2a6fb1d95a54903d350a5bc21e023a6c4c373ab63d1e3749d46d90e80bdf9409

Resubmissions

23-05-2023 09:43

230523-lqfb1sfe91 1

23-05-2023 09:40

230523-lngr3afe8v 1

Analysis

max time kernel
78s
max time network
135s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
23-05-2023 09:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

i0IZQBaUDrNqPWJG.html
Size

146B
MD5

8b50e4773633af84c817a61eaa00ed70
SHA1

2fd0e1f3535370f8e9c9a7e8f72e31bba8424013
SHA256

2a6fb1d95a54903d350a5bc21e023a6c4c373ab63d1e3749d46d90e80bdf9409
SHA512

76d46a9ff2103ce49045a75ce7b4d686c88fa9aafa7a72be09936ccd17405cbb02e51e24031cce413dd065cee6d1a626b4ee3f57b1ae19b92ae872106ded6f88

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 42 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AFF192C1-F95E-11ED-8C8F-6AEE4B25B7A6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 909ce1866b8dd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height = "21"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bf253895c1bb1246b43b6016db04a5f600000000020000000000106600000001000020000000b4c969706a8ae1e97ff658f39942c5f464d6d82b1dc876e1f3d44cb887e1f2d2000000000e80000000020000200000005921f412726d3d0dc344ecfb1c3c078bd49b942e13fea0df6eae0cef6748d696200000008e42294c6969c473327b1dffab25dcdca2480022a1e80ae210d77a47f7eff2a740000000c187d7794fe4782b75c554133474f596834a0bb2613dd32e002439cf9b3e3ed8bcb23c73b0b0281bd13766e0f39832365e56cc895ce9e7efb24368465f0723a2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "391607034"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bf253895c1bb1246b43b6016db04a5f6000000000200000000001066000000010000200000005966cc19d9b3a2e6fca1ba5665e2b88769855fc362c0799453137c0d87beb997000000000e80000000020000200000002ae43b5c1cb435f38650fee0a8335ddd93a33132b4a58335322d5423cb0849049000000010551e9a90bcb597c68072ee8754ec3717854f1999139c975d2c29d6e456e1d238db2cda25819c5ba4a355d99835c6a3ae0b834a4b9e9944d77d8f2f2b26f58d6d60d33bc21bcc7537c760e2ee52a55d7e14ede376a703a052a2c5409b01c9668b1bdaeee138a1277e1b161fcaef947743166f446f867f3f7c76b29516a845ef6506c5a2b0f9545e071b67725f7494464000000081a0f4fc06bfa581859cbd707c451923f59175da4cac7554952aa261ca9f641483f5607db4d1d5a8618b8dde9b6266c284c62f2386c8b876f3eb621acce98274	iexplore.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mhtml\OpenWithList\WINWORD.EXE	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mhtml	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mhtml\OpenWithList	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_Classes\Local Settings	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WINWORD.EXE	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1572	chrome.exe
1572	chrome.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2040	iexplore.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2040	iexplore.exe
2040	iexplore.exe
560	IEXPLORE.EXE
560	IEXPLORE.EXE
2040	iexplore.exe
560	IEXPLORE.EXE
560	IEXPLORE.EXE
2040	iexplore.exe
560	IEXPLORE.EXE
2040	iexplore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 560	2040	iexplore.exe	29
PID 2040 wrote to memory of 560	2040	iexplore.exe	29
PID 2040 wrote to memory of 560	2040	iexplore.exe	29
PID 2040 wrote to memory of 560	2040	iexplore.exe	29
PID 1572 wrote to memory of 1256	1572	chrome.exe	32
PID 1572 wrote to memory of 1256	1572	chrome.exe	32
PID 1572 wrote to memory of 1256	1572	chrome.exe	32
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1116	1572	chrome.exe	34
PID 1572 wrote to memory of 1528	1572	chrome.exe	35
PID 1572 wrote to memory of 1528	1572	chrome.exe	35
PID 1572 wrote to memory of 1528	1572	chrome.exe	35
PID 1572 wrote to memory of 1272	1572	chrome.exe	36
PID 1572 wrote to memory of 1272	1572	chrome.exe	36
PID 1572 wrote to memory of 1272	1572	chrome.exe	36
PID 1572 wrote to memory of 1272	1572	chrome.exe	36
PID 1572 wrote to memory of 1272	1572	chrome.exe	36
PID 1572 wrote to memory of 1272	1572	chrome.exe	36
PID 1572 wrote to memory of 1272	1572	chrome.exe	36
PID 1572 wrote to memory of 1272	1572	chrome.exe	36
PID 1572 wrote to memory of 1272	1572	chrome.exe	36
PID 1572 wrote to memory of 1272	1572	chrome.exe	36
PID 1572 wrote to memory of 1272	1572	chrome.exe	36
PID 1572 wrote to memory of 1272	1572	chrome.exe	36
PID 1572 wrote to memory of 1272	1572	chrome.exe	36
PID 1572 wrote to memory of 1272	1572	chrome.exe	36
PID 1572 wrote to memory of 1272	1572	chrome.exe	36

