43adf87d5486202112a4bdea368abc46b5fb6f2ae2a6083b8a87e18723b2feee

Resubmissions

22-05-2024 09:47

240522-lses9sba38 4

22-05-2024 09:35

240522-lketasah4t 10

Analysis

max time kernel
177s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 09:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dugga_848274.gz
Size

5KB
MD5

7867d29c88ed216103feb5021f01ebf8
SHA1

543af5ce7d60b6bf66d44d6bc42515d7fc97e796
SHA256

43adf87d5486202112a4bdea368abc46b5fb6f2ae2a6083b8a87e18723b2feee
SHA512

f0a22affd6b56154e0ad15a28fadedbc1977fc1fe72b6280d3d87c72ad8d7df1b3a465d9532869a30c09e88cd35ab0f0f6ed188513a38a5ae090d575797354a9
SSDEEP

96:xUS0wqaXc0hWp9nVRcerCWZIIvj2y/dT2/7HpPotQWtfDmDa:xUncc79VierCW7vj9/Q/7pKQULf

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 2 IoCs

Processes:

CookieClickerHack.exeMelting.exe

pid process

1924 CookieClickerHack.exe
820 Melting.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service
T1102

Processes:

flow ioc

113 raw.githubusercontent.com
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
1924	CookieClickerHack.exe
820	Melting.exe

flow	ioc
113	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608442420540881"	chrome.exe

Modifies registry class 2 IoCs

Processes:

cmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3804 chrome.exe
3804 chrome.exe
3976 chrome.exe
3976 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

3804 chrome.exe
3804 chrome.exe
3804 chrome.exe
3804 chrome.exe
3804 chrome.exe
3804 chrome.exe
3804 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

chrome.exe

pid	process
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

3860 OpenWith.exe

pid	process
3860	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3804 wrote to memory of 4776	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 4776	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2224	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 4592	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 4592	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe
PID 3804 wrote to memory of 2388	3804	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\dugga_848274.gz
1⤵
- Modifies registry class
PID:1876

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe96ecab58,0x7ffe96ecab68,0x7ffe96ecab78
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:2
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2140 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4252 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4352 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4504 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5012 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4956 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3068 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5204 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5256 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5076 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5004 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
  2⤵
  PID:3428
- C:\Users\Admin\Downloads\CookieClickerHack.exe
  "C:\Users\Admin\Downloads\CookieClickerHack.exe"
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=884 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3376 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3900 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5860 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5396 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:8
  2⤵
  PID:3652
- C:\Users\Admin\Downloads\Melting.exe
  "C:\Users\Admin\Downloads\Melting.exe"
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1940,i,6388598328980954992,11694360839122189978,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3976

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\361a9299-98b7-4377-849b-52a402aa2e5c.tmp

Filesize
7KB

MD5
87b345a78be5dc936801c1905c4871d0

SHA1
11018fefc15f8aae543952b30e6e065db1f9a147

SHA256
9d1d0164f73a854ad8d33d80e74de49e56184191a08df74c3f026e063e87941c

SHA512
7d01f4d5763991c3f18f8e0d5b3ab8a89f1c5701b39a9fd0bb9340f2cff00c765bb8fdb8bec4c9cafc1240317949e873e0ea1c66603e618d793ecf4ff3295996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
174059a3c64d9cc96668c843acf0cf52

SHA1
5e1e23972a9dcf91524dd86c16d8ea151631e5f4

SHA256
496fabc0f8d8fb4676107a411ecbe6b88c62de95a55bb3d8d02619f1145ea263

SHA512
938ac7802ce0bfe87d0cf966907e89c1a8d63ce413972b76c209895f6ac0cc6b367b15e4f2b233940bda6e09cc194fb49568d5755cde398f98506c17b826b446

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0701c7d8d9da6751e6456549034a117a

