530919d77a8fb03829def8d01f3f7e2852fd10d06f10673d9214551a6489f37e

Analysis

max time kernel
210s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 22:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3564ReF_FACTURA68961698YVIOTK.zip
Size

2.3MB
MD5

605f9a360809845165e5f8192579b02c
SHA1

cafc6d96bb97fb71020ecbc340caafd30bc3fc7c
SHA256

530919d77a8fb03829def8d01f3f7e2852fd10d06f10673d9214551a6489f37e
SHA512

b4073efd38569eb48e44de57435ffa8b299bc9af9e3a20b2426400baaa88703538b2e9d82deb3576e8ab2527a8f69132aae1cc45839abc8632f31778580ee669
SSDEEP

49152:M4ufFGQQrzi18xSTuuu/6vAFY2cgYDfRw6UaEhu0RyJqb8uDY:/DOoSoCvGcdVUaf0EQ8u0

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 3 IoCs

flow	pid	Process
27	4672	WScript.exe
33	4672	WScript.exe
35	4672	WScript.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630511898308150"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3169499791-3545231813-3156325206-1000\{AB713F5B-18AD-44A8-9595-0215F25DD3C2}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1500	chrome.exe
1500	chrome.exe
4932	chrome.exe
4932	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	812	7zG.exe
Token: 35	812	7zG.exe
Token: SeSecurityPrivilege	812	7zG.exe
Token: SeSecurityPrivilege	812	7zG.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
812	7zG.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 4456	1500	chrome.exe	96
PID 1500 wrote to memory of 4456	1500	chrome.exe	96
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 1280	1500	chrome.exe	97
PID 1500 wrote to memory of 748	1500	chrome.exe	98
PID 1500 wrote to memory of 748	1500	chrome.exe	98
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99
PID 1500 wrote to memory of 4684	1500	chrome.exe	99

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\3564ReF_FACTURA68961698YVIOTK.zip
1⤵
PID:184

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5064

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\3564ReF_FACTURA68961698YVIOTK\" -spe -an -ai#7zMap16765:116:7zEvent32089
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:812

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\3564ReF_FACTURA68961698YVIOTK\8955Factura6628_CBUOQUlgl.vbs"
1⤵
- Blocklisted process makes network request
PID:4672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff7c8fab58,0x7fff7c8fab68,0x7fff7c8fab78
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:2
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:8
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2140 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4352 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4540 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4264 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3288 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1620 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:1
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4864 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5172 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5316 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:8
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5600 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5960 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5744 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5572 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5860 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4260 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3436 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3476 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5200 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:1
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5280 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1936,i,9016957535181150252,15075225970964614838,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000073

Filesize
95KB

MD5
a2d4d69cdd2231d3175451313148bb8b

SHA1
a42bffc66c70e1d33ffb1c7ac70f7c59de88f147

SHA256
3192c9c8d6db4978c210827ccaf9e2a0b4520171d4949af33d35311733314f07

SHA512
5e08e884b145ee168a86a3d467b738923d6049b23e9a83ffc2bb9d8b2ede9c78869dd261d396871b588158725d6b6beb07b4bcc36dda3de7669a353d301efe09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000078

Filesize
56KB

MD5
342e152ce9d9ef895fce298a61a52570

SHA1
c2cadef1ca66600d5c2c6dcbee3355bbf901a591

SHA256
baa20b7c5a3388f6da66e839b2b187662d3ffc570704a0b9382cfd0874922394

SHA512
10196f93f2d8fcf8e7a7ff6e9706e42be64c075833331cb48d938fd1be321e8c4f926a9c888add217540380773ca2c4b269230227af8fe945344ceb6b26e40f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
49KB

MD5
8991c3ec80ec8fbc41382a55679e3911

SHA1
8cc8cee91d671038acd9e3ae611517d6801b0909

SHA256
f55bacd4a20fef96f5c736a912d1947be85c268df18003395e511c1e860e8800

SHA512
4968a21d8cb9821282d10ba2d19f549a07f996b9fa2cdbcc677ac9901627c71578b1fc65db3ca78e56a47da382e89e52ac16fee8437caa879ece2cfba48c5a6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008b

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000095

Filesize
38KB

MD5
cb25f12e129868062fa9037f875d57fe

SHA1
4af18abee73ee66405db75d2b5486143a19f0988

SHA256
09f9da6dcabef6ef5733b681d82ba60099e9238a029cc180153a361d5fdb4faa

SHA512
898e34f15040f4430f444f451161130b3b4a3b0d6ae445702092dfe4b6b0818148a2e3e6d4ce8ab73d02b55fb062ef99ebeddec0b33464ebe0d7807b2a244280

