be0219b47ed088e3ad97037177d8c55e4ad9e902ad7646c0b9e64ae1ecabe98a

Resubmissions

17/08/2023, 12:48

230817-p1vfgaba51 3

17/08/2023, 12:44

230817-pyz8yahc99 3

Analysis

max time kernel
281s
max time network
1710s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
17/08/2023, 12:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

edi.bat
Size

343B
MD5

1afa892b415dd6bdde6a8b47a4bba8bf
SHA1

8d70c9a141b6c8c23d798dfcc2f1f1ea617021f4
SHA256

be0219b47ed088e3ad97037177d8c55e4ad9e902ad7646c0b9e64ae1ecabe98a
SHA512

9c2d5f8cfbcfbaacf9acb63dc12327be562c8f4653ffd7e53897f445afd138c784660d483655ca9a189417026499ac14d6d202e312036aab31cbb79104902851

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 4 IoCs

evasion

pid	Process
2124	timeout.exe
2804	timeout.exe
2488	timeout.exe
1544	timeout.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002a91d4b999c9854dbdd04be1b9b2202d00000000020000000000106600000001000020000000852e3f0cc4ae66f8b54b1be21ae38ecfe07716106bedbefa879701d746c598bc000000000e80000000020000200000000367af7bed71b87b3ce208627068dfc5923ccc133258fda9acf35320cfcc976c2000000011d2f6088b032c4dda1c44ae2bc78e07aeb253567c1979f390189c1bf8bbd82f400000008b496b7d565f8fb2b4768d5233493b2f69db33bd55874eb0429055f4777203c297b6a8fa62d0962620f7e161d995cce35e66c8b3df1c046041449a004a87c7f2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80fd5e3109d1d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5BC6FA01-3CFC-11EE-ADF5-F2F391FB7C16} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002a91d4b999c9854dbdd04be1b9b2202d000000000200000000001066000000010000200000009ddffae8902d21754faa1e7d5d7bce3acc6e4a7d69b7560ab9ba4eb8f0eb4e60000000000e80000000020000200000001e3dd71e15fe7b95190c5d6e8ce7da8195cf37dd4832a04f651c48e2235c51ff90000000260904e2171e93be2a135cdc4e262d80d462c6acaef724cd644f365ad08c32b9c44e353d33e6aa7d1c103bb598dfca612b9a0eba1ddd4374a15df9261c35b68ed1f4b884754a4b68fecf407adfa6b965dbfd45623bb645b2404783be2530198561f387bfa1efe0627bb7d8cb36c3a1df457594076cf7dadd7e2ffe7180c46b89118fbcec113ce9094113d69f740b6f4240000000528d1fa0b4087babaf6905298e523052f8bddd0218979b961a019955ba4d19a60d33cf0c68ef682073f2cbe2099db06adee92d2fefcd7a893fa0a124eea43c8b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	3032	IEXPLORE.EXE
Token: SeIncBasePriorityPrivilege	3032	IEXPLORE.EXE
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2992	iexplore.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2992	iexplore.exe
2992	iexplore.exe
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2124	2192	cmd.exe	29
PID 2192 wrote to memory of 2124	2192	cmd.exe	29
PID 2192 wrote to memory of 2124	2192	cmd.exe	29
PID 2192 wrote to memory of 2804	2192	cmd.exe	30
PID 2192 wrote to memory of 2804	2192	cmd.exe	30
PID 2192 wrote to memory of 2804	2192	cmd.exe	30
PID 2192 wrote to memory of 2488	2192	cmd.exe	31
PID 2192 wrote to memory of 2488	2192	cmd.exe	31
PID 2192 wrote to memory of 2488	2192	cmd.exe	31
PID 2192 wrote to memory of 1544	2192	cmd.exe	32
PID 2192 wrote to memory of 1544	2192	cmd.exe	32
PID 2192 wrote to memory of 1544	2192	cmd.exe	32
PID 2192 wrote to memory of 2992	2192	cmd.exe	33
PID 2192 wrote to memory of 2992	2192	cmd.exe	33
PID 2192 wrote to memory of 2992	2192	cmd.exe	33
PID 2992 wrote to memory of 3032	2992	iexplore.exe	35
PID 2992 wrote to memory of 3032	2992	iexplore.exe	35
PID 2992 wrote to memory of 3032	2992	iexplore.exe	35
PID 2992 wrote to memory of 3032	2992	iexplore.exe	35
PID 1920 wrote to memory of 1736	1920	chrome.exe	40
PID 1920 wrote to memory of 1736	1920	chrome.exe	40
PID 1920 wrote to memory of 1736	1920	chrome.exe	40
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 2488	1920	chrome.exe	42
PID 1920 wrote to memory of 848	1920	chrome.exe	43
PID 1920 wrote to memory of 848	1920	chrome.exe	43
PID 1920 wrote to memory of 848	1920	chrome.exe	43

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\edi.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Windows\system32\timeout.exe
  timeout 2
  2⤵
  - Delays execution with timeout.exe
  PID:2124
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2804
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2488
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1544
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://youareanidiot.cc/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2992
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2992 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:3032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5b89758,0x7fef5b89768,0x7fef5b89778
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1212,i,855372658225475436,12656477411993612333,131072 /prefetch:2
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1212,i,855372658225475436,12656477411993612333,131072 /prefetch:8
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1212,i,855372658225475436,12656477411993612333,131072 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2252 --field-trial-handle=1212,i,855372658225475436,12656477411993612333,131072 /prefetch:1
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1212,i,855372658225475436,12656477411993612333,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3232 --field-trial-handle=1212,i,855372658225475436,12656477411993612333,131072 /prefetch:2
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3260 --field-trial-handle=1212,i,855372658225475436,12656477411993612333,131072 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1320 --field-trial-handle=1212,i,855372658225475436,12656477411993612333,131072 /prefetch:8
  2⤵
  PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3552 --field-trial-handle=1212,i,855372658225475436,12656477411993612333,131072 /prefetch:8
  2⤵
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1212,i,855372658225475436,12656477411993612333,131072 /prefetch:8
  2⤵
  PID:1888

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
626b62511b85a37d35f5f1c9e005939c

SHA1
cf38d02128398a8b05aad19f82d60b2a6071fbba

SHA256
b6cfabc20c2fabd30217e2958c4e9841aafcb9622ad797ab374fd11763151a1a

SHA512
b23655b4ad6bfea31325d82e944a7bbbc5678a67672dcfbef686e6084d35535f94ee418c960c4dff60edf34ded3a5f23ce9d934ff553e5a1bab8f7bd6567379d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d5bbd960eb437eddcdd3f9fbff65592

SHA1
87f16b5e0b92263daf2ede3de1552c2f9b34e33b

SHA256
6dbd2ce90dd931a62c02aef2a2d786ec3dd756d48c03ccee5c5f1ba236d559dd

SHA512
0425c2382a27bbe3445ee7c21a133b7dbe6e7990122f94c9c32fa4ec54fe8725984f308c9a4bcf2d6ac761aafb941ef8e21c94f7847fdeb8561f6843c6309c4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85ed06ab8741a8d4ebd4cc057c4d9c7c

SHA1
110df6c89e7ac638203d0f0a26dd5ccda5de430e

SHA256
8dac9ab089c784ad6484a8eef4bf84a33f4cf5354415e9a8f2f45baf3254218d

SHA512
a5b0d34d2427123b174684475961d83c1fef5bdd124a084080860ce9891cc28c54862d578457551b2e70ec602cba11e488d2cc894cc64eee459af80b6088007f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
baca743b175b31bed4bcb16b356c948b

SHA1
c92f07ab90b6eba19d4463c05d527f0c6ed1735d

SHA256
797573771c3c43c0f2977d000942a4dc82738a1a142116b271e8a2c4ead64c4c

SHA512
6dc02d3eb74dbe5c90f3cc1cdff45f4d7c684df422e660d434d174e33c2837921047fb947a4a05e5d34bc994a430f74bfa6cffaf443b1e6c38bb6dfe39ea0743

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97680c8b29bf8f1de1a813bcd446e0d3

SHA1
cc43c34e7e0f730159369a8899c7bff2ffb90761

SHA256
673c289e6036af12884f4f7e7f9946eda11d22b64385e217c677a23eb1fb844c

SHA512
611dcf955643a01ef61c89fe5cd950094754107f323b7acb6c74e43ea9b98d3880848c1f9eba8bf387f46a4bc99ef4b1e9acbc750f1b6a9105d9477552831ef2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
913c82c9718b55d35cb377a4a6123f2b

SHA1
7d4a7231684a703e2bed66be39eabfdf931797e5

SHA256
280e025534c69311e6656ae05daf55021ea4ffc7c2c1886c9d53113aff52da38

SHA512
1c9c10616be7d5d62bf68a798534470116c1c437b8e959c5b495b3d8f878d334ecf4c31ca4e92b58491eabefc11dc158c1a1293207cdf4080d14000c201cfa23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0488649926c6b237adb388d78b9d5a12

SHA1
ea0e6440ac7109d47da5e58ba040659dcc6afdec

SHA256
f05929042cda6f5b5195a5e321d238f33d273b5427dcb1c87c5c56fdf2a61618

SHA512
f58882c96588140cf6a98ccb50bb4635c16a33b5f9dd2ebc62c6fe4e86a9d854525c33c228e7dfa7014cc0ffbc14951b46e4e8f097f76eb39c030927eaf925ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4835a1361d62d6d21de4b43c973a066

SHA1
40f89b45d3d6585f68ea04d7af9a0215442ca7bc

SHA256
0b4640449465d693f68d849d1188dffebf4187787d39253c072dd6572d050659

SHA512
d5937d675b5a63f2a1ad6f1322630f05c0f1cc5d44690bd278815aed12af868ce9df874ec11e5f2761cc79815959939923358b3c22a4e80edb845114882ec23e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81ede804c986feda7a7a3a0d87181d67

SHA1
e86a94a2046796bde206606c8a5aab3a921bac71

SHA256
aee164cfdf45dc8c97488e05d6b8e09c8e43414af3a3817e4c69fda8e6635d43

SHA512
b95619b46d81950cccd9c12ab3ab46dcfd739c43f49c00fbd4f34cf6761b90ed28c1b86cd40a4cbbc66c6a46875fe9108b63b6722fc662a0a7b75e2eb8d7b359

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66e2147e7fe823d1799b52620a73a582

SHA1
ebdf09bb2e51c5586e858e969bf535255d74b0c7

SHA256
92a632feb4171fcb7ed24a5ae16f47611eea1f7d2ea989f6edcd94c3f43098ce

SHA512
fc6d422709c062e1d406295fda4f0d759176c23125d031e4e2264d6c15a17c493513a201251cda1c498b717d589689b9a6a95faf4bc0ae5d6bdb765089479785

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
649f60cb889d6a791a8db07d5e827200

SHA1
738a9708b2b4d0826dc3e0331a7f0f8d9ad533ae

SHA256
65aebefef5860e87a8307359ef7adf55e907de68b2744b93567f071bc28d6b3d

SHA512
19e1ed6f1878a5d475d544df1e57627c638df0551b9c77f5d89cc6f741ea302fbbc60dcb715e08b335bbbb0a79c4c8e1c4026c4994bff4969c65c2dcc3b15881

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
51d83985492287f1806d3669a92d43be

SHA1
8188bc5e96cdbddb225527e2aa978ca6030432e8

SHA256
538b4f1f7abbd4da27b79fd260b91db1c4b8a5af162af05649d88f90835b3bb8

SHA512
005947d04ae484e7045af9624ce009d7a7eb1c1e71d25747c2082c80731c991aaf8b801fdc359345a39c4872957be63531bd897fa30fc04b8090cf32fbda0cf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ag3r5f8\imagestore.dat

Filesize
109KB

MD5
8202432ddba53a862efa6805f1a9c84b

SHA1
c437a79251a1c4d97c8b4cbe233747b9b75c3fec

SHA256
d379068a297c0563d5d818682febdfbc9c849d0c9bee069d491ef9fb69111606

SHA512
bbc5f5f654534066c32ca6fa33374ff6d57bd8a7714b69d727b0b756ccdc6a065427b223db886c08af49aa7b63af9ec9b1f46077c7de49be051f78bc09f640aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ag3r5f8\imagestore.dat

Filesize
109KB

MD5
8202432ddba53a862efa6805f1a9c84b

SHA1
c437a79251a1c4d97c8b4cbe233747b9b75c3fec

SHA256
d379068a297c0563d5d818682febdfbc9c849d0c9bee069d491ef9fb69111606

SHA512
bbc5f5f654534066c32ca6fa33374ff6d57bd8a7714b69d727b0b756ccdc6a065427b223db886c08af49aa7b63af9ec9b1f46077c7de49be051f78bc09f640aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RL08PF7G\favicon[2].ico

Filesize
104KB

MD5
3fb315ef4774bf9d76ff10254829a29c

SHA1
2dc02161b4e1f781d942dd5b5407743c7ef38373

SHA256
4172fa160efaccf8726ce46fe6eea79da2d77ff1978848b06f663a80c53f786f

SHA512
5bb21677b59b52b5580e720a3fa45cf19bdcab46ebeb2b5f3061ad3f92c62b758e41dbfa61c88e124a0afe86201a6af03151ea81368c42884c91cab6f9348a74

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB010.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB00F.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFD607929B03A1F87E.TMP

Filesize
16KB

MD5
8acd4c067593e379f3fc2ed423dd1868

SHA1
2ae7891319664b200eda6fd34df5298804e1299f

SHA256
865b1966ff715ea5843cb0574051966cf2f03565bae1e866f318353c89201576

SHA512
41ed27984aad6d9cb62b587a6b8084c7a610be6324253ab3891fb21a920b3ff2deaa59979e1d18a208172da7390487d1056a32ff05f639cdcb9cc302810cc1a6

Download Submit