hxxps://cdn[.]discordapp[.]com/attachments/1253476705885093940/1253601576019562569/catgirl_1[.]21[.]dll?ex=6682f932&is=6681a7b2&hm=ecec821da5fe1d40f601755020a4bf92cf63e3d286f240bfe40c204d20a10cbf&

Analysis

max time kernel
749s
max time network
733s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30-06-2024 20:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1253476705885093940/1253601576019562569/catgirl_1.21.dll?ex=6682f932&is=6681a7b2&hm=ecec821da5fe1d40f601755020a4bf92cf63e3d286f240bfe40c204d20a10cbf&

Score

8^/10

themida

Malware Config

Signatures

Downloads MZ/PE file
Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

C:\Users\Admin\Downloads\Unconfirmed 859302.crdownload themida

resource	yara_rule
C:\Users\Admin\Downloads\Unconfirmed 859302.crdownload	themida

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642533415342871"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1916 chrome.exe
1916 chrome.exe
2824 chrome.exe
2824 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

1916 chrome.exe
1916 chrome.exe
1916 chrome.exe
1916 chrome.exe
1916 chrome.exe
1916 chrome.exe
1916 chrome.exe
1916 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

Processes:

chrome.exe

pid	process
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

chrome.exe

pid	process
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1916 wrote to memory of 3644	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 3644	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2564	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2988	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2988	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 748	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 748	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 748	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 748	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 748	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 748	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 748	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 748	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 748	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 748	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 748	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 748	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 748	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 748	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 748	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 748	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 748	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 748	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 748	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 748	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 748	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 748	1916	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1253476705885093940/1253601576019562569/catgirl_1.21.dll?ex=6682f932&is=6681a7b2&hm=ecec821da5fe1d40f601755020a4bf92cf63e3d286f240bfe40c204d20a10cbf&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffcad99758,0x7fffcad99768,0x7fffcad99778
2⤵
PID:3644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:2
2⤵
PID:2564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:8
2⤵
PID:2988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2036 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:8
2⤵
PID:748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:1
2⤵
PID:1732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:1
2⤵
PID:3032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:8
2⤵
PID:2432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5248 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:8
2⤵
PID:2664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5312 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:8
2⤵
PID:4784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:8
2⤵
PID:3140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:8
2⤵
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4444 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:8
2⤵
PID:216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=952 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:8
2⤵
PID:200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=832 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:1
2⤵
PID:1912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5768 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:1
2⤵
PID:4784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5876 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:8
2⤵
PID:3192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5896 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:8
2⤵
PID:2164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5968 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:1
2⤵
PID:1124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5772 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:1
2⤵
PID:2944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3720 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6052 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:8
2⤵
PID:2096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4484 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:1
2⤵
PID:4160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3832 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:8
2⤵
PID:4324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5940 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:1
2⤵
PID:2444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5920 --field-trial-handle=1836,i,1592030692255360876,2692475603052944878,131072 /prefetch:8
2⤵
PID:1912

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4068

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1936

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
e6334ea7944a4e954f04ee4d7548078d

SHA1
8f0683c2938e539d5a47dd6f312317963363cf11

SHA256
2235f09179b63460263c2d7551cf2b6ef57c04e7d8cef8f5d4b779b919af5d85

SHA512
65e731440f6cd40102c00d46de843b6457a1d906516e555f376158fae47be439f972238a4d9ff15c52888149f58fdc05af7a5b2d276e4699df3dcd10106611d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
ea0042535beafa87d3947715db91fc6c

SHA1
4270a2f606eff7cdf5434f1dcba2f215dbe71020

SHA256
4b8e72f31d578e6370a5640544105089a9d7455e3fd25ca9b7cfd63430e1e745

SHA512
599b52874127973b65e01e3cfeedc554fb71f79804cdaa0eff76f3a9d8a6c0594de06e0af199605d1a90a54698518a6fff8b112042225419241ff4340a829c2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
94f56dcf053a85219a30a1a2af72d9ee

SHA1
1b6050ee018f2dd6b186d8fd41a95a1afd1be5f5

SHA256
fafdf823d9b8cd0709d049abd49b756bd916d91b2672bc14698052b0150d6462

SHA512
b8533c9e52769cfcac8c41fa5eaef8fb7e63969aef53b74a9af1a40e70ae1738078d49365833879f97e129123141237d19e64be74192669b565ec429350e950d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
00b47fe6e62f9368f3c8769f7d7cdab6

SHA1
49d4ddf9f3a34afc9a8ecf14bd297acd8f9c92c0

SHA256
dc6e80792af5a50f398d8690fcff2ea5f6c4c0d3457be7dc491a99f70c37cbe2

SHA512
d0ba60cb7a5292bb328111e33eaf1fcf1a5688f33f19054943eeae6be3cc3260bbddd81f1096cc25a80bbe678b7210387da9f6f581bf72d57251c64e2eb12f44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
678B

MD5
f45528d4ddf7e66a83240b436cb56a7f

SHA1
b240ec74ed8c5ec7e6fcc6f34449b83e1d72669a

SHA256
fca7fa766715bbb5c53d497e6a7a356df283d9f9a7740b5c4aca2c2c32253a35

SHA512
865422a74b0a95c79e4b3b1d4748a3dbb497a86e763444c27ee9abb8c5280e959df0c2d60708256ade172a50f57d96b2119737330465f40a12110b3dd013c82d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
c022f3a44109ce0b30d1547d98672b02

SHA1
96ffcb01dc215c88715fc34ebc5e75d2ec4a7151

SHA256
c781a90a1c35ca56b786889cea23715f8c32ceeb476de2fcb6583e0570c73b34

SHA512
9236d7ddcf1bb427e30d90712bc901cacf58af57db5ad7c4f1f1050f310a36d9f261ec7cfcf56d61c5fcfebb37b8cc0d92ad4b94ce2ebdb3ad9e7a86b46ec301

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
d3297a805d717edbba386a3bbd411b9e

SHA1
a68fbbca322c7140172869f388b1a47844612796

SHA256
0919b492635f86644ef5158ac2dd6bc276d9a2e024a496572f39c082a74f321f

SHA512
b367531ec06736d6f0e220296ab57c37dc586ec0764c8e71bbcaa6d7e7ed3cc0a1da3d1a8e1e394e6c62a832fd59602287d22500b8c886c7034b26879860e814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
22969ac3625a82d8d9e49b106204c6ef

SHA1
a47abfec972d0802b67cf1e578f81dcb9237ea97

SHA256
770892f7c7d7d76bed8a8338d3757bb9eb5be5e09c94ddcdecd405fa7e63884b

SHA512
2db775ca1a6242b773b59e7d72e2c9a6ca3787eb7e3fbc8abcd583029b8b8da070d5b329da51f4b35dbc607d4f46c4b390f902753dcd5005264b0144e089a285

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
5d4b62bd27c4819a3dea3ebad084b689

SHA1
c48173fbcd766b1cdabeeb17eadd3da693177a83

SHA256
c4524538de0241082582312db97c65c41e5fc09a3c40ca1cfaaadbd2c57c5e18

SHA512
092c2c6c6cec0c051c86dbe613d912e91f0a3d92e1b521fcceb2694300e1532de4a2c392bcb8b968b80b7cf67ea46235a3f0ad90255c913f44caa9568cf5d885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e39530cfd02c86c4774f9595aaa3f44a

SHA1
fbaf4a6f63519372556549258d1020f7d8b912e3

SHA256
7e9c8e7530bc6232d41f48aea8d67cbe5c6503abaa867e7013c2a403716757e7

SHA512
b016ae7e2408af897a7c4fc33aa78549e56e7793623a7937da8bf39c17f29f0513a23f35d1f93d6a5bb965979990f08cc50e8e3066f5fed5856621af8a0aac67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
3032318ff865ddd8f399bc579594029e

SHA1
939b1e14621d5702dfa8abb4cad3a91ee90b57a8

SHA256
5865b1a28a467727f841c4d90ea9e711e6148f290eb213c378f85609232b8b51

SHA512
2ba82ffe9aa06bdf255e14d02be81ae90a940cf0bbd0fa83b3279e5f232089b6d8e5a09ad182e1cb58049bdd728515d281f6d67ee8192d17a4b485fdebdd7cdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
cd74c5d64ff1a73053813773984806c8

SHA1
025c43e9cd785b9c4000af478fd3db23e19f4c2e

SHA256
1413a6366bc019b1f9673cf407eaf071df36cea5e128f48503cb1f259eb285b9

SHA512
3f9959d2c93bbdeca3c7f4d604cd72e24bffb7cd6255f9ea90612fdbb03ad5c8e2775b9454aae9a931e13870ef952c1ee0a51d53d96c364b74995dcc51570478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
18ed023911705f3e76163f6a68496561

SHA1
6fe3633a8efda50f83b04cf1a1c6eeb6d2ce06f0

SHA256
cd307eaa239ef84c26bf0a51d9d9c9f7c46827feb779d0818d128d9865ce65f2

SHA512
d2be35e0210a16fbd445d0111e3b7ff8f6ec32c98c3e4213e9657c385452376c9a173e6f2208724882e02b26acd2d08ad24713f306824c8a94c69e3a3f6f96fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
f5bba1195cd2a6792e1e8d55d2f84582

SHA1
8913eb7595c1755f13b99890fb57974716c6bee8

SHA256
2a0566660913e5f1f61f1e83d8c91a1e6c59acbbc6f745dbe3909cbd77cbc20f

SHA512
2c29760e2c40efe06de8b9a60810294382442348a846c2cddb30dbb5a5c80edbec1fbb352b45bdc769701eda0f89c5600338d4ca80ada7e427d42a7f1180505c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
144779cc87974585bea32eea10a9ed9d

SHA1
df1e2af43d0abbb9434fb62c8aaa34099bcc2017

SHA256
c3c28c93ff777f04eec3279bf619fcc7975c8a10995d84e0f9ae28ddd15946c4

SHA512
12e6729f29cd44b341210dbf0fe8c336d78351959bf46e03fbdf6d2bc2a67d58c04df06f86e121ac3265dfcb0ada48d9f0e0e4bfa680bbfd1d0e779476c142d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59f63d.TMP
Filesize
48B

MD5
0a4d3635f729754068c835237861fb4c

SHA1
c65c3e147e4a0bc5c24d3e19f4a5c280f2784479

SHA256
6a4441f9ab33100cf7753ac5fe699d82229adb5fb53f7a4ca4b933b4a8cd6a5a

SHA512
d0bb864f7e797f27cdac2279f5d27ba7d6babe47ecd936071bd3c21b93c39cfbdeda1e31e686bdff7b47268df147fa10b0e9d58611cdfc650c4d8a7c506b7376

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
daedcfa5a458e8292dc56e8bb4fada39

SHA1
c770236c6fb355d6788034ce5cbc9ed9b79a1bf3

SHA256
0ee702e3f33886ce98ef274b61c6c80410663a5e2710a891241d934f3e41ecb4

SHA512
20e6d424a1f25acba2c31a86e9ac6236eaf8398bb04f9670f25deebeee55bbc9af5f595e59bacfb22e50601e61390142a6b3d17da9c5d36af01d7043131cf69b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
5dd9e2484dc1b2f838a467d0d81ac225

SHA1
08f85a4c866da8ce88c79b070b7380a1125d8f3b

SHA256
417fd15251bc3c0e7513b18c6c6feb5ab945e889c9fef34ed3e6e6bbe7b6c2cd

SHA512
2a33f80735bcaa5b691ed10fc1d632f1ba0fdda3dc2929a13d94de12018cb792ff54f3be2a642666c419fa80142b28f0fb9a4bb0fb127be0c0fdb9d1ee4e018e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
aa08a686666715e49ac7ec02c50a75d4

SHA1
d27f70408452b68c5f4e7636a847e16be7b9aa99

SHA256
b329391ebe066f36728db9bc467063f111c1582c46a4b118e2a5af7d0d5e6772

SHA512
bb45641ba17b3cdebe8534d9a1e766ee3515425762bd5b8830c02c8ce137d672680e4780b480099ff1ced5f563cf4acc460b98d5378087b838245681756c7a51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
110KB

MD5
bad28a273ef7f747edf96c7d928ee5e6

SHA1
ab8b9d126d0e28a6126063f02072a861be7684af

SHA256
77affa06431e5a770c6c4a99f178b35658a74f890bc40366ef7e0b0dc0ddc073

SHA512
27743f56f6cba8d48278647a69738e6c073b3167e28cb52ba0bed7c4b98a2d9c739ec7c7b23150f5aa3ae3c5a379ba9b445c9989e357da0cee6f33334b553469

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59bfac.TMP
Filesize
105KB

MD5
431d00aadc01ec87a3e6f97ee8dba4d4

SHA1
c10704a4bcb52597d3b1a69412cac8290be341e1

SHA256
6de1eebea0cbc962ad3550cc9f03d2f034b7f0a0e11ca13b92b7813fe0ddea37

SHA512
24740c2aa981e7643a79dcc36881c52caf6be15ef13f9b1c91ddac747af2ff4303bd317d2fc4e9d391b7d2e5f37377180f610b8e0a8476e6300990d2451b01ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 859302.crdownload
Filesize
6.8MB

MD5
85c9c29093b3097df94a680a8345e631

SHA1
9d45177aa70eb3c18c4a1896335533e86618d7d6

SHA256
bc0fd649456fb61a9b11c1194ce3398254344e1e26f586b1f910cdd1ebd98d51

SHA512
5293de3a7d4f5a373b8dc4f9ce64ce259f21e5d72b7e8020a8345f1956091ec3d2a0767ab3477764a7924e0f9ad1261bf8f113015535acfe4468d666a7febd97

Download Submit
\??\pipe\crashpad_1916_HJBDAODSAHKUZOMR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit