fcc3c9ff7dd2882127049a86cd32b7fc8b8bb1ca1d1c10566782a919b6148106

Resubmissions

20-03-2023 13:39

230320-qxzfpafg3x 1

20-03-2023 13:35

230320-qv1kzafg21 1

Analysis

max time kernel
143s
max time network
151s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
20-03-2023 13:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

virus.html.000.js
Size

40KB
MD5

9b38cf5539911f2610337602ce079f10
SHA1

6fee5029439db2a500f4efa7ac1f9bcbffd3bd54
SHA256

fcc3c9ff7dd2882127049a86cd32b7fc8b8bb1ca1d1c10566782a919b6148106
SHA512

46253f7e2c2a7c77f5286760aba6d6574aea79823a5e0828d404bacfa4e59460dfbb7b9a30a8afdbdf1ab147bcb83f1a880a488c074b5dca3b6ad62d2fb6bca4
SSDEEP

768:Hu+y0SZahMcoJc8y9yB0FprU0428AtplIhO3VdzvlS0Yqb03T37uMwVWgJI+xyPg:TPshbuMPveecyeeRueeeeeeebweeeeeE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006e8f12fa8cd8fd499ff2c01df6bc8a3c00000000020000000000106600000001000020000000a9e027f7c96e3bf109b9db22fd31de10e524adf11094f71990ab362a82da1afb000000000e80000000020000200000004597eb16a754cc618b5fdc968215ab78c59af64c7a744d6c70c27714d6d3cb7290000000f67616fe93f4db4ee58abfa771aa13d126d6f1aa0bf05512abee65d163a0e0bd387107cc8bf4f6f7d245d05f890e749624079a1b594b6f0eef1aeecfa09f0e3c1bb5507ce6da11d74cef0db207ba4889dd2386190300971541a235993bad2e79df7490c85593ee22e0407b4279b5f66a1d5acdba4e67b674fe0fbe633e13691369484e4b47a0384cd3009c30b9b8d85a40000000061aa054663a314926106e96fa60d93a78d90c8aa4e949f472fb876f447788ab9e6d93295b5aae1bfff2f96f261ae1259df90840e91784b13d178af611776fef	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d08ede41315bd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006e8f12fa8cd8fd499ff2c01df6bc8a3c00000000020000000000106600000001000020000000e8561e8fbc84ccfa4d4e2847f72a8faf5155c0a1bd64dc1ba81fd2e14d180a21000000000e800000000200002000000059867b812219724a947f0ae805ce0330ad65977e439435b2d4598ff8b6e21aa820000000e8969ef9e342ad3f2f00f77d14f5a240bc72c0d90e4438fa31e5ac9e8482142940000000b1190edb9d30103f3500a7d3e331807c456e48d0c5a3cab39861d93de96d88c069bfb0dbaf3972ea92765d72c175c4989dac794371c3e28c107fcbdf10cdbc90	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{63DBF901-C724-11ED-97FC-F221FC82CB7E} = "0"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1880	chrome.exe
1880	chrome.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: 33	1664	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1664	AUDIODG.EXE
Token: 33	1664	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1664	AUDIODG.EXE
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
1108	wscript.exe
364	iexplore.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
364	iexplore.exe
364	iexplore.exe
576	IEXPLORE.EXE
576	IEXPLORE.EXE
576	IEXPLORE.EXE
576	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 364 wrote to memory of 576	364	iexplore.exe	37
PID 364 wrote to memory of 576	364	iexplore.exe	37
PID 364 wrote to memory of 576	364	iexplore.exe	37
PID 364 wrote to memory of 576	364	iexplore.exe	37
PID 1880 wrote to memory of 1524	1880	chrome.exe	41
PID 1880 wrote to memory of 1524	1880	chrome.exe	41
PID 1880 wrote to memory of 1524	1880	chrome.exe	41
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 396	1880	chrome.exe	43
PID 1880 wrote to memory of 964	1880	chrome.exe	44
PID 1880 wrote to memory of 964	1880	chrome.exe	44
PID 1880 wrote to memory of 964	1880	chrome.exe	44
PID 1880 wrote to memory of 432	1880	chrome.exe	45
PID 1880 wrote to memory of 432	1880	chrome.exe	45
PID 1880 wrote to memory of 432	1880	chrome.exe	45
PID 1880 wrote to memory of 432	1880	chrome.exe	45
PID 1880 wrote to memory of 432	1880	chrome.exe	45
PID 1880 wrote to memory of 432	1880	chrome.exe	45
PID 1880 wrote to memory of 432	1880	chrome.exe	45
PID 1880 wrote to memory of 432	1880	chrome.exe	45
PID 1880 wrote to memory of 432	1880	chrome.exe	45
PID 1880 wrote to memory of 432	1880	chrome.exe	45
PID 1880 wrote to memory of 432	1880	chrome.exe	45
PID 1880 wrote to memory of 432	1880	chrome.exe	45
PID 1880 wrote to memory of 432	1880	chrome.exe	45
PID 1880 wrote to memory of 432	1880	chrome.exe	45
PID 1880 wrote to memory of 432	1880	chrome.exe	45

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\virus.html.000.js
1⤵
- Suspicious use of FindShellTrayWindow
PID:1108

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:632

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1664

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\virus.htm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:364
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:364 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\virus.htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef58c9758,0x7fef58c9768,0x7fef58c9778
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1244,i,13252376787087673399,3934975791703278797,131072 /prefetch:2
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1544 --field-trial-handle=1244,i,13252376787087673399,3934975791703278797,131072 /prefetch:8
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1676 --field-trial-handle=1244,i,13252376787087673399,3934975791703278797,131072 /prefetch:8
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1244,i,13252376787087673399,3934975791703278797,131072 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1244,i,13252376787087673399,3934975791703278797,131072 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1424 --field-trial-handle=1244,i,13252376787087673399,3934975791703278797,131072 /prefetch:2
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1264 --field-trial-handle=1244,i,13252376787087673399,3934975791703278797,131072 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3892 --field-trial-handle=1244,i,13252376787087673399,3934975791703278797,131072 /prefetch:1
  2⤵
  PID:2636

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2228

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
2KB

MD5
84770e5e2da7dbc35f74f1301910fea1

SHA1
bd6156f63c93c2bc668dbd796d27474700cbff84

SHA256
97a616430f4f8b8a76004f3ffab182f6a01870267c53387960f71f56c3dae1c5

SHA512
6241fec66ad5219fa31ad47fdd93dea2ef079cfd600d3ec1ca48fe64d028d76a82984113a5052b74de8d678d183e2bafb965f3c6111f3cdf139239b07dfee941

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
7503edf98b48d70f836b85daec19c17b

SHA1
b40f7dc07360f1bf9716d66fd0a65ce56709c316

SHA256
54e6f8be54a015f1389a98f863bbfe67b82868858022319390a2efee5ade09e9

SHA512
a3b35d0a6593eb3db322dca4531f6dab9fcafd5ad95a61c0c783e056bb1da6968cb62c71c431dd0a3016395909f80430f78b76e3321a3b560239fc9973c26d47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
46695bc8561a32e1833a6d99a77181a0

SHA1
b3c30e212f13fe612567d1a0d590ea400225bde2

SHA256
8acf929c15a9d787e72809586a1c01d53cd344207ed8f5b5d2f325f4a25f708e

SHA512
59a20f6594e628fb465ca887c4987656757d6b479c9fc72995c1bbe4c7ab89a8e60969aa68d7472b8a06bbfa99c01fdd0e87608fef95133463034bc21744e304

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
c18c1ab84b27ba6cf9cd2e5ca8a96d62

SHA1
df6dc9e0b61be770d13df05ac149ed07c5f9210c

SHA256
c3535d9b617c8060aa4a80b708e2d017c1b344258b5f18d1b6889060c894ff2a

SHA512
cb84a250d7c37c1def8d34976326f4d90b4e5fc0dbefddec5958af85e67a07e77ca0bebe8bd8c3ab784b138eb2ee05004ebba20156e5e02186bd1dd1d92850e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
488B

MD5
9df2aa88be2aad41cfd4ba352d2622e3

SHA1
0eac905d4e62d07483d752dfb3deb58119e4bc85

SHA256
4ed63946426b1040297e9dabc434c01f32b961a20a3efcc6993d37228cc3ad67

SHA512
7e793a3bb4bb9ac5bfc3f939533d390209f2f6ff6e2dc8ecb72d72f378332b74c036340e6579c468bfc43f60dc1233168e5e47e0a17855212a92ca54a81eed78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
02d46e9f1f5a3f47b2fb4a680ca2f83e

SHA1
7ace42a11de58d38a4f5e7e37d7f177c6cabd5db

SHA256
333202bafedd28be2d32a9ef60e30823c40a4a455d39d1569f0074decd774b1e

SHA512
234d20e126a039a05810b394a299f76b153b26bad1937acd3c60d1943e4ec7f37e98ecc85d2db6d51c165e7f07dec6e4db189d8b0381ec0294c320d093c4aaf9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90ea6b7bf2b3ed9a0e653181ac28d966

SHA1
6096f45e48ff9c76f76dedfebf6428011da31d9f

SHA256
a6e7a92e00c17fff326f8e8214e9483ffaac73f5c4fc0f8a0e2623b5fe73553b

SHA512
ba854590d5b9434d07df2e809773d262d6613f4632d68dcfbc29db07e5253edfad6b43dc3740cfe566a54a3580496c404f11cc5a2e800e92ce6ec06ead02f32d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
494bacc9bce8d0a22b57edd9b8800434

SHA1
d5b72dc4cea9452e124ffb7bcb311feb1e2f54a2

SHA256
6875a5c2c8e24eec9ec67448960b83762f5277d5acf1c6a620c7a4a7638a41f0

SHA512
bcdf8e742f17acb7024258b1fb298b25c038ec07cf037d008aeef8fd68283b865c2981b3eecd85ff2ef1db608ca9ea8a30e513231ab43208a776bfdeb412765c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83b71fa55297da9641880ad57dc26794

SHA1
b4d0aadfca70bcacf930bd1a477a69b5d64a2256

SHA256
27faf5718f7faa1ba3ec152db623525baeb6951eaaf31d8bf72f6e92fda8c801

SHA512
76977c5c8ea1fd30efee19ad4c4434a4c024d7bd7d2e6c3341d22579cba44404246729ccaa4e5c037b05c748124e55d8c1a596e0d7ebea170bbaaf93433734f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f431ebeb7332383191af17d1894526f

SHA1
9293c6238bd2d3f7ef2b309df726773723c39a6d

SHA256
e412fe1e65fa88ff3c6c6c8d74bcb265f1d744a96052ae0d6520119ad86985f5

SHA512
f8eead256519a2cbad0a2ce02e8530132c4cb3f47bb8de31bfed651334b277e51a428cc6d345d30a9f3bf18104d4666e326ffc5012a06f4b76df65d662379a6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cdd9cbc0c26b204fab24bb413b82a3ee

SHA1
94ce8823e65554f170fbbecafa65b7559db23d6f

SHA256
539ba033f14ec524d4dce8d7f9518148c358bf253399e7ad8f055c36ebb66b99

SHA512
dda2fcee133615e05262c302ef03254d2ae4118db2e56039a1f68704abb5fc12dacfb02656d3be48c5a2f40b24ac057f24116082b7f5d6330a67276bcd59076a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42408e5b0f5eed0fb65e1a56cbb16b8b

SHA1
241921b1b8546d76907289351f89981a1e5c9335

SHA256
291b51718d25ad9d7831973507bfa59ae8626b8d52dc8000e62703ee1c9d6e0e

SHA512
97cc43f53da496d32889f73b2ac38739c3f019ca7c2e0db0e4ae10a864c429fd0e48cd5d2f5c85f69e2b1c7325fad7fa244c0e4aff68c1c2cf9b895a2875a555

