bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

Resubmissions

06-06-2024 12:17

240606-pf5eyafa23 6

06-06-2024 12:15

240606-pe8qzaeh95 1

Analysis

max time kernel
391s
max time network
391s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
06-06-2024 12:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42.zip
Size

41KB
MD5

1df9a18b18332f153918030b7b516615
SHA1

6c42c62696616b72bbfc88a4be4ead57aa7bc503
SHA256

bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa
SHA512

6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80
SSDEEP

768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	7zFM.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133621499336764040"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
2960	chrome.exe
2960	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2620	7zFM.exe
5060	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2620	7zFM.exe
Token: 35	2620	7zFM.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
2620	7zFM.exe
2620	7zFM.exe
5060	7zFM.exe
5060	7zFM.exe
5060	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 4932	4852	chrome.exe	105
PID 4852 wrote to memory of 4932	4852	chrome.exe	105
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 400	4852	chrome.exe	106
PID 4852 wrote to memory of 2156	4852	chrome.exe	107
PID 4852 wrote to memory of 2156	4852	chrome.exe	107
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108
PID 4852 wrote to memory of 3508	4852	chrome.exe	108

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\42.zip
1⤵
PID:2668

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Enumerates connected drives
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2620

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe2546ab58,0x7ffe2546ab68,0x7ffe2546ab78
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:2
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2328 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4316 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4424 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4760 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:4328
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7f107ae48,0x7ff7f107ae58,0x7ff7f107ae68
    3⤵
    PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4668 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4640 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2784 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2664 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:1
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4488 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4664 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5160 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4140 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5348 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5364 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5528 --field-trial-handle=1800,i,43698018386963802,1195671604203636684,131072 /prefetch:1
  2⤵
  PID:3348

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:868

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\42.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:5060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
69KB

MD5
4f9d58547367f284c0fa5c840c00b329

SHA1
afdf5a998830ad8bea4d57ad8cb3882ac911b43f

SHA256
3104d7911ad5190e95f4bcc647740dcc286325ca7a57f46510cd7970aeced0cd

SHA512
7d21bdf059b4cbb5a1203c8c7333ea91118bab3b6d935f59e7e89637eb31d2a28d69033ce8501431dfbcccdb6df1f05d86cc4d99af01c68270a5577b795eb350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
327KB

MD5
cca0789dbc7276a71d2c65395be8800f

SHA1
21db70268870280f1c4b697ca14154be886c11ae

SHA256
d8faca9d4e798d3ba26bce8ef3629bc017215f71c57f0d396c7a7dbdc8e1cde7

SHA512
87c82b431817a6db448f1c6208853053a7f6e6c37cdcef06e5cb764459d8e9ca2d7b52aacc3455c6d2613ba01c42f43f07aaea0925c9adde70e9ee928bda6a95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
133KB

MD5
fa287aaca1731e6e02a4d0a507af79f6

SHA1
173f777fd8fcd514d6dd9abd55ba915a1e12d7af

SHA256
fe197443b21c9ae8c86147b6b42919760325e3ab22ed1d60e06b2357cf6ccf56

SHA512
376740c22eef801d7e9da3fca98d4aeb53cf40f8e5a7f8ef90881e054929a4b0f501b6ca47ddfbc20a3f6576ba3f17ce7b8852918ffe295a85bcfa6813606cbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
252KB

MD5
ed571c58f6162ef525169b8a0e801b97

SHA1
19389f4d17e76b86a591ec4a7fcf9cd8edb62cc1

SHA256
61c424d4b3c236153d0e451d72b3f7dfa14db248156e9107c34bb5222e32f0d4

SHA512
a246fcaea7b34d0efee447f11fd1a683d35a70e6ed5914cb1a8fe67e309a425010def8e93c729b636822c0948879bd73a0a27f686329ddaaff283a5dd4dbe32f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
164KB

MD5
4d556c2cc10f8727638e49463b7d2a89

SHA1
257179478e9f824988c329ac72563c9aaf7bf60b

SHA256
ca0f78aad838f0e3fed01621284f941df080cf134c14768f9ae104fc47c996fb

SHA512
3146f1d3b6a0bd3ced1231d313d23591ad14a680b08f75403c79a22c52632ebd279fb05a11918b060b860751633eada4715d13b066fdf6867222f2506ad10a65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
223KB

