2a6fb1d95a54903d350a5bc21e023a6c4c373ab63d1e3749d46d90e80bdf9409

Resubmissions

23/05/2023, 09:43

230523-lqfb1sfe91 1

23/05/2023, 09:40

230523-lngr3afe8v 1

Analysis

max time kernel
144s
max time network
152s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
23/05/2023, 09:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

i0IZQBaUDrNqPWJG.html
Size

146B
MD5

8b50e4773633af84c817a61eaa00ed70
SHA1

2fd0e1f3535370f8e9c9a7e8f72e31bba8424013
SHA256

2a6fb1d95a54903d350a5bc21e023a6c4c373ab63d1e3749d46d90e80bdf9409
SHA512

76d46a9ff2103ce49045a75ce7b4d686c88fa9aafa7a72be09936ccd17405cbb02e51e24031cce413dd065cee6d1a626b4ee3f57b1ae19b92ae872106ded6f88

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006d33602ed2826b42b95f5feb6e08e74400000000020000000000106600000001000020000000fdd2938257ed2af926f76db9732fe745126961644b53394f8bc681a90111e377000000000e80000000020000200000009e7917b167b5a1d4e952e12c72659d49160f8cd642e2524bc3fb418eb1ed29179000000071a9cfce8cd18c486b7637db3e97e1136693dbd560804507544554ec81e67373176acaaf83d5f1ceba0e854e7dd2cdc0abef54375b8b807aec493f8e53b5ad81b83dd82c8cfa8ffc731bd6e33c3b645c6364c99fdba7923c9a0dba4fe483c575aef5950b99f47b0efbd96429e75a6f42d3da55797d51c15a4544876274aee0279fc076e068650245ee0bb49fd2074a5d400000006e89791f8db2d68e849c38541a88d0bc5a592b9a93e1f48470d7ff73199c92655221435044b9b72bc7e9130c03e44f47712fd55b5d63797a69ea839de7d87b22	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 100a1ffc6b8dd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{256A82A1-F95F-11ED-9184-5E76FDCFC840} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006d33602ed2826b42b95f5feb6e08e74400000000020000000000106600000001000020000000471389a6fca50bdf2febf37493fcf4523b6d64400058a6f986b7ba40013b2b5e000000000e8000000002000020000000a387501fa8778222886289bc1f571585513118593400d05696031c0c68aff1b2200000001937cfff5332ab3f9e309f3e481dbdcba4c0fb41664376239a0b4c5f16bd7faf40000000b1fde06d86438c0728509d91185728eddaf4e34f0c9ef9c71586cd274ea4a8259424009c3671c8508a29cc4499e4195fffeff0d2e35c29a54584dc0b8d8d030c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe
Token: SeShutdownPrivilege	940	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
988	iexplore.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe
940	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
988	iexplore.exe
988	iexplore.exe
588	IEXPLORE.EXE
588	IEXPLORE.EXE
588	IEXPLORE.EXE
588	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 988 wrote to memory of 588	988	iexplore.exe	29
PID 988 wrote to memory of 588	988	iexplore.exe	29
PID 988 wrote to memory of 588	988	iexplore.exe	29
PID 988 wrote to memory of 588	988	iexplore.exe	29
PID 940 wrote to memory of 1044	940	chrome.exe	32
PID 940 wrote to memory of 1044	940	chrome.exe	32
PID 940 wrote to memory of 1044	940	chrome.exe	32
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1656	940	chrome.exe	34
PID 940 wrote to memory of 1788	940	chrome.exe	35
PID 940 wrote to memory of 1788	940	chrome.exe	35
PID 940 wrote to memory of 1788	940	chrome.exe	35
PID 940 wrote to memory of 1672	940	chrome.exe	36
PID 940 wrote to memory of 1672	940	chrome.exe	36
PID 940 wrote to memory of 1672	940	chrome.exe	36
PID 940 wrote to memory of 1672	940	chrome.exe	36
PID 940 wrote to memory of 1672	940	chrome.exe	36
PID 940 wrote to memory of 1672	940	chrome.exe	36
PID 940 wrote to memory of 1672	940	chrome.exe	36
PID 940 wrote to memory of 1672	940	chrome.exe	36
PID 940 wrote to memory of 1672	940	chrome.exe	36
PID 940 wrote to memory of 1672	940	chrome.exe	36
PID 940 wrote to memory of 1672	940	chrome.exe	36
PID 940 wrote to memory of 1672	940	chrome.exe	36
PID 940 wrote to memory of 1672	940	chrome.exe	36
PID 940 wrote to memory of 1672	940	chrome.exe	36
PID 940 wrote to memory of 1672	940	chrome.exe	36

