Analysis
-
max time kernel
277s -
max time network
273s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
-
submitted
09-12-2024 17:08
General
-
Target
FlashingSoftwarePRO.exe
-
Size
3.4MB
-
MD5
a15342ce7b35b9509dcd51d5f0506f4e
-
SHA1
f8c85bcd18d7bc43f7668f4e6b32f8f97729f1e9
-
SHA256
608df6a8df334a640a62a58fadf4a930c6aeb849f22e0aa913c9f7a5e1940c6f
-
SHA512
0857813ac1954be3cbbf57b435d5e968a0757ebd29ab205d1491e0f0f5738ce445fbda4fff44f66196d97a7e66cb4edc099acec69263dee8b8843f018f35c6e9
-
SSDEEP
49152:jvqG42pda6D+/PjlLOlg6yQipVhW/HNRsAvJs3oGd/THHB72eh2NT:jvN42pda6D+/PjlLOlZyQipVosx
Malware Config
Extracted
quasar
1.4.1
svchost
192.168.0.147:4782
101.56.195.62:4782
Matt10n3-57692.portmap.host:57692
08e310ae-ecb8-4d83-b87f-95abe874bb4c
-
encryption_key
7AC4D01862AC71A180B8FAEE5694E9D7B88EF662
-
install_name
svchost.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
RuntimeBroker
-
subdirectory
System32
Signatures
-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload 2 IoCs
-
Executes dropped EXE 1 IoCs
-
Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 2 IoCs
-
Drops file in Windows directory 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 7 IoCs
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 64 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\FlashingSoftwarePRO.exe"C:\Users\Admin\AppData\Local\Temp\FlashingSoftwarePRO.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks" /create /tn "RuntimeBroker" /sc ONLOGON /tr "C:\Windows\system32\System32\svchost.exe" /rl HIGHEST /f2⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\System32\svchost.exe"C:\Windows\system32\System32\svchost.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks" /create /tn "RuntimeBroker" /sc ONLOGON /tr "C:\Windows\system32\System32\svchost.exe" /rl HIGHEST /f3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost1⤵
-
C:\Windows\system32\werfault.exewerfault.exe /hc /shared Global\05371e4d993341c69ee11436cf65c51f /t 3868 /p 37921⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca1⤵
- Enumerates system info in registry
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae977cc40,0x7ffae977cc4c,0x7ffae977cc582⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1852 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1988,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2156 /prefetch:32⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2220 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3636 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4744,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4784,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4892,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5032 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4948,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5008,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5216 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5088,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5044,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5320 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4580,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5676 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4628,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5724 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5436,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4532,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5260 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4524,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5140 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5332,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6008 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4452,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6068 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6056,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6416 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6448,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6456 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6588,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6764 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6908,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6400 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6892,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6916 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6948,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6100 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6416,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5720 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=3744,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6464 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3652,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5136 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5888,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4376 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6556,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6528 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5716,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6724 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5368,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6524 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7056,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4380 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=5416,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6608 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=5832,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6940 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6924,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6884 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6804,i,3510107843611606773,5268035058584861784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6716 /prefetch:82⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD57cd35d4f7dda76fdf2563370257d8257
SHA1520a4536cd6a02751ba9e555a699367eb6176ce7
SHA25695264247e87293ba745f5ea5eb5dc21da0590da3269d3a84f4152b33ad65dc5c
SHA512315694d8de5759bf2007dc57ff96cb107b6e43599ef90fc09eb74b1636dee7a83b0d4dcaa81837cf0acd0566fdbcacb8f1c8a37af4a2a014c223e28add9a75ae
-
Filesize
851B
MD507ffbe5f24ca348723ff8c6c488abfb8
SHA16dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA2566895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA5127ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6
-
Filesize
854B
MD54ec1df2da46182103d2ffc3b92d20ca5
SHA1fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA2566c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d
-
Filesize
189KB
MD51221a812e4c70d38d0283584586c2add
SHA1482c85a81897f931d12aaa243faac1af4843f273
SHA2561d52c98af7b40a4d6f209501cdd68263164db4d9dfa6c973983a361aff4e9e1a
SHA51207a057e116695dc6253b42789220c37bf8e8f93a9b362140fc08bdd9cbfb5ae2432129b8edd32c221eca42ee68b3906cb7b75fc7fca2a1299ae50379396fa9b8
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD539408202ed7a595a02bb5f35f9feaea1
SHA13746d53ce24122605840a81d710dd062d0a8e82b
SHA256f7010daf6d01b8ca908e6feed6954411e4701bbb80fff7b1e501b6e3c3ed0f58
SHA51290cc03874e08a620ff137ed137f518b76aaa8f32da7dd9b20b87eab95d87f0b43eb12a464a228d8a7f77c1e1cebba333707ab29625233773e5c9292b8d9f1cf2
-
Filesize
9KB
MD58c0583a7f325ce090a478774de9adcb2
SHA196448239624337934f6bcaa4a6a9c22036d45a2a
SHA2560a93ddae91e0afd6e4c157cedfdd3b43e6e33187e00ed3b3726ffe58601d66a1
SHA512f53d8fab97527054ffd420f21b3cf1a1c6cfa6e631d005ab19e58754325a0dd032b772ad343b8eac2039e1684507fb0dd9b1493c4fd9f7fa20e531e7b883d189
-
Filesize
9KB
MD510bc3add66324790b15f09a633fbc129
SHA16f3740dadda7ffee51da0b1d380d2b764f0b9895
SHA256473efd776c61da85120e05713f009d07b99c736fa7f7250d4cc9ed61820f264e
SHA512084b3932d8e9a8d0b053b6f6a7b97a057c8b9dcbf0e7c825807370ec5eecdfb20cc3e4142a9056d6c1df3f39ae46c71058023e8833af470d4ea653563d9b9ec4
-
Filesize
15KB
MD504c374624d23668f18d7ba33bc80cc9e
SHA13afc18e329ec1fed2f9863cc3822482fbe38b8da
SHA256313b0b909d7ebaa3681d1445fbe1e1fa05beaa5cae234656e6f63514e35cddeb
SHA5129d54c60102e268278699ef2f1eb4da24061bb9a238350e890029724f81ef790d43aa359f2fc6d96f169c2cc2129a0ac51c580d5003c3fedfbda0a5287a5d98d4
-
Filesize
72B
MD5e5886ecb4362303f4181134f74cb41fa
SHA16aad4b4c1497377785922a7398892007fdcbbbd7
SHA25604945db4884d4e0e02e6cf432f60737b464daca7522e7aca532327f62a24ffbd
SHA512e89e03751c475a05caf6fedf883af07a3b819370fef75c3da2b7833fba5e7e2f18bdc0f920b54b61cfe2a44ba1864c376574e5f2eb0533306d3d310cecdcf952
-
Filesize
231KB
MD517efb3d846640aaae7d3439d13bea146
SHA1fa1adef459ed1af77989a329c33ff769e47bc65c
SHA2563dba6d90940aa1ff17e2a216ef5afc2bc775068def338238535bbc45f4833f86
SHA51278695084be6e81d19d2f871f62e2dd66007ae471ec3786c6c111fddeb6fd75a1626b38c14d0c418d0fa5d26f043e6d683b5b1d30c7ebe26fc65f2868f3e7648e
-
Filesize
231KB
MD5524eb5696514ff5d653256f9170655b5
SHA1dfc6ec4767bcd02d4a90e155fdb5f2ab0642114a
SHA256944091e8812323b5a1fba9b4044633158ee7fb38d2456433b392ccd97196e88d
SHA512281a5caff4e1373e417a9c5822bfb204dc618ea4eb7b26cf2a372736e5fb66d846f41228b34a19ac4c4700d2952b24a72432062d0c2bab8c132a53cba954dee4
-
Filesize
24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
Filesize
1KB
MD5578215fbb8c12cb7e6cd73fbd16ec994
SHA19471d71fa6d82ce1863b74e24237ad4fd9477187
SHA256102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1
SHA512e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212
-
Filesize
4KB
MD5ae2cab9df62079b9361bfaecb5bf2e4b
SHA1c4c78439440f0692651762bbeb8f65219baf3dae
SHA25640cb66fcbedebbcdfc22295dd71048c30e839510d2718ae4e651761c78647c01
SHA512fc18e4d986504de1f13606402fba65de0cbcc156b159aec4d6bea1c61387a77b5d94937ddcdd0328ead03040446f474fc47bd0ea38e7ecb889d196c668e34403
-
Filesize
11KB
MD5250c48f4915dd4c0dfa7e7e021a4f066
SHA1092a98bf40d8c18280393bf3811a7dfa9a9fd326
SHA25626d9b129339e2e2eb8e0223e16db3cf0ea220ac0799480d462c236e6a425665e
SHA5128b18e232992e55e8da97ac46d7aaca061508341d1eadceff1e9d0677734dfa8b892ab44754a3aa100585f5b2f2562bc4f2d7103065050ffcd00f91d5915ce5e6
-
Filesize
2KB
MD5236d2dd305d64c2b6abd232ed53270df
SHA19f6885e95fbc4213631f0b0ea49c803d07d34136
SHA2562a4d526b9d1c8665427fb9e0da58d16fdde382dd74c1258941b18701ef7880c3
SHA512b76af22153f79bca2429a23746a62a430a521e952e7f94936648ecfd25afdd9801acbf6fd16941918a4fede39de747ab6c6336bc86ca74384920af7e815db855
-
Filesize
105KB
MD5e8015ac436b33034edf7da060e853a04
SHA162d0f6eb0e441158a1f56f6e0c70d3d229b57886
SHA25623c953e989ff4af6126d4a3b2ad21b33a82512fc8768045c00f05940de2c9978
SHA512c35ac8692fc22b78365ca202e173a90ae4b5dba338b7fc9eeb17eddf5868b52cf1d13dc0edaf36be1cc0e0152f41ac4027c51d7eca27778b483e3fc83f11ea82
-
Filesize
1KB
MD5cfd1c4fa219ea739c219d4fb8c9ccf8d
SHA11bd9c4a0c08a594966efe48802af8cdd46aa724c
SHA25636670568a87c7b3cd1a4448ffe5bde9b6fd3d65b58e6dca38cc4ea2e9e8c11b3
SHA51259918179057447aa18668abbdaacd11ee3f5e83c25a93f916a050a559ea1457d6ab61abd3db9def22b5214a1767911e9cf9fa8e638852032cca3696424c6a903
-
Filesize
2KB
MD5f484337ddad3b425b5788e5ce7082bc8
SHA179c7e4c0202a06ef3a287cc76ea498fcf26009c2
SHA256fa58e3209e408e4f0d60a7ed330d6f62884ccf9b593e37cde03e7916c116dd1f
SHA512518a8e3d53fe86dc714a59cc70f8f0c44396d7569d25837c1cfe6212a10204080e0c4d19c43729f1815093af9f075693decbb9496700a2f00bd57dd3ed0b0a3c
-
Filesize
2KB
MD59ca95e4d4941acee74cd1bef23eaba35
SHA11717e5136bf97a89b5dca5178f4d4d320b21fb48
SHA25680c1e2f4d89d5266f82dc0295f232eda894812820c5c625a036adf980536e5a8
SHA5129fb11e36e626b0d9eb43548ba0e90cda27e70d027361c52437f01287e94f07d07da01a385ee2466963e305516f56e37020644ce03d1132322d7e796440c633b5
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
28KB
MD5c94fe98e25edefe00d32c1f79d9d0c1b
SHA1d84e67e3ccf4d7f97e1613b67a160a65bbc58899
SHA2566f2c3be56938549e816f7354ff4f77cca59f9aee95313b3f0a92521f075bc207
SHA512718e2e038ab3dcb3d226bf15917bb180043dfdb684fa8b94499612c54124fc735db1eb5d4a1d003a0e7df1052f49245025d1a7ed484eba8edb1c0410dd3fd1d7
-
Filesize
17KB
MD552caebe10fdeb79c46c1334601e8cbc6
SHA1499e919e466dd15c7921705dc268c5025fec1a0b
SHA256d20ffd389d67fa53e90469ca8634d1f3923f17bbe7db2d2b9f030d792d7f76e3
SHA512d9b16f20eaf28f2d6528b6c43f251f5d3c636d9f2b6c7b3bd343fee1985bdaa14d803843427fe7a61b5db4a09d2dac9b0c0d6e0283d7e002aa1bb4a3f657ae9e
-
Filesize
8KB
MD5b272eee55c1e3389ebff9cc0b3c857c2
SHA1f7221fb3b493af81090bce2a217df524f0a9226c
SHA25671a841301e6a4d102bdeec644f403c1f46caf48e111f5188406fc2478020053b
SHA5129cc04d5b25d2b75e468258f029fb05435fe97d178fb2795db35514fe0daf6b99e05d02f41d56e64e286d7be496fa4a21fbf433e607e0d63a7b37d8d9bd5d9632
-
Filesize
1KB
MD564eaeb92cb15bf128429c2354ef22977
SHA145ec549acaa1fda7c664d3906835ced6295ee752
SHA2564f70eca8e28541855a11ec7a4e6b3bc6dd16c672ff9b596ecfb7715bb3b5898c
SHA512f63ee02159812146eee84c4eb2034edfc2858a287119cc34a8b38c309c1b98953e14ca1ca6304d6b32b715754b15ba1b3aa4b46976631b5944d50581b2f49def
-
Filesize
1KB
MD5b30a518815dd729c67168baa1976fb9f
SHA107c9244de8e9eed5f4f22adeca78f049b69fc4ee
SHA25692e549698d39026a43c4e0a3b07dddcb3358ceae28d4337e96628add2c399b57
SHA512f08f5c671365515ac792bb153e2623d29c9d93fbb4b591ddd766d9faf0cefea62eca9d8dc0006a7eae2bca32883164bfcc567f2197fa6fb1c8babd480eab6c4c
-
Filesize
135KB
MD53f6f93c3dccd4a91c4eb25c7f6feb1c1
SHA19b73f46adfa1f4464929b408407e73d4535c6827
SHA25619f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e
SHA512d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4
-
Filesize
711B
MD5558659936250e03cc14b60ebf648aa09
SHA132f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA2562445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA5121632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727
-
Filesize
2KB
MD505f3012b93cf76d58e7b2bc2d35a3860
SHA1f34443bfca050b7241921f39cc0ac1f6e136763a
SHA2564eed2d7c1a8fcd86105eab1c97cea06216ca894839ac8b2450d14e8337d53a1d
SHA512f6ea0ee70336feec8367b956fe1d55a0e71f1cec077b0fc1e5bf3c93497a8b6d835d5d941a4945f9e7b54a04d13569e648eb4a93407cea39afc195a0e794c12a
-
Filesize
3.4MB
MD5a15342ce7b35b9509dcd51d5f0506f4e
SHA1f8c85bcd18d7bc43f7668f4e6b32f8f97729f1e9
SHA256608df6a8df334a640a62a58fadf4a930c6aeb849f22e0aa913c9f7a5e1940c6f
SHA5120857813ac1954be3cbbf57b435d5e968a0757ebd29ab205d1491e0f0f5738ce445fbda4fff44f66196d97a7e66cb4edc099acec69263dee8b8843f018f35c6e9
-
Filesize
128KB
-
Filesize
1024KB
-
Filesize
1024KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
1024KB
-
Filesize
3.4MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
5.2MB
-
Filesize
10.8MB
-
Filesize
712KB
-
Filesize
320KB
-
Filesize
10.8MB
-
Filesize
72KB
-
Filesize
240KB