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\i0IZQBaUDrNqPWJG.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6dd9758,0x7fef6dd9768,0x7fef6dd9778
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1296,i,4423470592881907274,3489040434674248755,131072 /prefetch:2
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1436 --field-trial-handle=1296,i,4423470592881907274,3489040434674248755,131072 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1296,i,4423470592881907274,3489040434674248755,131072 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2216 --field-trial-handle=1296,i,4423470592881907274,3489040434674248755,131072 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2248 --field-trial-handle=1296,i,4423470592881907274,3489040434674248755,131072 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1308 --field-trial-handle=1296,i,4423470592881907274,3489040434674248755,131072 /prefetch:2
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1376 --field-trial-handle=1296,i,4423470592881907274,3489040434674248755,131072 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3808 --field-trial-handle=1296,i,4423470592881907274,3489040434674248755,131072 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3896 --field-trial-handle=1296,i,4423470592881907274,3489040434674248755,131072 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3988 --field-trial-handle=1296,i,4423470592881907274,3489040434674248755,131072 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4104 --field-trial-handle=1296,i,4423470592881907274,3489040434674248755,131072 /prefetch:8
  2⤵
  PID:2920

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2152

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95d624ac4a4d0fba069a100fc17ef6e8

SHA1
17535458926ddc15e59cbfa9ba0666c793cdf54a

SHA256
472d96759cdcffa6e36adade19c23e27dd4c5a7388312a775d1757ade5aa94e2

SHA512
f949dc6b623504c8c31c7a4a457c00e46e551b5c6f9ba170bff947e24d4ea521a07828fd3ab72080633d8be03376a9e21be8f5f4f9e2a93a2158a4445f4c5295

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cdbb99cd304ced8a88fdca121a24accf

SHA1
1301ed789049facbd5014553675051769d697e24

SHA256
9fc9d4bf34204df4eebb6d22ba80e0c3f1a17db24f55b0db9243b72e4354f1ea

SHA512
a093f270fa4968798769571e4af0952adaa87aeee86946d307203b23eca1eca84c44436b4e524ed209fac46b8198c0447d29a4e996586ec93f18e0807961957a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5e02b382acac7d5c488bf787cdcbd5b

SHA1
27592884c8fe437b63afbb717663f5a12d2c46dc

SHA256
52cc06e9fdf12a35f7cc4601170755be4876874199138794765041e3d264abc6

SHA512
58c7d5ec3c9b52689edb384c4eb0dad8ee7739ee5c02bdf9a8622044b7bcbd2ee259c3cc70748bf8f110ae9afa10e17a0a32631da8ad5638d5a959b55b525aba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
911782a148dce54fd0dcfc5162adaba3

SHA1
ac0c7fc7f1415fcf081bf7f4b7a430797dec5b19

SHA256
bc9f890f6d01125bb7ad9ea9d8f12604bcad3072fa5395636efab9e752c637c7

SHA512
346afb2b792658fdc0807cb24d8c4e277c8ffa3691af7d1e807298f06f63d3eaa9bea9f5c9a35af39e9194d7c8cda7a6209a547a559c004420af5f250cc77362

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6209cb9c9acd07e0c33a164b6a6c1b40