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\i0IZQBaUDrNqPWJG.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:988
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:988 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7139758,0x7fef7139768,0x7fef7139778
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1244,i,4592924923911695203,9759349344209931617,131072 /prefetch:2
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1244,i,4592924923911695203,9759349344209931617,131072 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1244,i,4592924923911695203,9759349344209931617,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2180 --field-trial-handle=1244,i,4592924923911695203,9759349344209931617,131072 /prefetch:1
  2⤵
  PID:300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1244,i,4592924923911695203,9759349344209931617,131072 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1476 --field-trial-handle=1244,i,4592924923911695203,9759349344209931617,131072 /prefetch:2
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1312 --field-trial-handle=1244,i,4592924923911695203,9759349344209931617,131072 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3824 --field-trial-handle=1244,i,4592924923911695203,9759349344209931617,131072 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3852 --field-trial-handle=1244,i,4592924923911695203,9759349344209931617,131072 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4028 --field-trial-handle=1244,i,4592924923911695203,9759349344209931617,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3960 --field-trial-handle=1244,i,4592924923911695203,9759349344209931617,131072 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2636 --field-trial-handle=1244,i,4592924923911695203,9759349344209931617,131072 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2276 --field-trial-handle=1244,i,4592924923911695203,9759349344209931617,131072 /prefetch:1
  2⤵
  PID:2524

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1232

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0867f5b3c078fd8161a477f87453aa5d

SHA1
cf4899742470aa19b075358e8fb0e745887b0bc4

SHA256
79a221d2968af5341a8b6542d99670fc708c87e9f9d5221d5bd3c5c0c2d22aba

SHA512
2fc813f8459bb1331e5ec446fe23edf0b553571860e4116438c7f23128620545e8d4dd50127b973de897f878db0c4de4dc74cf4f3781019f0f122d7f139ee398

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
115297ca2c4ff19c5a4c9dc90a6b801a

SHA1
bd2e0835ac94aac855024352601d1032b1c96424

SHA256
c670fbce034ee54cafc3ec0930441ae9f5b63f31a929ebc475d1195779d02e35

SHA512
605565f553296fd1b06f98e94243153bc89807b5d0bea31767e9cbc481aa84236d8d848f43287482b747f8c8358a4c215934d9e12f27b0bf9e1b13945f232d56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a93bebeabcd32abdf95a9e1d19c0f689

SHA1
259b4fddf99759edbb93caed72b84b946c5ac1d6

SHA256
73e25080496d854318a0d49f1aa284c4e60f5bc56890ac95ade877f7f021ad05

SHA512
8a1ee5da8cf69273da386e336599685910b8c6a4544d8cb136c388cb36f07eee716676eef8e85da8e745b225e35a9dc914c6ac092d496ce04a6969f766c2a4a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c25d3cff23f6d6fc73364c5b3f147a21

SHA1
bc1a099fab49d64845b706c2982a0a4e3301e780

SHA256
cf169def59a8c872f00e56e3ff6871dcc567861003131f963e118be52bdfd7db

SHA512
bcc4a9e0a3c816d6e332e4bfb6872f59c7ebc51fbb2812153e31be13f9faf87dc4ac586df8aaace2a0e82acab6a5e642c1fa8dc7d78fcf16c8d31cdf577c3f7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
bee11a33e30bcb0971951e851af6afd8

SHA1
f56d712b561f09dce465b27242d61fbf4a536fab

SHA256
09031883f38c354efbfc2daf18e1a7f1c1286c5515854979890f21dbef5896ee

SHA512
461d6016e3c3523dae9042af76b178029f2eededc5f46d5afc5a895aa23528c879d84806152c73100ff1cd7e1d561e8de06c2609790b5feffc1efc41fc90e8ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0861b264f41f6047688da21a042bb474

SHA1
ad0fb6168c6054aff035d98736029025701f6471

SHA256
b9d7dba16671039db22e68bb25d94b464561818ebc14ead51a3f6020f5ca4df5

SHA512
9c39f3c8fcab3ffba4eb423ccb19205c56d4bd4608b127c4bb0d559d6c4f3ce38036a673b7e5d84f1cca79788ff0660822cb19627da4d67b165a9271f7733d08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e01b0f05d2c750537f814ed6d1736e3b

SHA1
0c3bf38dd0823433fc948c71a73f00d84846c0ea

SHA256
7209cb1280899f5ab9d090c1f1aa1758d1c72e87bc37aefa53178392f8091c29

SHA512
a0abc118e6ae77a35bffea39c972b16de83fcc2e6993d0c7e6306e48e085b63e65a8ea98262aa7acc4d004b5287d855cc822d4779f20d0b6e8929f387dbab6d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ba0110636253c6949d5bdc7170ff21b0

SHA1
ae5dbe672282097e958411940b87fad81c381a42

SHA256
c455dcdfe2603042c6cba8dc6a17a143dbdadadc6cb78204c7fad92fe0e48a50

SHA512
673763eed57704b0374c087aa145f7ed0c729401118b3cc776f8f73102d189ec39d4f7498ff0fac8e7d783dedc1e285d53f09eacfa0437c330323b2792b4e434

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
452f79b682051b3cdb2a6f2bfc295a60

SHA1
583ce405c6d7a9ed4a3098d8b1d34810062ecae1

SHA256
3cc59031058a3771238b698eee3f57ea7a7da4051d8eb11fa33fcd12aa14ec07

SHA512
3b8f210d30b4e81aed18fb61727c02024a9f6f09d3b6968a3a01bbea482fc7deffab5b6ececa0b4d77aebb7e3628f1621f2dcd478d925478aa802298c7006959

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ecd434752ce5fe4b50877475214489a4

SHA1
2de29588f47faac542b1bc0b1feb15dce611ca6b

SHA256
70486797d90548c5ac7a3b7f8c61000e9d64633f8b90c8fc4ccb0d146dbb2587

SHA512
ef6b49aebc17108e1d01854fb9f6610711c349a5bf54b5baf8b4e2429802ca21e8e513267f30d2ea3680aaafadc3e89e87aa2de041d7ba3b2296c38e1b2588fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
2942dd9b4c9dc3182da4f9a700bd412f

SHA1
b76595f3893014ad6c3a1ed3c1d7f29b91224f90

SHA256
ac61f2ea6c07a2ed4f1414f8b5811fbe719080f73dd00dfebca0ad5b1c9a78bb

SHA512
c029808618b30e1a2b2686ae7434d169a15cdb003a2c96dc58f3f353a01f681a628f7604e03f34956248d30a83065d58ffc784cca5a873e61cf442d7d92e1947

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
6a50f31c1b9cede7b74cdb6dcb681950

SHA1
b7df1b26fa994b8d4f5fd9e9ae8aab8085caab2c

SHA256
e4eff024cff0f07008c454e7c24396170626501174dba9c28a53f374d7024bc2

SHA512
b23bbe55ccb5f279d0471b41d094acc98d86821a079a05aed21857808e667e6c685ece065c5bc1c7f97b7022c2ad5b38840829069cb3c0002bba932d625d8905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
91f5259e5d9766f9026675815596f335

SHA1
c139ae915dc7626cf0f8f02f727251e39a79ef85

SHA256
a7bad066b551de9f45ccd68e69030334a01e4bd48d60bb0eec97da3395c54969

SHA512
061eed539b299d5627ef572b403ef8697d0d4bc91f6517cf6d3ee68d184d8503d9874cb96a23452a53a9a2b2dd9de013ea6b360c659fb7ce7e3ef2978cd2bffc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
831a04538717414ba3812c5d02d8f7b6

SHA1
8c051f39b69d05332c923c79a9f937524ccc7133

SHA256
d78da668512124fab2dcd0e88769a4ae54fcbdb56063e3bd47f95d726799bc76

SHA512
1ad51175ca18148fb58cf2ebefe0e7879b5e64e7f4427f78c5474cbe9da2b9ab98d6a419df8fa7d18c9a1b925c331e2ff3564c95f8066488a9e49241c85036fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
b463838b3cfea232e9020b7fd0df36bf

SHA1
26ba552ce8ea5f95c083eded1923c580ccd9da26

SHA256
2cde7b82b31692fc236a67fe43ab8f4c15c9fe867b55efe8435c59920c1a2152

SHA512
22195fffa31bd5a8a7ab1122b397dc0e2ed6534bf2d39f793f4f7606ebe75d6bcf69c6e36001010b066d0845ac196534b8477fa4714b80f53228bdca63e640f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ed6ee5ed-0865-4639-9b00-2221db1b66f4.tmp

Filesize
4KB

MD5
62edbc7a7f4a07b75f3dab39c08dbecd

SHA1
cba154bb905897128bc6ad43803717c2e4ab5a57

SHA256
c07fbc76efdea35f56a7aa7ba6f7c172eee483b62b418c2ff32a938ba6bafe85

SHA512
d8c47f8231484b26be227ec197bfbb9ef821efe175f7b5e99961b3c3fedbbe224c8ddaa69631ba2c63fcbaa32c43b59acb95208729db19752f866f327df559d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab451F.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar463F.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF5362F7D7F306D982.TMP

Filesize
16KB

MD5
b1de849ee7970ba853576197949127c1

SHA1
38817af7995af786ffcbc4c5f60544014b55b1ce

SHA256
c8e1b1f6a0768b3208852e3f060b94275009f7bb922fdc6ceb58791392093192

SHA512
62aeb336a3aac4c359083ba0b3978ec1239c2308263c3f5342d2664fac82d315e02957b135fb03901e44fdd73d53f24d625f8af8d4e204800e77e2d7d9f4a164

Download Submit