hxxp://www[.]bodykitskingdom[.]co[.]uk/magento/js/log[.]php

Analysis

max time kernel
147s
max time network
150s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
14/02/2023, 20:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.bodykitskingdom.co.uk/magento/js/log.php

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6BD4F981-ACAE-11ED-AD3F-4EFAD8A2B6A5} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8082d546bb40d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d6fba493e66444e9c0423fb03437b0f0000000002000000000010660000000100002000000035a77c296f83c21c0e425620c16c9efa2dd958308fffa1d990209471b086cbe3000000000e8000000002000020000000bda6a56f43aec6cfcdc40ce11854f5cdf0a8e8b9474528ca5db411285a70093190000000dfc5de109472d26595ba875accbf332cc15b9effdc2579d569dd1d797eddbf93cfc531d748e6b9d1bc311e5370befada5970b880baf35879d5f998d490dba0fa0bed25e32a6f64ff4dbe05e5bd1067471c35e8a049ca6006936e14458bc78045aac8ba7e00c10a687ce18006a7b483bd0afeb5f5819ab4a9342db57abe55819e36d580f3101c4a55d16b2b9ef2a628ea40000000b1e9d7219001318a6d5b50aecb9cafffeab57ae898429c85c45f16d43e9b562446664955c9efa4cf9b2d39f4036c3762e4372ff72c5068e1876a25931b7ed86e	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d6fba493e66444e9c0423fb03437b0f000000000200000000001066000000010000200000004807b7064c33ee0b4f262c4f854fdf8d2d7b7f257260fef2ffd4dd8cff1f15f1000000000e8000000002000020000000da710835fc43537b16e2483ee4cf7ad89417535ca80e88fdf596dd29bd73fdf0200000001d35c4ab2d2dec8e70a3f3c25dc30b3a2c0354b99fc21e87d2c661afb94b859640000000b3f2b86fa97342122364a92bccd3e5de4bb80236e53cc7d93d4fd8ea0b0f6e41d309d3115202b927843c744c01553c4e2ff2bc96a9067f3e4968302e8fdfcbae	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "383175040"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
316	chrome.exe
1240	chrome.exe
1240	chrome.exe
2928	chrome.exe
3016	chrome.exe
1240	chrome.exe
1240	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2024	iexplore.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2024	iexplore.exe
2024	iexplore.exe
1488	IEXPLORE.EXE
1488	IEXPLORE.EXE
1488	IEXPLORE.EXE
1488	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 1488	2024	iexplore.exe	29
PID 2024 wrote to memory of 1488	2024	iexplore.exe	29
PID 2024 wrote to memory of 1488	2024	iexplore.exe	29
PID 2024 wrote to memory of 1488	2024	iexplore.exe	29
PID 1240 wrote to memory of 1928	1240	chrome.exe	32
PID 1240 wrote to memory of 1928	1240	chrome.exe	32
PID 1240 wrote to memory of 1928	1240	chrome.exe	32
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 1672	1240	chrome.exe	33
PID 1240 wrote to memory of 316	1240	chrome.exe	34
PID 1240 wrote to memory of 316	1240	chrome.exe	34
PID 1240 wrote to memory of 316	1240	chrome.exe	34
PID 1240 wrote to memory of 884	1240	chrome.exe	35
PID 1240 wrote to memory of 884	1240	chrome.exe	35
PID 1240 wrote to memory of 884	1240	chrome.exe	35
PID 1240 wrote to memory of 884	1240	chrome.exe	35
PID 1240 wrote to memory of 884	1240	chrome.exe	35
PID 1240 wrote to memory of 884	1240	chrome.exe	35
PID 1240 wrote to memory of 884	1240	chrome.exe	35
PID 1240 wrote to memory of 884	1240	chrome.exe	35
PID 1240 wrote to memory of 884	1240	chrome.exe	35
PID 1240 wrote to memory of 884	1240	chrome.exe	35
PID 1240 wrote to memory of 884	1240	chrome.exe	35
PID 1240 wrote to memory of 884	1240	chrome.exe	35
PID 1240 wrote to memory of 884	1240	chrome.exe	35

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.bodykitskingdom.co.uk/magento/js/log.php
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef70d4f50,0x7fef70d4f60,0x7fef70d4f70
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1128,17115329557795504383,8168569685940229304,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1152 /prefetch:2
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1128,17115329557795504383,8168569685940229304,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1128,17115329557795504383,8168569685940229304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1676 /prefetch:8
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,17115329557795504383,8168569685940229304,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,17115329557795504383,8168569685940229304,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1996 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,17115329557795504383,8168569685940229304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1128,17115329557795504383,8168569685940229304,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3272 /prefetch:2
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,17115329557795504383,8168569685940229304,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2340 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,17115329557795504383,8168569685940229304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3460 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,17115329557795504383,8168569685940229304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3596 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,17115329557795504383,8168569685940229304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3520 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,17115329557795504383,8168569685940229304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3372 /prefetch:8
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,17115329557795504383,8168569685940229304,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,17115329557795504383,8168569685940229304,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,17115329557795504383,8168569685940229304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=544 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1128,17115329557795504383,8168569685940229304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3236 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1128,17115329557795504383,8168569685940229304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,17115329557795504383,8168569685940229304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4020 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1128,17115329557795504383,8168569685940229304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1128,17115329557795504383,8168569685940229304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=668 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,17115329557795504383,8168569685940229304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:2212

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
0c60783d37ebd37b1ebf089a4fd49708

SHA1
935de5fa574ac31110b081d3cc7b4f3fd69dcaa6

SHA256
b9738f4da05f9f8c53a450fa87d89867af93dbdc9c4861f35fb11d815b4542c2

SHA512
44618b74b334f6e711358e36162ac0a0acbb33163b2997e5f5393b62e4602d7f375306b67e3fe7edc26442eea452f8adfb48619601d06ab241dcd0b75e374787

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_1694189887CF06662249C56FB9CAA600

Filesize
472B

MD5
bb1e4db11a6d0206c68a9274210d2120

SHA1
ce389f25bc611015de3ea733b5a6c08ad13af6ae

SHA256
1b78c7ffc08566a5bdd8638c50f92e8f5d77d5d398e938ff82b5e5bf7f08cb1f

SHA512
877028c98191f6d2400dd6d8f7abc0793af41530c3142e5697f555f2bdef8ef01fb2a4aab43f6256d593b5c23f3c0cbf5492eebb194cc55e51060a5785c9dbfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_FF545F2447E4E88A054577540CB20F3F

Filesize
471B

MD5
1221c272ad651cf835eda3d2e3d92c3f

SHA1
f8c208fa196981c24910ce746fa6694ba773a05a

SHA256
e6ae3a2e4d15b094a85fe199501c6420fbd0e6edfad49d1c4d1a1c2165b0125c

SHA512
140f5a88eca81f425960cb979a8507cec9b6c703b820e71002a53bd24440e9f7328951e908f527ffbe0346a69e5db9895c6b3a5b4c388bb4de7719da2607f157

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_7B9C1D3373FBC378C76D4573D2866480

Filesize
472B

MD5
8b36bc34918c60930807ff9c9db0ded5

SHA1
bae57528671e054630c3754ea6c1c6e427080b7e

SHA256
113d32181868bd7878fd4f737992c6048739d3fe6c5a559049940899f0508b60

SHA512
cf5422d8eab40665c654f0dfbc5829e95f1d59533150a7b3b6add58583a4104aecaea5c4449220cf72a58cb30d18dd48b2a1bc414844de3375169420381f9219

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_81782FA44A40DE105399E9D74979FFF7

Filesize
472B

MD5
81a861ad34eebfde7b0fb8be89ae9a80

SHA1
4e36dac83150fac2efa4cada5b72ae50fe7aa95c

SHA256
f9dca744ee31eaffa8710d2e1863ce4ee0e0a206b0288b82a6631f4e424c561d

SHA512
1dae1e3f3c6e626718c0e90329bf79fcf2f779aa957ee256285ea6f62680a307b2351a763961787ddc955e04f8596b6e779dfc75847ded998af7a29c0176010b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_9C98874B6A046E99B718CC18F7E2772F

Filesize
471B

MD5
b2e61a08704c2834389aed5ef9e2c888

SHA1
63db60f882da7e91c9571bfae12fada29788f62d

SHA256
13fdc320a441928b811568278916138555e6bb075cf94ea45b77f215e8eeebd1

SHA512
af67fc854d4d1346357a2f5d6910784f94a965de003aa2b5128cf2c56bc2798b444d395f81746bbdefe0b58ce035ce8c382f50f1b91ce748403117ba197526a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
bc78f1ebfd48d952ef9354792551d9bf

SHA1
9fe0a663ed97c5bafd5aa8b77e706ed7ff240062

SHA256
b5f2675e99ff33dc1fab50b8e287ab93cd3def8692f65780ae813f7d3fc94a4c

SHA512
197963c841e9990964a560598ee95ef11168cc72a3df749362e6a3b7a4e77c1ddcb3ea3184d1c4b897b8d3037b03e212f1337d5d48f744a4459db2c7712fe1b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_1694189887CF06662249C56FB9CAA600

Filesize
402B

MD5
b4fdaaa206714a04e9701ed5ea3df9a4

SHA1
e687b360a19b73f9d6842c6c6cdfc68779a7fa54

SHA256
98ad43692d0e2218b0bee1de3b590e68f7c5becb7741a3da42a1fffe09736b32

SHA512
4bd489a942929b0212cde6e45ff2865c6c13d2ac2647dc2fe0fc3948c36aa2d55a0e0235f11010e9656ff9a7620914cfd44d06a4a53b27e11b227ebba24357ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_FF545F2447E4E88A054577540CB20F3F

Filesize
410B

MD5
49284b46c9df5fbdc3ebb8e171f89b04

SHA1
36c5cc1774aca8e85bfa5d40f3b04ecf9791c306

SHA256
7d14b27430ebd6152238a1c81abb2b66e7212533a3423bbb70dfb757aebe701f

SHA512
ff5f5f2bafce38ff58ff02ae0d943f0b07036ba34c101b2a8378ce05b96ddad9bb50ed9fd9fee3f6b9e78c6dbe7063d87e8a7106e86756976b5bfdbdcd597697

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07ac48f5ad1203a2cafcb2021db23b6b

SHA1
75e5d41d7458569a10338dcc1bcc711a7cda8f97

SHA256
366112a15fbcfd996ea194149e5ed165ceb35df6a92f743eb83bac5942cc284a

SHA512
e96aab1b331449d2a0d9bde3142b7fff01b81525b03a4c95728bb3a3a17183f0c5330c6ebb7ff137688c75cdec932b153bc0b91aaad95fcf6421c5feb10314d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_7B9C1D3373FBC378C76D4573D2866480

Filesize
406B

MD5
6982678f347b551717301bd0ad9b96cd

SHA1
de6046f10f028bd9720c13027a7b5d71a1d4d972

SHA256
963c163ffeb51ee26db6172c5c244da11dfbf752e8e7347e93da4a0e3a28e31b

SHA512
47ccb5844fb0291b5fd983c9480d68d5f6686df2276ecc1391b449b57b96170c713aa3c2f950fdde4e793a8bdd78aa94a23e9ddfdd5d4c36cc660fb53983a22d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
56591c09aeba97e55040a49f6e104e5a

SHA1
077406b66f081e7300d7de029c4766f3a2807c49

SHA256
8b1997909d3d64b0c0518e0cc25d0a600c0ce32f9f5dacf92e30559af4947761

SHA512
1b5b961696674b22b6fee6cb8c51f5ad947261cd51ff5231f4528ca0ee906dd11f8474e41b927cd723789afaea9f9bc77dd46060666c1099d1ed5f8d06dbbe3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_81782FA44A40DE105399E9D74979FFF7

Filesize
410B

MD5
5e37b9b1bc5023f5fe25c08e11f7f42d

SHA1
88788b3eaa448aeb40a71d5838b6bf6e30a02f83

SHA256
f69279f34f6e7baad030df02d4ba9e09e01bb5a249abbe78ee7c86c194f33e79

SHA512
af07b54be545a79f8cd95a789f359dc2beb5b653061fa162360427688023cbf7c94c12c86f4debff20c7070ad1b51ef8707181def6ee15c99307a84968d13a95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_9C98874B6A046E99B718CC18F7E2772F

Filesize
414B

MD5
3eedfbcec102a0910c93c5e0a3efda6e

SHA1
0c91bddfb6920e4337b74b9dc01c496ffad23784

SHA256
a006f2176457636d898a2dcaf8f0d2531393497c3ba664780e5cf1f9f0bf62ab

SHA512
3a43c83802b3bceee402d3708af6b6c92f6c238ac5c835363ffacb4ce3ae7837aef1635281746b23750052c62d330919657706c9e4bb880dc7355e352c486a68

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\M0R00S1I.txt

Filesize
604B

MD5
465f0e54693ca4707614399917fb59ee

SHA1
fb459835b528d5e8af798299c1824a1c4c8e39ef

SHA256
3f3086c3589fae6cc401cc10ae8ca23803f1d66119e46a6b7abf3b9cdb99af90

SHA512
d3acb12ee30fa329d92d8fdbbf7c952d4a2b969096dccb02010a89a2eaca9638bfc1eb672690f15e5219420c332637aecde3d99941798425ef85625ce4c1c77e

Download Submit