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d407f2642f21543386fc64d5e568c4c

SHA1
afb1c404791066ff7453866c2f022d2e1314a50a

SHA256
a9c38d61a2bc434244fd86607fb6dcceb4ce845ef2978c0541c70e8d62797a4b

SHA512
d5dd236aa7fdcff11c6eb2a86db263d6a88ee6de44346efd630e675a0f801151cafd247bf4e1099f444cd43c5c825474289ec320602b966874aad386efb9aa01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f054a8b61d7f3a843cf5504c6443ac4

SHA1
3c0ee9a10d0d016b7e916c6e5e7d0b50c5613ea3

SHA256
bd2f8f7367ccf5c113ab4b95a9a251a743f0089bf66b709417692e98cc5c5e29

SHA512
08be3adfac10155e278307ac2776b2696d9efe509fdf6bef7d0ad808f6159156e7301ff792c8812df216e32e0afdc594dfa6190a4f614b06bec2f6cdee3d4f38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3099ab365cfa379ae975180d97f38943

SHA1
c1f2243b281d3ad01cb2193da263e823e91959b9

SHA256
5482f824b9822319903b953b03f8cc2540c6c3acc872c2534f933972022954c8

SHA512
31282890dd6dcf01a3cb20a799d349d8b5fa538a7781384b7272bf7c4efd331653d76cfec0425c477148eef4ea4332761e9d7fe7f20a49ede82a115fb90ec322

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10cfb0724f08a2babc00fbacd505d4ec

SHA1
4c828060585c29b27bc5a978024f8d477e605791

SHA256
78b755acadd8b0fd6042baf7679b329b9cfdd8fb71d7f8a518d123e70aefb682

SHA512
deebfc7e426aba52ff2203b780818171db4c8095fabfdac99b756004ef0215e2769ee5dba41f5bb054c93d5c819a6d5a455bdcf7e656ae433f78c2d7d89f1a6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9f15a5937ed4f04d66a52fedef549ae

SHA1
d920956c05dc97e6c329b64f894dcbd7de9a147a

SHA256
a1b8571cb5374007281dd070231004e9ff0ff6ae87bfce5a02967c6cfdd19866

SHA512
38ec74877a08318bd7e090e3ac52457e20cf7b32c9b4e6726d2ef60719d3088b29d9ac982f0764f07e1fa0de512ad0f2dc31597feacce50d6b2f0ae60ce9817d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c7654cccb0acfb08768d9fe9fb21568

SHA1
38d9692e96d1706084980ded28cfbd749202127b

SHA256
6ffc05a2234b1e3483786952f263887f24e3af79ca76753ad353474ee90fc080

SHA512
3b88cecd0096aa64d81162971405223132b167e7288a62f9dd483cd92f4dca1c96c09109e10018c1c5905893f3f341e4aa31a17b9954f974c4832c6e3de8fd31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
0de944dee50f9a80d924b77784641289

SHA1
2783e93ed1a011d092e8d4859eff7fe52ad851cd

SHA256
a376de74dc96234b643a66f139208aaf5c0d99164db9a0d81dfd92e7810586b2

SHA512
33a324a1f6dc7806238b61cb0fd65756e405525053d5775393f4b8122ca4e1b008a210ce9aa701b20b6c01cc750c964dcf7d193a5ae177e7e541c28775c4076e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
4aea998095e860ebfc0f2c6fd4baffa3

SHA1
734770e01ac1ca2366b037a14f9038c7c5eb3329

SHA256
118d949585025d1a2521f3f8b82cd925234298c40f2ca40c726702e71cf14b67

SHA512
dd03f5116786b737006b24d9858488b9332c1779ece2d0ebdda365d803886bfe3374006ab97be8f97062222c67cf45afa939876198e43b6fef25c692c2e32d67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB7EC.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBD7F.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit