07b712079547d394a8f6e6e30fce99fa6dded98135d1529aaca062220a0b1cdf

Analysis

max time kernel
152s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CowabungaLite.exe
Size

1.6MB
MD5

d6bbe9dafd2eb186b22d00ea70d8631e
SHA1

09dd6d51844fd854e50cbe7fc10fae80ea2aa911
SHA256

07b712079547d394a8f6e6e30fce99fa6dded98135d1529aaca062220a0b1cdf
SHA512

85474bb17ec1887d4769819ad9685cfca4d2d900b8e5ece9cc70d3888c36816fa225863aa7b5f0fd137339faa884b8b8791a209d3957cf774bce02bf2cd31248
SSDEEP

24576:/C83r12mGC35Fngc2AW11HCqryl7BqbpSqlBbaTr8q:/C83r4mxxgc25jzrv7aTr8q

Score

9^/10

discovery evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Placeholder.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Placeholder.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Placeholder.exe

Executes dropped EXE 1 IoCs

pid	Process
6116	Placeholder.exe

Loads dropped DLL 1 IoCs

pid	Process
6116	Placeholder.exe

Themida packer 11 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/files/0x0009000000023542-373.dat	themida
behavioral2/memory/6116-377-0x00007FFA74CB0000-0x00007FFA75BE2000-memory.dmp	themida
behavioral2/memory/6116-379-0x00007FFA74CB0000-0x00007FFA75BE2000-memory.dmp	themida
behavioral2/memory/6116-380-0x00007FFA74CB0000-0x00007FFA75BE2000-memory.dmp	themida
behavioral2/memory/6116-382-0x00007FFA74CB0000-0x00007FFA75BE2000-memory.dmp	themida
behavioral2/memory/6116-383-0x00007FFA74CB0000-0x00007FFA75BE2000-memory.dmp	themida
behavioral2/memory/6116-381-0x00007FFA74CB0000-0x00007FFA75BE2000-memory.dmp	themida
behavioral2/memory/6116-384-0x00007FFA74CB0000-0x00007FFA75BE2000-memory.dmp	themida
behavioral2/memory/6116-385-0x00007FFA74CB0000-0x00007FFA75BE2000-memory.dmp	themida
behavioral2/memory/6116-386-0x00007FFA74CB0000-0x00007FFA75BE2000-memory.dmp	themida
behavioral2/memory/6116-410-0x00007FFA74CB0000-0x00007FFA75BE2000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Placeholder.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
699	raw.githubusercontent.com
740	raw.githubusercontent.com
754	raw.githubusercontent.com

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
6116	Placeholder.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133723796116776903"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
6116	Placeholder.exe
6116	Placeholder.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 46 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
4148	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 2196	2428	chrome.exe	93
PID 2428 wrote to memory of 2196	2428	chrome.exe	93
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 4368	2428	chrome.exe	94
PID 2428 wrote to memory of 2652	2428	chrome.exe	95
PID 2428 wrote to memory of 2652	2428	chrome.exe	95
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96
PID 2428 wrote to memory of 768	2428	chrome.exe	96

C:\Users\Admin\AppData\Local\Temp\CowabungaLite.exe
"C:\Users\Admin\AppData\Local\Temp\CowabungaLite.exe"
1⤵
PID:3036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa8284cc40,0x7ffa8284cc4c,0x7ffa8284cc58
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2064,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1996,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2304 /prefetch:8
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4580,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4740,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4816,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4976,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4444,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4436 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5144,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5580,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4904,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4512,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4552,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3264 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5328,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5796,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5276,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5960,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4956,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6220,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6368,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6524,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6592,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6224,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6328,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7000,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6280,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7148 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7260,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7272 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7128,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7248 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7280,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7296 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7612,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7752,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7764 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7892,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7772 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8028,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7256 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8152,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7900 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8324,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8352 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8316,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8464 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7920,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8628 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8596,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8732 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8892,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8928 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8756,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8920 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=9200,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9168 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=7908,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9188 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=9488,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8176 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=8304,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9064 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=8252,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8232 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=9400,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7760 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=7200,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9432 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=7248,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7184 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=7176,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8564 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=8632,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9696 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=8688,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9720 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=8088,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8064 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=8636,i,10463486977702952842,6426351026560530626,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7152 /prefetch:8
  2⤵
  PID:6080

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3472

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2848

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x494
1⤵
PID:1276

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5204

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Release\" -ad -an -ai#7zMap29930:76:7zEvent18990
1⤵
- Suspicious use of FindShellTrayWindow
PID:4148

C:\Users\Admin\Downloads\Release\Placeholder.exe
"C:\Users\Admin\Downloads\Release\Placeholder.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:6116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2501282002189d679d00fb91b6d41abb

SHA1
9a37ef8236239d483dce126c19e7c233e06c6b41

SHA256
ed32fabea3959c88ea93fad5a7f493374bdc0ea80a5bafac634f5ed075e769d7

SHA512
dd497deca6a3ab1aeb6a2ebf0d173675c62bd3c62cb2d7a8a746339d10baff47220a793aa0489910af1ad7bcda861b0be4b53fb3ddca711dee6d9a36f9a4491d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6222dc65326b6ec5552ed4763bd3223f

SHA1
4f08dd6f2f8d5c158ca8312fe3b24074562876dc

SHA256
e1c932aaf98f9c55003785f1bc67837f84b2458bd9e974d2412d836948a9dbe2

SHA512
fc50f4a3a6e9fc674e0c6a2e5cbbe600789ccdd598e7e0d8b3231b27f06f5c5b4af01e27088201deda9b3515aac23ba25ffd8d40324e94b739ab979b6c818181

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
30KB

MD5
eb12c38c8e6da523aa646b7ca6633535

SHA1
4726b0e1b27beb06a2a0e11e06dc04fa944a17ff

SHA256
7b3a4e9c728ae8168f08c97ab9591b681013b3f49f1680362ae0ff0d64eca0d1

SHA512
ca2186cfa547f5173c927c11b8335a6514a21660cbb8065771f4e8d393780f1c36b51b955ef0bae4ebde0d8a9a231cef7c4883b6a9b1d46cc363784472fb42c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
fbf6e05fbb313d4f65e52ee247b1e6c7

SHA1
db34596a040ff4747e04c556b604c0dbaf0fefe7

SHA256
cff49c6f37167293ea5e7940f7891c773176f4f273539d28cfb5bc14b425d158

SHA512
4c3a98ed2bf1512ad4dcdec56333dc67f3d0ddd20c76b130bcd80f08a7da7355bc899c5ab4d248e15736c03aa1ec3a0aa3a93dea3ed0b9a234d9ff26f019e9c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
977fb9d48845805bde551a986701d409

SHA1
8cc820d41990283771b73c2cabdbccb372f07aad

SHA256
a001c3c19671a3968f7512d6a1eb74825129a87d7d3d1f45cc0d3d027b0da33f

SHA512
9554e9739873b2e09f1c0ff045f0887bd74217bef8c8355256603a4f170eadc9af316e779ca113ed537be6321c959a96e5c958bbec9be7c722a44e30fc2e601e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
7cabf7bce1000abfaa2b02b2e79adad8

SHA1
1c419b51adcdcd1892dc87a541ce1af17182c254

SHA256
946b8b62ab3408e7d32fe411f29ed253615196c98c78e9e1fadce0527dcd11c0

SHA512
47437cc479cc5c9a95a6270d3a2369fe8387a81a01449d24b16069f0b53766806823b70fd2b45d94335189b7a9e90080d279c8d73aa3125f35679c671b098463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
d8457be00f75e7292f9e14d2b19357af

SHA1
f64ea553447257b2be9735e5d7ab65a128a66f80

SHA256
acc287b13c44626dc775f04bbe918b6d5dd1bd4f3609f21f02cad6b8e5453a48

SHA512
86ba864f0301bad3bbae0b7605625df23417a69b49c7a14b957b3ffe9e1556c6670c726a87e865b6188d2d4565a8c1e50d8620e70d99941d876a82df74c34ca6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4592b7623840bf8ec48b8700438c7425

SHA1
49c86ead7531af295ef119aef87ce032ad852bfa

SHA256
0fbdeea116fccdd9f4253948723f18b742beffb16e5f38b98c7db17fe6cbdb9c

SHA512
8b706b2195b8bfa2b7a813ac6d7614ec03c8b105b6e89d9f21a08e1d1868a50e16f8ca64e6bb613f72c2438c51bb6e4a9c9dea7d9fa928012adb491f1db28609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fe6fa0382036aec4a5cf8a6d92a613c8

SHA1
48c46959e256eab38d9402888882fe82a9cf238c

SHA256
38ac1b192325a4ecc54b6a5d7f6942fea7ac934f7e85aba9d5816d9e0f16f6f8

SHA512
d03dd52b5233019e0952fbfd45adc0d9174887977591704f72ed7455330f44d0da757d45987025d20fe8ad79c202fec315492adae623aae536c6da393450edb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9903f5ba4bb9181c7202e26883ad15ae

SHA1
d80bb3583a185cf3096644d4a5eec5165e57fe32

SHA256
484694a257dacb375706d423f0740deb24410075cc2f7065bd7ea3c8c4afa050

SHA512
0629f5a84e3611976329c4331b54a15613319c05e0b23522dcbb5053151764c9fbe2616f95483d3f214171b735d39e483e8c8a9478226d33ce7a4723679120f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
28948e5550df6a9d7a3280bce68f41c0

SHA1
77f0a9d4f7ccd8c90e24003e702bbd756c81cdd7

SHA256
e1e342d3efc256ceab98cb5374a203698048d1807771833246d203b95cf540ca

SHA512
c2b4dc9673eda6d30b9fcd28f6706ea5b6b318dc806b55baff397b9e781d544d969da28b91fafca2bb583d036466617a8f5754d8bce0f4cba873c5185aa96368

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b8074547c02880e0b5a02ae4074517d2

SHA1
49f50b4de1447a6532fad72f964d3d8b7872a49b

SHA256
a1a168922be87266afc0d6a985e05bed2e6e1f44ca431421ded3c105b76271e3

SHA512
eaf1478fedf7135d7f13a81bf099c21ae7b7a3694c872100b511c2a8ef2fc68bd143538123e0d3af89dcc38cd2f6d7adb0a896ac5f5d151d29337c1471205bcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
314935532e48a73de4d2733daa5d6fef

SHA1
bab32e357a54ef835497348625fd29800cbf7bd5

SHA256
2138fc194480be46037a59583e926e0f62db1327c90a4982cd85c00cee14f787

SHA512
4421d2b674c2d2efda910a8966a4e1b0bb2553f83d9582a5537871d083042759a070009beebb567309fbfcdf4d4218f894d1f8a10c00e5867b62c3703c7f4ab1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
7cf92e0e26ae5535fbd370cff5afb8bf

SHA1
fe843d1ea0925af9a9bcda5b10d5b7cb08218812

SHA256
688fd35fb228adcef1b9dd3bee2610f174733ac54185584b11310dc2b67fbb63

SHA512
4004622576aaffbaab86ef2908ee419c1485437e6a29d26f9e666e8288ad7945c1ed847cac418e2430608bbdf14346740faf0b9076cadb33cbfcc10f36d39b80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
c9044dd1737232f775bd3bc82a9a936e

SHA1
123f9cefd750358fc59d9bee494bbc9d61ef201b

SHA256
77532f3f6e52cd172117231a356a457fc2f4a8cf3e12284a60534c557e73cf1c

SHA512
50302b44d5ac157c7902ecd63dd9d0fe5abdfbaaa0008cfb0d303f9174edc81195b1e8ae0399b335e667a39ce26ca88d546c8bdde50f4fe480be64ee8d99f450

Download Submit
C:\Users\Admin\AppData\Local\Temp\Lynx.dll

Filesize
5.6MB

MD5
51ea805792b812e5e381404c6a98b1d3

SHA1
8848bb47e59d8941e35693367b48294ef54da381

SHA256
30a02ecc69d29e10f9cf52fec158ddd670f22d51439a430dce7dcca30753f3e3

SHA512
9e0b0599438c8d47502db00038615b0e7135c0cdb947b61781a5add1ba5ce0c1dc7323fcb80383731a923596cb1c7d74f734f83dd1977f6a7c7478225cd9155e

Download Submit
C:\Users\Admin\Downloads\Release.zip

Filesize
6KB

MD5
a0f7dacd159635f1743f0ccc255f1f2e

SHA1
b1cd8824982352334b922555d6068b09c21f3a63

SHA256
a99db63e25473f8bc458a3e3440e2ffe14b495571788e6a448b46859e249a623

SHA512
fed323c3213b9d166f4da60183f0c4ed2ed0719242bd9beba5688120aa29736996c52ed1b7f4cf28cbac8af7e35c35e3622d6d3fcb46f6001982d1f1f6dbf702

Download Submit
C:\Users\Admin\Downloads\Release\LynxAPI.dll

Filesize
6KB

MD5
bd6c93f117d75487316a8d0874fcbf77

SHA1
5daba5397fb6466b2ec38eb617e7209de4a9cd2b

SHA256
f520e44ccab5a692492f50817018eec280679acb9ebe9352052a5c061f90599e

SHA512
f986055327040974e0e39997e6fc445f18dce5b23752aacedcc65a383e342320dcf517a8646b5f55c369135b76bc4fe7b8ce33cec3886dc859e2d9172da5ac09

Download Submit
C:\Users\Admin\Downloads\Release\Placeholder.exe

Filesize
7KB

MD5
2768ab8853613549ac099c1603c0ee72

SHA1
0849bae3ff4c136e693aab90f34fda546a086322

SHA256
99d98b8f967776ca09f68ffe8ffd7cca18a85d8b391536da082c1fda370732ad

SHA512
d7267e854fcd6ea531c4415948ae8bbb91feb53bfb8b5f88c38f23149a4c4b94e4ee4a64dd9fb0f0f09497e9a4904872530ad16799d24263feafaa00621ec24b

Download Submit
memory/6116-371-0x0000014C0BF00000-0x0000014C0BF08000-memory.dmp

Filesize
32KB

Download
memory/6116-382-0x00007FFA74CB0000-0x00007FFA75BE2000-memory.dmp

Filesize
15.2MB

Download
memory/6116-383-0x00007FFA74CB0000-0x00007FFA75BE2000-memory.dmp

Filesize
15.2MB

Download
memory/6116-381-0x00007FFA74CB0000-0x00007FFA75BE2000-memory.dmp

Filesize
15.2MB

Download
memory/6116-384-0x00007FFA74CB0000-0x00007FFA75BE2000-memory.dmp

Filesize
15.2MB

Download
memory/6116-385-0x00007FFA74CB0000-0x00007FFA75BE2000-memory.dmp

Filesize
15.2MB

Download
memory/6116-386-0x00007FFA74CB0000-0x00007FFA75BE2000-memory.dmp

Filesize
15.2MB

Download
memory/6116-380-0x00007FFA74CB0000-0x00007FFA75BE2000-memory.dmp

Filesize
15.2MB

Download
memory/6116-410-0x00007FFA74CB0000-0x00007FFA75BE2000-memory.dmp

Filesize
15.2MB

Download
memory/6116-379-0x00007FFA74CB0000-0x00007FFA75BE2000-memory.dmp

Filesize
15.2MB

Download
memory/6116-377-0x00007FFA74CB0000-0x00007FFA75BE2000-memory.dmp

Filesize
15.2MB

Download
memory/6116-369-0x0000014C0BB40000-0x0000014C0BB46000-memory.dmp

Filesize
24KB

Download