hxxps://cdn[.]discordapp[.]com/attachments/1126713189858553937/1126713471405396059/HTTPDebuggerUI[.]patched[.]exe?ex=6531f130&is=651f7c30&hm=18ae7100fbea0c927bc1d1fe5cf43694ab11f188ea350a9374c78e9a60386264&

Analysis

max time kernel
172s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1126713189858553937/1126713471405396059/HTTPDebuggerUI.patched.exe?ex=6531f130&is=651f7c30&hm=18ae7100fbea0c927bc1d1fe5cf43694ab11f188ea350a9374c78e9a60386264&

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
1940	HTTPDebuggerUI.patched.exe
4304	HTTPDebuggerUI.patched.exe
3048	HTTPDebuggerUI.patched.exe
4544	HTTPDebuggerUI.patched.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133414616779649384"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4512	chrome.exe
4512	chrome.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4020	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4512	chrome.exe
4512	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4512	chrome.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe
4020	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 556	4512	chrome.exe	85
PID 4512 wrote to memory of 556	4512	chrome.exe	85
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 4684	4512	chrome.exe	89
PID 4512 wrote to memory of 856	4512	chrome.exe	90
PID 4512 wrote to memory of 856	4512	chrome.exe	90
PID 4512 wrote to memory of 4400	4512	chrome.exe	91
PID 4512 wrote to memory of 4400	4512	chrome.exe	91
PID 4512 wrote to memory of 4400	4512	chrome.exe	91
PID 4512 wrote to memory of 4400	4512	chrome.exe	91
PID 4512 wrote to memory of 4400	4512	chrome.exe	91
PID 4512 wrote to memory of 4400	4512	chrome.exe	91
PID 4512 wrote to memory of 4400	4512	chrome.exe	91
PID 4512 wrote to memory of 4400	4512	chrome.exe	91
PID 4512 wrote to memory of 4400	4512	chrome.exe	91
PID 4512 wrote to memory of 4400	4512	chrome.exe	91
PID 4512 wrote to memory of 4400	4512	chrome.exe	91
PID 4512 wrote to memory of 4400	4512	chrome.exe	91
PID 4512 wrote to memory of 4400	4512	chrome.exe	91
PID 4512 wrote to memory of 4400	4512	chrome.exe	91
PID 4512 wrote to memory of 4400	4512	chrome.exe	91
PID 4512 wrote to memory of 4400	4512	chrome.exe	91
PID 4512 wrote to memory of 4400	4512	chrome.exe	91
PID 4512 wrote to memory of 4400	4512	chrome.exe	91
PID 4512 wrote to memory of 4400	4512	chrome.exe	91
PID 4512 wrote to memory of 4400	4512	chrome.exe	91
PID 4512 wrote to memory of 4400	4512	chrome.exe	91
PID 4512 wrote to memory of 4400	4512	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1126713189858553937/1126713471405396059/HTTPDebuggerUI.patched.exe?ex=6531f130&is=651f7c30&hm=18ae7100fbea0c927bc1d1fe5cf43694ab11f188ea350a9374c78e9a60386264&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffa35da9758,0x7ffa35da9768,0x7ffa35da9778
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1812,i,1976133488903180909,7600923494028967056,131072 /prefetch:2
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1812,i,1976133488903180909,7600923494028967056,131072 /prefetch:8
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1812,i,1976133488903180909,7600923494028967056,131072 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3280 --field-trial-handle=1812,i,1976133488903180909,7600923494028967056,131072 /prefetch:1
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1812,i,1976133488903180909,7600923494028967056,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5096 --field-trial-handle=1812,i,1976133488903180909,7600923494028967056,131072 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5068 --field-trial-handle=1812,i,1976133488903180909,7600923494028967056,131072 /prefetch:8
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1812,i,1976133488903180909,7600923494028967056,131072 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1812,i,1976133488903180909,7600923494028967056,131072 /prefetch:8
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=984 --field-trial-handle=1812,i,1976133488903180909,7600923494028967056,131072 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=744 --field-trial-handle=1812,i,1976133488903180909,7600923494028967056,131072 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3864 --field-trial-handle=1812,i,1976133488903180909,7600923494028967056,131072 /prefetch:8
  2⤵
  PID:4552

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1188

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4020

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:752

C:\Users\Admin\Downloads\HTTPDebuggerUI.patched.exe
"C:\Users\Admin\Downloads\HTTPDebuggerUI.patched.exe"
1⤵
- Executes dropped EXE
PID:1940

C:\Users\Admin\Downloads\HTTPDebuggerUI.patched.exe
"C:\Users\Admin\Downloads\HTTPDebuggerUI.patched.exe"
1⤵
- Executes dropped EXE
PID:4304

C:\Users\Admin\Downloads\HTTPDebuggerUI.patched.exe
"C:\Users\Admin\Downloads\HTTPDebuggerUI.patched.exe"
1⤵
- Executes dropped EXE
PID:3048

C:\Users\Admin\Downloads\HTTPDebuggerUI.patched.exe
"C:\Users\Admin\Downloads\HTTPDebuggerUI.patched.exe"
1⤵
- Executes dropped EXE
PID:4544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
847831b4169db746f9012e3ef8aa378c

SHA1
9abadebd62ce469cdede94d6b2fb787a1d789dd5

SHA256
876f20079890d393b42224786a3132bec410dca2e56f6c47e5e5a7b29538f40d

SHA512
54749527bbf3027f40e7b67a86e1669d1517ad176c55f9924853282cea3fff296c849a0ec62fc8fd56f5c9099ae862198da356cd56dc13b93192611bdad7642c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ddbfce257893794bc23c231206e77c41

SHA1
59591916b12f6bada191f73a0946b53ae5bd4212

SHA256
f833b8dec747dd09e8c7385a4b0cb348ecd29f1d51890372ef0e9cfb79ba9339

SHA512
08968fabd0fe65ec271eba62dd7ab970baa1c3b3a2c5b6bd4f55f450c9678e262ef0e962367a14fa30512d39da9f006a16f0cf4e6e9541925411e8b756b70830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
97a8aac07deb2985227af14759fda59e

SHA1
1b1e48ba54586c92f4ca0517db5e9657e3405096

SHA256
603876a3eb4f97377149ceefd3944abaa6e55bb941880d3f136ce150f39fb471

SHA512
daef216dfd489ebfe7c672cf7c9bb123ed9218132d5eb5af4af50762893134ce36318eaae7f7b5517565fa4d0477d242d33864c53522a82fc733fb68b6d56f28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f23a0d9f8eb5176f08d11917f7a87bd2

SHA1
d90df4b968a9211ee034e16cf0b3b63f866ea21c

SHA256
8e25a8d9ebd3bbd1793ebb0eb3028ab4a8722347aba94ca52cc0d43e6b851c73

SHA512
5fbfc17303a0ad229322b11c1d2884d971c834d3a3d450789a1722c32cd6fc4c9f686770ba5c83694707ee2c9c28ebaf1f7ae3ee5fc3c1f7380bcf8de2c35f92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
ef8e4a2cb30ae17b4e1156ee84b4e145

SHA1
089a351031223591e91050e1c8f36696ca866588

SHA256
044a806734656f2beec8926b7b8a24afa87034c990463870e8d634f8593971c1

SHA512
b0dfe0a3d4ecb118e98c1e3718a1313527828ca753955deec8604e43dc67a2bb62e59b6918157168811d2898798b30efa9978ae42a5ddd692a93a3a6844a8dc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
fb94ca99f4b3f9336b34736601a97502

SHA1
cbc60e724738d75494914b2bdddd872fd41c4835

SHA256
d805adc0cd1e7c9cbc61b702eb7a1c7835fb847158016e54d2ff3698f80eee2e

SHA512
ac33f84752fb55029e4b407292bada8e16b28b119f5ef8b8654dbd2d891e057dc80213015a44c5effae82dbb00b8325093425b75c680f77e8fd73d6f206e824e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
21e3f95bf648deb62d7f39f39a6795a2

SHA1
bd0e69d4bbcb5f74e721bdc47c322d6cdc4bebf8

SHA256
dfa342fcaa2cfe0e9b1ff418e1c397a663445c057fef99845d492d0ed84a22a5

SHA512
3da049411d12febc406f9b777acf3ec9e9832606cfecc4f0c7fe5ea4cd730e3ec508b0d7569278bd24d7043939ee66e6232c72568c72fb1c6692d7f966908cfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\HTTPDebuggerUI.patched.exe

Filesize
8.1MB

MD5
4bb4839163071cb0b225b49fcfc5ab0d

SHA1
1aaa0bca6b853fcf13b8713cbb50865b3f0a5b62

SHA256
dac6e9814d04efed2e257b90cb602cdfe370dd3910ea2a8b9cd1cca56d071565

SHA512
e6891a51ca748845ecba69abf29a7371dba46affcf2b3561cdf932aa2a4683c325ae6a9105ed4677a1ffb9086c8bd66e838644d4e043a9f072689e8c8bb57ded

Download Submit
C:\Users\Admin\Downloads\HTTPDebuggerUI.patched.exe

Filesize
8.1MB

MD5
4bb4839163071cb0b225b49fcfc5ab0d

SHA1
1aaa0bca6b853fcf13b8713cbb50865b3f0a5b62

SHA256
dac6e9814d04efed2e257b90cb602cdfe370dd3910ea2a8b9cd1cca56d071565

SHA512
e6891a51ca748845ecba69abf29a7371dba46affcf2b3561cdf932aa2a4683c325ae6a9105ed4677a1ffb9086c8bd66e838644d4e043a9f072689e8c8bb57ded

Download Submit
C:\Users\Admin\Downloads\HTTPDebuggerUI.patched.exe

Filesize
8.1MB

MD5
4bb4839163071cb0b225b49fcfc5ab0d

SHA1
1aaa0bca6b853fcf13b8713cbb50865b3f0a5b62

SHA256
dac6e9814d04efed2e257b90cb602cdfe370dd3910ea2a8b9cd1cca56d071565

SHA512
e6891a51ca748845ecba69abf29a7371dba46affcf2b3561cdf932aa2a4683c325ae6a9105ed4677a1ffb9086c8bd66e838644d4e043a9f072689e8c8bb57ded

Download Submit
C:\Users\Admin\Downloads\HTTPDebuggerUI.patched.exe

Filesize
8.1MB

MD5
4bb4839163071cb0b225b49fcfc5ab0d

SHA1
1aaa0bca6b853fcf13b8713cbb50865b3f0a5b62

SHA256
dac6e9814d04efed2e257b90cb602cdfe370dd3910ea2a8b9cd1cca56d071565

SHA512
e6891a51ca748845ecba69abf29a7371dba46affcf2b3561cdf932aa2a4683c325ae6a9105ed4677a1ffb9086c8bd66e838644d4e043a9f072689e8c8bb57ded

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 971618.crdownload

Filesize
8.1MB

MD5
4bb4839163071cb0b225b49fcfc5ab0d

SHA1
1aaa0bca6b853fcf13b8713cbb50865b3f0a5b62

SHA256
dac6e9814d04efed2e257b90cb602cdfe370dd3910ea2a8b9cd1cca56d071565

SHA512
e6891a51ca748845ecba69abf29a7371dba46affcf2b3561cdf932aa2a4683c325ae6a9105ed4677a1ffb9086c8bd66e838644d4e043a9f072689e8c8bb57ded

Download Submit
\??\c:\users\admin\downloads\httpdebuggerui.patched.exe

Filesize
8.1MB

MD5
4bb4839163071cb0b225b49fcfc5ab0d

SHA1
1aaa0bca6b853fcf13b8713cbb50865b3f0a5b62

SHA256
dac6e9814d04efed2e257b90cb602cdfe370dd3910ea2a8b9cd1cca56d071565

SHA512
e6891a51ca748845ecba69abf29a7371dba46affcf2b3561cdf932aa2a4683c325ae6a9105ed4677a1ffb9086c8bd66e838644d4e043a9f072689e8c8bb57ded

Download Submit
memory/4020-144-0x00000242BAB30000-0x00000242BAB31000-memory.dmp

Filesize
4KB

Download
memory/4020-152-0x00000242BAB30000-0x00000242BAB31000-memory.dmp

Filesize
4KB

Download
memory/4020-154-0x00000242BAB30000-0x00000242BAB31000-memory.dmp

Filesize
4KB

Download
memory/4020-155-0x00000242BAB30000-0x00000242BAB31000-memory.dmp

Filesize
4KB

Download
memory/4020-156-0x00000242BAB30000-0x00000242BAB31000-memory.dmp

Filesize
4KB

Download
memory/4020-153-0x00000242BAB30000-0x00000242BAB31000-memory.dmp

Filesize
4KB

Download
memory/4020-151-0x00000242BAB30000-0x00000242BAB31000-memory.dmp

Filesize
4KB

Download
memory/4020-150-0x00000242BAB30000-0x00000242BAB31000-memory.dmp

Filesize
4KB

Download
memory/4020-143-0x00000242BAB30000-0x00000242BAB31000-memory.dmp

Filesize
4KB

Download
memory/4020-142-0x00000242BAB30000-0x00000242BAB31000-memory.dmp

Filesize
4KB

Download