hxxp://architect9[.]in/[.]well-known/ITR[.]htm

Analysis

max time kernel
600s
max time network
606s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2023, 18:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://architect9.in/.well-known/ITR.htm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133409161297580620"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1072	chrome.exe
1072	chrome.exe
5456	chrome.exe
5456	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe
Token: SeShutdownPrivilege	1072	chrome.exe
Token: SeCreatePagefilePrivilege	1072	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1072 wrote to memory of 628	1072	chrome.exe	85
PID 1072 wrote to memory of 628	1072	chrome.exe	85
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 2908	1072	chrome.exe	87
PID 1072 wrote to memory of 3200	1072	chrome.exe	88
PID 1072 wrote to memory of 3200	1072	chrome.exe	88
PID 1072 wrote to memory of 4676	1072	chrome.exe	89
PID 1072 wrote to memory of 4676	1072	chrome.exe	89
PID 1072 wrote to memory of 4676	1072	chrome.exe	89
PID 1072 wrote to memory of 4676	1072	chrome.exe	89
PID 1072 wrote to memory of 4676	1072	chrome.exe	89
PID 1072 wrote to memory of 4676	1072	chrome.exe	89
PID 1072 wrote to memory of 4676	1072	chrome.exe	89
PID 1072 wrote to memory of 4676	1072	chrome.exe	89
PID 1072 wrote to memory of 4676	1072	chrome.exe	89
PID 1072 wrote to memory of 4676	1072	chrome.exe	89
PID 1072 wrote to memory of 4676	1072	chrome.exe	89
PID 1072 wrote to memory of 4676	1072	chrome.exe	89
PID 1072 wrote to memory of 4676	1072	chrome.exe	89
PID 1072 wrote to memory of 4676	1072	chrome.exe	89
PID 1072 wrote to memory of 4676	1072	chrome.exe	89
PID 1072 wrote to memory of 4676	1072	chrome.exe	89
PID 1072 wrote to memory of 4676	1072	chrome.exe	89
PID 1072 wrote to memory of 4676	1072	chrome.exe	89
PID 1072 wrote to memory of 4676	1072	chrome.exe	89
PID 1072 wrote to memory of 4676	1072	chrome.exe	89
PID 1072 wrote to memory of 4676	1072	chrome.exe	89
PID 1072 wrote to memory of 4676	1072	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://architect9.in/.well-known/ITR.htm
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xa4,0x108,0x7ffe46959758,0x7ffe46959768,0x7ffe46959778
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:2
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:1
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4560 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2932 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5552 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:1
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5620 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5932 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5572 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2380 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5152 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=996 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1980 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4492 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5564 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6092 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1000 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5840 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4888 --field-trial-handle=1864,i,10205648708435281918,2083988344323449834,131072 /prefetch:8
  2⤵
  PID:4392

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1688

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1304

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
40KB

MD5
7af63db34db605d8dd2c1c9a01b1e053

SHA1
0a78f5165c37eb51371afe2e9dde9ea1f70b8912

SHA256
b4f04e6c5f7e27398f72dceeb47a4711f6b4d475c4a2c8c23e8930d6718ce938

SHA512
78387a5038d814c1ac71a35bb44e0e1e9a49456e4b0da8e38766f3ca3f4ce9f973926697701bb1cfc47552dc11ccbb1326488e0a28f1b1f0cd96e60ace05a8b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
185KB

MD5
a9673bd087b4e5e2cd21862f8b7d8054

SHA1
0854f56b37b3c7c3938ebdd75a79be32c94b281d

SHA256
d4226b650de255fdc92e6ba1b89181c445fa23e82e86a1de62059ffde35081b2

SHA512
3e919945421b284915da26cd49d55db1e4c5b0530cfafec936982e2b6f400e372b98df78d1f07813a473cf9f26699e9c1ffa555904d6d2b4fc819b2c202afaba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
2b484c5c2e142ba83df76e05c2b997b7

SHA1
a7493f1259a23ede6bc619feed3337734b436101

SHA256
84cb844008c72768378da4240f0784adc1b733fde69fc626c5604f63a31617ee

SHA512
cde1124ac84e63d5fcd88abd86038a9d9f1a18e64127aa38b62fd749d7ca79d4db6af615fe68394d65638d8e959b9dc96062b14776182dc549f53e9e7d50f894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ea54e4eff8dc497a95e5cf2a26bbfd74

SHA1
e30c20ba46788dec3184bb954177803b37851f17

SHA256
ec3dc865a5661645b09396f5513067bf7fda001438d1f11a13c219ed9656b225

SHA512
86351f2a44eb804d163090122995dfb25c3c59556e4edb9f480e10f2905fcd89a3613910907b2a296358e061d9188401a2ec7ac9e23781850298dbb9b13e1311

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
48a9be4f7d539cfc44975ecfce2eac76

SHA1
5c1613f03fdf101465f8347219628d8767e58714

SHA256
5d708ac43280c467c8fb5b24e704387016dfc2846dcfc959bae11352da127960

SHA512
89ae8aabb00df35a65cca56f9ddd0d0d7b6beedc610bfe0b149e65c9ba5aea3fc74b7835fa22b21b3318ea5565b4fcce23c7b52ebfc59d405adf9430603dc089

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f4ac5b4cb48756dc9802aa4d1f302731

SHA1
40c6ef20dbbeedfb69f820cc8cba5aec8722b69d

SHA256
5e532f1599f09fae106b42dc4de7ac2c2c68ee6108190c9da6e616419e51cf81

SHA512
9077282590ef5554bc474dede103db0cb6535de0cff0de4c14fe9ffcc9520f6ae3069e42566cef7a435984687817ad29965e2ef994a03d63f50e92e98f91f2f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
943cbc4bb4df13febe23fd3c760adeba

SHA1
19e0997f523734bfcf0d15821f4fbfb3ffa6c492

SHA256
5ec714ea05fbabfc87439c6f5d87ca50498b0a30f2a9c1b315cfbcc43527d4bf

SHA512
ae8e39aff9b753a9af1eca717578bea37efc70c34ab6162f439efa9fa55252dee96584ae0c07932c1ab1aceffa04a602c2426ab2f98e0fc55af49a2de4fd5ae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d08e18b6f18b704adcc73b877db1f36b

SHA1
4ec34a551cc57ea2e31dfe7c7d7083c606fcc516

SHA256
ee4c8e0c2af657b1bba67314b0045b5ba75712cf15698464c8e6fa719f8444c5

SHA512
a0d7a2087f7b9cf11351ec924289e10e108cf1bc0e346a4742b16f6cbf51ad5f7a8325533950b7655b6c73d996a0f9ac790ba5108de7f1153775e436f65196ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2f7a982b313d168e9084b09e97d8c1b5

SHA1
21228e664c0828a2a1b9e4575cb0b36b32b8865e

SHA256
0d2b1141a41be18c15c5f90c5797b3ab472f2508e9abc5a2248cb20a99da244f

SHA512
03a273dc71cc306a6b9277d362d0a146fccddf120942ec83f4a381a6f2487654abda5a5d795404ad8280db8d697ea250486844eb7c9bc67a9818b51434a44219

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
7c12ca5976c57c089bdb577a5c634c8a

SHA1
8ed102d332d9c3b67e370e0409fde049eec9fcf3

SHA256
ee06492c531ca830962a4ac6d894e7c9566eec213564a4feaf962bb3c1ab7ffa

SHA512
790f8ca258cc95b01bafd91f8ba244d589a8aab6cfb59ee9f0e5e7076257d6cef0d6a5b26c8bf7ecc69be01af3fc0c1daaf604affb06d2add0becc20179ad1df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
bd11f4a60046bf9d92e787c95ed65525

SHA1
e0b47e7a110c22b996f39ad82417f4f34cf499fa

SHA256
18db7e694b16c60d8409ca964602de486ebbf4d6797b474a3fe98b6c833727bd

SHA512
38f13e9806e63ccf2a944822d7a49e2291b82f30ec2fd717757410ff3146050eed78b90797e65453b110baae3bb5a184cba33574541f3211ac1352141b6bc344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
2852698ff21927b9252d474c6fcdb43c

SHA1
ece33cdf92131f7606745b6978bf45908cc39913

SHA256
743b08c3623b237b0968d4fb870f139ccc6651b3a44f9ced8159e4007534fc18

SHA512
fd75f6338b7e09ec700caa9e3980139c8b9c13d680fa6cb28d96fe691d4de1a3de2fde43c50c6fd5e4f30418947b571dfb95943421239453212a9287fa067d7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f12d12dbba159e28bd0adbe3883ffd4e

SHA1
644f8a640d8558b2bcd0d4629fcee0216df36615

SHA256
f092ccdc117089d8e6277b7b68831368250143a080f37f88fd96439cfceaba20

SHA512
0cbcafe38f8c50bd3588539d8ef5e1cb413ad0100e2a03b02f829c1f23361b4a7a1745275dd1ea62b96ef5061d0dd3bcb8b39f560a557b2ec406e9e49c32314c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b4a0f54b02d9c5e6e0d9fe87a2ba9d86

SHA1
27ebda21aa5164698b79e026ff23265843c9519e

SHA256
337d6d8984189afc879c31df125705bfbcc81a49ae49651aacd85aaaf48fd17b

SHA512
71cd6d66f54eeef8dcf12ab5907d686b4d99fee59d38465d8eb200853afcd528909a4315f186e4bcfff6e0d8e929a1827dec07d51a1fcbc2ca3503d21260eec9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b7f4d9fc56dc689be3387e5e6c4af04d

SHA1
8312a2d24bb2c557cce332c4951e32cb75babcfd

SHA256
858476af3e0ef1b89a38d1f3772fe696daba7198dd33e81e27e5bdf7e5636ba5

SHA512
40596dabede7d0263654b225bbab95f375558d429ea1c57a9580c1658ea86fd6eab5be5452fd9759279e6020bba6050676f13a16c074b6a1714f0da014525904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c0535a52503c5044510a4aee7c17087d

SHA1
efb28469849dc9baa4d067f6819c17a6294e8641

SHA256
fff32be1c2c3963affd69a68b460e53f5c876ea871e526498dd3338492e34ec1

SHA512
f45cd5405d924513df0904d55cab3b1f4c306bd00dfb45f75dd49cbd1b41597014bac603857c9d52afc12056c75493a252abe9d1e9a279a8971694c31e25075b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c7b4e3086f6428670a70726c420e005b

SHA1
9a71173e3e6a4fc66bc2506cc66faebe56ca324f

SHA256
0e27f2969a57cb8805bb7a8baa3343cf03db0bedb0b4fbd93f5045b275b20dec

SHA512
ee08c35dbe7c4cdd8c11a355909eb94505cb6fcc8994222eb3168724849c4d68ed96af3c4eb3ac42a2d6a79b373d8bafc6d061f8dc164f0fb405f3532839064c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
42bf46074a8e4eaa1a860f9d20464d20

SHA1
98f7b5c57c1eb3db19811c29fef3c13198414ae7

SHA256
9e863802e9c886231b6b1ec64b6047d37312c17fc741cb46ccbfd117ee57ddcd

SHA512
cbed754356974d4e464e5c69b6b50eb8e28af22741ef07508a5ae087714890fcff177d46a9e7fe36e343aee8b71bfe52442f34659f759f12f39a6eb0088522e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1a3302a0d865ff416e2ffde56a43f61a

SHA1
1adbcdaba88e2c639d736ae1ee00b5335ee4ec44

SHA256
1bbf36fbfad5ff3f2c9ed9969204f16b0f6c3f2236f5e9b008310be8e9d8df43

SHA512
b15a0624fead8e868a04603dcce1da325299cf481df226e584b7b470dff3d8d2aad3d63f9481c89d59f69ca8a5ee981cfa5e51709caa52bf0eddf9969ed65366

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
665291223e4162609c925e7188a5ba5c

SHA1
19e8c2197723312040b161fceff952714ea000be

SHA256
653a2d7abc5a28085590612ef67b61655aacb9dca6a838ab47c4ee73351ccbff

SHA512
08107c09f3b909606f2364d88e0dd3632949fe1a9ef6b867b3e9c5516a20a2edece2b60ab291994f0f407f147b92c629ec471931db1b1e8df786b18e3d9dea51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d0ea9.TMP

Filesize
48B

MD5
ce8275c105bd46ba3426bcf245ef2663

SHA1
4848fdb0545b162964484bc628721af48a7ec8a3

SHA256
c5bf7525de9317f5470ae14650961235ee257543a8bf3c3749c16bef4f920b11

SHA512
1d40a7e0de1360fd846244d21830ee940ab1b1e6e764a43cbf7b5fad49cfb090c9d49c8588f780c38b25e14b39d6cefdbafd6364847ff202e5a1a3730e455cb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
0fee4e29fea7b355f6b202453d21916f

SHA1
d03103c549aebb2c6f7cc90357ac9981c1f435ae

SHA256
d75246574541746273c5709bfedd2811e9d6d20b635c854d671be0cb65a11d01

SHA512
c99c18673828b37b3b193fea764e58ddebbc35bb11cf26e9bd67c6b942513c8918cf39e06fefc673b910b7ada1f83fd873395605dc88e0bac8c488633f38a779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
5e81844de0e6800725d8492ff9f144e7

SHA1
596a8d52c7aa903990e55b431906eecc7ceebf39

SHA256
ec03d832250ef2ba88a083d5fe964e528b7b9e09cd144ef853d0a40354f78909

SHA512
836d17d8a5d982bfcb153fed80d19d43ea52b943bf82cb7fa7bf81b1f5f46693ec3b3c6c45b69b1223e52fefc42de5e38e11bc58700034626bca2b577697b35e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
e9a3c8ef82bde628a63ce7d845934dc9

SHA1
9c558b1b49957c3c8818a0c8577860f1076a204b

SHA256
14c1b9e53b2ef327b797c2c431a28c8adfeab0da10f00a58330bff743ea86ad7

SHA512
97fba626fea59e4e5521906773d2856d5e05318a69a3ca6c78724f5b69f0f1d0f6f064f273cbcdd4a36ca5b9009c44892fcdd18a84aff27e6ead94eed1d5716f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
8526bb4fe565cf6a21c130475a683a6b

SHA1
14c915a6202f4d5d006a8a25a15faa492709934a

SHA256
29b1c3874bf7543dfb1efc499920a2ddbc4860f4497ffa03278347503b052d20

SHA512
42c310d2031e950c2451689da882745a78bc841098c77e9c0d762716a68d74c9a59fd6cd9246ee6af461fa9b9242611025437c21608642840ced8088209d9350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
de8ccf2d0b80c9b51b00bc9e6557df6f

SHA1
e0b64e8b3185753b985f30a525c53f4b28a484e6

SHA256
41cf6fc86c5c094f6ed98fbea814db3ae795c2c7969c7b6984f18037787a393a

SHA512
196d20e48dd6149a4f8f363896bdbc430551ec6cb8aaae39625825b9686b31b2412a7a1ea520fa263c2559ff451d0c69399c4b9ffbaf6986cbe9c7f398f7ca1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5d351c.TMP

Filesize
103KB

MD5
bee0d7d885cd727dc27394613123e48e

SHA1
031cac95b993ab3bdfb247b482ef09210af446e2

SHA256
a4e7e2608da174e814532d05439d848ae128acf36779bfb8d54a8ac3ba330649

SHA512
9a0a781f4143abb4e7ea63375abb6fbb2cda9c6da2da58676a3d3cd16dbe2797ebc811dc701cc874aeffbd9229ea0f1f1a5b03ce9817d325e47ff86a99f725c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\E-FILLING FORM B.zip

Filesize
2.1MB

MD5
7129ead5a06ce32b8502351e33be7e70

SHA1
8904f8fe3717872ca285eca9bf52a1cf65cca07f

SHA256
9bb3d43588a06433a80667559552098357db8765517e1dc4aa3efcd87192f20c

SHA512
bbc8fbe3ceabc5ff5c1a551ce614fff63999014792f0243123d5d8e87bb6e2b739221f5fde5f4138413f39f0a91da91d905c39fecaf78adef3101e58505b3b0d

Download Submit
memory/112-196-0x00000223E0CC0000-0x00000223E0CC1000-memory.dmp

Filesize
4KB

Download
memory/112-198-0x00000223E0DD0000-0x00000223E0DD1000-memory.dmp

Filesize
4KB

Download
memory/112-178-0x00000223D8940000-0x00000223D8950000-memory.dmp

Filesize
64KB

Download
memory/112-162-0x00000223D8840000-0x00000223D8850000-memory.dmp

Filesize
64KB

Download
memory/112-194-0x00000223E0C90000-0x00000223E0C91000-memory.dmp

Filesize
4KB

Download
memory/112-197-0x00000223E0CC0000-0x00000223E0CC1000-memory.dmp

Filesize
4KB

Download