d741ff9965978c828a9517b0b1d3ad6a8997762af665a53857e03e6abb89b5b8

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Credit_Card_Generator.rar
Size

6.7MB
MD5

26515231a367ffe425a46b143435f556
SHA1

c79cc5bcc134dfd0591444d797d6b4bef5fbd9d5
SHA256

d741ff9965978c828a9517b0b1d3ad6a8997762af665a53857e03e6abb89b5b8
SHA512

264a4cfa4d2253b5f7d33c6d49be90276babd50a359ed35b1be3aa095ab7a5779c16143a998a7df979bb110eb4db2457a9c0f055d0a5d0425058ffaf8d454674
SSDEEP

196608:175pJmw0HJHIHznEQWQY13LrTA5+XX8iQtnQ+StfTQE:5o7pyEQHK05VfStH

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
392	winrar-x64-700.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133576840255742207"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3968	chrome.exe
3968	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2864	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe

Suspicious use of SetWindowsHookEx 63 IoCs

pid	Process
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
2864	OpenWith.exe
392	winrar-x64-700.exe
392	winrar-x64-700.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3968 wrote to memory of 116	3968	chrome.exe	98
PID 3968 wrote to memory of 116	3968	chrome.exe	98
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1096	3968	chrome.exe	99
PID 3968 wrote to memory of 1164	3968	chrome.exe	100
PID 3968 wrote to memory of 1164	3968	chrome.exe	100
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101
PID 3968 wrote to memory of 512	3968	chrome.exe	101

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Credit_Card_Generator.rar
1⤵
- Modifies registry class
PID:2552

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd636eab58,0x7ffd636eab68,0x7ffd636eab78
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1928,i,17702558908196995980,7958594394608196436,131072 /prefetch:2
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1928,i,17702558908196995980,7958594394608196436,131072 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1928,i,17702558908196995980,7958594394608196436,131072 /prefetch:8
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=1928,i,17702558908196995980,7958594394608196436,131072 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1928,i,17702558908196995980,7958594394608196436,131072 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4332 --field-trial-handle=1928,i,17702558908196995980,7958594394608196436,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1928,i,17702558908196995980,7958594394608196436,131072 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1928,i,17702558908196995980,7958594394608196436,131072 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1928,i,17702558908196995980,7958594394608196436,131072 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1928,i,17702558908196995980,7958594394608196436,131072 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4960 --field-trial-handle=1928,i,17702558908196995980,7958594394608196436,131072 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4976 --field-trial-handle=1928,i,17702558908196995980,7958594394608196436,131072 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1928,i,17702558908196995980,7958594394608196436,131072 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 --field-trial-handle=1928,i,17702558908196995980,7958594394608196436,131072 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3148 --field-trial-handle=1928,i,17702558908196995980,7958594394608196436,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 --field-trial-handle=1928,i,17702558908196995980,7958594394608196436,131072 /prefetch:8
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4520 --field-trial-handle=1928,i,17702558908196995980,7958594394608196436,131072 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5184 --field-trial-handle=1928,i,17702558908196995980,7958594394608196436,131072 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3488 --field-trial-handle=1928,i,17702558908196995980,7958594394608196436,131072 /prefetch:8
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4736 --field-trial-handle=1928,i,17702558908196995980,7958594394608196436,131072 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5436 --field-trial-handle=1928,i,17702558908196995980,7958594394608196436,131072 /prefetch:8
  2⤵
  PID:448
- C:\Users\Admin\Downloads\winrar-x64-700.exe
  "C:\Users\Admin\Downloads\winrar-x64-700.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:392

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
fb88f894dacea5a806bbea0e83d41875

SHA1
b831cea5d31c10c04bc4943caa09845ddfe8b24e

SHA256
104be44484ee7b4754a64beb2a111e666f54300b032f352f0637eead5b0c3258

SHA512
5db4a6271f8535aa32a387510410082fc1fcb97d55b5d0e9543a4a24aec69ca47cba94857681971c87153deb650fee3248cd338f3bfba6f352021963978efd7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
9eead9a48f2ed77ec6869884938b7353

SHA1
ca55ff36d6455ca48ee30e701dd3c2e21390ec3e

SHA256
084a51455f17f0710d7b72d91353067daa1de12e9a4fa09e11c0023d0a3f4a1d

SHA512
0ab38383bfdc21923d2b911f85b7db20b312fdeccf79ceca9da85cbb8c9273c08e17cb6c842873451dddc8ece232dc18e8dc19fb2f9b1e3e9d0ab2f3077bcc42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
1bc4d805e3190a83dba15723782cd515

SHA1
fb881b171e3c1f145fe531e289eea0ea67d0f891

SHA256
5cb99b5ba7ec90f71c2664114e8d032f824676bf1db3136919b385e76dbc97f1

SHA512
f42eb3dcb87b9da740c5a3191dc34e0f4f7196c04389d5338a008686014de76ea26d256ef51a93f31f0af2e84a47cf7b1b953fde12dda50e31d50858e861da67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
7d70d30682bd6fdb8bb30a808547c4e7

SHA1
99cffe8a5431acab88fcf6506087b2e1b390f5a1

SHA256
76c6c2b6b9119fc3c3c1a0793c9938ccd1fe2d8e157b07b4bc775f9622e7ff3d

SHA512
c36f7dfd1398b8c663e509663370e9192d2e7384b11cd43f01a3d64b318a046cc889e5e05b07c02434e5eb033763f21ecaf5e505794dbc793c6689510e4cc041

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b404c262fd529ed6bd093342b4a39931

SHA1
28cb0c3f0b75e132945956e3cbd779999ca8397a

SHA256
8620096a0c74d86160997b55488c5e63b9367bc929fbd89cd66b09c26a610052

SHA512
9879c663040d5157aa6a1382742cdef326f0788c857b72762f96abc020a357a81ab0fd902f6f2ca564dc9745f5983b88cf06103aa8213b07177c3e15ce28c503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
14fabe0fab0d36321369931f86fe122e

SHA1
57508173edf872744436d0d1e62a4a4fda378db6

SHA256
e6648aa0b869c4ec26b093ea11531b883c5796527db1ae49d7e929152d27c45c

SHA512
e60edc310268a9b97b319de735d129eff234a1bda886912744266216ff363970af067cb88eb799871288bbaf391f10a55128f4b374c7a7d67991fe83d2c9c107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
a5d57e0bf60f73b032b0a11d619a26b7

SHA1
2e10e171a1005dbecc7ca7e4c09ee84865283df7

SHA256
a18918af56420192787c0632a6e729a8a165618185ade69e5a9dfe79ffeabe5a

SHA512
2bd6c43b647e7740b8bc1964713bae38784a4f86d4d86784d1b7943fd4f9d2fc3e8c2f399ccab6a9cbea7b53d000fd836de5254a48cec12221778d063a004838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
67c233c098d384e96a72bfc441df6990

SHA1
77440d1307221c2f691d14975986df25a87804d6

SHA256
c7e0682f306e85f027231714ab94fee697dcc4f5b886cc34f4e0696a70d5c3f7

SHA512
def2a697fdb9e249d0629a1f1a9b5bdc99a2b30a6ba67dd86827a020636bc7b6e6faee42f11f7a70509dcf7ecdefbef6eb958620c8fb41694849886d0e82037f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
121a56d2ec11928a98747caa994339dc

SHA1
0501a2520fee1f2a34bd6a209bf888383b2bdceb

SHA256
28036d27943288c7619708871e85ecf439d0ff2710f3736c0ebed21a725eb95c

SHA512
4b792da9315b648329752a11025b4323dacc1045d12007bc694b379a03e02716b5710824a83c09e50d7efef2de7e8aa215e23e7afe5de55c318914bb3b8a0b9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe595589.TMP

Filesize
88KB

MD5
b5a6ffa140f82fd7f595b06613ba4193

SHA1
ec28b39b748103d173c0000fb119e4569d957591

SHA256
6596d508b14dfdd54c097d46ef81d495d5db8079bcce13a78bb13e763f0b82c4

SHA512
95b34513fa9da52253eff71e977ed8a534c21ac570cbd0920d5e0b33df3df0309781509c1d4d8ad5482d0ea454e8f3f283e4a63ec92d4823cf916cd6e5ec1387

Download Submit
C:\Users\Admin\Downloads\winrar-x64-700.exe

Filesize
3.8MB

MD5
48deabfacb5c8e88b81c7165ed4e3b0b

SHA1
de3dab0e9258f9ff3c93ab6738818c6ec399e6a4

SHA256
ff309d1430fc97fccaa9cb82ddf3d23ce9afdf62dcf8c69512de40820df15e24

SHA512
d1d30f6267349bb23334f72376fe3384ac14d202bc8e12c16773231f5f4a3f02b76563f05b11d89d5ef6c05d4acaacc79f72f1d617ee6d1b6eddab2b866426af

Download Submit