hxxp://a[.]com

max time kernel
49s
max time network
152s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
16/11/2023, 18:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://a.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30fd889bbe18da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009159649b912a9140bf53d83809c5b2ac000000000200000000001066000000010000200000004b0d36896bb56cef07e0f941c64abecd5f68af0e030a2275c11a9a97594f11f1000000000e8000000002000020000000862845461f2c62349e49df62a492ae14947f7779386dcac987b68cff42f1b8a1900000004019f197b0df4f20abd822bd21fcf6371540e037a229c4c6c07b0e09936d7dbde89dec4914a7d2a8ff934ad3fda9172d49ea6185de1b7be1d15f537a1d49e84526510c68b60ca5576cdbc3a4c8d35a0730f757df6426bc835a1595276eb414818613a942bd0f7c72bebf00c9dcf1b7bc4d94dcefd897304aa3d431d3780ac13c815f59bd06c75676d4f56a9ac3c5aa54400000005493d9d6aac7d1e555af083720c40c5044f2c23b4cc0dc171b25ce2a41fee431313af60005df77669e0dcb4cbad1fd2cb8a3330be2b3ea25206c2164beb6801d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C3AB9D91-84B1-11EE-9FA4-5E642E0D412E} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009159649b912a9140bf53d83809c5b2ac00000000020000000000106600000001000020000000b6ea5e99c0f9747434a71da16491216b7dc92bc0ef67f50384c25e35070ed0fe000000000e80000000020000200000002726e3a703a046ae6b438d9cdfd89e921504b98e14cd19ae13da95bbe48e05ae20000000be8e38682ada1ed1262ee71bb206d790dbe6916c52414c986efaf3ab93e6aad340000000e3a86950e59e28d11355b707bfbbeaa5802cf7f72f1bdd9b4b29e5d55584c56d2d99c616070d735a61911f9d54364f6e9d59478ea6d28d878615122454a3d343	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2336	chrome.exe
2336	chrome.exe

Suspicious use of AdjustPrivilegeToken 50 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2208	iexplore.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2208	iexplore.exe
2208	iexplore.exe
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE
2208	iexplore.exe
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2516	2208	iexplore.exe	28
PID 2208 wrote to memory of 2516	2208	iexplore.exe	28
PID 2208 wrote to memory of 2516	2208	iexplore.exe	28
PID 2208 wrote to memory of 2516	2208	iexplore.exe	28
PID 2336 wrote to memory of 2356	2336	chrome.exe	33
PID 2336 wrote to memory of 2356	2336	chrome.exe	33
PID 2336 wrote to memory of 2356	2336	chrome.exe	33
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1140	2336	chrome.exe	36
PID 2336 wrote to memory of 1592	2336	chrome.exe	35
PID 2336 wrote to memory of 1592	2336	chrome.exe	35
PID 2336 wrote to memory of 1592	2336	chrome.exe	35
PID 2336 wrote to memory of 1872	2336	chrome.exe	37
PID 2336 wrote to memory of 1872	2336	chrome.exe	37
PID 2336 wrote to memory of 1872	2336	chrome.exe	37
PID 2336 wrote to memory of 1872	2336	chrome.exe	37
PID 2336 wrote to memory of 1872	2336	chrome.exe	37
PID 2336 wrote to memory of 1872	2336	chrome.exe	37
PID 2336 wrote to memory of 1872	2336	chrome.exe	37
PID 2336 wrote to memory of 1872	2336	chrome.exe	37
PID 2336 wrote to memory of 1872	2336	chrome.exe	37
PID 2336 wrote to memory of 1872	2336	chrome.exe	37
PID 2336 wrote to memory of 1872	2336	chrome.exe	37
PID 2336 wrote to memory of 1872	2336	chrome.exe	37
PID 2336 wrote to memory of 1872	2336	chrome.exe	37
PID 2336 wrote to memory of 1872	2336	chrome.exe	37
PID 2336 wrote to memory of 1872	2336	chrome.exe	37

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://a.com
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2516

