c5c99eb2754a06b39d8e2e0b823e2e0ea44ecd8c75c758c5fc23fb3bde93f105

Analysis

max time kernel
119s
max time network
144s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
02/08/2023, 23:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

video-barbie-mov-dow-link-us-hd.011.html
Size

5KB
MD5

6adb0aa19b2f879a89af85a95e3a7c18
SHA1

43722ad241e0f733f01b7d9ee46054e6ad037be9
SHA256

c5c99eb2754a06b39d8e2e0b823e2e0ea44ecd8c75c758c5fc23fb3bde93f105
SHA512

913c03a5ad057db14f3cffbb3c3f98aefc7fd17a0ed685f460566486fe27bf6fb8fdfc3cb9d8cb9580ed5c378efb6da61b06c558575ae4e8b3dfea10b97badc4
SSDEEP

96:ijDDpu7ClmEKhgOPgWEIUciXMTc4gTHaHc+Hydnpn:oDD6VBh0WdUh8TcJGHcIydnpn

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 43 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c7eaec47cb7afa4887efc5e3f3ae1d8c00000000020000000000106600000001000020000000526beaa0155825d81dde5c5d4cdeec68c1d11140b846619119a7b8984f74ea71000000000e800000000200002000000086ba6469f6a16dfd3fb40bc686b90c2911d38e57fc67caa872ca9fa906c7192020000000efdc51e7f0c9dfcdbb4050baf28f4a19aed8839241afb10368dde20e7c693d4540000000048f9c06bde4b10d8f460d05736e1c9cd90b78f0735631ee8b33666a1a2fc73cb2dca1899257dd52742751d785f6efaf853435e5f0d17bb05676d757e30e550d	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 409fe9e19ac5d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c7eaec47cb7afa4887efc5e3f3ae1d8c0000000002000000000010660000000100002000000049a49bd68385e092100b7c323d96879d2711f1606e1867941344d5e2c1ad4997000000000e8000000002000020000000f6d480e4106b26c2d6b9f7d422b780e6e8c7c6c66f1f0d714b736aabbbfeeab09000000075eff0448c55461d7cc8d14660048a1a1706a48f4ce437acacdfc46346165d7ac2684d53adebf701cfe08342ace37f728b6a94cc0290044a55a4bad9a85996d4895d6b30d3d75c4cd7ab116c983da98c93e34bb580fca0ad73f78b0bcbfe8efaa25e5b2f556bb3970f520cea6c568fb5346ee9b1fa25f244754472cda7116182099b99677cef25bd70d4a9e8a5b2118940000000c7782338a17f997e7c592d80d4504e34b55309f79e46c7704cd8e2154daabff6cb09e96c245611282732347cd3c0cf4a6201fe0908e633a9feb6eee628c0e633	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height = "21"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "397784634"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0911CA71-318E-11EE-BDBB-5A7D25F6EB92} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2020	chrome.exe
2020	chrome.exe

Suspicious use of AdjustPrivilegeToken 24 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2688	iexplore.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2688	iexplore.exe
2688	iexplore.exe
2580	IEXPLORE.EXE
2580	IEXPLORE.EXE
2580	IEXPLORE.EXE
2580	IEXPLORE.EXE
2580	IEXPLORE.EXE
2580	IEXPLORE.EXE
2580	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 2580	2688	iexplore.exe	28
PID 2688 wrote to memory of 2580	2688	iexplore.exe	28
PID 2688 wrote to memory of 2580	2688	iexplore.exe	28
PID 2688 wrote to memory of 2580	2688	iexplore.exe	28
PID 2020 wrote to memory of 2268	2020	chrome.exe	34
PID 2020 wrote to memory of 2268	2020	chrome.exe	34
PID 2020 wrote to memory of 2268	2020	chrome.exe	34
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2376	2020	chrome.exe	36
PID 2020 wrote to memory of 2728	2020	chrome.exe	37
PID 2020 wrote to memory of 2728	2020	chrome.exe	37
PID 2020 wrote to memory of 2728	2020	chrome.exe	37
PID 2020 wrote to memory of 2140	2020	chrome.exe	38
PID 2020 wrote to memory of 2140	2020	chrome.exe	38
PID 2020 wrote to memory of 2140	2020	chrome.exe	38
PID 2020 wrote to memory of 2140	2020	chrome.exe	38
PID 2020 wrote to memory of 2140	2020	chrome.exe	38
PID 2020 wrote to memory of 2140	2020	chrome.exe	38
PID 2020 wrote to memory of 2140	2020	chrome.exe	38
PID 2020 wrote to memory of 2140	2020	chrome.exe	38
PID 2020 wrote to memory of 2140	2020	chrome.exe	38
PID 2020 wrote to memory of 2140	2020	chrome.exe	38
PID 2020 wrote to memory of 2140	2020	chrome.exe	38
PID 2020 wrote to memory of 2140	2020	chrome.exe	38
PID 2020 wrote to memory of 2140	2020	chrome.exe	38
PID 2020 wrote to memory of 2140	2020	chrome.exe	38
PID 2020 wrote to memory of 2140	2020	chrome.exe	38

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\video-barbie-mov-dow-link-us-hd.011.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5b99758,0x7fef5b99768,0x7fef5b99778
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1196,i,16111232369740737532,8274203543670642641,131072 /prefetch:2
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1196,i,16111232369740737532,8274203543670642641,131072 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1196,i,16111232369740737532,8274203543670642641,131072 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1196,i,16111232369740737532,8274203543670642641,131072 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1196,i,16111232369740737532,8274203543670642641,131072 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2656 --field-trial-handle=1196,i,16111232369740737532,8274203543670642641,131072 /prefetch:2
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2236 --field-trial-handle=1196,i,16111232369740737532,8274203543670642641,131072 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3432 --field-trial-handle=1196,i,16111232369740737532,8274203543670642641,131072 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3552 --field-trial-handle=1196,i,16111232369740737532,8274203543670642641,131072 /prefetch:8
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2732 --field-trial-handle=1196,i,16111232369740737532,8274203543670642641,131072 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3980 --field-trial-handle=1196,i,16111232369740737532,8274203543670642641,131072 /prefetch:1
  2⤵
  PID:1184

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
e6a952439f90c65e9bc03ede72492bf3

SHA1
fa9f7bf8e9d29615e0cd6a18c5ec1dc042bcab41

SHA256
e32e3bb7cb61df2fe1ba64a3d9bdcbc90a0320358c4c6cff4e2851e2ff27251b

SHA512
19bcff87a71e32d149e52d0b9b407cd271931c31551a5f284a301ef3a3bd68d48ecb39ceb46a0baf63164ef544431e6b8f202879f3cc38e8897250d67c78f602

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
aa62f8ce77e072c8160c71b5df3099b0

SHA1
06b8c07db93694a3fe73a4276283fabb0e20ac38

SHA256
3eb4927c4d9097dc924fcde21b56d01d5d1ef61b7d22bfb6786e3b546b33e176

SHA512
71724e837286c5f0eb2ee4ad01ac0304d4c7597bb2d46169c342821b0da04d8597491bd27ef80e817bc77031cd29d2182ccc82ef8ea3860696875f89427c8e0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_409C0254A2963271BB5057EAC636A610

Filesize
471B

MD5
7888186266be69c6fbad27bcbf5f5a75

SHA1
19725dd5a2b7cebf47411c4a24c2fcca14403048

SHA256
dab50e274e3a7dc2ea2e16aa114277b51b8ff3a65fb79f88ea54b115551f6747

SHA512
96553fc238e43515eb260708a45d10e9c8df57989d75af283554eb7e81b3d971aa00d4d59c04d2ff5670c056814ac84da884cbdc0dec713f0a03d97423ee1eef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
0a579e3fc5371802c082c7c6fb9d59f5

SHA1
243b6e7e6e58ca6cc3ee9184c7c93eb77b98871f

SHA256
6bfb67e534a54c7a45600083040086839e58b1b6dc0deb6d70437f04dc13bd64

SHA512
0180d4b7c1cdf18731547884fb17b3862236755fab880257cd758556dc91c45d0eedfe73b56b2f601d8b0a86d1eb4463cb6cb6b18e4ec929ce37d16f828e2bae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
464092581facdbe5f889ae73d9dd5083