MD5
abfe795d537c0a7ae363807b1aa779a6

SHA1
7d72d61a801fd19553d52732edf00db428132ec3

SHA256
6b894e5caee4f6fa832f151567fcc529be059d3b8d7deee732bfd5ff6a61214e

SHA512
100644999ec9cc3e51a12c1c141c08b4edb07c073b97363f65be503a6befbcdde3906874c3a5fe2229f3d0700c4abec1850edff6ea83119deb0df8a8fd7f6380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
42KB

MD5
8f1f73a6bbe39bdf9491f7672b28db4a

SHA1
17e1b5e01c6ec0fe14e5091c4bcfebc17c0c0f79

SHA256
fc0f0e634256ad4acba4e91d7dbe8f18d90b5daa7c5868a5e2115cd45e41c92b

SHA512
ea228c4f2126a188005608488b2d980d36984a06999d8fa5a00ffdf14073e4a00d417518fb1716f664394613bbf1ea70b74ad6d12335d1afaddfab51d42538f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
19KB

MD5
bcc4b91575004b43a8d8784b3ce12385

SHA1
d3248f3bdaea64ee97ba0196051000c31abffa38

SHA256
ccaebf2f7e94b54ccd54438896cc4c3867be5dc986527cc71f57a9404d07af41

SHA512
a1c3dc049ca0252a442cd9fcd7ca4786c43b9d0086b6a1273c224c476e613c53f4966c88b6c5350e026da1e27ec977e3ee6a9b53d33eea9995480d4b41e7e98e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2723d588411fba287212bc5247347bb7

SHA1
39b86f068cd014bb8927a8b244a452d958ef771b

SHA256
f79bf248d2997fd64606eade48657a4f22004a44ffa1d03a9d91f8877005a564

SHA512
b5f97d769a31735323243f9b1f60a68f11a9fc64d502b54028933996e871c26e786c70b3cdfe75272b681e8e9d2d4366923c318e120b6f203769dbc51ba5dbb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
f4386b1c38706d692a28735746e99a2e

SHA1
925a4782f8dd784d2a92f285a01bc8d2dda781bf

SHA256
1aca7a8c0b82a021f9fa0d69984b248d7f7a24d29842e1a81077310644873ffc

SHA512
f3e4397cd014599b8efdb46a63dc792a3ca8402e87422cee304e407d7dfad8afaa70f66f67365ba3caa76f7f8ddcdd925e00e73f3dc0d4df1f75aae9df43c58f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5357324cbf80f39a7f535f3563953f70

SHA1
2955e64bd627b017e731832be0f5360767a6c25b

SHA256
6983dea6391793ce230f330864a6a5b95a643f69e4f0dba2a86312482fa0c2ae

SHA512
fe4653ae925b04d74d70c94304669bed9334ed5061f4ca3e044cbec96cfc5182777d295acf8b9de5f1ad06beaaf9dedc58362bcfd97a190f2ca45750b68df71e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6cbf09665b1584da8e246f2301ab0f42

SHA1
3ea2d3c3283382cada52161d84589d70ba8a51ea

SHA256
6f67b9b8a7b55c8ec2c0443f0e36e27f29fbc99991854bc009d4fc94912745a3

SHA512
730ddb93d3b68827b88dfe0bd1d8b02d32ad85d952f7e31dced600e1d0bfb833babe0ab4599dab4116e3f18bc7b2a1d2b05283c7ae6851512a9f63bffdfae561

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2e2cbaa9058d455d9926145a1e471b6c

SHA1
da0c28e8a4186ab689389caed498ad1cf1ef6570

SHA256
edf8e8b6a2b9bae89afad102b692a17d98efb45faea78ade8f52039b4dd09511

SHA512
df8b74d5935baa232ca633f74088ceee11dcc2c5320ba44e2aad4797b03d247ef0083fdb0c877e1e29e578ad0b16e9dadcfa88a2b1ed83522a923847a966a311

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
09f01db1287a5ab44d1c603d03a13495

SHA1
2b03d6cb3cb639f9a2e56275f409f2a17d490be3

SHA256
38b5e319e79df3af95eeffc4ac414b18fba782a197f19c2b8c1148ec7e25946c

SHA512
c426236e655f5441436d3e8b71c24e438646dc6389b2569a23627e6e112c0b60a8e7d6729d69d3ae61e39b1023270926b3f6fa1d8944c52f4c4f08a6f8855393

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6679cf4dc129658bb414fc586be575f6

SHA1
27c621a65cb5ad3dfa2d319507583dc9d4787415

SHA256
f2855a3d617cc4e71e570e282b9996a3151cd790f9d55d6523ada6e69da2ab89

SHA512
49ab9e3a4a76bb98bbbd725b7e30225c463599df90faa7ca426a6dd5c596304887e4641b0c39a59af83f3b43a68a297e6fb5d00a260bd3e5279b29b70d88bfc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
1a64d925e1765dbb9e70977b5390534b

SHA1
da956bab11ee8230983e70b12438b1e95cc0a189

SHA256
946629a9115c5332317b437477ac0d17633b19310d252cc22653b7782ffb20cb

SHA512
33536d627f0a94819e5db9ef73401a31db800e4cf08864e5ea0ccbf14a69f5acaf31301554603692a49140fa8088c6218b2bdc2832906a645fc6c7e205f25bd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
71eec4510192b34a40fcd984f1ef61a1

SHA1
e8f9fdae294e55db1da3f4d7a58fc7c51b898535

SHA256
29fc7506a63c94e27d2400d972efa23fa9ad7e5f092ca15eb5abef8d54c915dc

SHA512
0f604a6433b913ad75e2f82a0a34fd871abfd65e2c49863821b39c90723dddf0c844d50a335912b991dff97ea3d131e9e5316b13221fb05675534b8714d2686f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
579577b46308e7f4f3d60122b7868a22

SHA1
060c7bbd1d5faeec596e012cc03afd6930302c75

SHA256
5d5ef2c619b5e1ae9a89096b4d03a4ab61b49ed1ecffe3a6a41dadeba80f0dcc

SHA512
7003ea1ac48c419a63f562b2933607edef680c3f703f4898f26699de33d2adc7a3e7487b0006c375113b73555eec0cec2b79ffcfb40c784b2f9e8b38e3b90104

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
2ff74c46b623458dd92381b94a1f16d4

SHA1
ec53a3cd085e682b8e1f786a511e6f56656796e2

SHA256
cb9bf3ebe33dbb319ad94b93ae391e1aba72c3972c1dfbf2c45e34b82fead6fe

SHA512
56be685b3ac98c1c02704a52fa041d4d8ffc26eb38fd9a0467b1f62011181c83832aaf9eb254d20cd9419992d9380e79b6cbb2fcb85933606e33275af248446b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
4bc9a85397f86a2fe725c3230853c1e6

SHA1
f49fd2775f76ba47988e9a3cd9749fc31ef24e39

SHA256
e4cfe9c47cbd9f317b550dd6bb3a48de9473f5f3e94bd9652ad3ee79a762ef9e

SHA512
d949bd04b2f1241c105b876fd0d107ab9b5f29ddec8a5c1120e90ea711e02b3761d39bc88a307bdf338d9345fe0f0f4bf509647a97342013b8678529d273ca79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
06cc47301cf124ec61cab7e15876a3d9

SHA1
67873002619f9803eb2c1493b3bec5dc2cc666ba

SHA256
50ab2e5dc2ab34100c3dfc942f6140ffc1342d5fe0febbbc5b7f42a4057a4adf

SHA512
8d9dcc3dfea42316d074b483b321d50d6696f876f3f33a68803b6a226fc0c645d1b0c060a2003842b62ab5d168ae1f86be4c0002da8e323221dd2b53fb2c3075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1db1c92510b634fc48a77d76b1ec7ae8

SHA1
20ec136dc8a951e709782ebeba0e9cb8aa0ce9cd

SHA256
df9c02899a7671f0fc6d96ee76f4691c2aca350f06e0cc93c8c02b9d31e9a2ed

SHA512
3d99ec68f5ee3b5fa87491e7366e6a44df98cd24e4a2cfc5799a0459dfc51161dfc5b94e30b0ed6acb8678b7bdeec0bdb68a99c18856430d38ae7f08b89c3aa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1aba352c9966b54c8df737525b2c4873

SHA1
7f8a0019342cfc54fa5db81902ebdb7ff2d4aefa

SHA256
8b4b5142d443aa29293fe1cb0025082545a19ea3cbe4bd6f82cea263c509ce14

SHA512
c1710a46d53ded4ee77b56eb203d0f4d75d8b4e106a1a09fd9954bf43833b7eacbab5039cee69f8d5121a5467f4a00f7e292b962249be1fbde5f9168a977d298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3bc6af7f620937e53fc9dee04365f280

SHA1
f75a58fa41425182edf09fa7401c3c7576216e85

SHA256
420f490cb66022552e04dc3c50dee46fa8bd612721a8023dcf3c22ae9456a84d

SHA512
fa24044870472b80bb23e05d2091eecb9f4d0b6769ae6e697f99ed8a55b07320ab7aa2aa22db9c6d808cdae226da612e0116f5c9d26fad9050bafa03ece34a3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
17eb46a846c474292e8d67159d234386

SHA1
ed990669470198316903441c9e921c22f0dce728

SHA256
6e10a0fe4a134f6372a8f9b04f333adc1ff9dd27ee327cc409dc8135798c77cf

SHA512
da9577c1dad30720efdc37666b3800d6d79530094d5de88e1fca0e35157a12afa9b4881628a6d75154ed8a70f3594471f04a26de35b0858ba3d0e7160d314ed4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
b04b048ef1d08e32ba7714a09768c15f

SHA1
a0608348648cb90338c0a46ea37188ea3883411b

SHA256
9a34ed2a6ab861dd071061b99a8ad2894ff8154d4189cbd1cd2243963dc4f3ea

SHA512
5c03d927c1bd46c852f0b79b13099dc1a9daed8cd22e0c2e146a0311d1b714286883ec834966d508d8a723d967f8eb4f44c2decdbd80a1016bf65ede295e2bb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
07380b3a1c130b3c80478a9a15dae0f4

SHA1
7db853ada3aaefc10ab85839f7998e00690b8490

SHA256
ac7857c04c98c0ba53de8ea8dc8d3aeea363fbe96fea0d6113ae0ddeca39d0d8

SHA512
75e292a2a1d85cf9296d552a91c7dd233a3c8290d78787075b6941b0b31bb38f5486f00aaf6e4cb693f24a1bc49586a45091220257b2f2eb72a91b244e3c834d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5898b1.TMP

Filesize
120B

MD5
e2edbf1e31894c09a6340d61f34bde84

SHA1
a756d4d7a1052735bff1789422d716e50ceecb15

SHA256
4d097cf550d10c2883816683b81dd5540ad5b5b50f57f989b286c40e8bbf06c1

SHA512
8f7c280677b327ae8fd5d54e76bb96ccef46a3a7c1614369c0456ad03fd04966d43243f70aeadea029b259f03cda31b659e0bca813b3f06e271a3d496cdd38d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
b6d0cf484da3126c14fe98d280c76172

SHA1
b8f2a8a83beda7779a940d6de560f70456a7514b

SHA256
22ee0cd27c8c805a83224ed479b0d9447537961c495c737dc97ee22e57776305

SHA512
785171f09491bd2cb88c6d1904b43ffa9c5c80b823798fc37432d7f3d4cda9b299cdbf8a756e36edbb3384bdfbe61b4e01eb6ad2072058409ad145200c9b9892

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
33abc07d4ed004c31743d0aa499bc23b

SHA1
fec5cca594b2359c4e68f372b7f05d7f82db2c64

SHA256
978ea2e36e037dc0ac3cabb497c29ed268026a0ff6ae283e3b2ce584444ce2a7

SHA512
bfe410742ead00aee6aa66dd01b144ec2417eefaeb0c613ede03c49371007fe646fae33e2949943793509a63243371c28fd3fa4c48686b6740d325fa4bbb6e9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\lib 2.zip

Filesize
34KB

MD5
0a76bd3e26768bba68aca3d210997069

SHA1
753690994a18cf58ed0fe3749d16448b763047b8

SHA256
9056b87f079861d1b0f041317d6415927d9ffb6498ce2530ff90fda69fa64e78

SHA512
14408ea7f44bc365a58d7480fff9ea3b10fa21bfbd3363c6e30b74a4d4121677e20ce1108cce12c203f0760768aee1c1aa69b130e090c409f9a516ea02d70c49

Download Submit