22d7b182b1714e4d4c20a0932f9f3164f1ddc48fa93f3678157222421a32f83f

Analysis

max time kernel
867s
max time network
872s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08-01-2024 09:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ITR-V REFUND.exe
Size

2.4MB
MD5

38a6b50a1bde06601d6bc6f9abdc749b
SHA1

758b7f8cb589d3478da45e1fed970ccc0f8412e8
SHA256

612ced33c9ed75050dacc0fde4e6e20b6b39ed405fdd71377875484d70723ade
SHA512

f8abdc0c2106e1fe825e1a9435f9742492d6ca322fbdb43413d6bfbf54a32c7748a0c174e9cc4c52d8d1e20de05d91b8b8734a9fd91bd3169db71d6a035a7971
SSDEEP

49152:oCNkWk5cS7a+9XYaQ2Zehc4mTYJ78V9gyBn4ch6fmP/SA8N:NajJlZ942KQV9hp4pfmP/SA8

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133491816586182158"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4840 chrome.exe
4840 chrome.exe
1128 chrome.exe
1128 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

4840 chrome.exe
4840 chrome.exe
4840 chrome.exe
4840 chrome.exe
4840 chrome.exe
4840 chrome.exe
4840 chrome.exe
4840 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

7zFM.exechrome.exe

description	pid	process
Token: SeRestorePrivilege	3788	7zFM.exe
Token: 35	3788	7zFM.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

7zFM.exechrome.exe

pid	process
3788	7zFM.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe

Suspicious use of SendNotifyMessage 38 IoCs

Processes:

chrome.exe

pid	process
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

ITR-V REFUND.exeITR-V REFUND.exe

pid process

4616 ITR-V REFUND.exe
4616 ITR-V REFUND.exe
4616 ITR-V REFUND.exe
4024 ITR-V REFUND.exe
4024 ITR-V REFUND.exe
4024 ITR-V REFUND.exe

pid	process
4616	ITR-V REFUND.exe
4616	ITR-V REFUND.exe
4616	ITR-V REFUND.exe
4024	ITR-V REFUND.exe
4024	ITR-V REFUND.exe
4024	ITR-V REFUND.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ITR-V REFUND.exeITR-V REFUND.exechrome.exe

description	pid	process	target process
PID 4616 wrote to memory of 3272	4616	ITR-V REFUND.exe	cmd.exe
PID 4616 wrote to memory of 3272	4616	ITR-V REFUND.exe	cmd.exe
PID 4616 wrote to memory of 3272	4616	ITR-V REFUND.exe	cmd.exe
PID 4024 wrote to memory of 1116	4024	ITR-V REFUND.exe	cmd.exe
PID 4024 wrote to memory of 1116	4024	ITR-V REFUND.exe	cmd.exe
PID 4024 wrote to memory of 1116	4024	ITR-V REFUND.exe	cmd.exe
PID 4840 wrote to memory of 4636	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4636	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4336	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 2680	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 2680	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 3500	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 3500	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 3500	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 3500	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 3500	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 3500	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 3500	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 3500	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 3500	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 3500	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 3500	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 3500	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 3500	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 3500	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 3500	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 3500	4840	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\ITR-V REFUND.exe
"C:\Users\Admin\AppData\Local\Temp\ITR-V REFUND.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:3272

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2572

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\ITR-V REFUND.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3788

C:\Users\Admin\Desktop\ITR-V REFUND.exe
"C:\Users\Admin\Desktop\ITR-V REFUND.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4024
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:1116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe077f9758,0x7ffe077f9768,0x7ffe077f9778
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1896,i,14246889220117208396,36367027695511784,131072 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1896,i,14246889220117208396,36367027695511784,131072 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1896,i,14246889220117208396,36367027695511784,131072 /prefetch:2
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3264 --field-trial-handle=1896,i,14246889220117208396,36367027695511784,131072 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3228 --field-trial-handle=1896,i,14246889220117208396,36367027695511784,131072 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4620 --field-trial-handle=1896,i,14246889220117208396,36367027695511784,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1896,i,14246889220117208396,36367027695511784,131072 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1896,i,14246889220117208396,36367027695511784,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1896,i,14246889220117208396,36367027695511784,131072 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1896,i,14246889220117208396,36367027695511784,131072 /prefetch:8
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5184 --field-trial-handle=1896,i,14246889220117208396,36367027695511784,131072 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1728 --field-trial-handle=1896,i,14246889220117208396,36367027695511784,131072 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4020 --field-trial-handle=1896,i,14246889220117208396,36367027695511784,131072 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1100 --field-trial-handle=1896,i,14246889220117208396,36367027695511784,131072 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5984 --field-trial-handle=1896,i,14246889220117208396,36367027695511784,131072 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5928 --field-trial-handle=1896,i,14246889220117208396,36367027695511784,131072 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5368 --field-trial-handle=1896,i,14246889220117208396,36367027695511784,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 --field-trial-handle=1896,i,14246889220117208396,36367027695511784,131072 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1100 --field-trial-handle=1896,i,14246889220117208396,36367027695511784,131072 /prefetch:1
  2⤵
  PID:2360

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
78KB

MD5
4ab3b8ed8d0a9dda786aec59c372d98e

SHA1
f7c296c9b39b40382c5708c2afe98f4f379e267c

SHA256
d7ebdeb867eaba1adede7220faa86e10e003b8bef0ace8d3867d1269502ffb01

SHA512
cd125fbdf8c259b3cb3fcd50f6d144b8f541c1ba818cebbcebff7aea9e956ce1c59b5b8000aa75a5012bdba03df8736177d06571da52113b8f18e69a59c86e45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
145KB

MD5
b692a5ec0bbe28b36076a86330f23e23

SHA1
ed59107df6aea7186a39585f93fd633ef10219ba

SHA256
12a717367af287b090030c6136c673990ea4366c7a76eb7161e17f3b2ef0733a

SHA512
eec1bebf899d67205d7b4bb206e9434fea1379665f7c31c55e099a331ad5f33669fb0ce4b31444798f8d3268a6b472f6a725257daae50c0d82b96c46fdf7b968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
42KB

MD5
eed13e0404f75114261f93a8418ff234

SHA1
fb3e43f5cb48a0f926ae2eeeea16b91af408642e

SHA256
2fc3edcb175bd0f7dfb95d67a7c7b5f20e93e11d3b488e983536c9e52cc6649a

SHA512
9dcab9ad574115e7c3592f4c15b92775c46ec5d1e19a3aa2dbd327e14ce326ee9ac8b573e00f3a1e2dea980abdbaaf9eaba70e92ff7c8aebf4f26eebae71cc05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
90KB

MD5
9cabf7f1b4cedb0b2014b08af077c2f4

SHA1
2754934cdd7af3787e7357e5ed2194947d3b1847

SHA256
4168b1e05f0cfe3949190cbeda35343ee0d92092b913649194fde3ece66a69ca

SHA512
2b7318ded7d2ea579e435beb82121e976b2a1e921adc24de58cf03a4fe136be4d8632919488629a9468365209da5a33284a2c857796fc711e236b891bf7a6f81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
1.2MB

MD5
24187128b03bdd482439e845d35f67ac

SHA1
e7e393e99f3337222b9ed8f5947409c466133b31

SHA256
89a10cc3b7368fc7807d010e7bf5fc5b8536e1d13581393dd4d7559d104bd817

SHA512
27243d31b1d0b9785b2ba25603ca4c5bce290622fea991b1a6559104e78e1627e2e8981c9f6fca7ea9482800e58816cce37cad294e58bcf7ced8a431862a9a8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
201KB

MD5
e3038f6bc551682771347013cf7e4e4f

SHA1
f4593aba87d0a96d6f91f0e59464d7d4c74ed77e

SHA256
6a55e169bc14e97dfcd7352b9bc4b834da37dd1e561282d8f2cc1dbf9964d29a

SHA512
4bee876cea29ad19e6c41d57b3b7228f05f33f422e007dc1a8288fd1a207deb882c2789422e255a76c5bf21544f475689e7192b9a8a80dc2e87c94ee0bc6d75f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
27KB

MD5
322ec754f369b14aa8898467033c49a4

SHA1
c6d01ad92e6e8a7e4a61a656f2bc931f1a5994cb

SHA256
a20310738269ab7907af99cf6abaaf81a876fd59dd36d9ccbd8fdbd4407489df

SHA512
6b2f26ba17a1a9172acacf71d8b69743f866579da7dde85789b2984e5d618c57d872fabd41f487b217c2d4b10409853fa2a03e3b77c9cdfd4ebb2ad313631b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
c46ef81fe49f7579beb67feccf7e80fb

SHA1
23203a7ba2afa0619121ad594c199a11753610d6

SHA256
b8d05f46323780f4b01df91d0cdb1974170390ceaadbdff3ac71a50cbde9c53e

SHA512
8668fc3e466f5a6df38d148323f4db399b800719c28132cb29a7496e21c30ac660b8a95fd0c16f91a420064afb26632629586ffcfd8c367307e60eae5d61d1c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
62d7fa932c49dd354027519ac4285600

SHA1
1fb51e50a536c153e9b96578c0a3993619c540f0

SHA256
858528397e9790d150c51522b38ce82237258b98bff553b462a37165abf03247

SHA512
3b8d1d75fb77317e3983fcb98ab7039c595528953d49d0063ae3905cff753bd40b9a696db83e9c2c2ad4e2f78edc3ec472e9df35df47176efcf71e822dbd4fd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9dc44ee9c204500e1300d5e5e00292e2

SHA1
cade9a0f2a2f8697fb0fd0bec7a9de5b0a4498a9

SHA256
148c3dd9491651edf97b900516eae97af9cc105f82e72417ecab3bafe320011d

SHA512
04c2612a318e1cf8ec9ad8f75ff553a0ba64e1ad6b7fa8ad2bba6e1efbdabe135dd4bf0bdfb492f8a2c0e3d41542e42dccb1d87ac1af3c9cd9ef9b4b1f342c49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b73215bce291a23beec988209cd21dc9

SHA1
86e2895b34cc7a0f480ce21ce3ba1e72267637dc

SHA256
018fef744071119a6c8e1f49edb726f3dd9068fa5314729ba0e4b1c4ee05b556

SHA512
0573d3918f3c434595efe42b9149046c6923c925aeaeda11769818d402380455876428d7aa7ffcb4ef4f02b2b4151415975256047228b3603755a49d0ed46a28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
5b2ab2d451496bcf2565b08f9ca4db38

SHA1
13c51951df303fec181892f97e8275b93b6ff06d

SHA256
158a50470db1fa0d6c243354c8c0ad4c9c5932e8955d081bfbc9ab5a2d812aa1

SHA512
767c19281c5586818ec8b1cf1ffce3e52303252a1763ac03cff9f9c3d2db35c5ffc8920b6d6441ab4fb10269bc86fa27c770a6597b2866b378c6f8b1ac668fd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
8a7728103b4ed091844f08adc7fd9684

SHA1
51895fa93f1e9c132e06c7c3d9edd900aaf6631e

SHA256
23da9d7551e95a3f67df51741649e7e8ba0397b695cfc80070c0db6bca2a989d

SHA512
d5fdcadf93202d6ee09b5129a283843662759dda67c3b726b8a935308ae13bd64f8c7c727d6d27f62b66cb740031ab60f43005e59fdb4faf8ae2fbd4aad3a16a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
33b72a614de0a11badbe71e5bc1c0083

SHA1
7fd81f1dbd8b06740c08d12f6cc1826504b14f63

SHA256
3ac47a7f3e0777d5fec4779a47bf141cf5c5ee6620bf03ae59d8ef2473a74c88

SHA512
62d939510411a87c0b7deb4f23b370fab0e71888a3513f6bb50d9ca523f52ef20c0ef45ca6d4bcbbafdc2b0546d8bbd2dc18ab883a5a0a20ee1d345cddc481b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
366aac1281b31a1324acf88907a20f2e

SHA1
55071efa77082a6aa02a83f68e529c3a1fc36cb4

SHA256
726f048654245da50398d1dc05d1e5ff32a0d9a0e7cd3af50633224dd70a7b32

SHA512
3a6c502403a8c13d454adaed13ef313b9ec63ca5dc8a805daf2eaaab5e6be685f29638c190b72df729aca92b8449c4309dc50131026d97b14e2269ae4728da17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5809bd62c6a92e711fc908c72bcaca87

SHA1
f8f65ed55debbd2765430e10ed8a62c00d5bb996

SHA256
75bbd4fe5f870f28bb5e3631c85bcf4053ee6d91d29f23b9ba05e98208dbbd1a

SHA512
e4dfb9a3b1b7d8d801a92848a2611e5e1b96620e52dbbe5e8f46067cc4b995a9868b239f52852a1f57eba383b1faf9accbe74bcce7eb9f2d45c896e6f723be05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e1a23c071cd9296e8fa49eab08d2fadf

SHA1
f3b75366b06e87560b341a6094c451c2bec0843f

SHA256
e004f1818bd7e3f9608a426890b77670d0def8d919cdae4ebf7ceaaaffb770b1

SHA512
73b1a082e90aeb1b041a1eeb68eab16c3d63e27bbb20c9f80e790f636eb6a62b896816553176d779878786d5d97de0cdb1c5342b170231d7ccdf502b87bf950b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\2d69a30e-3fd6-4c97-95d1-1d4ecc864d69\index-dir\the-real-index

Filesize
72B

MD5
2ed07dba9d0dd4e8e949edd34db506ac

SHA1
699f2edeee4987504f6f24847aa62feca9cbd3fc

SHA256
22c1c784c8c097e6ff89ae70335d45e0516a1b29c5692964521e72f5988f2424

SHA512
330b831547e807e56917936cc8d57cbdeadf49a19323079b65d942ce7e3206698d5d634d2ca755b326dcf014dfea5a8394e7ba9de22f8ea2c7106a70573d93b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\2d69a30e-3fd6-4c97-95d1-1d4ecc864d69\index-dir\the-real-index~RFe612819.TMP

Filesize
48B

MD5
59a8a3af354be65e2d4f8be397dfa7cb

SHA1
044b40ece887411168e84c1951ae0eef249197e8

SHA256
839c08db4cd5d4a628dc6e68a4454ce90ced4a0d421e6e5c62823f4df0702f11

SHA512
bbeeaaa086a41326398610795892718d5d3b8f8b298d2841b6a91adf8dd20d967b2edc93ccfbcdf66d802ea996597f5dd2d0e767c28397a6aedf0d7aa0feb180

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt

Filesize
122B

MD5
d592445b62d27f0d7bf954bcbe09bce6

SHA1
7afbbf87be21175a2eb3de6e7ede2e6ea24df4fa

SHA256
9b03dbe19ec13111a7c1ece8ba8aa5f5f8b317eadc529ba482070a505533df21

SHA512
d5df9427af9532de502d37d02877c1ea955aa53c1ec5391dae2cff6c91ce0adbbd289a13055d1037313e7138e20918470ce48cc46b5941b16e6709f7a42d7c61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt~RFe612857.TMP

Filesize
128B

MD5
b6512cf23840efddb80eb4093eb56e46

SHA1
64c0d34c8eab7ca6d209f1e5148d1fa0d370330f

SHA256
a74ffa78e7b2cb5c44a45f40ba48f91485d40a6e43c5ed139248c29e1a2229d9

SHA512
e2a258123bb63b1e7c7df75d7b66500a7084cd63a67e088bd6cdbc8d777c2b6fefb62f34e8ddc27dc805198c5bb04ff9de93969c1f4d756d4e3eca22386d58d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
112KB

MD5
c78e760e90828be089e83817fac41c78

SHA1
528cd49c230def59320ea1ac3b741460970994ac

SHA256
6ef2829bdee8471f488482cf23d30a29a6babad8b9ae949d1fec5430529233f8

SHA512
f128385c0952fde8e4ad63faa07664bf008de80ad8b70bcef1cab691c102c853c18bb3fb30d9c8e0a88f59a737af3eed8e2bbc215b19e7fab1020ae47cc5f513

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0a080bd8c4aeda4811ba886f9dac2015

SHA1
34c894b712c87738d18821291bb387c1b5829806

SHA256
7eb00a3b35ffcba88a8e64b6c67d49410a9b3385a2010c8495936806d3da3b6b

SHA512
ca3bcff305139f293ab4c9674ef3091fa683c32ac6f95cda447a99927e77e5e8b68a1d3079a50db089ad8a20e1adeabe6d8891fe17fcf5792f12640607995f85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
15a8b642d048009ce50a2912490c047f

SHA1
1d23c096204ea890ffc1aa949b84c3fb75291f47

SHA256
fc7b589958012b02e498b4b8177736676ecb9b9e74b43d77d44b492f475eb0f3

SHA512
85e5e8f8d0c42a7a9c8b88bfd4b94a8d01968ae63d0f4a2e05581569760b443c45bd202c30a189944d89ff5b5f8a647116be396a5ea64df47c97fc190067be07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5fda3c.TMP

Filesize
48B

MD5
a889880f5011264759724ab6a98128d8

SHA1
d8bf5ed8371bdbb6d0543e06cdfeca123ed4b968

SHA256
65e4d52c32a881f909da9c2d1af89e1e881ce246b095d4c294314f5961c53a27

SHA512
8ee3f8a706c1561724721dc71754160de31916cd60b8ae242171d2645ccbb8ccd760212f7372134d28aa687581360746ff6e056c1717d8f9c23af16e9e9fbb5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
6da657809a1fc0aa3b826f9d5fb5485f

SHA1
8bad9a55b0c20998482c5b99be043ea5e2f02ffd

SHA256
ad6d8cb07a39f8581e3c6da2d53c705666006fefed47a0dec5fa149082d485b3

SHA512
d6f249c62d2f1821ea1a4db24c099c093a9b744d0014a5815b6eb29959bc3095812df80ae2f2ef8b48d81f60bcd8259929e5227058a94865bf9487738bfd14ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe602e28.TMP

Filesize
98KB

MD5
30b5cdbd04d9126b7b83ae9b23abcb19

SHA1
ea5cf69ffd55b665aa02f8fb8966282e55c62b0f

SHA256
814755988029a6155937c0d01a058b89f98b983109b637a3a084b6fcb7a06256

SHA512
6aacd928747e8b3f25fe860dda0e4576fe131c3c93158ef0b391049767e8e6ffef2c670ea2f554fbf40e3a06f0d4629e87dabead75d4e98b27e19bd9137479ad

Download Submit