SHA1
dcac13748c5408eeac79649850786cd0250192ec

SHA256
b0cacd364f3389432ae408fe7672884c0afcc0fdd0d3163ee08f97d0f9c42824

SHA512
ac128814575d79e0c4ce83edfa4e7cbd5ec5099a2fe4d45e2f2e5a8e77d4790c6b9cf51518e1f87fb7fcd03fe1a3c9ac8bb162b2f14ce8ee4648fff96e598640

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
27573c555357bfcd9b3ab57f92510028

SHA1
3c809180e8b96421aded8975b332bcbe6559c42a

SHA256
f087f998facedd58ae5c6fae02035a8aefe0cd91565e85c2c67bcb878d6244e3

SHA512
ce4e383bece322e2d7ecd728ab627c1510603baf4664a6ee3c34e49b9f4c77db64a12d56570d4b622f00d45f226acdea8137c511ef2446f9adf5505b24e4bc90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
2a4512ff21f2d6daab3fedfaa2233ac4

SHA1
3b4725bc0e2f14ecd5c005edb9814a1b6fdff44b

SHA256
0e6b670e0f03369b2d7365739dfad7dad54529136cd0b4dc337e62b3cb9ca3d2

SHA512
e0a07214740bca1e281df430672c236df75ab73213e65d27d896842ef19c76b4ac8e9c1e25ee991658e236c0713ef7caa9837ffee95d0f33dd23d18d17bb08cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f533999c9ba86319940750a0a2f5cb82

SHA1
963a784800b0490b8de11f7a019ac86db75fe618

SHA256
ec544708db8cc8bd93916f9f8481d9837ee2ce9f8cfef969466169b472321a7b

SHA512
25bc99bf6368f64ba77575af8e0a5e7b06eced1134794f01e43ce9ab656d8c4501e16de4a8318f2d6e51633e6bb720e678a4d549f1ab5c38e17c036608066f75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f533999c9ba86319940750a0a2f5cb82

SHA1
963a784800b0490b8de11f7a019ac86db75fe618

SHA256
ec544708db8cc8bd93916f9f8481d9837ee2ce9f8cfef969466169b472321a7b

SHA512
25bc99bf6368f64ba77575af8e0a5e7b06eced1134794f01e43ce9ab656d8c4501e16de4a8318f2d6e51633e6bb720e678a4d549f1ab5c38e17c036608066f75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
28113995f298d9ca29b9f73a7f497f43

SHA1
dbea7d7919570204c7ebea03ce6ba44c30a496b3

SHA256
a59eb50aef35a211ac8b23b34ed3543d3b2359d6e20d32f6a50a9295e9cee159

SHA512
9a5d3851a840afce3ff48491b3217121c304e15d752198874faa47cc5a3e9f2655a5a1ac21d9db60ae5b98369983ff3ceb034d5bbf5c856728cbeb9746f7ffc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
bd7083920f347b7aaa50b14abc07b40d

SHA1
43528c0bf843dfbe1e502df075c0eaef992a4bd8

SHA256
9362c0145d70212601cfbdd88780c835146ae8153c8e33049dba437dee3130bb

SHA512
63427f3572da0a1e92ac0fcc3ab7b5ffecb95199ee38efbfb4dfba94c78dcb768729d5384b09184a0796bc7a779268b23a356447458b469ef88f5f28731818ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
555c8a0772f59f8819ca81cfdef9a6f2

SHA1
56900b76e01677bda09b11a9f5c9043976a65fd6

SHA256
e97d0b58a87e6004fae61878b3067dc5da8848b73092c882a1d1de61eedbd5a0

SHA512
477a523df3a613a53cf9fdc320bd5fccbec0de21af8c374aa68ec16ec9d8a8090acea2078e7d587f878184db83ce0f69b04c435b1719ecde305e56c7df10074f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b21951de2f1d068b873a307ccfb23290

SHA1
c920d376ddfc02541a02cf89987d0b10ac04612d

SHA256
ec61f2b409b726c3e1eefe9067c4df40f44a61ca0d29585d94877d661d7271b1

SHA512
618992f1792a2c360ce24adf457bf60c30a5be008dc8f7ee90b8bd40a1ca454c5cc0af6a06cf6564b6e40961355f6e957a56069e9f682394bb6db30b64ebba27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
cd3f9015c3f659ae1ac38382bf5e62ae

SHA1
f336eef07683e1340da1c5367f130313d5a04896

SHA256
4505f596602059a3955c3519072d182c8dcf5ac714574fa605ae61e85ec275db

SHA512
d808010c632f790166538d3eb0d7156c05a4a29b897e7f414eaa6496c01c38a5efd818210052b96023ba55249ca16a7baa4a8ddb2b1e5250180011ec8189bb66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
2c98e4dc14652fa73f4abc39f87f269e

SHA1
3e4992e9e05b3154ef92c6346c220d28ab572a82

SHA256
d5fc8799ab025033b1b324cae608311733d06bd93211d7d5b5dae09b5219535e

SHA512
b8fbfd3625b30ded05bcee8c9ab5d9e5119bdb11bcb1661261ee830b5313af9b6027223b1d817ff577a2113ae06fa13e7faca50b7621ba4ff4cfafc1b5a725d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_409C0254A2963271BB5057EAC636A610

Filesize
406B

MD5
d04b29ac903bdb94728926625356c08d

SHA1
b4d7b304d0f3a3d3975bcc8bcfa53fe8b257c329

SHA256
5291b85a073ef837ea8b8fbb6d694c9f6eb5fa6b023816ff109221791a80f2a8

SHA512
74aaccc6d9d41a1a62b44e77920e253b930248c7b4c84adda256bd6a1ae1d781a838ba8753e74d9b5f205e0a20296aa2c941b6d83f13715d116bf61db375b33d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFf78b04c.TMP

Filesize
361B

MD5
2a8d67693a8abec4fafbf3b487a91ed4

SHA1
4cde3ea86d176fab289a7812365ca3b847741422

SHA256
3cd54edf53ec6b2ffaccc621628a8df63d48ee48d9feff97cfc3a4a4ea9227d2

SHA512
c29bb0f081dd38e672be41f55d3f82287322cf1550c73f1e2dbd9de31f87aec9e44f62a27bfb76c5f5492d18253105518eb7ecd8bec5b70760c5f1c468be4eb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
f189a21871c64731d9a285547c3ffe42

SHA1
a4fc187cda4864131e1cdd3d2499efeb1d100e97

SHA256
0f4402348cb00c7d37cc9f3b3e5d21c40ced3d2ce9ff58d0e84e17ee161fa0d5

SHA512
042df4f6d55230361afce4e430eecb52e58b7edf36c8d29c6871bfd0b8aa8f6c4e51c538aa205a60d209b03e6f96cf342c6b79719b1bfe5c80cead557d6c43e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
fcc724d1628e3685bedb1dacc19d5f59

SHA1
c279325b438d1a59765f722bc420bf9ffc2c7f1a

SHA256
43ac5a9b8a9a80e69b83a3a5ad7da39910fedbe73f50fe09de761c9941674ef8

SHA512
9b06ff32700c5e2c44d20f0759e90443c9d78d7489fd55f6bce417c3f542ddabf68fc0a3b6c0eee3ad8fb40744e969f10ae9124e8b60e8202b66fd3d6abca8cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8AJTUMOT\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE3FC.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE3FD.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF394FF6A9F3759BA4.TMP

Filesize
16KB

MD5
e6f7320a6723f7714971cfba78c8d2ae

SHA1
3323dc39039df86bc517df388d5f195e68fe7aa1

SHA256
f4b71171ff835d3cbd4a602ee7b74bf2f717eb4b858f229bb527257db70eec58

SHA512
70c13b4ac709841908bcef6fa060644972444816ff374acdc55ee0004948b6403cc21771710f1c27ad1de97485a27b857bcfc602cbac2799148a2cd8908d082f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TNYWQYOY.txt

Filesize
606B

MD5
9de5624791f892d22c1362f7fc8556e5

SHA1
cd308cc8a662aa7a24a182d889748b790a812963

SHA256
7dd9897a0a1f79c6e5c5ef22f94d2884f1c8881181d62666347bde16a6a49fad

SHA512
9a1695f62136c252ea1b175efbce9a60a51cc6b25e97b7109dd844e71c9b4aeb42076816b8250287c352ff38bab1bc2fcf748518e6a268d4448330d86bae636f

Download Submit