hxxps://ragepluginhook[.]net/Downloads[.]aspx?Category=1

Analysis

max time kernel
255s
max time network
252s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 09:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://ragepluginhook.net/Downloads.aspx?Category=1

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
520	RAGEPluginHook.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642981190398087"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings	RAGEPluginHook.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings	RAGEPluginHook.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\RAGEPluginHook_1_107_1334_16527_Release\RAGEPluginHook.exe:DisclaimerReadFlag	RAGEPluginHook.exe
File opened for modification	C:\Users\Admin\Downloads\RAGEPluginHook_1_107_1334_16527_Release\RAGEPluginHook.exe:ShownElevatedPrivilegesWarningFlag	RAGEPluginHook.exe
File opened for modification	C:\Users\Admin\Downloads\RAGEPluginHook_1_107_1334_16527_Release\RAGEPluginHook.exe:PI-R8CFlag	RAGEPluginHook.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4640	chrome.exe
4640	chrome.exe
4056	chrome.exe
4056	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4640 wrote to memory of 1248	4640	chrome.exe	83
PID 4640 wrote to memory of 1248	4640	chrome.exe	83
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 1524	4640	chrome.exe	84
PID 4640 wrote to memory of 4604	4640	chrome.exe	85
PID 4640 wrote to memory of 4604	4640	chrome.exe	85
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86
PID 4640 wrote to memory of 3096	4640	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ragepluginhook.net/Downloads.aspx?Category=1
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf845ab58,0x7ffdf845ab68,0x7ffdf845ab78
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:2
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4636 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5096 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5260 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5320 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1236 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3332 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1540 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:8
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1044 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:8
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5532 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2464 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5300 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5172 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5424 --field-trial-handle=1936,i,12400324849100229859,5642283980728887692,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4056

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2256

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3292

C:\Users\Admin\Downloads\RAGEPluginHook_1_107_1334_16527_Release\RAGEPluginHook.exe
"C:\Users\Admin\Downloads\RAGEPluginHook_1_107_1334_16527_Release\RAGEPluginHook.exe"
1⤵
- Modifies registry class
- NTFS ADS
PID:3612

C:\Users\Admin\Downloads\RAGEPluginHook_1_107_1334_16527_Release\RAGEPluginHook.exe
"C:\Users\Admin\Downloads\RAGEPluginHook_1_107_1334_16527_Release\RAGEPluginHook.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
PID:520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9981cc9fdaa6ca1a865c7843a37829f5

SHA1
a2ed7aff46145310b44c1fe289bc2840da107165

SHA256
0908588f4bb2edc079cefd01c2fd5da3736d22dc85eb897395d8871acfc55d72

SHA512
da83849bd17f49773a2637f893755edc508560251d9b14767b524afd6bea233d34eadd4acf43de9fe039d316ebcef07e49b3dcb5738f41cdfd421dbfb6820693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1dd586a5de94d1cdbbfe35a0eac94eca

SHA1
88f5238e0aa4d3bedde7ac60c02bb37327e1b76c

SHA256
9afaefdbc046e7f0cd8ea0003a3ff59f06cb8c058239944cb45d3c4403f25ee6

SHA512
c08fa1e45883560d246510c9cc67ab6d20238ea677328497ad87842cec473769694ed1e647218a356a83101034090770ab01b8ee06052b6ea8c0cf27a9163f10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
263ecc68929d339f1fab82b0c03b1d69

SHA1
54787d28bbd1eb039e24fc9721bdfbaa046e3b9d

SHA256
f17d1840c0d7b0e5ed2a5932c6c21d5f03014524656af042fb2109baf352d0b9

SHA512
fc970ef8b0bdc9db5f6c39efb9aa7c67323afbbfbb0b3f67f97f663fd0adb121e4ba3b8c522e8f49c2a1f51b5f99ef023e2529301ca870b01d5c0291815eb045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
9670afbe65715e31bf8e5bca70454855

SHA1
3d3971a0994ac6e7a3f1080b17aa78bd9c5fa337

SHA256
a338cf278f0eca529a4226c61ac2aa1f8dd732bde07ce1ca3d5d644f004ec879

SHA512
b8e3524a33b874c307932e696fd20188fe10c7abe4ac25bd60b65977169e9cacd188a88507adc65cedc6b3e3698702521caaded1989c6a8170179de3e09c2182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
ed652a2af2dde1d8d1abf642461f44d4

SHA1
c8636f5b89c6e2e7a5f1894982607c32cc539b67

SHA256
bb7bc1045c6168551be9af4e14e7102193cef2cb73482907e9fad06d3364689e

SHA512
c2c4958a74bf3a7bcffd7778733af31a3b533b127cdd49c98ea2facdf7b26b9179e01e2ea2158316f80d090561eab019973d2abea37b6e3d0c07b69c1ed1171b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
78bfabebbfa4b13d80565be08bcde452

SHA1
a36ec2ac2aeee13aff602a175162dad4a9651e2e

SHA256
ca588e71925727efc3ee7ed4f80c81df565045b5d251e3040fb230b5c4068162

SHA512
bcb15aeaf9a0099755844b9c6feda1e4c41a45d62754fa50c6ee319e599befa34ae262d6fc8772a1eb00c75438613466a2f332e4aacba8b84b7bd09f89ac18b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
d115254538986ba9392f28678f6d95d5

SHA1
9339cd16a10a0a5916880052fcdcde93f055a8d8

SHA256
8357b196cad5b06176b1cfa704a4fbb335b4e8aab4a5636903c9c4e7782d6eb7

SHA512
4ff3c0eb7ad00dbf3606c907fe0b34a62bd25224000112fa7e76b8fa03790a49a8d49580f7d29a25ea2e7f29c0d70456b308da829df8a09a9739590166b1581e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
d87d4b2e878ae3cd4cd23c2074d67ff4

SHA1
43867a7d7d3d7712388569569b09c74a4c0fc52d

SHA256
a1e041c3b72416205b7efd957226988e01c66051a5be2312fd6e34e23e2ae4bc

SHA512
a929562c06c5627bc8f764924a30aa8c02fbe5a3ccb30dce400e25985b3e907851a02c0440159bd49b127c36aa252e48419435dc4f4018e28a2f639d3a8ca847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
a82186f353f159ef7d9479768caa75ef

SHA1
ae8baa4eee61682616c165a4fcf87ae696ef0236

SHA256
8a6781283a8f3c5b912ac5bc8dd5744ad6cdb72ae4e1980e705f622c4f56ce7c

SHA512
f8ac30ebf9ed2ad0e6b33f46cd76a845609a87f19af336a10bc871ce580e15bf8a4252c0547a8792c7ae3f6bca3bff6698cc8a6fbbe0a801bcd09be9baa0d059

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
959233763d33137ac2a75753ac761996

SHA1
393ce6740c101fe9826dea775c19913a9bdd3ca7

SHA256
1f653e77b5865d9800e441a380adaf7684895ea1c1014f81a6e4bd430402b851

SHA512
3dcfd5b01d721aa64ce2730560b8fcb116f375fca3b4c2dcfa9ade501d6e08b68fefba9740db5300e8806f432b3e11d504184a6b7c9951ed3b3f5632209ef509

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f32c096e9f893b910bee3ae0d74db461

SHA1
da623e4907e2366a1a6931948be398a787012ffa

SHA256
3fcad332adcbaf3a5cb325d2bc43715431a6f569fe7e10aa0e9215138d4bab8b

SHA512
3725b5d67df555095fb2410f46f25860afa681aa7632115cf84deb863db624020f6aeba2629e8e5c9b41c5ae3585be860bdfafad7f7e22fbb62cea9c33186b0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a138352117aa7d22ce9de2417b1a3fcd

SHA1
f76a350d2910d8a675ddbeec139899674f14df52

SHA256
4128932835836d4e5eedb520285cd87c2eb5c5634b417757d5748c9f00284c1b

SHA512
e579c7a7918bb015cbe7bba0515c0bf735d9e54fa660166b0ee2cefdde69e1b512ae516dbb680a5a18ec3e5053fa5c48f2490e32e972ae171172ce238e1d4ee5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8f9b127319adfb418dc5d9c171e2e92a

SHA1
8875b685e4c65638c6b01c36986d4af63fc94749

SHA256
22254381b0303e03741d8dd7b5b4734cb64042797672c0a33676bbe8ded3f070

SHA512
a0666e28f56fc1577695f317aedadf3f22e488541bfb8726af61b7e17f3bcd405cce4c68ca3b313f0c380e4f8beeeb9b294e49cd656b6c4f4ed152737135087a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1ecded3eff9a3a54bf16f76ff8475e64

SHA1
9ade2069161e925e2e1060906f86715fe9274f43

SHA256
f7878447dfb384c4127b468a9aac5f5722d80c33087aa6056899a672c291ef6d

SHA512
5e39c689c3d760cad34174f7ee80f6c120134d5ade311d3646413e867da5d192fccdea329ff9675e5cb6e03fe32a90c589e6dbb2105773c72837d01752dc6791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5a1de507abead638042e85575e7ea2af

SHA1
4a86c42cde1d39c52915595af5770f25ca8d1a6d

SHA256
a0eb56abe95823607e0939d6113afdfced1fe60353428b13d941020496f7565f

SHA512
1394c9c09b9d7c166dcbd2c3af96d163b035d8c2ad1c115c89ccefadbf2eb77e5dc90874efb0fa3d50b401a442194fcd041170df0c72b8a9e821b664edd69911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
60a30d6a7661268fae4fd32b742347a7

SHA1
fb8e6135666bb503569a89eff9c638244e7d2774

SHA256
4d618a6a3bd38b0784dfd41d44c782e67b18c5780898fb4b8265050648987182

SHA512
2ca715a347fc4590e8ac1d00e9ef8feb82622975afb30ce78d235b47d181d14f62b27c39b638eb6b907b87640a26d98ea82de216f45a4fc245a35e2bee206fb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
44bd5c07a8590f7890ef255043e02753

SHA1
c9fb962e408c3e7370378b9ffc46881d681cd3c6

SHA256
761c19342cf5e9be0a4d68fe24c4b588a86853b5bea960c71524292f869f761a

SHA512
0931e567a332e4984d04a3067a8554af8ccf78be952e892501bd57a88a983e3e6e6ad5559cb1fc8e1c2ba633f74e5992d92c65c26c3bb9d69f10e7c725b86fe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
b85430d9acf4b687d1e7e24e9a4ccbee

SHA1
dcc254fbc5a053811229fc1afe4de237330f7392

SHA256
5eb9d84c5b55decf507103e01fc8392725f7327ccde35f40f5dd22075a0498d6

SHA512
83dcaad9fbe7e957f3de331f196ce1e52a863d8f5985e8c90d51833e36a7a476e8cf21c72d8ff4d72451516dbca07f59ac6b3e0ac437ca9cfd2f09f79173da9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
8917f0ff4321c7938fb91173134ba345

SHA1
6cfb7e368ad821e374b027dc8357c222a5d1c15f

SHA256
7a3832394e154135dd13e3fc84b9ae7f931fed3e8d1beb6aafb447c9ed7e48a5

SHA512
0c474aacb20ab60592c024bc0641300acc67f880e51215cb6c8767673fa19d36f08dda7107564104f032bc00259db23d685709f57208cd53f55018e868fd26e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
da7e15bfd1ab01f7d3ae7f9d3826b0ae

SHA1
76885537c345cb4f8383ba5e26c0d04cd87d1ed4

SHA256
17b4c1638f424152db4049550f88571d0d18cf35b71767db3b1d3d75d309cfa2

SHA512
e0e7127762ccfc65f8f5d729dd14df50618fb41d158d5478765bb50bc04d3b439bef40bfdc0c715d34d91bb3276257395d5bcfd91ca54dfa28cf3208048a1591

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
65a438a4c07128916048cd694ec0fb70

SHA1
4d6f8a0f8d5ff1aa1c257aad13703674d86301c5

SHA256
a0c5474f1fa27581955a160888a92d28928b9d5e20c2c3562eff39c755d9c13c

SHA512
236eab4a2025f1baa3910cdf00c98f834045fc17b67608d2af8c5b395bb869df86b0572a5a8866b36574ace177a33f01db60c4a2dd7a294f750285376380701b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
0abc0b0fbefdfe58b8f161fb5f241893

SHA1
0bb2aab888d88ea1ea43990a32a88167048970f3

SHA256
deb0ea513c366736b10c246574a16ccc3b5a0f7c6a6c8db14c024d52bb425492

SHA512
aba162ab2bfcfb3fe901b7daa5d7eb612ca04ac49e2a7e4d3b157c9f54c50c37d45315d3d84a2e56ed6ef39cff55a4ce429fa79e902a92ea55b844b46fa18758

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57b18d.TMP

Filesize
94KB

MD5
d0a8e8db356d417bcaef9311dae8ad65

SHA1
f6238ce99f0ef331f43c8eb55f7383c0b50c5b74

SHA256
85b18a5e15145a995133c41103a92858eb21038c8c0f1116f3431d1e777e5ca1

SHA512
c160ed1bde8066760d67df1a1ccf803b223f9768af73d357fd3576af055e1f161d801b7881393403449d4aa36d31ddc6290bd80cd3ca3a7a4c116493bf7ef902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RAGEPluginHook.exe.log

Filesize
2KB

MD5
d3d1828bfa7b338078cc7181049d96f3

SHA1
3be9c4bb13dd00a15ff5e13b7d18f2a69ebca80d

SHA256
fc36da011a07d9bb5ca67576d1e0e190112824569383448410ef71978e7999ef

SHA512
265338379e4fc79e97a8d2ec606e8205195dd1e67892cd5f08233cb2ff1123b6a5848b8064f509225af866caa445d7cdd654b07be70623b11515ec1a7ba85f2e

Download Submit
C:\Users\Admin\Downloads\RAGEPluginHook_1_107_1334_16527_Release.zip

Filesize
11.0MB

MD5
57b2fb67e830ae55fff531ca6bd33b5f

SHA1
2ad5f81841402de90c4a990355559a0df31fc628

SHA256
6f0f3e3e2ec49bd9694b49d541e354c7d12757b27f30f25e9e3b02dc405031c3

SHA512
b6afd663d025d54e35d7341641463d0010bb50265a8a94e74bb0770972f2c59fc45f114307795b7a9b9c6d76c4c1d286910e764ec91be095e526a6503574fd2b

Download Submit
C:\Users\Admin\Downloads\RAGEPluginHook_1_107_1334_16527_Release\RAGEPluginHook.exe

Filesize
9.9MB

MD5
fb9f38bc0fcc4c5b89e45c44b89963f4

SHA1
7fdbc8cbb3ed10dd691a261799403e7000c72972

SHA256
c284844d4cb311b8f6767215e5f0fc0e0c66ad562240488c7ba3f46f9f2e11bd

SHA512
62521d50b8b04650cbd4f3171f200f872370062897cd9db87bc73ad4cb2a6cd17b03b1a4002f300d8f44a3fcf5acf36401d42ef2e2d5ff0269d3724cf495ea75

Download Submit
memory/3612-148-0x000001F131F40000-0x000001F131FB8000-memory.dmp

Filesize
480KB

Download
memory/3612-150-0x00007FFDE30E0000-0x00007FFDE3BA1000-memory.dmp

Filesize
10.8MB

Download
memory/3612-149-0x00007FFDE30E0000-0x00007FFDE3BA1000-memory.dmp

Filesize
10.8MB

Download
memory/3612-157-0x00007FFDE30E0000-0x00007FFDE3BA1000-memory.dmp

Filesize
10.8MB

Download
memory/3612-152-0x000001F134450000-0x000001F13445E000-memory.dmp

Filesize
56KB

Download
memory/3612-151-0x000001F134480000-0x000001F1344B8000-memory.dmp

Filesize
224KB

Download
memory/3612-147-0x000001F130480000-0x000001F131E4E000-memory.dmp

Filesize
25.8MB

Download
memory/3612-146-0x000001F115530000-0x000001F115E88000-memory.dmp

Filesize
9.3MB

Download
memory/3612-145-0x00007FFDE30E3000-0x00007FFDE30E5000-memory.dmp

Filesize
8KB

Download
memory/3612-153-0x00007FFDE30E0000-0x00007FFDE3BA1000-memory.dmp

Filesize
10.8MB

Download
memory/3612-155-0x000001F135910000-0x000001F135936000-memory.dmp

Filesize
152KB

Download