SHA1
e35587907cf4a482669f59327415154c6fd08e3a

SHA256
daf2891956f2c498ff193f61b652f5047a74817673e9e27ce8e49151e1159757

SHA512
0e2a74ab8b1353737a31522b66fed652655d1faebe99f0f2be5aa0f16a7b44a12297b24fd0fcbf0134d0db27ae9651c89a6527e6d76d7ef5299176c4eaec08ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3443aeac7ffa46be51fb70b67ff1e127

SHA1
487efe70a1c3ece99d7974c25b7b5b50ac32bc7a

SHA256
adc72f062571beee5775739c6a69305927f2feffbed310bb56bac088fa5042fe

SHA512
c48db40b60a6778474deb27f5df292126af1ce5abc9e338ffa0177c560257165925ce556109820ace4be993ece92303c76e1148f4c9fb9c032ae1cea40634276

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4089f72c1da55480438484ed141d10c7

SHA1
8ba42d28e0066b1e8634e99e9ec0cc0fb8dff7e8

SHA256
0ebc74815d3b31271b2c2d0fc67b1367599017b1fdc5bcaf1ef79672db3b368d

SHA512
2e1478e675641f0301feda3333ddfdeb8e3eb3a3e477dee6764e42a65a18e914faaf9711586fd40441c74c0b50612c19869c735c378be5f95eff81ed3b426cf0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0026ac5b600905f15d34ebe74ea6447a

SHA1
a5efeb9398196d1ac94355766214b06e04af58da

SHA256
f8ba7ec4d86a5179335599ee6cec0eb6fa1ca09a6802640475ef63d95b111218

SHA512
e405ed8274f287dc121311245eb6de6b3d097dbc883befb19406910a9def7aefbf3e51b8eec67dac6ab47d203d2abf16a2d06aa96776476a14ca18b8de9ddc8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b42bba6dbdbe3f4316387d788764fc70

SHA1
dd69b7ad70fc03372c974c6cc97e0e2056685596

SHA256
8a07544c98c52412886a0e6cfe6baf987d8bf15cffc3a438d34098a63fa99987

SHA512
5cb077e42a0b05d931f4446e44dca366863bab3eacdd95f4a06388a9e6ebabc31eef54d2056cc064d5a062d5420e833b627e63bc17a7d2dfb873c61a8644a40d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a2841784468c3c2eea4b5a67ea97e6a

SHA1
5b617704f801f7ccc10205749293e3a17f0c00bc

SHA256
a22f94d81b408db23918ed39456f30402e65fd79af8bbf47ed7b634d4e0d5975

SHA512
1eca367a38b1c9b6261bb27fa8bbde1f472568ae6d91af047efcc260ba20ef3eb212148cbf09cf0897b2fc92d94188b4775eae990e8a79f32c84220bacfa7156

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0dbe5858322c8bc026d0a95752a33c76

SHA1
dba775b0e9e45cf13e9a4c6c5e7c6b259db03307

SHA256
c76b206d714edb650e3edbff4dbed6ef91c1c98e3771c1561ee4d8f62a5b2cbd

SHA512
7327bce843b40afc2f6f17bbef2b4a88324157c9dc6d9a0981a461fa23511933b1bdd284bdad992d1f148538357baa05ae61c465d0b382b759dc21f1c462fc07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
6193bb6fa766c3f34367d873e174e2ab

SHA1
a4bae2108b1dcd6404bcd3702e746c84ba8c1eea

SHA256
21dd993c6d65838e892790fcdd01c2bc639df7622a46ca47edea5226a8a812c2

SHA512
636a13b17d88fbc1114cc0b7a371d6ccd90317f4e4e91ddc5402ed5855f5caa77496d2003d784ad1427ebca1b67e651eb5cb49b427ed4715dd4596ad0c412284

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ac3289786a6a8ad9e2fce22629e1c5f2

SHA1
14bc92dc4db678bed1911db1cf175fff2b7e065a

SHA256
bc2a11305032053f04e16b958e33af02cee2664f0e315f827f58a50d36f844a7

SHA512
c604e7e989c00766e2e0a6df15624462057a69fcd3e0f1dba2e9044f8910cc6093f9f5ebc0220c0ebe4710bac6356bd65d2779830384e3f51d12b49b55f7b9e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
b3a94d11a8b53f4d8db23b59ac6eba9b

SHA1
1dd987615c17cacb052e1becc0f1f180ab1ae8fd

SHA256
19a706a7387c884ed9f554c61ea47ede07e87127099818d476f40a5827cfc8fe

SHA512
b18ec31e3079ee114eb50e08a2106ed10ab84b6b2f5900085d031681c0516b314fa163d300494e1eb0d8709a5e7c1461d22b54caadcacad99bf3f2173cefe76c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\qsml[1].xml

Filesize
544B

MD5
8be7764233d7a6d20e15627426642eba

SHA1
83bf1bd4753a28027260fa18b3cabbcd1dbf08c1

SHA256
99ee10b9e374f60d05228ce58dfe5b542b5eccd659ae05f055036a0f77c3b469

SHA512
a6020e02513307abb97739b8d68e78351f40593426b5f3d943720f5bc877024f1298de8fce5c94a5404057d27b6e26d3d2af3b17e37ec81173a4c36ad58fd236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\qsml[2].xml

Filesize
589B

MD5
95a5570a77dec94c04498c888b74bc63

SHA1
a725b6e4b5911a94237a3bf22f5a8360c9702a7f

SHA256
5f0ead3fcb6ce2655661992ca006c88402dc28f1112fb52af6316dfa51af25ad

SHA512
83d132cb1d559242d7153fc2c2db114c5cb05c00859cfc17bfba00a1a5eb8d8728881e31974e514157547313eb3a55352a2fe41b76b7f6389f85c5839ec4fe14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\qsml[3].xml

Filesize
609B

MD5
1fd5aa52306c001a4a8d2e7b3bbd3909

SHA1
bd8cb2162ef48ca66fdd200d4983e2b97395a0f1

SHA256
44914238d605a555957bb9a70f3dde29276fbad65c6cc9899005c9565105b739

SHA512
440d4ec88da5f1b90fa4f7ba4153a85d2b741478123aea6743be2ae12f77d7602152e2e2d9d7bf43e505c75e2ff729827e812ba9f3f7021ef2b0dcba84fd231e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\qsml[4].xml

Filesize
601B

MD5
34a49e0183d1693daeb3c7dfc724c661

SHA1
2b44ba74ccc55ced7c1f82a47bffce886b29bc26

SHA256
d7d9ec0d2f709c414c88f70addadf7f4060028cc8ecc62457c7022e410634875

SHA512
3ddba1a61058c5989592da3d6c4652ea02190144dbd7c68d9ef9fd3a12e970928708571400679fbe3a9bf388f868ad31021d5a3fa18cffde6956d84fbb8d32cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\qsml[5].xml

Filesize
428B

MD5
4dde59d9344c3bcc323323d38e6d7989

SHA1
207d0851dc5206b32b884ce7458bd29c7ddaaf34

SHA256
e81793dc7adf4a621836a42685975130518995c03ba0a00ff023bb95a0a613fa

SHA512
9dcb83eb69f1483d407fdefc7306793eeb526f794d099dc5bf97d91c494d05c08a38a3c0681f60ee446a204179d6b33a99008b38921dcabe896081e47ae1bfcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3E6A.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4094.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF08CB97B6F15D3736.TMP

Filesize
16KB

MD5
125a0a56c315e7c81e36576bbdb5037a

SHA1
1b586c81253c9fe4582dc7093cfd6faa9be1b82e

SHA256
0ef0ce995a644c5ea0784ad0dcee983976008e76b1ad7e7b160384661a67663a

SHA512
808c18d2731d0099a58a583fec734fa73b1b686049ab47cf1282cb245d86b8a6bb888bfa45770c4befd9f665a665a3540b27a9d889216c76504046d1608c6511

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\F1F73KPB.txt

Filesize
606B

MD5
fbc9ad361519af07f31b87eee69792db

SHA1
7878e1e9c69f89752b622fb571275292c97c5868

SHA256
f7dd513ec2f9be9ed27580f326ef059d6f1f68e323a821fcb852edb30823fb9d

SHA512
5ed7fadc4b31c68278c27bfe1379f2a29264563d900ffa591556afe6ed535a7116a1b1792d9eaa066b0c2e97fd7b5a25cbd49afb3d85f8391658ad9dd5f56838

Download Submit