hxxps://transfiles[.]ru/wjvp4

Resubmissions

03/08/2023, 21:22

230803-z79h3sgb67 7

03/08/2023, 21:17

230803-z48sdagb57 8

03/08/2023, 21:14

230803-z3rsgagb52 7

Analysis

max time kernel
110s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03/08/2023, 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://transfiles.ru/wjvp4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4108	CoolSoftWare 2.1.exe
1208	CoolSoftWare 2.1.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133355713815892033"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
472	chrome.exe
472	chrome.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4108	CoolSoftWare 2.1.exe
1208	CoolSoftWare 2.1.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4108	CoolSoftWare 2.1.exe
4108	CoolSoftWare 2.1.exe
1208	CoolSoftWare 2.1.exe
1208	CoolSoftWare 2.1.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 472 wrote to memory of 3164	472	chrome.exe	84
PID 472 wrote to memory of 3164	472	chrome.exe	84
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 1916	472	chrome.exe	88
PID 472 wrote to memory of 4816	472	chrome.exe	89
PID 472 wrote to memory of 4816	472	chrome.exe	89
PID 472 wrote to memory of 1180	472	chrome.exe	90
PID 472 wrote to memory of 1180	472	chrome.exe	90
PID 472 wrote to memory of 1180	472	chrome.exe	90
PID 472 wrote to memory of 1180	472	chrome.exe	90
PID 472 wrote to memory of 1180	472	chrome.exe	90
PID 472 wrote to memory of 1180	472	chrome.exe	90
PID 472 wrote to memory of 1180	472	chrome.exe	90
PID 472 wrote to memory of 1180	472	chrome.exe	90
PID 472 wrote to memory of 1180	472	chrome.exe	90
PID 472 wrote to memory of 1180	472	chrome.exe	90
PID 472 wrote to memory of 1180	472	chrome.exe	90
PID 472 wrote to memory of 1180	472	chrome.exe	90
PID 472 wrote to memory of 1180	472	chrome.exe	90
PID 472 wrote to memory of 1180	472	chrome.exe	90
PID 472 wrote to memory of 1180	472	chrome.exe	90
PID 472 wrote to memory of 1180	472	chrome.exe	90
PID 472 wrote to memory of 1180	472	chrome.exe	90
PID 472 wrote to memory of 1180	472	chrome.exe	90
PID 472 wrote to memory of 1180	472	chrome.exe	90
PID 472 wrote to memory of 1180	472	chrome.exe	90
PID 472 wrote to memory of 1180	472	chrome.exe	90
PID 472 wrote to memory of 1180	472	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://transfiles.ru/wjvp4
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9a959758,0x7fff9a959768,0x7fff9a959778
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:2
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4876 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5364 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5356 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5984 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5420 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5564 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:8
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1760 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2668 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6136 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5896 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6088 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:1
  2⤵
  PID:2864
- C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe
  "C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5912 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5528 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6172 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6640 --field-trial-handle=1872,i,11514685151743380270,338022063941542411,131072 /prefetch:8
  2⤵
  PID:4124

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1192

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3204

C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe
"C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
39KB

MD5
500ecdda9ad3e919a1f41c1588266a1b

SHA1
d5ddf92dc08284a48701a4d3555590bda05f77e0

SHA256
caad3feace9086d27e006d538d2daf4dd50e2b33307232a7db6d5f8c48f73b37

SHA512
5e47a0d0721ec0f9adb5a439ffc98c1b4da780e74270332313f8350f228bdb919d32c4812c6ede84ebae3ead1342c2eaf4c73f4dfca5a87e8887e1b5913c0d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
1edaf24f4aeac9d446f7d8cb7e4f3f6a

SHA1
8affbc58da37afab393e456557fbaec6a2cafbfc

SHA256
365ff01d64888aed9af68d44090fdd82c9c388c75fd95ba730a1938314e783cb

SHA512
bfd0c504d4dbfc616dc9252861305b57cda86665d7ab62f624269b323d10e1233f66d36491879a9dce295fc16c3fa3b626505f1a14fa30a8fcbe4ee01195c1de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
981db130333ee2e63ad4849bfafdf1c5

SHA1
5f7cc4fe59b14534f6d477877d2f96104ef74810

SHA256
31a8d0f82e06e803c64a3e8b5b1d8bb2011ecedcf738e6e80ac2f95d105be40a

SHA512
12d44f85d3af153eae67fa9864a61a97df6a9d8159358ef1e545f9807f8d11111c1492e409b50ecba96c755f5d943e9c58522eeb45350e2e3e9c692c2f7a5263

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9b3d6a5191deed5f06b487a46149755e

SHA1
efa5e59d1e9681d4f1db4b06cf47c274980f7082

SHA256
0f93161e4076bba204bdd7e40bec2e7813fedb7dae85980ec2c6c2a03946c5a0

SHA512
253bf4f9cd29535dfdd3035aa4dc4d5835280db133d087411b681a96490da8d79767d295a080eb46606ada5c701fcfb11bb1c153dff83d2859331685493bfb2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
74b8ef2c9f43a0a824838e46a10c309f

SHA1
53907d91e879a3f89c74880edf5163c1898dc44e

SHA256
b32a27f9a1814a02456507bf54ebab3aea698c7a0949936bd522fb80b3cec90e

SHA512
f5584eb1d2ecfb0810e8d9c08dc910d67a426e8f0d3d91e9f93cb7ff53070aa36b79b8ecbdbaa5352c43f8368b2456647cdf2d0b252a3a9499a437ed2c35a55f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ee69b1428e0e8a837ac92dfbad904a60

SHA1
0aab30e28c82c357e54f226083ef55387ce248b1

SHA256
baddd0668bb38a4165347757abd29f3db36fc8ff12ab76345320d0f2d969016c

SHA512
04507f0a24c190f9b56757df642f462da86e0bfb2c25002e187f32561ff898cc9633e9698b8a98a28846a92a45e4665eea78c160d679ce774db787b51ca96861

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d14b12ec0ba2e9b8f0a3ca916d03942e

SHA1
de5cd1074c6c7c22848796f7ad41221516cc0016

SHA256
d30620ec7c588ca7d515c2cd21a891c003b0f15e696a0292da39a54b29849322

SHA512
aba411d52199852fc3ca974deafcc50e53efc05fa8efd13e895835765dd2286356056fcba81fca4611df16e4c03ef8d6783cd9fb8a4827a47db4d7c19df8f986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
53076a766fd7c34b9433a289d5a8f711

SHA1
978bfb24197fd8cfab61a30cb41f4530f8a4b06b

SHA256
8a8dcf7f6a7336542233c708061f60d42b67f54abb237a8c966678963ead202f

SHA512
c492487301d242232c5116ed87561ab62f7596b0d0d10a4fd70c8cbcf5487cbf29d0a7a16191f73c94b3fe9ab1957c9634659adab9580342cc037e01a1894c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0d9ea6f39d0349623da31a1531ff74ef

SHA1
b1123b82df6c6322af936ae96c3ec4cefd788b53

SHA256
2d31fefbc016e7ccd480e8650e373b5ae8aaff399e535d5f7acf0b30e56a116d

SHA512
1bc52c02dcc8dc819ff810825909730cdb2fee825eb489cc1ebcc0a65ccdd5f86d8ed617d288d0d4fac2b4481f33637804524bc6569d20e211642f1d78c2571d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bdcb48a230e8a9362badbfac1c94d1f3

SHA1
357bbae29f19b7f5da034129adc3ad14b932033d

SHA256
379caab980847ec96692e09493cbc00651d5995d125ddca07f8fd2838bcef589

SHA512
269e6f645fc4d031945fefb0f411e848a07567abca87ffdc6387af7b7ba618f4b5aba559aad635c2cf47187f84e14f199155448d406f3fa29524e9bd480b75ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f385323747a89337525ea4487fc05dc8

SHA1
1bf6c34a726e5a95a632d7b53144d40a784688c3

SHA256
a49a2953cc0a90d7ff5f364fb16c9d6e4b546948d6d08dbb8af624c687c28c64

SHA512
fe49185e59b169f8fd94637736d5d17e99b5d557903f0518adec088ae7875d071d0951bb66c804ea6bcc1ab94432e42b8b97834ba53979f025c0ddb83cdbcffc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
055aa5e5fba762126cb20e546d42242e

SHA1
8564dbadcf9a1db5b2a4990cd24857b91e2e4b0b

SHA256
49ac2fcfd7d8420eada5cc7cac59e5e900be76d490793e78ac18ce9f09efd8a3

SHA512
3a418bda6429ca0a84b2cbaa8033a1c13575485adfe0965a611bf051308078c3079b02f98752a07c56b71283909d34781bda0c8e8b61ae30d3ee16936ffdac8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
bb6eb4f8e306c26532483b52965eddf9

SHA1
bfae3a31197dc4ee53bf8dd61f05351f477628b3

SHA256
6e82ba1ae3135cfa04698fcfdb9072bd88940bf51919e1fb18d0606c3ffb4c66

SHA512
7ef0e3c0629ca22d542f4ef8c1c0deb6659f2c37b2a7ed42f4f23563d901f032a294993e198144bc5a05b6410c87b79aef4f7c5bd55f53796431bcb61170300d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
12f398ad5eb2e2b491b816969e58f477

SHA1
4e0efe39cc22d94af71ee1b333559dce03a228f2

SHA256
58e903736715db5dca56baa8dc8997904e3b5305aad431e58c06ee648d0a3670

SHA512
83f700de5e57be6cc1e9907b705a6f2e5c92a38f69f15692e53de7e2d5972f93530247dae119f24fe77df2d064cd609262ba4df1091a1361cfe826d67f106c99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58e7cb.TMP

Filesize
120B

MD5
00004db12d001405e98d5069de4fc931

SHA1
89f4b65033816ec644ce12aa9ec052d307486310

SHA256
1335d12912e1572effb8a7837ed6b3f9b04c513fd5484cd44cb8ad4f61f6dede

SHA512
62be8c776e731546deffe5f5d8042728a00eb06fbffc97ad253a78bca5f30d7b04c46d8e24db40d26a2dec88c2c977d91e555be42fda1a6eb48f432016e5e34d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
c467c9f4707e6038a56c1947e57495e4

SHA1
38aaa0648a5153a3fb6fff4f2328497116a0f55a

SHA256
e91edfe161816cca3753d4794ada9952d130f3d43ae71fd53bfe348bd5e8ee69

SHA512
eba71c8a1b18ca70454d78b2c511c69cb7c1a902870b80fc9f0b706c77ffcd1735a2a795f29da98c6f7a26c2a7b442f54613e5e5c59012f65f12f6a4064c5e23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
2aabbf449eaefc112e79f956a18818aa

SHA1
88094aa42136fa0b966c04b39b76d25e9ba072c4

SHA256
5a494a986df38c219af9333dda29c19585dab5950e967db25cbcf516b6ece49f

SHA512
68257422a41363b558f32d37a8e7dd6ea7799572e6ad311f69b6c4d61bfb56a03e1bfe9d9dfd71a67f343c76bf9dd366b06506f3b5e7eae719d307be002d49ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
c77c2847b9a9f1445a200bbcaff45fb7

SHA1
b3c2ce5538e31136a06b819b61238b2cfd8f3117

SHA256
fbf3bb87e67635504aeb2924335a927e2503c4e5672a3a99cf51da2e611c111a

SHA512
67f637058a7253e583a05630c10403d5472b68c1f275cb1fc558e9398a58ae332f54b98dda54ff46e70604aea47c08bb78e4ca457f7757ef18add1919dc96cf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe591e7b.TMP

Filesize
107KB

MD5
61fdbbf3ca627b4971a9785004196460

SHA1
34a9e2e75f7a7591f6a479dbc87833c74312e23a

SHA256
1ac7d38f6fc92c22b3a0d0e2b1debda82b0c0f536a15da96da887732bd8b2007

SHA512
430f912f3918c17002294c76c66ea14a4890f9aef57e93ff66fcb5e01053efdf3867f2270d9a3e1c3a9d1eaccb60bb6150b239b8c07b642c50d841b1539593ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b1955d6f-92d8-43be-a2ff-1aabb5ccf47c.tmp

Filesize
87KB

MD5
026ca6d5e89d25a221a6786547a81265

SHA1
ea60e995714d27e9cfc803e8a1745aa24bee45eb

SHA256
df08bbf83a5c6d63af2b486b210a1046fac075b782a750329698ffd56ad2d31e

SHA512
4c2695d73f555bf8ae2a383cb2d504a50e3ad5dd65bd2f30c6b3177bb734f514c6b490855ec3668c4ad46fb3d03d70f8c07ff83a1e003960fff0cadea843ba2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe

Filesize
815KB

MD5
1341a7db06d95d52a5702eef0c864cf6

SHA1
378d7751911b0783a798c3bdd9616d6c684570fc

SHA256
1b3b8d589987482a5d43ec9df5ba8ef745e3fd6077d3bbed0d31dba562f129a6

SHA512
c8ac4a9ab50cc5d60af97712dfe6836cd62e35e67471af2506e2779d2b9c2260aa3e88b95e9cb253a0b6d7b5cfb72ea4e328c809b6fea531627c620430168a0f

Download Submit
C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe

Filesize
815KB

MD5
1341a7db06d95d52a5702eef0c864cf6

SHA1
378d7751911b0783a798c3bdd9616d6c684570fc

SHA256
1b3b8d589987482a5d43ec9df5ba8ef745e3fd6077d3bbed0d31dba562f129a6

SHA512
c8ac4a9ab50cc5d60af97712dfe6836cd62e35e67471af2506e2779d2b9c2260aa3e88b95e9cb253a0b6d7b5cfb72ea4e328c809b6fea531627c620430168a0f

Download Submit
C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe

Filesize
815KB

MD5
1341a7db06d95d52a5702eef0c864cf6

SHA1
378d7751911b0783a798c3bdd9616d6c684570fc

SHA256
1b3b8d589987482a5d43ec9df5ba8ef745e3fd6077d3bbed0d31dba562f129a6

SHA512
c8ac4a9ab50cc5d60af97712dfe6836cd62e35e67471af2506e2779d2b9c2260aa3e88b95e9cb253a0b6d7b5cfb72ea4e328c809b6fea531627c620430168a0f

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 885389.crdownload

Filesize
815KB

MD5
1341a7db06d95d52a5702eef0c864cf6

SHA1
378d7751911b0783a798c3bdd9616d6c684570fc

SHA256
1b3b8d589987482a5d43ec9df5ba8ef745e3fd6077d3bbed0d31dba562f129a6

SHA512
c8ac4a9ab50cc5d60af97712dfe6836cd62e35e67471af2506e2779d2b9c2260aa3e88b95e9cb253a0b6d7b5cfb72ea4e328c809b6fea531627c620430168a0f

Download Submit