS0hBX1dURld4Ri01VU5jYTRTWDZkbG13R3hfdjZrSnFTeFV4MGhtZlVuSkRvZGJ6TUhUd1ZkNmI5Y19jME1XUWNqUTNLVncxcDQtNndPYjhKYkpQS0xGMUZ6cGthVDhMWGpzdDZBaw&q=https%3A%2F%2Fdelugedrop.itch.io%2F3dash&v=sjq_S-dPT9A
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd253f9758,0x7ffd253f9768,0x7ffd253f9778
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1740,i,15672246124726227435,9856755694382560610,131072 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1740,i,15672246124726227435,9856755694382560610,131072 /prefetch:2
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 --field-trial-handle=1740,i,15672246124726227435,9856755694382560610,131072 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1740,i,15672246124726227435,9856755694382560610,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1740,i,15672246124726227435,9856755694382560610,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4580 --field-trial-handle=1740,i,15672246124726227435,9856755694382560610,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1740,i,15672246124726227435,9856755694382560610,131072 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1740,i,15672246124726227435,9856755694382560610,131072 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4796 --field-trial-handle=1740,i,15672246124726227435,9856755694382560610,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4760 --field-trial-handle=1740,i,15672246124726227435,9856755694382560610,131072 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4928 --field-trial-handle=1740,i,15672246124726227435,9856755694382560610,131072 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 --field-trial-handle=1740,i,15672246124726227435,9856755694382560610,131072 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4848 --field-trial-handle=1740,i,15672246124726227435,9856755694382560610,131072 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4688 --field-trial-handle=1740,i,15672246124726227435,9856755694382560610,131072 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1740,i,15672246124726227435,9856755694382560610,131072 /prefetch:8
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 --field-trial-handle=1740,i,15672246124726227435,9856755694382560610,131072 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 --field-trial-handle=1740,i,15672246124726227435,9856755694382560610,131072 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3792 --field-trial-handle=1740,i,15672246124726227435,9856755694382560610,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:320

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4316

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:516

C:\Users\Admin\Downloads\3Dash Windows v1.2.1\3Dash Windows v1.2.1\3Dash.exe
"C:\Users\Admin\Downloads\3Dash Windows v1.2.1\3Dash Windows v1.2.1\3Dash.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2524
- C:\Users\Admin\Downloads\3Dash Windows v1.2.1\3Dash Windows v1.2.1\UnityCrashHandler64.exe
  "C:\Users\Admin\Downloads\3Dash Windows v1.2.1\3Dash Windows v1.2.1\UnityCrashHandler64.exe" --attach 2524 2680473653248
  2⤵
  PID:4504

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3b0
1⤵
PID:200

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
a25c21d2f9acf5fefcff700a2df89940

SHA1
3f50a32d72e0ff6e2898117ce4ebf98fec01f876

SHA256
6d4c61da0925a8c405bf3dc77612958986c83f051329dfad86502f2c34f2eb59

SHA512
c022ac2ea1d451f0f6ab4f01ec340046ad4ba7159b09a3ba7158d91272cc6ddb061f4f4f8f429c467c752369ace1a428e609df553a6b619f49ded681868852fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b91487b3e507c12818c5ddb1d3c0ea58

SHA1
bee829eae8aa54242d9977d5639ea62d0526d70c

SHA256
a4bd0da98a2e386926fd81554ff30e59031d62a9729e1a809af96816211f7dc5

SHA512
b52cc2b04965eb40dde1b07ef4b2ffefecb4781603d35e75b0b8b9a86b2d0efd72f1313f44f23b59c00c682aeaae8b7c214d3cb5c035495dd12a898798775043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ac6ce298618cc39aa33ae78f3bdcf74c

SHA1
601062bf998e6c7f9b7a33e578bb69daa72db9d3

SHA256
2a9e8d3508ff3ee4f59936f754d2c8d3107ffc2d2d97f2ccd656f681ddcd4eec

SHA512
1736293de3b4036bd370c8a35f1a5a04d1e567d573fc5a16612fe5bccfb9b2927989051ce20e15e89500036bb03dd7f0c98e29670e66486556c6872b18a3b5d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1dc54c6a4b05fa01f6483558803a6d24

SHA1
b839c6190ca6b932e825aa336f46304767b45a8a

SHA256
4da9e8416c6fd837af267e5c457c1bda4260fa23bbd4d910c880cadd6f0dc40b

SHA512
47af38a587e56d3e6c27b2dffcf7f6ea0ace4c556434c5b9ffa8d3d074dcabecff2107d9a065707f6976df85407e1979510fd1a402ba86b7ed952c35814f23cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
0ec262a63a65fc03996d5829a96a282c

SHA1
0a3038380bb825fb9a7675cd73386428e35d7a66

SHA256
87567b2f387407160c4a97864dc256fa4c109a1f619bf90f8b46ba8444db4e70

SHA512
5c8180d95eba0fdfbb9f85a249bacd0ad01a71ab12fc1a74989d33f82ccacda83c376f30baeb35d166961bd5f80893fee9ae4137d0759e86cb38a4386559de4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ad78459562ae5291c4bde2b822bd858f

SHA1
3df474886d26bf77b48a1daa5bcd5b46937b40de

SHA256
37dadf0d9c79288b2bda1b0b214ced64939103ffa32339c0afb6f6fdd5e0e2a7

SHA512
c0f0387ad34bcdc60c213265f4e28afbba36b047ec380b8dc8cb44a2b512816c5fc9216eb389006932f3d7579aafc153caaa80665ca32f635dc9d71f052b2d88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b176dc42b705da88b6a7e84e5f999dae

SHA1
07a10725f16a7688a999851705cfd9d57de8a695

SHA256
83bac1bc6f662f296a1fc43ef7fbd2277db8f1335da0c0fb1374dba4784878a7

SHA512
ab2411bbee4a0b4cebd73c55e79c8a87561a944ad16aaa1d89685ff47fccb92ec37485968acea4c826447f50ca785a37af261cd2057c35eda8f5d6d00663d993

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3d3d5e52bc236c62d371e6be949c5e1c

SHA1
802377934c9b7c104ee22806d6e350a2ab3b8437

SHA256
d4e117561e7d98a652c8546f08fbea1d252e47073f3b34fbf0841d42bb1ae861

SHA512
ac8da3c7d5d42e6ada131ef37da8da6d46a3dfc2e207d34cf715e1a85f33e0a779340b5f5eb17642a39468ebc2e9e5b2dca8723765276ada2634b894ea3f4136

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
58a2128bd1a933f62690d3e790b15359

SHA1
294a1df18f00deb755a79be169bb6c58862b3273

SHA256
dc072ffe49de8ce483083c5c66c8cda958b7a64a6b275637f5a1b1efe9ff6799

SHA512
e02832cf56f52e944c4da110d8d26e87eb3763c5d2559ce9015d6ff369f392bbec1650844fb3bb36f6ce6008b585656b7fa7b50a57e7c5a698d9157f70efcaa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
159KB

MD5
f1aef012d94ea5edd14cd534869350fd

SHA1
a6262d86177ee0193017f42840adeef872467306

SHA256
77fb5bca596f9282901ed02256418451d08c9c8284b80ec5470619ea9734f1a0

SHA512
98659b2982378d40b0fdb5e6054841fc352d11e56e106dbb03b98f5f54c5ec7cb8669e573ceb1fbad91546f5728e6bb3f23f433d80a66b1fde5c9967b2f33e89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
f93e717a8509783537be7b9f3e2ae211

SHA1
f9c5484707fc4ec9e572e88c8e15d71b439d6c70

SHA256
23763373fe741d640527a743057b88dc67f2d61554d3c92cdab8d1b762127a1e

SHA512
6e36013b0d16bfd28f7eee2e331a6130dfcbbbbd9243cb3b1b746caf2a702b897e33794801b0ed89f0375e9ceb7ce969586321a65377972fd88c54332bacfe03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
14688e102f9e34abab1aa5fa0d92bf99

SHA1
a5748cb72a4aa19877475c3618096d86a1325be9

SHA256
c05adb7cae2e132bbe42d2b03973f2706d2fb44a08b3afcdcb8c9904230748f4

SHA512
c737193a478f26c6cb232b87d9c8f552c82a850a6211261d10b2c01ebb5387bb746bfa37fdd617d384fb83e1220596adb1807c45fc1c909ae8816801f5fecbfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe56e90d.TMP

Filesize
98KB

MD5
624c512d1084955b1754330373a64994

SHA1
85290cc6fc47db39b5e94541eb3f0eb23ff69acd

SHA256
b61c5cdcc9ea83c3273d9ca5115bd5559df9cb1bdb93019067b2bba68ea1b089

SHA512
bb07ed377901dca88539305c1e729aff9ac5902dcc614504b28fcb8fb520b51132b1452a538b4f36a3c4469caab9cfd044f075fa697be28513446497541ef424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\3Dash Windows v1.2.1.zip

Filesize
152.0MB

MD5
ac41a801fc8213113ef53e9d946f1ad4

SHA1
b88bc0177dbc8d093c95335bc1e6dc09999aa1c6

SHA256
b514e75b28cb4f0713f27915813f8499db6aacd921c4eb27873e587a12861ff0

SHA512
5ed0268cbea7d563232e179b22ae5ad16caece49f9a9ffd9043883410ba21f4b89e620b6e9cdf46306bc1094f3de4c8e9e607c037aedaa08035a3fae17f30cd0

Download Submit
memory/2524-375-0x0000027000690000-0x00000270006A0000-memory.dmp

Filesize
64KB

Download
memory/2524-384-0x0000027018B10000-0x0000027018B20000-memory.dmp

Filesize
64KB

Download
memory/2524-373-0x00000271BC470000-0x00000271BC480000-memory.dmp

Filesize
64KB

Download
memory/2524-374-0x0000027000640000-0x0000027000650000-memory.dmp

Filesize
64KB

Download
memory/2524-368-0x0000027018B20000-0x0000027018B30000-memory.dmp

Filesize
64KB

Download
memory/2524-376-0x00000270006A0000-0x00000270006B0000-memory.dmp

Filesize
64KB

Download
memory/2524-377-0x0000027000700000-0x0000027000710000-memory.dmp

Filesize
64KB

Download
memory/2524-378-0x0000027000710000-0x0000027000720000-memory.dmp

Filesize
64KB

Download
memory/2524-379-0x0000027000720000-0x0000027000740000-memory.dmp

Filesize
128KB

Download
memory/2524-380-0x0000027000740000-0x0000027000750000-memory.dmp

Filesize
64KB

Download
memory/2524-381-0x00000270007B0000-0x00000270007C0000-memory.dmp

Filesize
64KB

Download
memory/2524-382-0x0000027000530000-0x0000027000540000-memory.dmp

Filesize
64KB

Download
memory/2524-383-0x0000027018B20000-0x0000027018B30000-memory.dmp

Filesize
64KB

Download
memory/2524-372-0x00000271BC410000-0x00000271BC430000-memory.dmp

Filesize
128KB

Download
memory/2524-385-0x00000271BC410000-0x00000271BC430000-memory.dmp

Filesize
128KB

Download
memory/2524-386-0x00000271BC470000-0x00000271BC480000-memory.dmp

Filesize
64KB

Download
memory/2524-387-0x0000027000640000-0x0000027000650000-memory.dmp

Filesize
64KB

Download
memory/2524-388-0x00000270006A0000-0x00000270006B0000-memory.dmp

Filesize
64KB

Download
memory/2524-389-0x0000027000700000-0x0000027000710000-memory.dmp

Filesize
64KB

Download
memory/2524-390-0x00000270007B0000-0x00000270007C0000-memory.dmp

Filesize
64KB

Download
memory/2524-391-0x0000027000530000-0x0000027000540000-memory.dmp

Filesize
64KB

Download
memory/2524-394-0x0000027000550000-0x0000027000560000-memory.dmp

Filesize
64KB

Download
memory/2524-395-0x0000027000600000-0x0000027000610000-memory.dmp

Filesize
64KB

Download
memory/2524-396-0x0000027000610000-0x0000027000620000-memory.dmp

Filesize
64KB

Download
memory/2524-397-0x0000027000600000-0x0000027000610000-memory.dmp

Filesize
64KB

Download
memory/2524-398-0x0000027000610000-0x0000027000620000-memory.dmp

Filesize
64KB

Download
memory/2524-369-0x0000027018B10000-0x0000027018B20000-memory.dmp

Filesize
64KB

Download