fb4b1ed51298447fe611bd2871e5d0f2c165abb2e30e82fba3a45bc70f6d8ee1

Analysis

max time kernel
145s
max time network
147s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
08-02-2023 09:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

198KB
MD5

1a8ef4e86e218fc9d2b642044fc1886d
SHA1

9269507eea8497112b06cee52ba41b98d5c42e70
SHA256

fb4b1ed51298447fe611bd2871e5d0f2c165abb2e30e82fba3a45bc70f6d8ee1
SHA512

0f5feb480065dbd489afb34ab0dd7e2f85e7e343d67458219576b3ba8e1d2da88f97d9c022f0f929856af158c78fe8029638e166f693ca5420293294bd39e6c7
SSDEEP

6144:NsEeU7GJwVtfDDKu/F2DdElR5YnDerdpMvxd/dt0lObpczKgLrIeI9:77I39

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008263479a358e624fa5f379ce39e10fc900000000020000000000106600000001000020000000c953ab613c20eb1e81d572c171e5dbae8c44b35820293631176386774300f6ef000000000e800000000200002000000014ea62b03628c2191e7f4adb2377bb14b353120f6f8255bd078693f3e37bfe5c90000000239cb3d4944c99e5409d4620ba335198434574a08edf132bec6d9717b4a4493fe8f1eb2174b9b021fa21f0f225cabc5a2bce352138f1b3145d703866624173796df72564ec3b35b3ff4eba98f45e30de3228ec91a8f330faf65b31207029cea0371244e6ccc2e5f75610ef3d56462c741102f43f1970fe0ceb502e21bf785f12fbdbdf67dfb663a009cd053952cb3ba04000000006106e1b37d3843cc4cd7efaf584fa143b24a0c3bd41dea77a404f77b1768e164d32b1a36492387da6d6b339e0c43a0efa2e86d97de9fe455a4dd6a29a12f7a3	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "382612497"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A64BD431-A790-11ED-B63A-76C12A601AFA} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0d1d4829d3bd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008263479a358e624fa5f379ce39e10fc9000000000200000000001066000000010000200000006b4eafb7bc75d47de354f540c8d091f0d9284577cf6022a5deb84c84c6a34a2f000000000e8000000002000020000000aaa9e643e3ea1e9eebe867d7fbccf1d2737700a04a5ba499cd6184d71397d37e20000000e009eaadeea0a28dad2f2efc75ba9ef5b99fe7325c5ceaaf039455e5e5bc31ac400000006b4e0481f7dad79baff2c48c4c552aa464ef1ab0eb46d3aab96909cf72b2a63801dce9fbc7b821e3da2d651703df70e923ea8e11fe5860107cec0806946509cd	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1784	chrome.exe
1472	chrome.exe
1472	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1396	iexplore.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1396	iexplore.exe
1396	iexplore.exe
280	IEXPLORE.EXE
280	IEXPLORE.EXE
280	IEXPLORE.EXE
280	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1396 wrote to memory of 280	1396	iexplore.exe	28
PID 1396 wrote to memory of 280	1396	iexplore.exe	28
PID 1396 wrote to memory of 280	1396	iexplore.exe	28
PID 1396 wrote to memory of 280	1396	iexplore.exe	28
PID 1472 wrote to memory of 580	1472	chrome.exe	31
PID 1472 wrote to memory of 580	1472	chrome.exe	31
PID 1472 wrote to memory of 580	1472	chrome.exe	31
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1816	1472	chrome.exe	32
PID 1472 wrote to memory of 1784	1472	chrome.exe	33
PID 1472 wrote to memory of 1784	1472	chrome.exe	33
PID 1472 wrote to memory of 1784	1472	chrome.exe	33
PID 1472 wrote to memory of 1732	1472	chrome.exe	34
PID 1472 wrote to memory of 1732	1472	chrome.exe	34
PID 1472 wrote to memory of 1732	1472	chrome.exe	34
PID 1472 wrote to memory of 1732	1472	chrome.exe	34
PID 1472 wrote to memory of 1732	1472	chrome.exe	34
PID 1472 wrote to memory of 1732	1472	chrome.exe	34
PID 1472 wrote to memory of 1732	1472	chrome.exe	34
PID 1472 wrote to memory of 1732	1472	chrome.exe	34
PID 1472 wrote to memory of 1732	1472	chrome.exe	34
PID 1472 wrote to memory of 1732	1472	chrome.exe	34
PID 1472 wrote to memory of 1732	1472	chrome.exe	34
PID 1472 wrote to memory of 1732	1472	chrome.exe	34
PID 1472 wrote to memory of 1732	1472	chrome.exe	34

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1396
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1396 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61d4f50,0x7fef61d4f60,0x7fef61d4f70
  2⤵
  PID:580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1112,15093067956757271353,1012976369323364648,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1128 /prefetch:2
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1112,15093067956757271353,1012976369323364648,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1112,15093067956757271353,1012976369323364648,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1820 /prefetch:8
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1112,15093067956757271353,1012976369323364648,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1112,15093067956757271353,1012976369323364648,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1112,15093067956757271353,1012976369323364648,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1112,15093067956757271353,1012976369323364648,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3292 /prefetch:2
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1112,15093067956757271353,1012976369323364648,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1112,15093067956757271353,1012976369323364648,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2016 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1112,15093067956757271353,1012976369323364648,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3608 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1112,15093067956757271353,1012976369323364648,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3620 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1112,15093067956757271353,1012976369323364648,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3616 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1112,15093067956757271353,1012976369323364648,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1112,15093067956757271353,1012976369323364648,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1112,15093067956757271353,1012976369323364648,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1112,15093067956757271353,1012976369323364648,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=772 /prefetch:8
  2⤵
  PID:2696

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
ec8ff3b1ded0246437b1472c69dd1811

SHA1
d813e874c2524e3a7da6c466c67854ad16800326

SHA256
e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab

SHA512
e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
5715320e6ea2809d8733e8533cf11f1b

SHA1
82d8353a6efed6362d46767dedcc511fa1292c1e

SHA256
cd74048054f9e8e360276f2370429b870217406c93f36fa6b7e043f2dabbb632

SHA512
f4c204e643cc2cad631dcfb6056fbf5799679313a81077e63ba4af9a58ca34b17a35b1027602b30d6eae41677c06be1f241bc37e3bee32feb1b64cb05fa638e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_EC830A980969D746780C4373E1195F3B

Filesize
472B

MD5
8d5417d247d259e3c0186136b83d9f75

SHA1
49fbcf99a352669aee2559579ef73fa60f46d38d

SHA256
3c013921158ec27e44d5e80a5108557de80a27f38089ac3a52c6c1cf5636f585

SHA512
b7aa0b40ffe53c9baf27ec9706c79c57337a7bdb5bd8b6b3a5598083932e5cbc09915d59f57391f521207764049ff713da5e4cf3fc0a794a799211e03c0f9d8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_450C63FC50977E21DE9DE54EB1509725

Filesize
471B

MD5
325a8a10ce2837a8c6820e30572d181c

SHA1
195d6189f0f10fcb301fce3af4c27028bbcb9eaa

SHA256
2f1a0e948582fa64266617acc77e9beb71c5031d9cffe1bed1393a554f259810

SHA512
f1febcb57b436a52861d898ca94b3364faeaaf2aee9dee467cfe2eda9f14f087e047c764376d100f8fc98619de4daa3d3df34649f756c133644d12c4a1797f34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_3EC31EB4087C9E0688C8D3A5E55C4B58

Filesize
471B

MD5
3f3962ef574ee0069c41f7cbcabd1ef3

SHA1
c4b6aefa8563432c5e5901488c38ae7da3c83fd7

SHA256
9518b917cc6f0b1724d687d6aac4d8c1851d46949eeb4926acdb26a84728fdc0

SHA512
258c95332b3fb4923552034d2a893158608ce7d6dd6c43325778d3efa2b37bf6cc79450980e7067959355f667081057b40f6bd97fbce2a40d3abb52c68c24443

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
71b7b540790624d846dfe2a29e96f89c

SHA1
cd8943fa5c2ad80cc89dbbe3406551ee66f8bb4f

SHA256
4f8f5d0437c36d216e32966345fa4b1b3e60c06421bc1b375eee797d37c61581

SHA512
456dbaa687b4353493e39ab8d1985b5cb12038d0388cd191af2a0eb519dacbb732a4486e65c7518cc55c391d2386a5a833dc4008eb8887e218e825e37ade47e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
4b0e8ff734f6502287c87016ccb491e3

SHA1
c0daf7b44151b9a3bddc30886625d67a6d25d8dc

SHA256
3e970eec7b771f41ca47078495bae5282350c84f5ecbbf60b1e6d9b15d62bfe7

SHA512
5c01e657977fe4ed453946fcd0b13acf0fc50d7029a12719e0dae89049ca2b063e4fb133e576ee6084eecabff87d7ad3de0184824875ad094cbe9beccbc9b790

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2fb20501155f909c16563263cd1583ea

SHA1
1b202e5f87001994a69fbb6d461427d3cdd34cdc

SHA256
5f77b80fc0e4581ed78b927504d14cfcc5f335e9bb88a4e9b775b1a477c25b4b

SHA512
659aaa27af8a481698eb72da057a7a45f1e0a9868b011fd11130f151512711feb8a0e6492a97a97ebb632d6e9b6b45bb3fdbaa4a5f85a34cf19c2ac951a2980a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e21b5b72df53b64248c2c04bddbc694

SHA1
806501694d7ee6e475da314639033d00df5fa721

SHA256
4ccedf7f235906c4b77f206323bcf268e3a9b34d22846246b60b3cc22e83794d

SHA512
cc9851a0bd6662e7b3dccf25a1aeea2b2bd9a111d26997d2348271de9a33d5d0efb53c802180b86821f2a2b3cf03a3a6dd3310be8b3ee94cb9912a89f8f4e008

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_EC830A980969D746780C4373E1195F3B

Filesize
402B

MD5
108b4eebc2f626616436113153545ed7

SHA1
46e264967c3a531a2109d45af72d64f7a2b42c20

SHA256
ae2354b01e927c9c1d2ddf1cd5f24f697d33c6a9fbfdd734fce53fa390955e40

SHA512
d2a80f7d1bf54808f8b89fa2fd21fc53b15daa2b5aecef4de55a3c93ebb52584f0c3f704ee88ada3ff5363dca23b7e2081025ee0f1e1f8b6c517372bc408171e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
172b54bf0d22e913e4e5ceb17738f7dd

SHA1
669c670908861ae1ed8455105f9a49dafd55b3c9

SHA256
e73ba7acc1afad1889ea33d7d193acaf84c0fe512cc8b0e5046e2169ec70168f

SHA512
a72fb6d16eabb49f5a7a73eb33b69e61a9b70f22ab2f1957882b7f0c3bcc6f525a0d6651348e1c5f8b7ccd495918c26ba2d17fe34558d40373657175d08c0eba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_450C63FC50977E21DE9DE54EB1509725

Filesize
410B

MD5
5d4aac97512d38a7ca1d3160cdc78dbe

SHA1
ef3eb42e6d31454b33003ed94ac0103f4063dbd0

SHA256
954d8dbced52abbf186af95ecc7697a614ee0bdc42b941495b6f0a17ba3da979

SHA512
1e306f1b4bad45671e91bd5d6784772016f15cbe59192d0c9bb4f51ee62a12f7a80de4b9fd4c036dd1aa663671fbe7682445dd4576547a896e125352ff776177

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
0ccfcd38a89e0a402d1832c3ed78dc5e

SHA1
3308ea9e64be419d0f25052fdb262926ab69e6a2

SHA256
72a8f2f9e0265a787d0be2a2d12c5409c08a6be1e6dafd6e0e143f9299953c0d

SHA512
faf29eff02d0816aa0374a22471c7094b17f244179616e91df7f507159688ee0a95f1d080af37b6a22c25edd251b9daf0a96227ff3f2f56ffbc5778f5f9824f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_3EC31EB4087C9E0688C8D3A5E55C4B58

Filesize
406B

MD5
97c113f1712369d5c54cd8660bb1bd52

SHA1
9d8f4bd8bb59d67eaf011039e08cf4c8627e60c9

SHA256
dd5a861c162e5e4385993ac77ab8409d99806053009d42a7b5fcc107e1f524ec

SHA512
25e798504f2a1f7f97dffdcb0892bdebe67178fe25598300d967b644f245e8f9866d753086fe54fc8dce869f9b30d66476f358a3462b26ba3847736add171456

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\1K7K2EJV.txt

Filesize
607B

MD5
73a628eb799aaa87c35095339c72f333

SHA1
089c4c360515413ceed0a14b7240efdf39b2242e

SHA256
5e85743f136dedeaeaddc034497b9bbcb2601a1982cf746ecd7efec3f983f721

SHA512
19616a5ffa26252129ead0a293a54007c5fc79ecb9fab506660ea21d29d5c3a85c81033c9306c73f7c5bb0436945749d981e8196e4e649cc11b75a937ac2dee9

Download Submit