SHA1
dc09f5976f6e6d46b19cf166369fab34d88a2e78

SHA256
67a097e2a7fda2aee816117f1eb4fcddda6268e697162e14be9c2207b948ee0a

SHA512
c95451923d52e470afed57e5cfeb9439fa06667b608a55303452c5afb0c24b28af7b9f1c779d12a4874df406233b7f98750943c14366cda0aa52c0940c481813

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e13ff23d9251b08e3baec32f72535da1

SHA1
89fe4ec2440d8d198c41b1de1088b21f8e5283ae

SHA256
9649b8845797d9c7610fd7ee63908d343af06d9ff066a3297ffd40c72e68086b

SHA512
b6af0052a5b487852f8f2bdf2fb182cd186831236383fb0aed5bd4f49a648e9ec843b1e09fe58eb4298608f5d85547c4120f99f37177137afc60eadb40503884

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1bf3ccf5de920d828f7e067d22485633

SHA1
142072309c5033f271b29a80b5fbb31035fa085a

SHA256
288e7f264a784ac86fbc79476db1a854dc7008b464cce492cfc4b2b4b862d184

SHA512
8b2e1a16d9b721966a5c1d9badeb40aa0185de2d3b170e08b493c86d3121092af91340b07d9d3c7b0d00205b5497fd7701e65ea990fbf93544b27b0b6350e1b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ee5d95ca549a5bf0b37448d6ea3c9302

SHA1
e8c04d0c03e912965b8f414fc70651340914938b

SHA256
0fb729817e0f66c54a969552a058bb3c4dfaead381edba2ea1e13adda769daa5

SHA512
8291f7a9db6e03d9bc0946c5eee4b1e364c92cfebe61c2ead5e470195cd49e4c63ee6834c3c42b764b0fdc15537eae165b69fcf20ea0728e599ffa3dd76bb75d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c09ee2bdf388f08e76194cb3c943f42f

SHA1
e42a83fceb7735e9f4c623703aefd4f9b2dd5700

SHA256
8f9fd5126b0014c406d854979926413c6272b69cbc62cadf26429117957c25ee

SHA512
8b478c202d9867ae667523db1c85c712d17eee07ef357566bc147d363d5389a1f173f2afc56f1c3beb7ee2700f087814f606bc8e19ad33216ca7d8cf0e3dd9e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
48957ed397e58b12ab4b2e8accd678e8

SHA1
96e01b79a8287922682e3f279348840734ea0a67

SHA256
202ff4ff1ebfcbf419023934179f833b6b5001d2638f05e05873b90bdbf18a11

SHA512
8473d57fbdd0b431b81ceb2663fe89006b758c59bace93218e204b655e741c6c8d762d01351860a0d810276ef41fe8acb2e3e4b209a0abb2a3f3c16357e9dc54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d94bda214c43805f2c30d455bb31de17

SHA1
b6dd19a4ae64d648eca8feaf668c53c28be9d282

SHA256
73d3010b2a8ebe39d070ef73c0e14adea686bca7efa4e774477c2f552c027aa7

SHA512
c9a45a8dd5a24ad1e7134e0c0edf7bc49bbe6bb3b75deee6519da9f2e207cc0fe29da5aba672fc9562e638d57166f6993b9c222885c6422f8f1d296da45c1d67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
15ffb43ae7dd5c2ead91e1849af8dbdd

SHA1
0e39598a69c526b596179d439415b9a682ed0a83

SHA256
7ef50f2b7e894a50cb106635c423eda812219b1dfe7365e442a7fd75035cb2a4

SHA512
abe877bb7e4e2a52c5fe818427fcca62b03894d587bab160d605b47a810b0936c96647c73cc369cd248969823945617bfe552c86f47867a1eb6261ee8bd692e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
28dc3de3df2fb9e8c1ea6eefa06ba1d5

SHA1
5129c99586c138d34d20d91e417abd007086104e

SHA256
f7e841a2090fadc966bc59540aa78c7cea6e306afb7e4bde045756d2f1c8502d

SHA512
98b80b709be4b0b33f13a100452f78c2f0c1a0e651c65189426e350236844101d099b8099d84cf943f1674fe7ad68060197ed99de46859dac916f9456d2ff74a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6c73d8e76daa9bcebf3a8230cf0f2136

SHA1
d13300698158e7480c04b9bc4fe76fdc1caa0996

SHA256
f10cc8ab204cdbf45e1c954750acf6e2e1f2ea0c52da219d42a7a2fee15a0624

SHA512
180da63837adb56a41f811a028d62d27d9bbad4d9418102286afe919fe6a2f0472cd6009138e4067a5f90092cb4cd45617a89df71a807944849dd57821b4428b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
12976d9e34de36891cf1cc43135f76a7

SHA1
34d8c17583eacb926829ac3228034b04477361aa

SHA256
c04f0c96be474ac11e3d187181caae4a920537ad023d2118850b14698b5b2b9b

SHA512
32ae6dfa70a78e32e0a7398458be72d3f361edf4878a0e17189d61f6e20d4bbcb5674a64ab272c53dbef6663ff674179820b06e3ab27aa9b0b48114b42decb18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
2706c173326f95b5825374a07338f313

SHA1
b4752c836fa5214294b6c3f09ee34cba3b8d76f4

SHA256
c8653f91a754e5aa544793710ff071f2fd4f27b9ff44af87deb79292e71a07b5

SHA512
f1cdb5cdf1de1a673e616fdce0877b00a70f8fccee6bbf12141c65884affd76c8c8d39d92dfb649225f8ed8e766d89cdb1b9635e44013be0a39d474ce5e8c91a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
17669df4d94bc536b31da6c6950a0fc2

SHA1
81ecaeb14704f1d6240263059384eee51a07d31a

SHA256
9ed613632ced67d12b344cb1fe1a951764486ad9ce9e7d7b7babaf7caa17078d

SHA512
195b6320712d0f1a3e528ab7f41173e2cd01350fec3187a99e45fab6f6164b9ec68766b5e7ee3cd1dc8daf7d9e1542ce9465ae21c3d98256f0fb22e335c2bc1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58abbc.TMP

Filesize
89KB

MD5
88b620fc27117199e88e8a00e9fab558

SHA1
c1468f534b86297cffe0b2f667a5eddf1ca7e88d

SHA256
791d35775517c9dd0091035813e4f078317ac78e0b2f04d1d8df65bcb624607a

SHA512
ccd34d70f1e2f7e40d6114eb63d270ede6492ad39a24ccea69c3c19ed469161f3964f5d8b1ba3c02249c597a760fab5688cb60754f2fab51645a14e8347a0a86

Download Submit
C:\Users\Admin\Downloads\Melting.exe

Filesize
12KB

MD5
833619a4c9e8c808f092bf477af62618

SHA1
b4a0efa26f790e991cb17542c8e6aeb5030d1ebf

SHA256
92a284981c7ca33f1af45ce61738479fbcbb5a4111f5498e2cb54931c8a36c76

SHA512
4f231fc16339d568b5cf9353133aeae835eb262dab68bc80d92f37b43df64dce4fae0e913cbaa3bb61351a759aeecf9d280bc5779b0853c980559a654d6cca11

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 723485.crdownload

Filesize
68KB

MD5
bc1e7d033a999c4fd006109c24599f4d

SHA1
b927f0fc4a4232a023312198b33272e1a6d79cec

SHA256
13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401

SHA512
f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276

Download Submit
\??\pipe\crashpad_3804_GDTMEIBILDSIHZOJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1924-345-0x000000001C310000-0x000000001C35C000-memory.dmp

Filesize
304KB

Download
memory/1924-344-0x0000000001060000-0x0000000001068000-memory.dmp

Filesize
32KB

Download
memory/1924-343-0x000000001C1B0000-0x000000001C24C000-memory.dmp

Filesize
624KB

Download
memory/1924-342-0x000000001BC10000-0x000000001C0DE000-memory.dmp

Filesize
4.8MB

Download
memory/1924-341-0x000000001B690000-0x000000001B736000-memory.dmp

Filesize
664KB

Download