hxxps://my[.]taishinbank[.]com[.]tw/TIBNetBank/

Analysis

max time kernel
67s
max time network
69s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2023 23:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://my.taishinbank.com.tw/TIBNetBank/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\DOMStorage\taishinbank.com.tw	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31039054"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30c940a34e9ed901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\International	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpCache = e9fd0000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\taishinbank.com.tw\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2548604626"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31039054"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31039054"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30f078a34e9ed901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\taishinbank.com.tw	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2548604626"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000af50556cf5717841aa702ff940fd39e9000000000200000000001066000000010000200000008563f50ccef24a2e67e84380cb4eb5ead4e38659d8121e77f56da958d45a5351000000000e80000000020000200000004f767f705df92dd2834da596e014f240eb520b0a53393dde0b3c3019c23842c320000000a9ca77045f60ed0e62c7ccbc9c7ed263227e569088b53bc729f4bda3ffb99745400000000503ee225156d1af8459c950142026665e94af7f63acbbb5bda65367e803e3fc133e0418f18f6517ed78c1ececdb675c42ba72dd9c40aed5838430edd4ccda3c	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2558761768"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000af50556cf5717841aa702ff940fd39e90000000002000000000010660000000100002000000074c46b905fbe3db2e1fd8050c693282a2ef5e72ee97517d907734e26aaba589a000000000e8000000002000020000000bc7fa968b7e313316df8449d5dbcfb99e5d445ed2e3c46485139e587cb471e8620000000e447926599870429aba1f5c63aa170e47a86d80553ac9c93dc615b29182136dc40000000625431ec763e11ac0d1410716def0e8b0f62bd626c6d6d8901ffa832aed698ccf8d35c4a7e605d6141ec0536ed527109841b3b163c768776881310146b96a3b8	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C30A14B2-0A41-11EE-9F77-6E21A4042E2D} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\International\CNum_CpCache = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133311724539010389"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1144	chrome.exe
1144	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe

Suspicious use of AdjustPrivilegeToken 50 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2880	iexplore.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2880	iexplore.exe
2880	iexplore.exe
2188	IEXPLORE.EXE
2188	IEXPLORE.EXE
2188	IEXPLORE.EXE
2188	IEXPLORE.EXE
2188	IEXPLORE.EXE
2188	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 2188	2880	iexplore.exe	84
PID 2880 wrote to memory of 2188	2880	iexplore.exe	84
PID 2880 wrote to memory of 2188	2880	iexplore.exe	84
PID 1144 wrote to memory of 3460	1144	chrome.exe	100
PID 1144 wrote to memory of 3460	1144	chrome.exe	100
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 1196	1144	chrome.exe	101
PID 1144 wrote to memory of 3112	1144	chrome.exe	102
PID 1144 wrote to memory of 3112	1144	chrome.exe	102
PID 1144 wrote to memory of 2308	1144	chrome.exe	103
PID 1144 wrote to memory of 2308	1144	chrome.exe	103
PID 1144 wrote to memory of 2308	1144	chrome.exe	103
PID 1144 wrote to memory of 2308	1144	chrome.exe	103
PID 1144 wrote to memory of 2308	1144	chrome.exe	103
PID 1144 wrote to memory of 2308	1144	chrome.exe	103
PID 1144 wrote to memory of 2308	1144	chrome.exe	103
PID 1144 wrote to memory of 2308	1144	chrome.exe	103
PID 1144 wrote to memory of 2308	1144	chrome.exe	103
PID 1144 wrote to memory of 2308	1144	chrome.exe	103
PID 1144 wrote to memory of 2308	1144	chrome.exe	103
PID 1144 wrote to memory of 2308	1144	chrome.exe	103
PID 1144 wrote to memory of 2308	1144	chrome.exe	103
PID 1144 wrote to memory of 2308	1144	chrome.exe	103
PID 1144 wrote to memory of 2308	1144	chrome.exe	103
PID 1144 wrote to memory of 2308	1144	chrome.exe	103
PID 1144 wrote to memory of 2308	1144	chrome.exe	103
PID 1144 wrote to memory of 2308	1144	chrome.exe	103
PID 1144 wrote to memory of 2308	1144	chrome.exe	103

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://my.taishinbank.com.tw/TIBNetBank/
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff46999758,0x7fff46999768,0x7fff46999778
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 --field-trial-handle=1808,i,7004200013729747429,6761996517874289900,131072 /prefetch:2
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1808,i,7004200013729747429,6761996517874289900,131072 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1808,i,7004200013729747429,6761996517874289900,131072 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3220 --field-trial-handle=1808,i,7004200013729747429,6761996517874289900,131072 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3356 --field-trial-handle=1808,i,7004200013729747429,6761996517874289900,131072 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4556 --field-trial-handle=1808,i,7004200013729747429,6761996517874289900,131072 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1808,i,7004200013729747429,6761996517874289900,131072 /prefetch:8
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4856 --field-trial-handle=1808,i,7004200013729747429,6761996517874289900,131072 /prefetch:8
  2⤵
  PID:5244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1808,i,7004200013729747429,6761996517874289900,131072 /prefetch:8
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5056 --field-trial-handle=1808,i,7004200013729747429,6761996517874289900,131072 /prefetch:8
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1808,i,7004200013729747429,6761996517874289900,131072 /prefetch:8
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4856 --field-trial-handle=1808,i,7004200013729747429,6761996517874289900,131072 /prefetch:8
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4020 --field-trial-handle=1808,i,7004200013729747429,6761996517874289900,131072 /prefetch:8
  2⤵
  PID:5676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4944 --field-trial-handle=1808,i,7004200013729747429,6761996517874289900,131072 /prefetch:8
  2⤵
  PID:5724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5240 --field-trial-handle=1808,i,7004200013729747429,6761996517874289900,131072 /prefetch:8
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5320 --field-trial-handle=1808,i,7004200013729747429,6761996517874289900,131072 /prefetch:1
  2⤵
  PID:6004

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2224

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
4dd1ac56814465f17cfd359f0dc6ecf2

SHA1
fa738e2cbc6cfae2de07ecaa99c289458d2c8ed0

SHA256
f85566b6f479928ec98e1e18bcc88a231ea7c6c9ce205855d91ec901e313ffeb

SHA512
d1951b56c01cca5daa7362ec499abe4e0bbac6e468cbf41dcd2edc262bbe533b75978ce596026eaa1f6b19a61715a5c6719c0061d35558a9dd7a76a939a7e296

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
eaf2b4a8cb83c01a0cc1467f9c0ce105

SHA1
62c90c740292afe990f91e3f4dd2c643141a8f17

SHA256
721cd25c9f544b3f19a5a1c32f2d5d776eac9f3639673a944365d84717becbb0

SHA512
7024515f30290c52f65005f32513206b634d4b0730c0faed60828d97e12c74660e264603511a61f34e7d569446bfca1b25482fdc947aeb02d328c68f01b39ebf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
aa62f8ce77e072c8160c71b5df3099b0

SHA1
06b8c07db93694a3fe73a4276283fabb0e20ac38

SHA256
3eb4927c4d9097dc924fcde21b56d01d5d1ef61b7d22bfb6786e3b546b33e176

SHA512
71724e837286c5f0eb2ee4ad01ac0304d4c7597bb2d46169c342821b0da04d8597491bd27ef80e817bc77031cd29d2182ccc82ef8ea3860696875f89427c8e0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
172cedc8bc6e910669bc9c624fb4785f

SHA1
5430a72a9ff2a1f9e78a4a708f9b2c4c6a9944ec

SHA256
4d090baf06f6ff8fd97d5630cc4b65a9b8aedce59a5eb254d37dbfc2b46c927c

SHA512
22ccc076bb18d06986d305a352e4d03e05502e99211023692228280c2bcce5bd9c79924fd8bafe7867a8bcb092e6297df1d25a013bc854582152ccb6ac6c9a15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
5e3dbe397be1c529cef719e2db2602e4

