hxxp://abctoto[.]online/r0b89[.]php?32=1o3163a2c4aa320ef_1kn4[.]1cngh5ab[.]A01o4r0004z1y7g7r4_1t2039[.]0004zMHR2N2wxMTViMzl00s5tng

Analysis

max time kernel
143s
max time network
152s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
21/12/2022, 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://abctoto.online/r0b89.php?32=1o3163a2c4aa320ef_1kn4.1cngh5ab.A01o4r0004z1y7g7r4_1t2039.0004zMHR2N2wxMTViMzl00s5tng

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 40 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LinksExplorer\LinksType = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e35370a5a460f442a26307af7a62e6e1000000000200000000001066000000010000200000008eca8c42d1bb20099a0ed0b29dd3a5fa532286d4ad8182689e8cf76d373393ad000000000e8000000002000020000000c2bf2ddf76d80dc07de737d300cde71d517f43ef6a89cc4f7fe43fb540159ee8200000003e9852468f25e55646dfde38ac3169ccbf6fecab689101472daa2049a05b524b40000000079a2fa3eac69d0dffc4eb5374d3c9c2cda93624dfaee7fc0b0d1480e33e28ebba98de60c7cdd5b4881955daa7f7707ad01c267995db20d8e1c09c55f2cf4b30	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LinksExplorer\Width = "290"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80383c022315d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LinksExplorer	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "378381744"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{29068471-8116-11ED-9FD0-D6EA6736E294} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e35370a5a460f442a26307af7a62e6e100000000020000000000106600000001000020000000fec137cf80b0372b5c9a8785c1fe2c549e4aed6cec9a1f5126cb6caa21508c88000000000e8000000002000020000000f0bbdeee21c3c7a6a193e20c9c3ddcdabe5384e0fc679c46e39605b9a0acdca290000000f0271abf469e7c4768361c2e3231151d5409df25adabdba6f6b50113e6d70a95fc7db667123c9bc507e4bad6ac9458730365b1623f56cddc65b963aacc5716ad16fbf932b2d4d8f35c89522ba10281b01d73f3977d18893c806141906f3cd7cb003caa8f74595209a25d2ab10cd82502b153b70701076201b0086e9e532479f940e627d1b00afba30029607ed417ae7740000000c40c28d67d12c4b3cc34159503055699bbfe798db62074b8b1ef8e10fbaecfcb3ce31edd3bca142eb1566ba5709c9369ab51d968f8cce4edf566f99056ddf161	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1836	chrome.exe
1992	chrome.exe
1992	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
1324	iexplore.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1324	iexplore.exe
1324	iexplore.exe
1988	IEXPLORE.EXE
1988	IEXPLORE.EXE
1988	IEXPLORE.EXE
1988	IEXPLORE.EXE
1324	iexplore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 1988	1324	iexplore.exe	28
PID 1324 wrote to memory of 1988	1324	iexplore.exe	28
PID 1324 wrote to memory of 1988	1324	iexplore.exe	28
PID 1324 wrote to memory of 1988	1324	iexplore.exe	28
PID 1992 wrote to memory of 332	1992	chrome.exe	31
PID 1992 wrote to memory of 332	1992	chrome.exe	31
PID 1992 wrote to memory of 332	1992	chrome.exe	31
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1572	1992	chrome.exe	32
PID 1992 wrote to memory of 1836	1992	chrome.exe	33
PID 1992 wrote to memory of 1836	1992	chrome.exe	33
PID 1992 wrote to memory of 1836	1992	chrome.exe	33
PID 1992 wrote to memory of 1152	1992	chrome.exe	34
PID 1992 wrote to memory of 1152	1992	chrome.exe	34
PID 1992 wrote to memory of 1152	1992	chrome.exe	34
PID 1992 wrote to memory of 1152	1992	chrome.exe	34
PID 1992 wrote to memory of 1152	1992	chrome.exe	34
PID 1992 wrote to memory of 1152	1992	chrome.exe	34
PID 1992 wrote to memory of 1152	1992	chrome.exe	34
PID 1992 wrote to memory of 1152	1992	chrome.exe	34
PID 1992 wrote to memory of 1152	1992	chrome.exe	34
PID 1992 wrote to memory of 1152	1992	chrome.exe	34
PID 1992 wrote to memory of 1152	1992	chrome.exe	34
PID 1992 wrote to memory of 1152	1992	chrome.exe	34
PID 1992 wrote to memory of 1152	1992	chrome.exe	34

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://abctoto.online/r0b89.php?32=1o3163a2c4aa320ef_1kn4.1cngh5ab.A01o4r0004z1y7g7r4_1t2039.0004zMHR2N2wxMTViMzl00s5tng
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1324 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ef4f50,0x7fef6ef4f60,0x7fef6ef4f70
  2⤵
  PID:332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1044,2833513785008789214,3077967249180682289,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1056 /prefetch:2
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1044,2833513785008789214,3077967249180682289,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1304 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1044,2833513785008789214,3077967249180682289,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1664 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,2833513785008789214,3077967249180682289,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,2833513785008789214,3077967249180682289,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,2833513785008789214,3077967249180682289,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1044,2833513785008789214,3077967249180682289,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3300 /prefetch:2
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,2833513785008789214,3077967249180682289,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,2833513785008789214,3077967249180682289,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3532 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,2833513785008789214,3077967249180682289,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3640 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,2833513785008789214,3077967249180682289,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3748 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,2833513785008789214,3077967249180682289,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3744 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,2833513785008789214,3077967249180682289,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,2833513785008789214,3077967249180682289,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=500 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,2833513785008789214,3077967249180682289,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1484 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,2833513785008789214,3077967249180682289,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1044,2833513785008789214,3077967249180682289,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3260 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,2833513785008789214,3077967249180682289,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:1
  2⤵
  PID:2980

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
ec8ff3b1ded0246437b1472c69dd1811

SHA1
d813e874c2524e3a7da6c466c67854ad16800326

SHA256
e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab

SHA512
e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61

Filesize
300B

MD5
bf034518c3427206cc85465dc2e296e5

SHA1
ef3d8f548ad3c26e08fa41f2a74e68707cfc3d3a

SHA256
e5da797df9533a2fcae7a6aa79f2b9872c8f227dd1c901c91014c7a9fa82ff7e

SHA512
c307eaf605bd02e03f25b58fa38ff8e59f4fb5672ef6cb5270c8bdb004bca56e47450777bfb7662797ffb18ab409cde66df4536510bc5a435cc945e662bddb78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\78BBDB919C29E1C2FF21DCA1D57D2ED1

Filesize
345B

MD5
115ca5f637ff12592081d2df9592b355

SHA1
f98fe18e422f5dcf2e43d5b76f427b598cba4a84

SHA256
05d02c208b21764660d97d49ee2e4c4f639461df1b33ad685408a302e7af245c

SHA512
67f7a5a3ebbdd1ec85cd015a40d36eae66ab53472aba1b016f91536f512fc8a4caf45c32e5828bc71026508e93436862476cd22381ee6c396fe50610a1e2c97b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
7f8dc429325ac2c4919d47b581546997

SHA1
9b5ef2136fd2ae976816dca72936317f105d52ad

SHA256
0a50ea3600e70740e613a5f06b9d65e1204a5c16734492e09cf214ce17876e9e

SHA512
772a56deda045a3b362617aaac111e8c48a1ff8486161d1f7580498bbb3791dbb43c492438deb1808eb8c74c1fc1a0b35a97000cf06c2d13cd06437652f9748e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61

Filesize
192B

MD5
bf3f7f9b61acdef48306d9fa07e1e854

SHA1
a23f602f73c6cba4d228faa6bf5f4947e3c3a147

SHA256
dfc223711dd076e29986a7f74f18ab92f0636d2d58ff2e404f1c306ae52b8f81

SHA512
468b7f741d7bbe33f81b745aaaf3cff1fdeb80dc1e63c3614043a9df67d22fd4451f32b50e15d9c325cb0d2f0c18ebf95889b68e20a87f86e71b9717d6310534

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\78BBDB919C29E1C2FF21DCA1D57D2ED1

Filesize
544B

MD5
3f657250360ff6606223432fe5218dd2

SHA1
90d9763693bdf5a8c76faf26c7ae5c8ea65ef277

SHA256
0c15420bd6d9140d1a726aa041b74803b2a0e990d10b6a0c6df852061e218be5

SHA512
23db2fa7bf8856c31838d2b3b3860ebf14197a17fffe02ebec23a7aed2da9d766e17ee16983a5f1b81543b3e5a6ab4244fb2570aa4d694da6ffeeced1a2a0277

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b9edb106dbd4c94bddbc7a60ed1d069

SHA1
0cd0c85b7258fdc67fded4e03359eec0af3b0617

SHA256
2c0f4e8e8078ce1e8a982d1408adcfaa2600cb2235d7b39fe1cd7e12269cf4b9

SHA512
ace52c57118aacfc15341eb47be620435774729a5b2448bf7556493290190cf6730ce828a941edbb15200f6cfac8184cfeb56dd0bac34af3887a88535e00c22e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1cd8a8d76b808765aeac25de532b34ad

SHA1
4a6057268d51136e645788c31e769c747b9568ea

SHA256
d1c6c441b06e3207b483c6763b3162a8098991d86ed60aa16080e216f90caf9d

SHA512
78637e4628ad6ee0386126c558d4077b114d17b9d6b81ceab1e96326127836581a307ac0ea20473f345f492cfb226c1d626b915044ca78e00a5cb96562b3c69f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
234163a9f13998eb58708854deabf9f2

SHA1
b992a70f6da553d30cc8b3041777ce52ae3db0be

SHA256
1b30e206b37b16f374484b002637f2cb4079bf7edd8b7dca1f10d97af07caca6

SHA512
fd2df926744f4ad5cc6c9347fe7474242627a963fbb9af9d7887574c98b0a499aeb7985f73c4515012816659ea593f6f59063ba421a22fcb705c6c9517f66407

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
13c9d3727071f17ed0faee0175530002

SHA1
c42f2a321c052ea390eb8a6b9790f35675dcff7e

SHA256
aa55e1cde1fe4b602c32633bdc06f5be4ed72da42b5752f038a3f9c34a5e93fb

SHA512
43770ee1a2dccccffa3a5b20cfd66e715766ecdbec3f75e5c9dc2f511adf102a553767d78561770830a576c2494e1cf84fa4351424865870935b3fc0dcb7b566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat

Filesize
19KB

MD5
5d1349c7b5e2b83b917353f6170648ac

SHA1
0032bbda16d71a3ea836b01b20622d0bda0af9c9

SHA256
6a3e392571b729af1f90688dfca60eb27358766ccb17f29587a5d0ecd496516c

SHA512
48de9120613988acb4ea31ddbe5887e94a7d12e421f7e3bc5c8e004ba83380812b02cb06281a0b275c6fa4d9143a1af823fb7cf9422c34a87e3ca9616d2fa6a4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\YDMQ429S.txt

Filesize
603B

MD5
b176943089a23751ffa92707c1ef4e5a

SHA1
3346b56678a967907bec3b7c9143727469d3a1cb

SHA256
920b6a8313214902d57b0cd0a145fc84daf91ecefe7929f32f4160a8d3630599

SHA512
0387afe321498eba202a3bc6c7ccc192ca9d1bedc7241b061066cdcc20a6eecbc90363454b40ad9c8f49cda149730d106fec5a977a49b359ff763a9f1e802ecc

Download Submit