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6249758,0x7fef6249768,0x7fef6249778
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1152 --field-trial-handle=1400,i,2369582685971011525,4778389747058381281,131072 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1400,i,2369582685971011525,4778389747058381281,131072 /prefetch:2
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1400,i,2369582685971011525,4778389747058381281,131072 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2132 --field-trial-handle=1400,i,2369582685971011525,4778389747058381281,131072 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2140 --field-trial-handle=1400,i,2369582685971011525,4778389747058381281,131072 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1604 --field-trial-handle=1400,i,2369582685971011525,4778389747058381281,131072 /prefetch:2
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2380 --field-trial-handle=1400,i,2369582685971011525,4778389747058381281,131072 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3440 --field-trial-handle=1400,i,2369582685971011525,4778389747058381281,131072 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3556 --field-trial-handle=1400,i,2369582685971011525,4778389747058381281,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2800
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f9c7688,0x13f9c7698,0x13f9c76a8
    3⤵
    PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3872 --field-trial-handle=1400,i,2369582685971011525,4778389747058381281,131072 /prefetch:8
  2⤵
  PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3996 --field-trial-handle=1400,i,2369582685971011525,4778389747058381281,131072 /prefetch:1
  2⤵
  PID:620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2612 --field-trial-handle=1400,i,2369582685971011525,4778389747058381281,131072 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 --field-trial-handle=1400,i,2369582685971011525,4778389747058381281,131072 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2804 --field-trial-handle=1400,i,2369582685971011525,4778389747058381281,131072 /prefetch:8
  2⤵
  PID:2160

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2204

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:944

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
PID:2792

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1708

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504
1⤵
PID:2996

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
PID:1628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\SetupMetrics\20231116185622.pma

Filesize
488B

MD5
6d971ce11af4a6a93a4311841da1a178

SHA1
cbfdbc9b184f340cbad764abc4d8a31b9c250176

SHA256
338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

SHA512
c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be5530a2df0b7c2e20d6e15ce8764d4b

SHA1
334f7d1e2a17c22e2f30fc7126aed0335b8cdb02

SHA256
8d2806fd874126ee82ee23639ac5becdb89919c527a8e4cd13d641e80ab85173

SHA512
1a9069a096b67a0d20d197151ddaa434d8fa45f3e9f90ce28bfdd5b5b3fa9f9e06478209f53b922be7249289691b3ad35e544aabbfd8fb467c7cd92c470ea2fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
602dd6b3b007d9f62d109303387379cc

SHA1
4c8bdf7fd40ff620fca6a6a76aea5ed4bcd4a585

SHA256
74eaf1773329b736e4ee8fd2a115b958d6d4bb4f2db07022fd3abda130a27343

SHA512
bd52f1ec9e23b73a65497431b77a21841532ecf7b6d4f9885bb80ae144f361a38caa5cf5aacc4c2652398d0e49762ecb951ee72ac4ff24b2292fb7e786db9ed3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
625c8cb5c46e24d4004ca9aa1e29c354

SHA1
d89dd4a511071538302fa50b357d0917dc796924

SHA256
ccb4f0e9d16969e3f124cac6044eec7e4602fb4384e3c468e61f0ba26c361c1e

SHA512
1707a421b1d846d0a1a55d771b217cfb3e35cd9ac020f327a8ce313b74eb4e7a1a719d8aca955966193e5cda3d5d2ed5ec4ba490628238797919aaf9672ef55c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9340fb5332b80f2fa965b6c31e07831b

SHA1
a4135e9c413a195fe529e46b6fcb971843811731

SHA256
82a83567439f94be9e55e9dbe40fcaf2338928e85b50720cac9ba629e6589f0d

SHA512
d2534b1e08a60244bf837d1218f0100ca09fcf22f9d37208e628e4dd90b6e2dbb4174d62eeb23ea30434f8d293c3cab32d4b5f5edd92baf04a7407866a3391f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b98de33f667ee173dd826962d4a9e1c

SHA1
e5d31f26e5efae56988af3c57c59fe26518938c4

SHA256
2cfd357a6dee1b953892b2a5254ee4cef5f5de7b3032512f09674dc4d8332cca

SHA512
309bd362518a71ad9f3f487c2bc0ff8e91bb47dcce4d86ab2efbf3d560fdd840ccd641361ef7b3cfce34bc74b9d15e92aab8ec0d8e27157d96aaeb18055fc2e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
40c12f2f188893d4d32a819020e0595a

SHA1
baf422a4d7c2d5de07abfbcd58920f4112dde6ff

SHA256
aac104e5d7fb1d62246c0c4ac4d04cee3f40c1702376484722ae50a9b4325a2c

SHA512
7fcc14fa553abfc3ddfa7d155ea381585d6a125856ce714d0f82b5348b0e23cb81b226bef3b67c30588db485a92f5d07166af8ea3ce5c6a2d62c011857775996

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c8e6b2efbdccaf3c9581471cb8148e7

SHA1
6d6e6080f9979485057ba978028f4b980988dcd0

SHA256
841093fd4adcb323166b146d20ec5278d3e6e73042ce46120d0bd7ae3c5c6827

SHA512
d3636de34f89615439dd551cc83a84eef5befd5e20dccb89f4b6d28d9e903faee32f848135abe81fe87c7f877912e1babf665b830c9aa4eb5f67e7c2db5c5c4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\273f9313-8f9c-42a5-962a-6ce976553a9e.tmp

Filesize
5KB

MD5
45b3dfe8ccf692544bdef419b9e019c8

SHA1
54fc38342962ce94c1a9fbc6fda912db4dea162a

SHA256
ed5d09032acc90a1d4c97c35c0eec14b587e8d7ef2609b32a8d5c7e736d88744

SHA512
af8298b71eaeca970bbdef7162e819802ecc2bd43895f795e8248d52545848419fa05ea0d5dbe64e0d25cf05cf1f0449abaeede3a18dbcfc90c4cd10c9faf491

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf770010.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
4d32967d19a1c7aecc9f75575d024fa0

SHA1
ba749eb58756e7a3847fc5d4a285780731c158d9

SHA256
0e5b30cfb92e859f384c70f2cad0d1ddb47203a360d48f221713c810e63f708e

SHA512
53733f6f4fbc5a9b0945ed2f8d7ebbb671cce17ce02339149bba3f675c5db8da5cb698707a1e26fed8114eeab7dab8497b4f7a86f7ce6729557291626b5e15f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
55728f499ddd9175162486af0759822e

SHA1
3f849be42080f0a2602de2da37b694001086ea81

SHA256
41e6b0283042ea234d7e35a447ff3ca8b943cdeded17774d3a0beb9e70dc2793

SHA512
2f6a525baa9c1b6a7467ecc3f986fd1241b49000c65d0b58070006157a4b7e39c921e5a3278403dc4a020836f2ac33cef896cca6e235d9a3cfe24af59b853cf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
9e083c1f055b477a41a0a1f241b3808e

SHA1
3e9fcd889b39241abb2a86351ea9437dc3d34e1d

SHA256
d3f01e1d71bebda27903306e49f3fb345c619f5063b6b03ab0c2dabb961225c3

SHA512
1c02e61faf509800c044c43bdf6389ccd6e24ab85e186aaffabd2cee80693b040e6452aa4814dedd724fc2e8f251006a30cfc8e7c0891e4f6d1fd25a5c5efb40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
583798383dbd20bab37a83b9c4e4d051

SHA1
58d1d556d046158d98665cbc90577b7a86971fe7

SHA256
f25e9c3cee4b438cc30f7ba7ed107734dd2bc65c76ca064f8940671b1c8fa728

SHA512
068a6760eefd112bd2fd3e8785a435ad1035d55534c73ab0e7db49c49c0d45d264568979113bb20685fb4ca8be38578279ab00e76a9e04982ac102940b75fd7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
222KB

MD5
27b47d5e9e1a3db4bb89b4d224d8fe88

SHA1
28e575ad91bd0f418c4fa6077bfee4213c0346bd

SHA256
a4ecd15ae2a234a7ba6e6faac9ee2c09a48d9551fa4c172b7e9c3664b30afe63

SHA512
4b14b2fa1fb1826bf53594ab00444510b13f2055c648a7a2e82116eac028e92bc7466f9ff065e499c024215ff4ba27cadec18dfb6aff093051045583bec2297e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
222KB

MD5
5d4345fff571e332a088e222363286ec

SHA1
8e5e3f526e38057ef19d2132fee52ab14a94be89

SHA256
a5dc6de3485f81d266c7c4bb04b6692f23ebc65466c73165427e31a2a16ba4e2

SHA512
2e2afc5a6356c00e76a531445b7f051d7c4487ad602920d7bf0207b3ca6e81c66ca827efac2f5135b92e973826b89176f710e21efd56ad0df7aa392b6a037cae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
110KB

MD5
a818bb4098ce1e9e3262980b67bb54d7

SHA1
847300abaeab8005f8b62210b2940854b4a69029

SHA256
335c442a22af2a2389b00fa583f06c958fe7c55f5383c3f021d808d071da8f0e

SHA512
4ba74146618db545c85381efb4190aeb7a115d63ab6b6033aaec4d351b8d8f0cb1e2ea53307e7384acb07ccd02e7f01e34d720a53918eb2c2bf16486bdc69ae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
267KB

MD5
5593919e8673e9c231f75223c1fcd1aa

SHA1
2a10e84663575d49db89e4e1eee75696b60878a0

SHA256
e7ba0bdc1c6f1180af3be389261e516a2e39ffe9367e4a1409101ae6953eca8e

SHA512
3536e935e318bed46629dd20b52a8ab63c00e0ffa6bef1ed1b60d3a80d04d4b9d750342a38fe3da63f48268616abb7b672cf953659d55f5fa424ee39dab56559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VSQV6XDQ\qsml[1].xml

Filesize
498B

MD5
0358561b4cc51ea1cbca78677eff3cdf

SHA1
37bf88a5ef30fd1d59edeeaa705fcdc9edcea7a3

SHA256
ea9ad0c306d425ec48cc19713f65b7aed7be670429943bb71cce92cba1a89ba4

SHA512
ea26b35bd488c10ff9c85e70eafe6940469ed89a9780647640106b33de24f533ad39500db1d2e5f9e534cf6966c43793f73cfb767d42bb81c9b35022b243033e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VSQV6XDQ\qsml[2].xml

Filesize
486B

MD5
31c9667aa99a7633da1d7559d4d6ac23

SHA1
aabe9f1876a44b6d8b7491c1f51759384d5f9749

SHA256
92f5175151013016f2ef353f3455e276a4941f16328a6d85afb7d023580db8dd

SHA512
0df14e3b21543b509d76c181900c2fbad225c467a13b2ed2d3ce10bad3f4e1c26d2150fad15a8f6bf2510b2311a0cfceacbb614b779a4d8d740e6a2cc42968c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab845F.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar851D.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF642A64CB8F7F52B1.TMP

Filesize
16KB

MD5
7617d6879c6a8df28332afe1cacbfa5e

SHA1
c7aaf24ae7bd7f73f3955f1e416ebf0bfa448051

SHA256
9fd8090352d2f89189ed8f5a9e83a8b15cbe332e82efdb81c935e703404074be

SHA512
fb8637b624dd8e32f63ed0f2f8ab30c51d7122462782d03c95d44e3ad52836de9aace95ae5ca75b170b133cb6ceb15f55595dfa3b5c7566227f6e8d237e2c3c1

Download Submit
memory/1628-727-0x0000000003730000-0x0000000003731000-memory.dmp

Filesize
4KB

Download
memory/2792-709-0x00000000036B0000-0x00000000036B1000-memory.dmp

Filesize
4KB

Download
memory/2792-710-0x0000000003860000-0x0000000003870000-memory.dmp

Filesize
64KB

Download
memory/2792-718-0x00000000036B0000-0x00000000036B1000-memory.dmp

Filesize
4KB

Download