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cfbf072b2f298064c7725c587c1f073c

SHA1
2f546964ef2d328c32f01112165a1c5ddc837de6

SHA256
3a172fb415042c662cc848c7f28e77ba32bb3c2bda8356ce85a444606d872f07

SHA512
e68a326e26730d34f9e0d2828dabbb41b3a9a7e5e6fe65552e0a2f3bc1f71dfb6514ee6dc6c56f227ed34e89abf2d65f3fcd4d50f264eb1a8d8f730bed6d1b17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
7f47eed1ebda60e1e5369b423d61d6aa

SHA1
ca5b5e11dd9e202b1ee8b8b639bb021060214941

SHA256
f7e389f6bd9e03f52960ac6c571004d2383de626139e1fc1dd5361f70e01d2aa

SHA512
44654ff85c4e4c5c8071e87a85d83acb6a3d6365ed11e85ed472811d1d0bc42f77ab39631e8fb894c5a07116f5e7241f5d4a3e7ae81a37f18a56b2c1703261ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
2d7b6ea49e2c0c55871630a115efcc71

SHA1
41833addd96d4233205810872e155d3de442b178

SHA256
61f6eb949de9a88e7c4c1d0188681fe74e91b6193b502590ce5e52e13cd16358

SHA512
45375c2bbbb24965aaac3d480184178cd94f11eac791096b400b2a519bf08193a8ae8382745138be83f2f6440b055038238103283c99a51551b9adcf4aed1775

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
e656216d0f8f3d46280df2bfd043d183

SHA1
69689a2d0cb4bfaa7c388dbe23ff9c2a2315c1d3

SHA256
8f81b7ab52cc46bdcf2a625369445da79bf75175976227f6ac774f45acc04570

SHA512
720e22ef158f02732065cae94a117e7af28e6bcc764e2b428999c6af711ccffdeb5f1aa2b245715b4dce88d6111bc9c0e6e0aad76c3fd46977827a57bdc02204

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
41371ce1257f1f40b8120c84ec7ffbe8

SHA1
288c7745c65344f8ad861d11756af8924ab6f395

SHA256
f31ddcaf441c1d5c0759c8d212bae6e0527dd37e6722f87a143e6ffb9301140e

SHA512
a8a98f80f52c4cee7c45cb06364b913479e851c6dd2391edea18bcbe475f65e147528eaedd3b159d71cfba381e8ec47a4e6296c438da268e92dbbb85093faa3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
df818c82b6ba94bf675bba84436e4b64

SHA1
2ceb0215a2ea3f3ea4272514b2edda03da0d5956

SHA256
cf1bf066e5ec84c04409bcc7a494f0ecf9eb115335f5bdf79e75bb99fefa0cc6

SHA512
87ffe23c7d8aac16a98abe8e4212df32c38234f32d999f9f1ac411c57b0324236b1bd9973cae1cc6a3f8784d1863e794f8bc11715d81ad670df40d9e7cc4e180

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3fe3aab1e05bf4ed624cd0730c4a69cc

SHA1
5e68ebfbbb15be7978dd6d4bcefdde7ca8bbee92

SHA256
0e416040c3e639e03493ef67a8290dd680c63d292e6bbb6b0e9e06cfe8619bab

SHA512
5cdf59598ef916098de597faef967cacc596ebc5c15ecb2943f313c8ca08c024f60a704737a29c938422c933a9d1545abf4ff605ac892a7026d98ff8e96b810f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a5e5ccef-22d8-4166-98a5-808e1b6cbe07.tmp

Filesize
3KB

MD5
b8fe5dbcfa5dcebaf4e8f78a03f36289

SHA1
cf7edea7c251db70a01a8f937758e368370c6aae

SHA256
b1819eb924fb8116601fca9a7694c422547e1efb3e1b6d86365147815c82d185

SHA512
f7fb5389d57150f1da00af8e93381222e6186d16b1fd47a7cc643986c6b512b4a6886be6c425bc759ba3ab69a47412cf78ed7ec6bcd3605be8d457ba15152cae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5d72d83e1f3c9b3456c2fd12960be4c6

SHA1
3125642f7b9ee0e07702403d515e9e301676fdb8

SHA256
40bc9210c703b62e2f2bbf9695af3fcc3becbd61a363e17d6f24e07de5e423ac

SHA512
ff92934bd05adde56c753fb8225dcdbb389f2e90845a1da5c6d992dcef9c9bc6075d457d7f2bdbc3a1e8c3d4125c58a721181f3f78929e33fefab1e6d72a2164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
763bbf6f0230a285a79744474007d671

SHA1
9ad21edd8905c6af29b2e4bf63473c47b27bdb0c

SHA256
79175a4b57fe24a1e925c1963f3ba24e5746e7dba192234329ae2cf38445223f

SHA512
e21655fd4f5c6cf385609e6f0a49b099261478b4c8ad43f1f10bbbb438f4a0307fab2b3b01526fd000d6d6b80bc5ae72bc46d4a237fa5de9bf42a29b518108a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b72aaf4d8a56b2d1604e0f50af30d5a0

SHA1
2461b32fd6f67cd22bae838c3160f9ceba70027e

SHA256
be76206de44dc629056de08b10585de3fc4acddd0246f93a702a061a0a4c5399

SHA512
f2d87bab28c823ea81ef9af062daf0329164edd1b37f9fcee60fc20ae718658c2a166efdc68c0499932958d3a4703e9e1b2132b081d332f3d571c287f6d00374

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
96017f88d6ba09a9452a97f79b2c1c9a

SHA1
a64979b1be4ea6965c32f7b11a99a133c88318db

SHA256
a0789986d1ca32a3cbfc1b11dd12cee234dd07c2d83189d76733faec69bfe78f

SHA512
136b7e007b2aad04435687ed846a5d7db8b56938d6d745d5f5b282a6976aa6521369eaf6d7538d75b420eb7b4001b917603e05635b9ce4877c79ee3b8c2bc29d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
276KB

MD5
3333929fb81985871a7d04c3a7b565a5

SHA1
5424975aa1c2b5851a8def5f59c3d3d55cb73b67

SHA256
4a399a837fb3ae0c4f74c18ba45cb5d4bbaa907a02120c215425808f4a730401

SHA512
91d8d423dcae52ab83f308e5a82ca894fd947620c9b1552b2fc03cc4b608e37a9e2eac01cca791e5bbb11ae711bacbfbfdd185a5daeec8681280784e8eaffd5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
276KB

MD5
d16b43489851fd48817e6e7fd28ac1c0

SHA1
faa3703df178961c4172c7670b1361933af739f9

SHA256
6b89f25670d8513b18cf4ceb07a88ce508c913f0ad85e9d7f5b0bf76ee9f3e92

SHA512
851a982da54a023773134faed5aacaf93d01be9870e312d5e1ea64ac8602e3ce148e71a1f5f1a6422e44dedb2684e6aced511d507c0a12510bfaad37a4e0c32c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
276KB

MD5
2ae395a175f5e224d7df6df55d2c7b49

SHA1
0f30403620838aa3c3fe542a4c7c31ce735a5218

SHA256
ce7805d5fc1934849246c4901602b92755f6fc2a0425eb0505e7ca1ceb7c6574

SHA512
efc26e085bdc7b201d17d2cccb02536289f888cdd7602cd7aa6c5a48dd6fd11bf2cfa566c59325ca3888e3d1129d2083a86024ca70d790b671e2a46176464b97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
89KB

MD5
972728f6652ae7a56950725915b6a84b

SHA1
6573e359a50a83fd5347c7a76e17631d0f9dc244

SHA256
c9be7ef9271838339d2d53b3b906f23d8f425b643a8b992ab1eea3134cce2c83

SHA512
cc19edaa12027d7d50a2d1728e5e9b14d25e3897bd828e1f7839e78e737abc62830ce6e87d15550a92627c6a6e5dd58de467ca369cd6e947a22c64635c763d7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
052ac19575b4b3a72150d45b6ea6a2b5

SHA1
5416beb5f0e9a505f082f64675d9299491410f33

SHA256
f62db45d45a328265dba0fb135badef74dacb0b0e5d74eb0917185acbbc07bf2

SHA512
f28c560567df1033af1559f93e3990ca029dd768a1f66e07d27ff1fe2b14ed868ba5756f3fcd0e8f873f4298c9cc42c6a609684427beb430a8ced00b73f6d964

Download Submit
C:\Users\Admin\Desktop\3564ReF_FACTURA68961698YVIOTK\8955Factura6628_CBUOQUlgl.vbs

Filesize
8KB

MD5
bc0145b8d4943e8ad13bcfb2d5dad6f2

SHA1
3295e08f7f35aa996c63feab8a7d635cbecf3026

SHA256
0e6acba97219e768a81479a92ef7dad5a09e3aa4bc9f66651d5e1c27b53b5d8f

SHA512
7023361dd790dc0b7824cab2625c9a5574064da8d6f305ca4e54fd02e6b3432600b44e076a450fd25d5c19bd91f1e7c3c0c1f7e4f3f1c03f6c5868bf9d0ecebe

Download Submit