SHA1
712c93211d5669dd45c4522a4e3512ea31d40ec4

SHA256
12db213195f0e2a37f7bd87b276961b94e69dc7f6c2b6b6e126714e982fd9137

SHA512
38e1fb5b231e05139f445ccb29fc0f95fc883465fda1a658117235feab94f1567893fe2b4883552d5e5a4289006aaf580c6dc865aa9d95203adeed9bb0334c99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
4519387b1b39457045d1fda42dba2e98

SHA1
0f0a25e82fb95fd39d5c91f09ceaf5a31d3035d9

SHA256
18548297e601cc7ff78d4ac96f7a1954421a6f9728b9f34db3b743d837271680

SHA512
0dd38f45e9ee0686b1d11180f77a3b016e3cca5f6f162071b0f6ee111a364745bc38b856ee20b7913ef881654317c21d88c5e2612795d2a535aa74b0bb7e9b84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
703d195e21e3d46ec8047400408971c2

SHA1
0af4635acc8788f347339ef4ea10a9e89c7f9739

SHA256
dab82dfa19af4702c3a61222dbb32a1c0178ae2c71f8332dbbcd7f1d8017d4d2

SHA512
763ba4259b59efc7c7271da378a6ce7a948419f54316d2a8305132bc82b3b59873c88bb7838cc8eab455b6802b73e6f2c4e473a68e129674cf2baeb7f01711c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4f7a23bc1563929d7ffad73c052e7c53

SHA1
d7fffb5d13e2d95a0dc658d4a47259cb656f0cd3

SHA256
a6dbac9ebdb10c6e8c32f307c67fa715c647c7a5b189b8fa9efc4b41ba09330c

SHA512
d7b9302f3002451fe67a160e33cb7e886ba69b5dfbfef67964352ef444bd06c503d78d90c266d8daafa22a43d657e62b8bec1b90790c01121edaaa799278f29a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c617814bbd7823fa1f6f81079474936b

SHA1
3661f85f3485ae8a0c5455e6ebf8596d7a24e595

SHA256
d36db89d951e03719c22a7bcde3e02cdb04d294ffed451294da33fa01696dc71

SHA512
930253fae31670660d412398593e4bcec96c70244710225a6b64daf54d67b6b08700da316eb605f9acc9ef18cef198c481aae4f5a16853ca720af92c2c4a6542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
720dfc613cb67a89f014f38317c79991

SHA1
adce2366b7e64c07145d1d1aab8792253d1f2edf

SHA256
ac86e7f219c76da42085ab8cbf8b649a52e037f2afa5d503ec461a2d6a4565f5

SHA512
38dff3c06d8ad9d5ee51ba8f2de1f78121ed3b1a5572967d21f34c5aa692688a0b548bd5e1eaeeedb68c89a0980b4d39876741296609caaa23a22dad63f3e19a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
160KB

MD5
f27c64a8b5dd8bb8997b854ce2a8d21a

SHA1
f53662158ddfa1d32f738e4981dab75921342d63

SHA256
61cbdcaa149ab45653b85ba02c59aca10f5fd03e1974b35b878c10268d7d0ce6

SHA512
5710cda9ca7b4357927adf8fd4dd259e2436284cb975c21f682af2a4f98cbc93db459ef3e1e83e4e58846b12882a38ad27e23efd0cbadc63e56035390eb84cc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1144_381866439\637f2dd0-7151-47ac-b256-1e17842df43c.tmp

Filesize
88KB

MD5
2cc86b681f2cd1d9f095584fd3153a61

SHA1
2a0ac7262fb88908a453bc125c5c3fc72b8d490e

SHA256
d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c

SHA512
14ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1144_381866439\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit