hxxps://your-job[.]network/static/img/logo_64px[.]png/16a00607-0573-4621-a621-a229fb18322c

General

Target

https://your-job.network/static/img/logo_64px.png/16a00607-0573-4621-a621-a229fb18322c

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "917445037"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b35fef06f4f4604ebffeb1f5e85fca96000000000200000000001066000000010000200000000b3044ff4efa1bc544b4fec262e2a15933f924c51f24126f22fa5ffc411f4d63000000000e8000000002000020000000c56b0aea4d997245f2783cddbd717d411611f61c13ccf9145dbc881f201adf6020000000e945bb1b09988367f35ead1aec0e64cb9c3b7a4f4998960c45fda160888cd2dc4000000011d435f60fbd7589862e12cced69f9511aa60e83f6c53fae1d49c325de247c456cd2c49f333ed570165dd57843056802fef992a1a5024ba1eb916c72ff692762	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31010990"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "931820836"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b35fef06f4f4604ebffeb1f5e85fca9600000000020000000000106600000001000020000000fc6338eb56dcde61a63134f09aa34427c22b1675281daf7a81501e9385bcf2bf000000000e8000000002000020000000e8dd4f9230ce97cfbc4dffd629bda8dc8d3726941e4b197de59e702ae8e8a3be2000000023eb49704432fe3de9451bfe8fbbbbc0f28bcc3c330ce87fcee992b9b3997904400000007b125cad3e3db82f302e6d08baec111bb8d241387a536e4eaa550f5589f9d501cc2cf03dc74cfdff40c0976e4250b7f289eae5c4e92dd38e98a93a46faae61ad	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "917445037"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 406d0539ae30d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{620D5DEE-9CA1-11ED-B696-4A8324823CC0} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31010990"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "381410222"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90e4e838ae30d901	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31010990"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exe

pid	process
1408	chrome.exe
1408	chrome.exe
2708	chrome.exe
2708	chrome.exe
5544	chrome.exe
5544	chrome.exe
5764	chrome.exe
5764	chrome.exe
6056	chrome.exe
6056	chrome.exe
6104	chrome.exe
6104	chrome.exe
5156	chrome.exe
5156	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

2708 chrome.exe
2708 chrome.exe
2708 chrome.exe
2708 chrome.exe
2708 chrome.exe
2708 chrome.exe
2708 chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

iexplore.exechrome.exe

pid	process
3912	iexplore.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

3912 iexplore.exe
3912 iexplore.exe
5108 IEXPLORE.EXE
5108 IEXPLORE.EXE
5108 IEXPLORE.EXE
5108 IEXPLORE.EXE
5108 IEXPLORE.EXE
5108 IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exechrome.exe

description	pid	process	target process
PID 3912 wrote to memory of 5108	3912	iexplore.exe	IEXPLORE.EXE
PID 3912 wrote to memory of 5108	3912	iexplore.exe	IEXPLORE.EXE
PID 3912 wrote to memory of 5108	3912	iexplore.exe	IEXPLORE.EXE
PID 2708 wrote to memory of 4204	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 4204	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2500	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 1408	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 1408	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2244	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2244	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2244	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2244	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2244	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2244	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2244	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2244	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2244	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2244	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2244	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2244	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2244	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2244	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2244	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2244	2708	chrome.exe	chrome.exe
PID 2708 wrote to memory of 2244	2708	chrome.exe	chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://your-job.network/static/img/logo_64px.png/16a00607-0573-4621-a621-a229fb18322c
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3912

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3912 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf12a4f50,0x7ffdf12a4f60,0x7ffdf12a4f70
2⤵
PID:4204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1668 /prefetch:2
2⤵
PID:2500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1940 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 /prefetch:8
2⤵
PID:2244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3016 /prefetch:1
2⤵
PID:5192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2888 /prefetch:1
2⤵
PID:5184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
2⤵
PID:5268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4436 /prefetch:8
2⤵
PID:5372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4448 /prefetch:8
2⤵
PID:5408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4576 /prefetch:8
2⤵
PID:5400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4588 /prefetch:8
2⤵
PID:5504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5028 /prefetch:8
2⤵
PID:5560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5156 /prefetch:8
2⤵
PID:5620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4968 /prefetch:8
2⤵
PID:5652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
2⤵
PID:5684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
2⤵
PID:5832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
2⤵
PID:5940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
2⤵
PID:5932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3368 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5400 /prefetch:8
2⤵
PID:5168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5368 /prefetch:8
2⤵
PID:5456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,18020500939265300129,14191442628960081850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5016 /prefetch:8
2⤵
PID:2252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5140

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
Filesize
717B

MD5
ec8ff3b1ded0246437b1472c69dd1811

SHA1
d813e874c2524e3a7da6c466c67854ad16800326

SHA256
e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab

SHA512
e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
471B

MD5
b011d2725e33c0bae4cc6110f1228caa

SHA1
98595cb1500ab32b457063d29a60a8ae5496b49b

SHA256
cfb146a5a70caac0842df76ab5cffbb524b9964c4a4250473189d053f24ea9ae

SHA512
60e98f54414f8e14185dd66570b6f4e1cee6471648b700391e59042249e9546d9baa19a6dd0c0b6b8ea17e1eb4059303b7a584507624d0634a50d957af21bfc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D3CDCBF290114A49FD07453E390729EB
Filesize
503B

MD5
b8c4763cd1a8e081410ecd7c0a83a18d

SHA1
ee27ec70a386ae204ef40b926fda655187794001

SHA256
7d709b219ba2d23045866f2887459d606c0d25bb7aee2359d23f26ab7ed97dc4

SHA512
32c52310222de2f27afa6cc9934068dd22a5b074bd058b107d1d27abca15ea3cf3341a5bcb33d3c03a9237122ce779312cfeb72356c034abca7b6ed00012fd80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
Filesize
192B

MD5
4651114d641c91de4cf6668f2c54d0ce

SHA1
b8e7335c14e067efe08504e75401299c198ca0fe

SHA256
ae7f5cdd827702ccf43c79892f41dd57989da8a0e19ebe5baeeaa97d77e2c87b

SHA512
c1a174cafd0ba8ff8d72cbb5dd83bd764946b47367a293f68d049d9cc1a414f78d8fefb4f727555ac3f957509f427683a6d49ab46de838c2d8cb638a00457fd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
434B

MD5
150c938878519046fa852eee6b757862

SHA1
ebb7b49da4f0812ab30542efdb843370abe24b3c

SHA256
e1d6a27e9e202ee7ddcece13d2cf7b68296a361b7a89c3ae70371f8bfc87f0fa

SHA512
9a7591bfffaef4c5954dbd31a05fcf5574d48067ce313e28921bc7c9d3dcef32bda8e15f9aebe32e588fee1fe36d11e54852d26e055f072423e59b31a24c4d78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D3CDCBF290114A49FD07453E390729EB
Filesize
552B

MD5
c36a6fb0c03ce685c1884a918f757c52

SHA1
a5f9ae7e829d643c5775d2db4add939252021d41

SHA256
fecdc6b54cc6a71db021a982ec65d5c5e0168f5b2137ab46d2d7ef06a5345202

SHA512
de49285091c6aa3e0cd368cadeec2d8ecf1aebac584fe1e515e10b968d4d0b2fd7c301983cd7d1cf301cd39989421e4d6cd3e7d4ff00eee415b4d5a433acdcfd

Download Submit
\??\pipe\crashpad_2708_ZIADIFIVHEXIFCXY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads