8764f94b54312121d417fa7818ba011d3e9d87a54cbdbcb1f1cabe922bbb78e0

Resubmissions

01/09/2024, 16:23

240901-tvzkfswark 8

01/09/2024, 16:22

240901-tvf34swfkf 3

Analysis

max time kernel
206s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2024, 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fedoraloader.exe
Size

383KB
MD5

10c224b7f2471180d3ee88b9fe84a5ea
SHA1

9eb4c6d14fc181c0688bdfb31deb2be665afc03d
SHA256

8764f94b54312121d417fa7818ba011d3e9d87a54cbdbcb1f1cabe922bbb78e0
SHA512

5ee6587ed30880db51be6c6e544af179158e03e1ca391bb64243540adf9d1ffed051f761b77eca605635c189ab355ae66fd780b0e6ff3ba14800764d47b99d92
SSDEEP

6144:401B/bQ1LGrOQLPuHrl8XDCph0lhSMXlBXBWHVHLOZPni9Z7vBKe4vGtFYo5:jDQ1LokeWph0lhSMXlCVrlN/tFd

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
4540	Fedoraloader.exe
2304	Fedoraloader.exe
2148	Fedoraloader.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
125	camo.githubusercontent.com
126	camo.githubusercontent.com
127	camo.githubusercontent.com
134	raw.githubusercontent.com
117	camo.githubusercontent.com
124	camo.githubusercontent.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fedoraloader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fedoraloader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fedoraloader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fedoraloader.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133696814633166821"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2360	chrome.exe
2360	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
680	Fedoraloader.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
4540	Fedoraloader.exe
2304	Fedoraloader.exe
2148	Fedoraloader.exe
2360	chrome.exe
4540	Fedoraloader.exe
4540	Fedoraloader.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
680	Fedoraloader.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
4540	Fedoraloader.exe
2304	Fedoraloader.exe
2148	Fedoraloader.exe
4540	Fedoraloader.exe
4540	Fedoraloader.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2148	Fedoraloader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 1104	2360	chrome.exe	112
PID 2360 wrote to memory of 1104	2360	chrome.exe	112
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 2288	2360	chrome.exe	113
PID 2360 wrote to memory of 364	2360	chrome.exe	114
PID 2360 wrote to memory of 364	2360	chrome.exe	114
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115
PID 2360 wrote to memory of 620	2360	chrome.exe	115

C:\Users\Admin\AppData\Local\Temp\Fedoraloader.exe
"C:\Users\Admin\AppData\Local\Temp\Fedoraloader.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:680

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff95697cc40,0x7ff95697cc4c,0x7ff95697cc58
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,5324274736846413345,1078740982094906418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,5324274736846413345,1078740982094906418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  PID:364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1764,i,5324274736846413345,1078740982094906418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2504 /prefetch:8
  2⤵
  PID:620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,5324274736846413345,1078740982094906418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,5324274736846413345,1078740982094906418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4552,i,5324274736846413345,1078740982094906418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4812,i,5324274736846413345,1078740982094906418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,5324274736846413345,1078740982094906418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5364,i,5324274736846413345,1078740982094906418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5444,i,5324274736846413345,1078740982094906418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3452,i,5324274736846413345,1078740982094906418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5556,i,5324274736846413345,1078740982094906418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3432,i,5324274736846413345,1078740982094906418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5720,i,5324274736846413345,1078740982094906418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5736,i,5324274736846413345,1078740982094906418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4824,i,5324274736846413345,1078740982094906418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3032,i,5324274736846413345,1078740982094906418,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1484 /prefetch:8
  2⤵
  PID:1576
- C:\Users\Admin\Downloads\Fedoraloader.exe
  "C:\Users\Admin\Downloads\Fedoraloader.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4540
- C:\Users\Admin\Downloads\Fedoraloader.exe
  "C:\Users\Admin\Downloads\Fedoraloader.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2304

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3000

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1812

C:\Users\Admin\Downloads\Fedoraloader.exe
"C:\Users\Admin\Downloads\Fedoraloader.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
62f2bca0901d0ac480219a74a2da62a6

SHA1
f2b58fada167355addf3fb470ea648a551e0546f

SHA256
f216f9cc4b618eca825a40d4a32cf354d0f32e990a33e03c92203f418753182f

SHA512
8c024c9c1070cccfca54fbf005cde881a8362cfc6ac5ea0aab7c48d66265028ad5f7c63286705664a33d7e6ff13f69ede5d49d8a8d31229bd2a913a7d07149fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
4da7313c895c1f546154edeb63924fd2

SHA1
30e84aebcf881922ece1d4693c212dd71466d88a

SHA256
876b968e02ce2d6ba8e52587595051c31a6457021d28a5e2b450341788756922

SHA512
7f0ffb4a0df3c8c2dc6f2c6eb7b2ae41c63c9c86d2cfad83e70ed0aee4eeb35a69f2cd152340a773a58a7011c8bb9032347f898af5a5887798d3f2f10d3b7c9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5d07e4ad33f76bf7fc6eab071b05a5d2

SHA1
b256aa4c6c87063576fa34f2dffba4a9db002c23

SHA256
160a7f0455d228da0dd7f4c11fb42b0ebdac0762a257549dea266b75dd9f096b

SHA512
ca83c91e32bde0fe0b21eb838c8ece79bae8b0788197c201e8867249b366b1e9aad255a32c4e7ec060d8cf531d5e4d6f857610c30d563ebab7416e9b37236af5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
693d30e5a63c33f36969c3d1e3f35027

SHA1
fce516ae2063802a626f6c9b76a51d52fb391faa

SHA256
659115b3144a063ca08dcc480a55125a4c0ab1996dc3d1b710d209f9abb1883e

SHA512
6c870ec6df80fd76b259d391b37d59b49a22329db1ee3d21d50108fbf9d8d1ffd2c963a904bda9ae3cbc38348083f1d4b8f5c3b41bd0bdeec48c78a983761cb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
63c8ec2f68f633e3012feb56c381bbed

SHA1
2f115d7a43f9633d7d0078c68c10d62889298d1b

SHA256
742cdc8871d1d0967feb008e0f9f01840ad5b1eef876c0bae0253cc83d0b3203

SHA512
49cba577b9e0a064c67772159d4f09d6621e3ab7105963a5c0741db9c1e8183df9bc6921d985e287960d0f882751fd7f7312f0af0e9cacbf3370378fa9d908ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
89e90a1ee09976a3e34d255e510c0bc2

SHA1
7ca98de570d6235a89a3889dab96aca43622ef8a

SHA256
5749b551eb86aab2accf2dd13fcf5809d097b6477e68669542f1755cedbbaf50

SHA512
7f43c10c27000209a2ca1586723155bdea3bf8af44ad47660b40a24dcff9e9753fb5ca16516c0868ef16df057d17b0c88e051ed54654db5b15269165c1ef9195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
44dba5587cf617ce94c01d617d329990

SHA1
af5b358a6143c01c1f5cd865e796db75b076fc68

SHA256
57147e665c2b4357cfaffb7f719d813eba1cb2a2892e21aea573f7ea03195316

SHA512
cd3714987475daf3e99858aa7835bca285a3a274929174b928242d23a3bdec5354a483a11ee2997c9147630dc2536164fa9844d0991a71fc74d8f4e29436e25b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
03db618f035f07d1a8a8e5e5e9f8d3ee

SHA1
b59967045a1cadc33dab1b086a1494950238230d

SHA256
a0c22b8be1fb5e6d53a779d3e12881f14d9079e6b8f5f042da486416fd1ec0b8

SHA512
2fc3a470bb001370bbbf61f85752fdc7ebf03f9fd3128d4c34c57ed5c48933afbbb1249ad046be1f6cbcc1c54d432f660c2020d5c02745ecbe8ac648cd35194f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
7d88f6151fa2290222b83bbd8502318a

SHA1
ff490054b955849d79eace618386f5e04cfea097

SHA256
ee59eec0d83af0fbe29853b3260b64f6eb6abe008f3615c04e874d516331461d

SHA512
5e885652607859ec147c008176d5a8e83b8a4e0174ff7697a9902c1db5f2c36f350952c03c81489a7c6a7559cfcb677a289c2c56a0f627e00e1baa629b0e5c9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
576cf85c3ff09e32e4d9a2deed149d10

SHA1
323defc11e3c450caa61399796092b8c62aabd1b

SHA256
a51b1d5acc18f758fdf57bcd84a248e87b3d22ffb5b449598516638523434f26

SHA512
6f63e2c1b66e0f84dec513dfdf8610791e1a6a44c7a00130c59282cbe36094780f875f7bdeb3164d18a6b169f2d42ad1e77db31206868784c0f706baa9b3c994

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
3514c23f94c1b0817ab8f9b27bd48fa5

