hxxps://highscolltd[.]com/foam/utytu[.]ttl?rsfgf=jackychan@hko[.]gov[.]org

General

Target

https://highscolltd.com/foam/[email protected]
Sample

210611-y2etx16g6j

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 47 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "330144903"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30891628"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30891628"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "330193489"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{02D64AAF-CA60-11EB-A11C-D666EBA82C19} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3618523924"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3618533990"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30891628"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ad98e1c4c5c1f64cbad3c833b8884b270000000002000000000010660000000100002000000030dafcdcfa6583e0abf68bdc6cd81f904951bed170f0055f85b3c716cf805751000000000e8000000002000020000000f2e56b9256381f712ece30ddd7ce5b8efe562cbc4c22c683596668626eec3b6620000000d2e847a3f5c161b774dcc21c02ce0f694953f6b8d6de06fdb0bc03ac18cd49234000000005c30b858abb383405900f0a1279765efd60e049eea7cc010749e71a042eec527064666a0aa388f93951d1f9230902e714a219ab631e222bbc545b803bab317a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "330161497"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3628179200"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ad98e1c4c5c1f64cbad3c833b8884b27000000000200000000001066000000010000200000007e15f7f734a4ab443faf669fbee051c4572e8fd46cd611b86d5597c0f5744197000000000e8000000002000020000000d7a9c05efc837cf52bc623652757353e486ce8d97abb0a29b13fa4ab4faecf45200000007dbb5cc812c60b7cac1dbda18b62a09bd496e6d8f8430201b2979eea9fbc59d24000000030f8504a6daf5f86a9d041689752b9fff8e24adfd6e1f9f97dddb5bf5e987afa52b94e785547ed8409bebbd4a7643cf6acd50528ddb6e5de29c7259d2d8fb9c4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0000ddd86c5ed701	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f09ce6d86c5ed701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exe

pid	process
3972	chrome.exe
3972	chrome.exe
1660	chrome.exe
1660	chrome.exe
4948	chrome.exe
4948	chrome.exe
4380	chrome.exe
4380	chrome.exe
6036	chrome.exe
6036	chrome.exe
6104	chrome.exe
6104	chrome.exe
4260	chrome.exe
4260	chrome.exe

Suspicious use of FindShellTrayWindow 8 IoCs

Processes:

iexplore.exechrome.exe

pid process

1892 iexplore.exe
1660 chrome.exe
1660 chrome.exe
1660 chrome.exe
1660 chrome.exe
1660 chrome.exe
1660 chrome.exe
1660 chrome.exe
Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1892 iexplore.exe
1892 iexplore.exe
1444 IEXPLORE.EXE
1444 IEXPLORE.EXE
1444 IEXPLORE.EXE
1444 IEXPLORE.EXE
1444 IEXPLORE.EXE
1444 IEXPLORE.EXE

pid	process
1892	iexplore.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe

pid	process
1892	iexplore.exe
1892	iexplore.exe
1444	IEXPLORE.EXE
1444	IEXPLORE.EXE
1444	IEXPLORE.EXE
1444	IEXPLORE.EXE
1444	IEXPLORE.EXE
1444	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exechrome.exe

description	pid	process	target process
PID 1892 wrote to memory of 1444	1892	iexplore.exe	IEXPLORE.EXE
PID 1892 wrote to memory of 1444	1892	iexplore.exe	IEXPLORE.EXE
PID 1892 wrote to memory of 1444	1892	iexplore.exe	IEXPLORE.EXE
PID 1660 wrote to memory of 2736	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 2736	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3564	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3972	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3972	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1864	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1864	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1864	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1864	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1864	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1864	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1864	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1864	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1864	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1864	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1864	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1864	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1864	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1864	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1864	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1864	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1864	1660	chrome.exe	chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://highscolltd.com/foam/[email protected]
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1892

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1892 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ff8ff794f50,0x7ff8ff794f60,0x7ff8ff794f70
2⤵
PID:2736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1608 /prefetch:2
2⤵
PID:3564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1660 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1968 /prefetch:8
2⤵
PID:1864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2356 /prefetch:1
2⤵
PID:2880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2368 /prefetch:1
2⤵
PID:4104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:4208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:4240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:4268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:4300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 /prefetch:8
2⤵
PID:4840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6356 /prefetch:8
2⤵
PID:5064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6512 /prefetch:8
2⤵
PID:5116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6500 /prefetch:8
2⤵
PID:4184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6332 /prefetch:8
2⤵
PID:4232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6892 /prefetch:8
2⤵
PID:3176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6376 /prefetch:8
2⤵
PID:4400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6752 /prefetch:8
2⤵
PID:4588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7108 /prefetch:8
2⤵
PID:4692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7096 /prefetch:8
2⤵
PID:4740

C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel --force-configure-user-settings
2⤵
PID:4888

C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff62299a890,0x7ff62299a8a0,0x7ff62299a8b0
3⤵
PID:2444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7228 /prefetch:8
2⤵
PID:4840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6396 /prefetch:8
2⤵
PID:4964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6436 /prefetch:8
2⤵
PID:4948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5788 /prefetch:8
2⤵
PID:5084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6836 /prefetch:8
2⤵
PID:4120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5460 /prefetch:8
2⤵
PID:4252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5144 /prefetch:8
2⤵
PID:4288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5180 /prefetch:8
2⤵
PID:4788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5148 /prefetch:8
2⤵
PID:4856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4984 /prefetch:8
2⤵
PID:4784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7500 /prefetch:8
2⤵
PID:5180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7644 /prefetch:8
2⤵
PID:5236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7792 /prefetch:8
2⤵
PID:5288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7924 /prefetch:8
2⤵
PID:5332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8040 /prefetch:8
2⤵
PID:5368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7936 /prefetch:8
2⤵
PID:5404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8300 /prefetch:8
2⤵
PID:5440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8320 /prefetch:8
2⤵
PID:5476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8460 /prefetch:8
2⤵
PID:5512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8464 /prefetch:8
2⤵
PID:5548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8848 /prefetch:8
2⤵
PID:5584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8988 /prefetch:8
2⤵
PID:5596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9112 /prefetch:8
2⤵
PID:5632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9244 /prefetch:8
2⤵
PID:5668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9376 /prefetch:8
2⤵
PID:5728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9228 /prefetch:8
2⤵
PID:5740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9632 /prefetch:8
2⤵
PID:5776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
2⤵
PID:5836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8580 /prefetch:1
2⤵
PID:5900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8856 /prefetch:1
2⤵
PID:5960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9248 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9308 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1416 /prefetch:8
2⤵
PID:6140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9268 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5056 /prefetch:8
2⤵
PID:5232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
2⤵
PID:5296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9344 /prefetch:1
2⤵
PID:5372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
2⤵
PID:4872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2364 /prefetch:8
2⤵
PID:2324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4336 /prefetch:1
2⤵
PID:4400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1588,1561055549370822884,17353260534831802794,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1
2⤵
PID:4844

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
MD5
6da3f673f86b0160bbc562da296b02e2

SHA1
4b580ddc267f73832140f32c43c645ed04cbb505

SHA256
cea2e743ec6800934ebab7a70c081652434cd3117d2cf0d80c370d224889a889

SHA512
3912f054306ba8d69453431644324c79e8846a3f1bed8d459b895cb9097197848a77b20a894540475157be47e5759097860a6d8fb65cee7ba7e3b8d07e4e7fd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
MD5
b2d3b4da61b8cc398d881c93a23bddac

SHA1
aedbd2f9c07f4bdfef735613ba8c6a7afaa1a58a

SHA256
5fd8f87e3acd7cb6295f0a5c6976dbda82ef44f5c2497a5d68ddf36aa610803f

SHA512
274212ef2f06e04aed9118168e4e025524752c00f269dc365dff71656984ee2790b4eaf26cb2a59b4cb6a581abe858b31c3c80eb0d683c26703494c432a4ad5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
MD5
e193d72db203d99d5bd7f36cf37a3423

SHA1
d59cc1f0b265dbfdbf8924793596f23783ad2c1c

SHA256
4468ac27541bce1684db571c3f77faa2820190fd1b744351b82acdb5036e138f

SHA512
a7d78dc8584a8172f585a902802de136117a0fde1b7545d672ed1435e910d9995ea16214a73b375d9bd1774dd8355871fd77d4ec83a623f4c10c25cb9e4afb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\JUX7429Z.cookie
MD5
dd4eb903f192027c0387dd17320546d3

SHA1
04e064f768540c61463d0efa0473c260f7164630

SHA256
95e55dd56be1122a1f29854e290e40c0fab47ff4ea0fff0face109dd625b6e7e

SHA512
61a573eb3a24eaab30504a22d75acd6c15f1bba95d1ec62c33d54682a9f3b5a5b1a04847c712c4052561bf87929599611b8c20d9c3796d5eb02e9474864234e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\L2GIHSWE.cookie
MD5
6f960dfcace9d9ca5cb843bdc795d3d6

SHA1
79d32124385500b717af9dbfbb20c396f70bd4ad

SHA256
d5721cba383bf64143c78a43ed7399cec4ea3522d06f2062bd3913215f5664ab

SHA512
2f79662a3f0dd513c7f275ae543aba2c1b9e536eec492cf8cd372f1c8623e8017209c6501b83f791b9ed6e9c0b724db5c026f45326c2c73dc71ba7059c948830

Download Submit
\??\pipe\crashpad_1660_UWFCVBYPSXXQPWNN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_4888_YLJFTDHSCLUINYXL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1444-115-0x0000000000000000-mapping.dmp

Download
memory/1864-130-0x0000000000000000-mapping.dmp

Download
memory/1892-114-0x00007FF8F4010000-0x00007FF8F407B000-memory.dmp

Filesize
428KB

Download
memory/2324-248-0x0000000000000000-mapping.dmp

Download
memory/2444-206-0x0000000000000000-mapping.dmp

Download
memory/2736-118-0x0000000000000000-mapping.dmp

Download
memory/2880-136-0x0000000000000000-mapping.dmp

Download
memory/3176-199-0x0000000000000000-mapping.dmp

Download
memory/3564-125-0x00007FF90CC60000-0x00007FF90CC61000-memory.dmp

Filesize
4KB

Download
memory/3564-123-0x0000000000000000-mapping.dmp

Download
memory/3972-124-0x0000000000000000-mapping.dmp

Download
memory/4104-142-0x0000000000000000-mapping.dmp

Download
memory/4120-212-0x0000000000000000-mapping.dmp

Download
memory/4184-197-0x0000000000000000-mapping.dmp

Download
memory/4208-147-0x0000000000000000-mapping.dmp

Download
memory/4232-198-0x0000000000000000-mapping.dmp

Download
memory/4240-152-0x0000000000000000-mapping.dmp

Download
memory/4252-213-0x0000000000000000-mapping.dmp

Download
memory/4260-243-0x0000000000000000-mapping.dmp

Download
memory/4268-157-0x0000000000000000-mapping.dmp

Download
memory/4288-214-0x0000000000000000-mapping.dmp

Download
memory/4300-162-0x0000000000000000-mapping.dmp

Download
memory/4380-208-0x0000000000000000-mapping.dmp

Download
memory/4400-200-0x0000000000000000-mapping.dmp

Download
memory/4588-201-0x0000000000000000-mapping.dmp

Download
memory/4692-202-0x0000000000000000-mapping.dmp

Download
memory/4740-203-0x0000000000000000-mapping.dmp

Download
memory/4784-217-0x0000000000000000-mapping.dmp

Download
memory/4788-215-0x0000000000000000-mapping.dmp

Download
memory/4840-205-0x0000000000000000-mapping.dmp

Download
memory/4840-181-0x0000000000000000-mapping.dmp

Download
memory/4856-216-0x0000000000000000-mapping.dmp

Download
memory/4872-247-0x0000000000000000-mapping.dmp

Download
memory/4888-204-0x0000000000000000-mapping.dmp

Download
memory/4948-187-0x0000000000000000-mapping.dmp

Download
memory/4948-210-0x0000000000000000-mapping.dmp

Download
memory/4964-209-0x0000000000000000-mapping.dmp

Download
memory/5064-191-0x0000000000000000-mapping.dmp

Download
memory/5084-211-0x0000000000000000-mapping.dmp

Download
memory/5116-196-0x0000000000000000-mapping.dmp

Download
memory/5180-218-0x0000000000000000-mapping.dmp

Download
memory/5232-244-0x0000000000000000-mapping.dmp

Download
memory/5236-219-0x0000000000000000-mapping.dmp

Download
memory/5288-220-0x0000000000000000-mapping.dmp

Download
memory/5296-245-0x0000000000000000-mapping.dmp

Download
memory/5332-221-0x0000000000000000-mapping.dmp

Download
memory/5368-222-0x0000000000000000-mapping.dmp

Download
memory/5372-246-0x0000000000000000-mapping.dmp

Download
memory/5404-223-0x0000000000000000-mapping.dmp

Download
memory/5440-224-0x0000000000000000-mapping.dmp

Download
memory/5476-225-0x0000000000000000-mapping.dmp

Download
memory/5512-226-0x0000000000000000-mapping.dmp

Download
memory/5548-227-0x0000000000000000-mapping.dmp

Download
memory/5584-228-0x0000000000000000-mapping.dmp

Download
memory/5596-229-0x0000000000000000-mapping.dmp

Download
memory/5632-230-0x0000000000000000-mapping.dmp

Download
memory/5668-231-0x0000000000000000-mapping.dmp

Download
memory/5728-232-0x0000000000000000-mapping.dmp

Download
memory/5740-233-0x0000000000000000-mapping.dmp

Download
memory/5776-234-0x0000000000000000-mapping.dmp

Download
memory/5836-235-0x0000000000000000-mapping.dmp

Download
memory/5900-236-0x0000000000000000-mapping.dmp

Download
memory/5960-237-0x0000000000000000-mapping.dmp

Download
memory/6036-238-0x0000000000000000-mapping.dmp

Download
memory/6104-241-0x0000000000000000-mapping.dmp

Download
memory/6140-242-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads