hxxps://www[.]luckypatchers[.]com/download/

Resubmissions

12/05/2024, 22:37

240512-2jyg1sbe36 6

12/05/2024, 22:36

12/05/2024, 22:34

12/05/2024, 22:32

12/05/2024, 22:27

Analysis

max time kernel
105s
max time network
104s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
12/05/2024, 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.luckypatchers.com/download/

Score

6^/10

Malware Config

Signatures

Requests dangerous framework permissions 10 IoCs

description	ioc
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application a broad access to external storage in scoped storage.	android.permission.MANAGE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an app to access location in the background.	android.permission.ACCESS_BACKGROUND_LOCATION
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133600270569727826"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\LuckyPatchers.com_Official_Installer_11.3.3.apk:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3476	chrome.exe
3476	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
652	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
652	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3476 wrote to memory of 3520	3476	chrome.exe	80
PID 3476 wrote to memory of 3520	3476	chrome.exe	80
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 3624	3476	chrome.exe	81
PID 3476 wrote to memory of 4280	3476	chrome.exe	82
PID 3476 wrote to memory of 4280	3476	chrome.exe	82
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83
PID 3476 wrote to memory of 2336	3476	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.luckypatchers.com/download/
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff842c4cc40,0x7ff842c4cc4c,0x7ff842c4cc58
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,4505905633720116315,3236582635005365351,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2024,i,4505905633720116315,3236582635005365351,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,4505905633720116315,3236582635005365351,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2288 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,4505905633720116315,3236582635005365351,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,4505905633720116315,3236582635005365351,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4592,i,4505905633720116315,3236582635005365351,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4744,i,4505905633720116315,3236582635005365351,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5152,i,4505905633720116315,3236582635005365351,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5400,i,4505905633720116315,3236582635005365351,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5440,i,4505905633720116315,3236582635005365351,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3212,i,4505905633720116315,3236582635005365351,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5464,i,4505905633720116315,3236582635005365351,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5756,i,4505905633720116315,3236582635005365351,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=2552,i,4505905633720116315,3236582635005365351,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5840,i,4505905633720116315,3236582635005365351,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:1436

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1792

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4584

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
012fb02eec9ba1a3b67569816feea7d6

SHA1
79e23a07687d638f4b981759628031eba43aa388

SHA256
a61b26feb9bcc5c832c36716c676743d30c866304bc8f9d5ccfc59725bc2906a

SHA512
9cadb1e76078a92ade1221fbdcb8669963c0f2eaee06324589b2a60aeb25aab338b01eab9e4e571f5280dbf463c194de46d93a5be92c8c7fa5f960ce11684933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f37743eb443ba04ef30755a3c70786a8

SHA1
b68d4fcdae06c81870a183d69ce72cf2558caaa3

SHA256
4b1a7572d0a189a8680a59d017c6b232966ae562350a410ad23d01f45a04a89c

SHA512
0bf402bc9693aa048694dfc755a8291f620249eeaeb9d3b818dd914e0dbf958cda8fec4a04c1f9fe442835d3f024c11b4a10d32aa0387e642c69b54cc611e135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
7d31da4cf7161e7dc63acd38d78ba921

SHA1
aecb09629f95deb36a7cbab579d9253f93939ec7

SHA256
d4178cb4270bf545ee0fcda04d4eb0bb19e3aa202e1afecafa2b4f0a754637aa

SHA512
23258a0d39cb98600746444705988190a7d14080c2c569b0b230a9f6ba98e010c27a4cfdc38518f27d86c7823b2b3c8ff10ab2c5b06a52ce244321674c452b94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
73c9d5ffd316a8fdbda4de53302220df

