0efd7d7c4f0d79d878008f98556127f1f56a79dda0e8cef737749153b15d2923

Resubmissions

01/02/2024, 18:21

240201-wzk9qseaam 8

01/02/2024, 18:18

240201-wx49tsdhfq 1

Analysis

max time kernel
154s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.html
Size

309KB
MD5

50e09af0066496b0c8ec4557d1f08f01
SHA1

7c5d4f6e9911927ce1d79f2cecf7dd38ab560790
SHA256

0efd7d7c4f0d79d878008f98556127f1f56a79dda0e8cef737749153b15d2923
SHA512

c885f332ca5072b147ab02630593da4ee65b8b19e99f869c5dbfde1cfa8dc5f1847b789a9daf2e21bafe6d40462d7b96e3e14f7187799f9a99e63c4b2486651c
SSDEEP

3072:iiRgAkHnjP/Q6KSEv/sHxPaW+LN7DxRLlzglK0puu:fgAkHnjP/QBSEcRPCN7jB0puu

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
3260	winrar-x64-624.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133512853907403895"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4292	chrome.exe
4292	chrome.exe
4852	chrome.exe
4852	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3260	winrar-x64-624.exe
3260	winrar-x64-624.exe
3260	winrar-x64-624.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4292 wrote to memory of 1968	4292	chrome.exe	84
PID 4292 wrote to memory of 1968	4292	chrome.exe	84
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 4980	4292	chrome.exe	86
PID 4292 wrote to memory of 2276	4292	chrome.exe	87
PID 4292 wrote to memory of 2276	4292	chrome.exe	87
PID 4292 wrote to memory of 4528	4292	chrome.exe	88
PID 4292 wrote to memory of 4528	4292	chrome.exe	88
PID 4292 wrote to memory of 4528	4292	chrome.exe	88
PID 4292 wrote to memory of 4528	4292	chrome.exe	88
PID 4292 wrote to memory of 4528	4292	chrome.exe	88
PID 4292 wrote to memory of 4528	4292	chrome.exe	88
PID 4292 wrote to memory of 4528	4292	chrome.exe	88
PID 4292 wrote to memory of 4528	4292	chrome.exe	88
PID 4292 wrote to memory of 4528	4292	chrome.exe	88
PID 4292 wrote to memory of 4528	4292	chrome.exe	88
PID 4292 wrote to memory of 4528	4292	chrome.exe	88
PID 4292 wrote to memory of 4528	4292	chrome.exe	88
PID 4292 wrote to memory of 4528	4292	chrome.exe	88
PID 4292 wrote to memory of 4528	4292	chrome.exe	88
PID 4292 wrote to memory of 4528	4292	chrome.exe	88
PID 4292 wrote to memory of 4528	4292	chrome.exe	88
PID 4292 wrote to memory of 4528	4292	chrome.exe	88
PID 4292 wrote to memory of 4528	4292	chrome.exe	88
PID 4292 wrote to memory of 4528	4292	chrome.exe	88
PID 4292 wrote to memory of 4528	4292	chrome.exe	88
PID 4292 wrote to memory of 4528	4292	chrome.exe	88
PID 4292 wrote to memory of 4528	4292	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd891d9758,0x7ffd891d9768,0x7ffd891d9778
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:2
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5272 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5232 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5568 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4836 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5840 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4996 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4992 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5188 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5020 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6264 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6184 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1672 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4628 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5012 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4664 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4704 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4732 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 --field-trial-handle=1868,i,9937568193978621535,7491052574638002735,131072 /prefetch:8
  2⤵
  PID:1668
- C:\Users\Admin\Downloads\winrar-x64-624.exe
  "C:\Users\Admin\Downloads\winrar-x64-624.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3260

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4068

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3356

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
8ae25b226e0662d256cdb32f2777f840

SHA1
39594f82a6dd98b6e4a341648cd56e9efc6aa16e

SHA256
935b4cba7114f9adb0c7ae6acbc8903ec672ae318ac63c5d5e5edf857b4db207

SHA512
e529649b71c7a7fccaabc2833af3cbfc9bb15b66cc5735fc95a2bd741c502bd11af05853946d045a49d823e3f6899523d050fe7d33c485af5abccc8e2ca02e8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
ebf69de3ff0b6c940155c0118166ba99

SHA1
5f7502a78d0af0c83761c2df767a16660cbe08c5

SHA256
4ff391d6ddb66f320d34501eed34f11387499c173396b2e8cf97e669ae2e1951

SHA512
aa2faf7ab44b2ba0b221da96536f1a98c3d29f778e18fb3b695d2a6bf72ba89fde5357842b3853c6ff0e446b5c8f39823e49bd6a9aa5ac541cd109ca4c8c2859

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
cf1de4a68d684754626648384e350f3f

SHA1
c15b888e98a48e5ef21061d5ae887cda760074e7

SHA256
8010acda9898fab56a195b80e741d02b21d513b073cabbabf772d844d6e9fc60

SHA512
ac5b0177ea49a275082638e87126e14fa9d14a43b4af6f145a3f8108b5672cd3ef65d182551573e126348f37337f7f0ef629c350b38bdef68da93ce594fc1ddc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9a8d2f0739107206171a5edc0d8ea48f

SHA1
142b80eb4b3dbd70b992f70cc746652a03a04d5c

SHA256
58a841f0cdef0f90b826eee332897836c86b2e461fdd264fe2da1968663abab2

SHA512
50189aceb9eb52610f5a0bad69dd6dbfbc9e1567503ef7d2676cf6c95ef17e4dfa64972176be889b2d511eec57daf74ce50bf6fa335f4a751c8ee33f2c56837f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5ab9c85d6f51ef328ddaea4972d738ae

SHA1
9c69ed2d5b01c99d097ec874f87a092277825c12

SHA256
a70cba798163fed109f77d9600325d38385e261b6f820db2542e08f7da181b4c

SHA512
c8a7eed0111883cd7b043e9b2108d485518b319eb4b68c4f374b647e2e59cf5091cd85fce2293f11143e7af7ecd3e526303ae5333de37a38dfed909ca475b631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cdba8d5e778ed102b8ccff75d76646ee

SHA1
4d3a78140b2a485dcc5d09dfdc65b23ea3d9f997

SHA256
b3317ba2aab83198f452701ef641278d7f7afebe596cc084d695b7dbd8552f44

SHA512
fae7c0dc64c90ea9db998cea445dc5375c9527426fda1cbd24aaf646617826b12857ebe442ced5aa1654315d59c357c82871883a4cbcbcf767d28600551e48d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b32857c305ac64be3252a118d474a1a0

SHA1
9841aa4914e6b11d15782bea4a29ad320bd676df

SHA256
735a77bf772eb2b00c32b6185ed12dd05f4fddaf0d2c63bb252e2d2e53270fd1

SHA512
0049a61aa0c3e5125881c4ad75236dfed34f28541d09907eb08983bb8faea6a7bfb60072d032e327210dee17d16df577d6b2494f29241634b3b83886b752af84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
871B

MD5
123323f3ef31e2539806826171ca459c

SHA1
a338d13c6bc46481a37ae4b8a53fd5d2b511c213

SHA256
d0f236e710a948fc0003687063038f98b3cfb0ca2e8a0f0f72f217b3f5dfd5df

SHA512
92ecd45749df2a96819c0c4aebe7ac5a2c612601587282e4cc89e73db745a2935c25eeeccdd4e2c0e09b8bfe545823362597a2c894e3f0c213024308de498d30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
869B

MD5
d71cb79cd5a93d89c2b89f934b531daf

SHA1
4d28e5b138da6c21045f7598755f18a8e228fbc3

SHA256
126a23c1788a37c8da4be9c018777763f9940f5e2e164ce564f8ed13bc9b0d55

SHA512
84e5bd819eb8f2a333cb9c4894fd52eefae72eb5053462ff7c9d4b762872f3e5be5f2978616bbb965ec0a1a5a5c8de712701c19510507d7b29b5175ac76a8f6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fbac0cb0a767e061b8c14dc40f0fb31f

SHA1
0ce2e16fd46c98d8fbdd723fc9fc6ad7d01cca88

SHA256
be8281860b46e0bcbf2ad920d15b2c99b5fdfb3d289867be20bc9d336e01e6aa

SHA512
5f362c57170c7229c924b2a0b7f00b42cbe159f91f373af37044e9fcbe754967f1335f91fb7e691f6c6ccbda192fadcfb5768b384aef358057bdd77b0439446d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a4e1e03f183ce6e60da82e32c61ff40b

SHA1
37ed34143541554e1ca343e911fb654be2c2786f

SHA256
c28ebd001206a2c71d1bffa607abd76dcd289cbe5cf4550f9807ee3397a2a6db

SHA512
afa0b6c98f70bc89c1715d6d481e8803f1e8cd4c3da4d40ece74d82c664d10181259f63c22baade12506c6a74a83e851d025bd86a5b4b8cb674cd40f9af12729

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
866c97c1b19afef131165b412275d32d

SHA1
dc96472e8e751227eeec4620cc290de42e100190

SHA256
3da3b678c6d0f76996c0ff422a9b5cb4c12ad16887ed1a91072e8db89d6b0aca

SHA512
16d8d95ac1017f23994025ff99797db85a69be065c30dbb2199380aa7722fab0a4b8869c9f8f85cf540ad71c4ab8f23acffb391afaed5949a90785709437cf22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c41275e8ad462645f5b4a919c4529b96

SHA1
73e0b3d333d8aa3974b8b57c3f10db988b5dec02

SHA256
6e44507dad2a8cfe0cb7ceca3b9747e6052faa21cba3dfd8fd72c5e8e566df6b

SHA512
3ae4f044f76507b9cea4b0e011474855fb74c2a0303ae8f2ffa5363fa33665a6a46ca5e3d8874a67c4064a89f8d1b39446491aea9944cc885478d48d7b3da6f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3097b68e2b2d187b8493942da5d8693f

SHA1
e9cd7e9677a388b2ac8e39e5fb9333613c32640a

SHA256
36f5cc1e064c127ccfa21d63704c7441f95100f57da2a0b70bd8d83ce2f1d7c8

SHA512
d00bdef78ecdfdb70e2f3f65fc9f2ce3c019780e175ceec18eae5b43edd0f94f95d70fc29c48c22826c7d4e4ca2012c004045cdbf4d322924a14725f8593a418

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a084eb90c3c7fe25d04fd704524eacbf

SHA1
825c07728b4b178bd9d7fac7836fcdf5fa6283c4

SHA256
14034f27202e8cb61f4441e2d8f2ddc2763167179df3ca405c26cacafcf8d1d4

SHA512
2600d3eb92efc6ca9298288ead1a5699319e31e1789989ab368dfb1fe327e63e5004ab76227b2de3bd7b29c268215c4b9f18d3eb287e322e919ce4e649e953c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
96b892fb68ba16effa188e56dae4e08d

SHA1
3a9d2012374399ad4d751f5e9216ec17dae90084

SHA256
ffa2f88322f363da177b57b5133a703728f413e526831dccaabf20e6fb2985d1

SHA512
56fe173dbd127e2b84a4b62dd8bebfbc7ceff3344f6262790ae0c2c5f7344d24c520944c9a87e9acafcd2762a8e3413fa98bbd5cc77389e5c19bf0c8dcd2f59a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
8d76b88247b34306866fd6ac573a54a9

SHA1
686b476d51c90d985ba3715566c8e0b1795e2fdf

SHA256
a3bff5447b8d60fdb9c7993a5ea3b4e94777df51ab332e955287bf771f12bbf8

SHA512
ac5a015201cb5498d0bb8a1a6e8f9ed7b9b573b572b0da87ce50d6eabab0c4385191ca926c043030370cf35c9e9041e64a9aa94d6a75c6954fa0f3a38a02e2de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
3d480b28d2e0df72f4ec1e0ec8b6938a

SHA1
f61968a0aa3563fd0e01f5a3a89c82fefc764f2b

SHA256
d3b6bce6be9b29a5fa791c551441753a4bf9edb9731b0c1100e003bda602e260

SHA512
9d19cfe21cac89aa171ed6497edeb4f39ffa8fa92020431c2a7f9d3f7fcf2cabdca16b4601a4309257948ba7069964b2f67045731320077d29a79abdd5bdb27e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59eda2.TMP

Filesize
107KB

MD5
294c13c084f701082f8e5c7be20bfc4e

SHA1
5662dea6ae1fbe08641a4a2a217a26bd718358a8

SHA256
f0067757188c463be511f4e13b7a077cfeab267bbc7f828b114c3571673ff0e0

SHA512
f27387cd52ac7a42cebc934f8a6a4a7ec11e6633d711cb323f3fcae2f06d3aad79674b3688fac6924694436ec5fe6a9565b4245cad588b3e820786493d17cc30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\winrar-x64-624.exe

Filesize
3.4MB

MD5
15596b41dba42cdcce4f677fbbc86b6e

SHA1
1ed1e69e72028150f8562bff5ca1dd745874329a

SHA256
377abc9d367e61cb5c4761bf48dcfdf5bcd3822f303e0f972d7f4c8295a2ea79

SHA512
d4e0d64f71027ecc6d85479542ed682359b37446cb1dccce5fa2972f152e27f3cb91a8ec0dc61270bc40038751a58982d4678efb929a3bc6d3546e072f51a9f2

Download Submit