SHA1
c36c3979946d8e63afaff30556346955bc167dfe

SHA256
d765470b5d89ce7a2ce57987bd923f20204e23db5b88a49741daaaa3f5f92282

SHA512
0313ed59366593c48919a1ecb998ff976056a1d7a8c9d25c2e886e215cee8a4e46787cbf81d57f4d6589e21c797b6702bab6599026835711299aff965135de9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0d3a25a1c9a1894092afe09a9cfa8011

SHA1
b481ad041911f38551fea155499cfe267096b802

SHA256
56e42b11dc00f778b35a5d5b4f78494a664347ed20c766d1bf6013f376b22451

SHA512
3c1a900d2cc0e9d17a8c4040e441717993c09e5b32a17053fa3ac75fc7a5bd392089e313e960f79e8a143542b435081446fbdf9ab488e358f5cc4be14027d5a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
206e0d347e83b71f9f4b3d3dec08adbf

SHA1
7279c443cbb41fabac3be41722a9a61b19d0a05f

SHA256
1de06e6f03905ab841ff065093d962be0c6d8c5378eaeb8ec92830d1dc873730

SHA512
6e9abc58c0d2537973c8c70bf26bbc0a51d68dc6b3de1b2f417b22b4c8edef1518a99f1ddb23f9daf607f46d56bc88fb2b9fd3aad84c37fce979861a8e15bac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bdd81a4b1e5600b5fee23f00dd6955a4

SHA1
644375c875970ebf5cc39ec397e5f30460e520f5

SHA256
43b9060657adced2959f70391248d489fbe643e79dec984267408a45f0cc72ce

SHA512
78702f2c0d68412177fad36cd7c33979f96e4d77ba57d9c5d6e7b9b5b5e9aa0b7211d59995a8ffb1d313a72362e39c656a5c91e11d41d4d9ce46349554bdab01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
990399b51422d144314abbfb1d7f7f1d

SHA1
f15ea781aeada399a9defd97364767d3b70e093d

SHA256
75c075cd95d0d86a53546d7fe543c21f892ab08f018c275fc5cac5430ecadcb5

SHA512
0678601686294048f9878b3a68e7d367fb67aea42654ee381ee976679d13f23b5a6e40abc7fdc7c202958029384f61a3dfbfd9db40d9c55e12124a01d18a45eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
99147002c9d6eafc4a66a44092f0b887

SHA1
6b3fe74dbe946eaca55f0fc2a230f8f58cd3639e

SHA256
8d98ab2a6cdcd3cd76035087d0353f7ee74f0e1fad331cd98cbac0cc098937a2

SHA512
c0c880a53466d7f1b021efd7fecdc45961729a2a564c7502a77f7835b7fffd70d7633eed3e5ddda2598ca112336462fbea7096b34ebd43689f507e17ea33df2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
db12a6a4e26b4117ecd9529657dec1c2

SHA1
fa20cf5d6e8a06ab4a7ad828939276d7d6a0ba26

SHA256
a43c8234f42f7c024cf6fee1e984eab7587e95a7fa12ebe9c975f3b525a28776

SHA512
c96e0b696fabe9fb9c35784c2601716cf0fd78fac53670e4952dc5ae86c3e71a4da767cfc17f836846c1484f96c5ddaa97d534cec77f83bf35c1a2fb27296692

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e4b54f237b55f7a181ad4010ec9aed50

SHA1
7af66c6edf6f5a64dc765d68f146313eaa5c35c3

SHA256
970cede278e72cf5289a18bd61e45221090a352e8b802d5afe3539aff6edf3e5

SHA512
af923c15509aa0ba24617dd9e41df2662fcb12c3d6fac2fa3203ba59c57504f7883f3689c1a0a91bea5016c801a18cc09969432110fc7b034f215d0f152f5267

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a2291c5a77dbf70ccec4290cf2a57ef7

SHA1
8402f2cca9ca013d4d3fe9f0ac42c14b3609eeaf

SHA256
9aa59bbac2a9aa671c1f197d04d4fe687ff3fb1be2b0e64ddf63d87ad3e82158

SHA512
d5c4d05236280afd869b7f914e8d704a075abeed7fe01ade9e3494db2f0edd33fac5972121180f1e364166b07bc7c9bdef65f1cb72f2054aabcab9aae5517ffa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
13a624651d680221f5932c2c602cf96e

SHA1
ad49af7c43b59b51caa2f444a9ba3c6a21c9885c

SHA256
9055090aeb4b2c40f81a4c51fcb31805d2d083ad6b10aa1855bf993dde71bed2

SHA512
98b59423a707c64ffdb47b5380c5a4a463e73683cdb479eb51ba4c10ece87c19469ddb4bacc71ff9ef6cdb5bf38dd14b0601d6cc1c9d2d1e953c1239d6ea0445

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8e871166547c8ab05fac88e98c41b275

SHA1
b772338453e5f4bf39443b5bff204ef55633202b

SHA256
9a795103371ff48b913d99ea0c3abd593ed4fbee180ddc338fc20642dc834e9b

SHA512
e053bbee960784020b32faf0449bca3eee4d625db6987aafc8315d88d99a13e856cf06b841d663c1b0001b53b323554767a3a5d59fe3903a8d136b7899ab72c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1721661f9a785e4d43123ec0fd6410c7

SHA1
f6ecc8e72a423ca334789be84f049f9807ef307f

SHA256
c8b1ed417aa0f191a9a4525bea82874b5971c6911cada921fba642a842907cc6

SHA512
a00a72dfa1a714575825608a67cfdd875660a391f3e7b0761ce6240a4cac05d65fafdd0f279f19e4eb69caeda0287cfccc1340ae6da8c869f1214a493895f38a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a9fe12a87e974caa8cbc36aeb5e45096

SHA1
8b6e56a63b377d594ab516f7cdf130a5ed3ae035

SHA256
c51952461fe7d82f7dfef91a4a6a114bd6f0256ef4cf9e2199b6dc9623ed518a

SHA512
4c93988b94ae3d9572215b823683564e9101166c1be248dc754cd22b7213ae0321d98b9a568e4debb9259fd91ebbc9c99224d55cec15b410abfaaab89b0ade32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e5d44db9aa8a6a41701d518ff245f47c

SHA1
8ae666ab4cee5c342390a6976f065de23beaa0d2

SHA256
174ba1cd0c59c73a7d29ae1710263a5039125ce5e4103aa826dd5fd6c5094e65

SHA512
64371f46aa7ba972083b0b680d836ef3b9147ef41a5d56c285f90d74b75b1527da1cb86f6fe93e1b9e4f75af4781dcffe0e2f7e8442ed154cbec6dcdb5091aaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ea4d0903-1ac6-426d-98db-db8721178b0d.tmp

Filesize
9KB

MD5
c3ee04eb0842360f7b4241155094d786

SHA1
5fc2045060bc751051bf3a5b86d337f1eefc648f

SHA256
84f414e103165dad365f1f64f39b507721e61049d7dd12ac4dfad3a941d86033

SHA512
0c68d089fe191765f54b642c1de49337bf919a8ad291d12dca85a3bf1a95793976b81b8e38a482c3f391305dacf6a58dbf9f2cc2200d0284d817bf8af7a99dd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
2bddef888f8d9110f159ef68ad00c26b

SHA1
af944525244a658bffc42b6fec355b6e0bb32e1d

SHA256
6a4ba09c188a4df07ddad5a798415037074baaae0dd6c67b87de32d9381f60ca

SHA512
a50c637082048b94b5732330b7e41ccdf100f876dfc6f9c48814e31768008db2164a9ff104204ae3090cbe754b5824fbd7f69d60298665c35328b567c529f572

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
8ce8879d79321370c827dbf5f6ac86d3

SHA1
ea1f58dd6d11e8a548d1d9b804711b05a15fb916

SHA256
e8223d125e46f9df40cc98bdad4896101402505c8d1b3e9c30578d5ccaa5b299

SHA512
ff4bc2582b18a2b42a9d72f9b9c9353e692a72e95e6f7662387f13a7b05cab4772fb32e8711192a2dc969299281cfe2376ae4235b4dc246406738e77a3174943

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
5b04065bc8d5c9e97aac1148fca7fc68

SHA1
b961ed27b6cb5d43f913cb5b7051e925c8aa82bb

SHA256
01f25d9044cfd5b3d7ab2beb93e93f376ca395ecf53989184a95ceef4f58d2e4

SHA512
c204ed8bd799a04fc507c13cd4660c3c32f404cbeaddaed4b15e36079b5d589af97d8b8b376c1c4a9efce586352fede72a652346085c90c8136ec5e76746fdf6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 221646.crdownload

Filesize
383KB

MD5
10c224b7f2471180d3ee88b9fe84a5ea

SHA1
9eb4c6d14fc181c0688bdfb31deb2be665afc03d

SHA256
8764f94b54312121d417fa7818ba011d3e9d87a54cbdbcb1f1cabe922bbb78e0

SHA512
5ee6587ed30880db51be6c6e544af179158e03e1ca391bb64243540adf9d1ffed051f761b77eca605635c189ab355ae66fd780b0e6ff3ba14800764d47b99d92

Download Submit