SHA1
b1378c6cd292a879ae19e41f9712f0c7a52d27c5

SHA256
f9ed20ff5dad3ac1a46705d39add72b8be6b5a7a644879f9478ccb0e94f3ad8d

SHA512
525baa2a1a31b2472a6a7ce5be000ec24d2076ba60072935dc219697683abf395da608d556471581ea54b0f1a77c1f7bd9635a3950d97f276852545876f32ae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4aba908b79d1d4b13cce38f1008c5960

SHA1
66a79be8db86844bf6104c8c54120e71582363c9

SHA256
9f4014c64aa70e7e767b6840e40aba98abd8fb42724ded4fd43b6b6050aa01f4

SHA512
d17600aed5437221d8ca471eea7f5873a0370e9fd30048bcc21c4149d593e8f1587a5cc4fb4da8bf001c9b883e455ee761832672b376234d3d5882bc707f5f2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8fb9fb262d6974cb1378c429be051520

SHA1
0735a9b497e8532ce61c990927ff0564999f8cf5

SHA256
61ce96a96bc58f49a8bd119c7b50d4e08519e981eb67b685b47a4c3dab7fd139

SHA512
0d364d8907ddb59f2dae420858dcd4dc35e972ce1bdbeec29e3c9f9e93e30e56624e80f6bca50a4b8fe78490af2f4078e164c3f633838bbe9bbfd9b39e9ca9a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
be9fcb2565bf1910ea961a64ce62a8b1

SHA1
ddacac01ffb238113480010b30f28d09066883e7

SHA256
9c8ab0cf9f29bfb04a1064957f7383aac393996d39eb91fcc959174226f18219

SHA512
4eaf18c96ae79608740e679a519a795c860bf5bd95fee510ae15b19beb46c3fcfa54988bcac58e2db383df59edd4ad1486837a0e853e1ab4c3efefa23c8f6ec7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
58219b02fcc3c16cc7fdef58c706c75d

SHA1
d2fc365000ddfb6050d6353e66c42e531460e763

SHA256
276887aa5d8d641e1f2f2bbf12d86d9a464ed2e78ceda727a2126825f52cd58b

SHA512
09172ac329f668ef1b35f42ac4c4096bd10fd1b19d8de222a4c6ebce2d502812027a2b5e54d418e21a95042d72cf32c9d4184cd6385276e2a0b8cedc2373f965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
53a2708af286529181cdc6a3064c1b8d

SHA1
74affcb311006f8fe73a57601f1526919544c2dd

SHA256
9d5867fe065c2a13d4bd372c6353d01625b9ae90068b8e2854d55309c18c4825

SHA512
c944c4f45d2ff19a8a0b8227afcc7debb36fd1121dd358039a193c71a53380235bcf44daeef70a7c79813a016335bdd8db859083c5e3c1673a5572b403e1afd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4a1fa7f869ab1e47825c290027b12025

SHA1
e59206ebcf2a49cc6a1c6478dbfa61bcf0a840bd

SHA256
dbe23360781cba4c214bdc8f116f5e0e54a504499c5f9f276c6799797961af7c

SHA512
f6f8529aad3011abea914d16bfe881aad5435f6cbbe3e8827ae331f3d06a71a140cfae58d778905f115fe1b73a3a17aa0a3ca27baad9777ab25cbdc66e64b168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
02959ecf637d313b0f4eafa77e76e5e2

SHA1
6ea01ec54585a5623d11b25397ecb0381f7d50ed

SHA256
8411f677133beb31633aa7a6cecfd0f58e722ca64c3cd63b8ba48d7cd70e845e

SHA512
a1bc3de7040ae0e1cc3411a0ea6eb4011713416ad6f31702503689f4b5a735676225411dea9839dbdb14c61b1522beaa90ddba1885925d0ae982505b4bc138aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3171fb20a234b835ac2eb92ca7b0552f

SHA1
e566e08c18d93a60822d4c4d2fe9ee503370c523

SHA256
24a61c0e231e5cbcd7a72db31fd9b37ff293452ff2108441ff055b8d8cca4b79

SHA512
842e84ec3bc75e493d9dad962e73631fdccecf286b67819bb13678e6ad3913a5ff58c0eded85218e97b9a7cc7e5441a0c9e2e534c5dbcd5d870a7a42fbdd86ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c8c9f0cb7ce412fb59b361847737d810

SHA1
f21712ec69bc0a88079bc73340265df4cc514109

SHA256
3754508c263aded456020254ac8d51debab58469348030861e57fb788d903735

SHA512
7aa341a0b35c7f0b69167b5c9e5d32586fd53a513e7f514621813bf752a55b56d77b496b05ef6ca0a75a7a804bdcaa55cace89437943098d757fb14a5136e0e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c8d4d17a29a0d104465d8b9dcf204379

SHA1
f9b1c2deb54281b927bd1f749ee390ce82fc49a5

SHA256
83a3d692355ceac0d75dfcb6efafcc1b61b814e1eb0e1a64116f6df5e07e4df4

SHA512
d251e5a6e77e5bd004077b77dcc93ca14c9ce860383a87dc01c5e85265bdd3a092b259562f7dfb8e9162c672915b4ad39d8592714fc006ff9821e599969d6ae0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
120B

MD5
3d3fbed625dc9792bf697b17d9dd4147

SHA1
cee325a7bccfdd2f4e8c8a2d738bb5047b0c7142

SHA256
dc2b9659c1fa90d373454b44dfb4ec594ff113cfb249f544fe491ab8f129aab3

SHA512
33bd96967461a5da8722fa010925204abde211957ab350d710b9d53d618a2fba1597139c0327762580296dc3184d0dda0a28575f393cc6644fcc9bfecb22728b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
a797f33044cceb192c5ae71f13495cc3

SHA1
1b9332a1802bbc22c2f081c8905c66a75e698ddf

SHA256
38b39f589fc0989ed9ce05f0bf204c6c27d02aa01eb732fbd4401ea3ef738eb1

SHA512
fc15a7d30195794aa2a0139292dbc86ffacfc6faf5a7b8a592f9b32cf1c0465074087700f1210d5c26851c4a2dbc92890098bb7df69f87b2ff85132fa5d21144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
c0a677e16bd00a74b9246e47622aeeb4

SHA1
4005f11d1796b931e6250958fe13f615265093b0

SHA256
7f819772ac59aebfbab0a4331722306cb156ef0d96d6ec48acb54ff651e102eb

SHA512
2a4e2407a040dfcbe153f7c6142435312d0ab3f3d6aade14641a9154575ef2fa1e99299b6fb817717dbdfb4acbbcde3adbf5f0a9d648066f4f8a1daffb17d92b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
e6abca5bb59a4019a528fdebbfc66188

SHA1
89e7e18707da81bdf5e3d4cbe8953794450e9c63

SHA256
1402b0f02ee70cd254186321048877b23e627af82ef75a6fd0ed0ae66b19ee3f

SHA512
d25c9569435437686c5a808bb4cfd0ab22edac070482312ebc193f4ea3b5d751caeb82d1e7f3711b3ac40fda18e06fe9eca15f8d60dc7de07a2f82caf9314e21

Download Submit
C:\Users\Admin\Downloads\LuckyPatchers.com_Official_Installer_11.3.3.apk

Filesize
10.4MB

MD5
6917c405b4ce6ecdf23ec030782e741b

SHA1
4dcbe4e7baafc2ccad5814a97ddd745224aeb615

SHA256
ebdb1130da54b95fdd2ac97aac1e155cede1379d1d4fe996baa51e0b0d045895

SHA512
6b8dbf56b99953170d4710a628d6cd97d93ce728a77d97a0d28cb375ec3d05a839fb319399ffd2689e50ef10024373d71519bea8897b9b93670d7abd68acd5bb

Download Submit
C:\Users\Admin\Downloads\LuckyPatchers.com_Official_Installer_11.3.3.apk:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit