f99fa5af8f7d69c3e92c8ee758ab5d62d646b4c62b1d301b961caf65b94829e3

Analysis

max time kernel
35s
max time network
141s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 20:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ip-address-converter.html
Size

5KB
MD5

9d488dcf700c10b0a429216e76a43ad4
SHA1

6608b2f3bb699100b8c932f6931055c30cf2fb92
SHA256

f99fa5af8f7d69c3e92c8ee758ab5d62d646b4c62b1d301b961caf65b94829e3
SHA512

c18ab85f2d18e56dbc76110be22683b33b0b3b0200d3d12510275994fa84602ab9b783b8ebc483359ab437c91aac494a859f473efe405a8e85acb1ed854757d8
SSDEEP

96:1j9jwIjYj5jDK/D5DMF+C86ZqXKHvpIkdNCrRB9PaQxJbHG8q0yTMQr+Cw:1j9jhjYj9K/Vo+nraHvFdNCrv9ieJm85

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0393459f05dda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd769173341890000000002000000000010660000000100002000000064ff26b47e5146d929724b0c9f2b7a5c696bfd42697f96848d529f909080aa8c000000000e8000000002000020000000a3398d2dba8b7619f119aed12ea78dda6b044c5eb0e1a9275841d039814c9c9590000000e1c4365fbeb38d29faa2911750ef75144ca34791d3f27aa90c1722cfab1ff88bce2c4e4f39e06e6efb43bbb94450fe5fdd5674733825749dd4fb6de5e840bb8ded08c997064f7c2e62cc1a32784372448b54b4166dcba685be650ecb322411a49042e9c60253cb167962473414957cc53743a18c6bbb8ad3b4bb0e855cca8bd6984112c624d257b8243b4b9dc03a18b140000000b73ce9760f87f37410931626a3c21d4cbec147101f94ae173bf891bd745ec1f7c98d8aa9aa7acaf78b71057ae3a472be6f285c2aea0e4475a8ba3cffff2a05af	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{844B2361-C9E3-11EE-A20D-FA7D6BB1EAA3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd76917334189000000000200000000001066000000010000200000000c77e7311781d063fc53296f382fffcb913bad5f496edca75acf80ef2e6ee2c5000000000e8000000002000020000000611355a805a44d9d25161cf0cab9a6224eb3013488f83374906a390bd7700aab20000000a673f96f32fb92a98100dc5f949f789c487eb90b94cee5d903ff3490de251a87400000009c01b7a67095190bd80099aecfe9d4d4802b79adcf45cc52b28b1659a5f79217cf7a4bd61def58187dd0b2c2d5ceccf7e9a7fea56a202fb076e8c04fd7b7d814	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2032 chrome.exe
2032 chrome.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

iexplore.exechrome.exe

pid	process
1684	iexplore.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1684 iexplore.exe
1684 iexplore.exe
2512 IEXPLORE.EXE
2512 IEXPLORE.EXE
2512 IEXPLORE.EXE
2512 IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exechrome.exe

description	pid	process	target process
PID 1684 wrote to memory of 2512	1684	iexplore.exe	IEXPLORE.EXE
PID 1684 wrote to memory of 2512	1684	iexplore.exe	IEXPLORE.EXE
PID 1684 wrote to memory of 2512	1684	iexplore.exe	IEXPLORE.EXE
PID 1684 wrote to memory of 2512	1684	iexplore.exe	IEXPLORE.EXE
PID 2032 wrote to memory of 1620	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1620	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1620	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2076	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2056	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2056	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2056	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2528	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2528	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2528	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2528	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2528	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2528	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2528	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2528	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2528	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2528	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2528	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2528	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2528	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2528	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2528	2032	chrome.exe	chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ip-address-converter.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1684

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1684 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5f99758,0x7fef5f99768,0x7fef5f99778
2⤵
PID:1620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1236,i,9343943243154419681,14061318628648191393,131072 /prefetch:2
2⤵
PID:2076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1236,i,9343943243154419681,14061318628648191393,131072 /prefetch:8
2⤵
PID:2056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1236,i,9343943243154419681,14061318628648191393,131072 /prefetch:8
2⤵
PID:2528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2320 --field-trial-handle=1236,i,9343943243154419681,14061318628648191393,131072 /prefetch:1
2⤵
PID:1904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2336 --field-trial-handle=1236,i,9343943243154419681,14061318628648191393,131072 /prefetch:1
2⤵
PID:2392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1580 --field-trial-handle=1236,i,9343943243154419681,14061318628648191393,131072 /prefetch:2
2⤵
PID:2584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1456 --field-trial-handle=1236,i,9343943243154419681,14061318628648191393,131072 /prefetch:1
2⤵
PID:1084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3788 --field-trial-handle=1236,i,9343943243154419681,14061318628648191393,131072 /prefetch:8
2⤵
PID:2792

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4dea02c25d54aae9d567bb62d814eb4

SHA1
419eb380c14e85683ad3c27d16236fbb4eadf394

SHA256
5d366c6b9a344a9f963e30d8f7c0c5932d5ae7453796b73149dea315f9673e24

SHA512
64e084dfa0fa1ce488f8ca6acefedf52747beb249d01d7cb3dfc74c2036090f31c3f932fdf170a31ce82a343ae8e547b6c8c98317bdab5affb282a64675c6435

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45c2da796dae45bc0222cd47edee0511

SHA1
4a8e658d730d384fd238c6ae34265c22a46ce61c

SHA256
0628f96a329e862549b2c53cddbca944d4f34f130fb83973b90f56a07e796839

SHA512
54c72be1a44a1d5a62179ef8549d39d586bf8dbc91fd7a349e479e76f1fc024c17a9b93ce9e62449513be1093000adfffe04021c9e50dae16e8c34b6980b1d32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c286c2b380a82178b73750828110ab37

SHA1
644f461d80a8028a3dc9b9427046e46d560e2f6e

SHA256
8d9f04c7864f8d165528e0d0c1b342e1595900a91155d642d8419467910b50d0

SHA512
d79791fd0e73b41e06a2091461232ee2cc5c5c1d147116da06d1101378376af800b8ca307db96386ccb3058005bde9b73cb0f9c0a7be4bf78f66ffcc5b521f91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f277d852d00ef048799eda04a72d4339

SHA1
424e0c55142d7ab30ff8fa5e4d0aba4e1d730a99

SHA256
2190c94d8c54e65334bc955bd08cef34a9ac8b3514204d0883e7434ab6514e11

SHA512
4a51d534f590d0df45b2f1e1d959cd0b9b6e1b9d768cf04b7723b75afeb672084ad117f91530fa2eda17f68367e3e3b4803902d77f3dd4087aabb4ae165d6b33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aed7a1e5136978a6f413ab56fdc2f6b1

SHA1
e704d9aca3210b949abdf044c61d6b5f982efb66

SHA256
108250ff019f82e223af83201dbd6132f956a2228c07f66a52db08c708e44072

SHA512
58dee050ba4552e3d065b0e770ebb7ece5ab407dee716f97468f0033c82765e1d873bd92a142b6c72acbd5509ea05cdefb169287052de586801ca99e4bc8eae9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8ddd0eb777485f77c40376cbb6efea0

SHA1
786c1698d5f30dad32d312b435a3cdc62623cbc5

SHA256
451d5bbe76692bb71772627183c15b4093d44b79207bb3125e494f30d5ce9134

SHA512
fc5fa7d8d138ba71473e64f48d383741a7425f2f7b83524847c9e989ef5b2f4f6fe57d97ccedb34b3c03a46219b97f0ee22ceb58bff8e602020b50d49506e153

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5186bc7d0baa9ed0143c5f14e57b93db

SHA1
da3e350c08105988c64d3ebbde79729793718b33

SHA256
4551e255a42f972564f7367920e11d55d436a480a5a39fd39450880e94ffb484

SHA512
57f9a928218efe2a598e7cacdf155f6d14fdcfee0c3de51766c5ce2f800256736ea495630915f0a4426cca65d060fe1a09141328bb747f450d0b63dffea6b65d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58a53d537b613d08b382d748edd2ca83

SHA1
8622f825c9b03a376568bce1ad80524959f8d8d2

SHA256
53f15b6f7b444ab79af9df29cab05677edc190d98f8e0fa5c2bdc561231693ba

SHA512
6397fd1ce24155053fa1f51aedb7aa158fed5616e7448eeebb7bdb46aa4c24f26243786b88bdbd65239ddc4a9efcd72919694559c7e2a51cddb1d08f5bc69b8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c05ca13307309674c02177e2d62de955

SHA1
0c4a6833d51670d06771088d65ecf0f36242cf09

SHA256
4e7cb063bcf3904a3ae43353b5c13662e25527385ec4c8c3f54f48151036b82b

SHA512
efda1235883875e428942d35a5cf823c33c57a6abb7d364d80eeef997d6d260f4c5db31f707f6e3abf8542fcaca47fc24db109ac5bf19b3e2d2b3a0f98e0175b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
935cddb32a5a005e254dd67cb44c9687

SHA1
cabb13b8cec7c489c0348ff9b4db592d67c4a4b7

SHA256
ebc38394105d2f442e50d0d0d65a66e35dc5cda31c8ec30a908c5679fb1fe345

SHA512
5db67edf85b0fe5bf4beb1a858d8a37cc656728858cd46e3721cd530a0237f33fa3dcc9f7749ff910e2e19e4d1b089eb09a3abd328f1ab5f6895a8df06d68abe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4369266f5c01bdc5ba215416d397ba2b

SHA1
3471b1dc60bc652ed1746d6875baed2938469cba

SHA256
e9aaaf81ce2508015baca4fdfda5a5bd9ce7a9eaf9e1e8fb5b775b8f1a3ab616

SHA512
c61da7151449411ce1b4ed5d2b3e8d13201886e831b7d9411cf3211c45c373651c6712450ca37d35d17642b9d31cfef7f06a10fdd688de0d2c799a372e83f5d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa6d5bb72cacb5f1c8dd0b87c6d043fe

SHA1
b8bb19e18470fa79ca09829e72a92f3b0c4ceb2c

SHA256
93ec38ce65de7d3116833b6d13849f09efdb1bd62bbb0ca60dca7b635ba60048

SHA512
b86608ee0332c8b3710b1624fb2a3fbc9458d9a35d82a50778c8385414037935694835149b9c6bcd7f279cddbdcfd8f2e5146b6aacc777a58a50835f0e0c0c0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
977f9569b206f6ef9854e9bee872be82

SHA1
002c4eee4e6bbec24d7b73f38b63d638e279e7c7

SHA256
931e4398de5a97e026ecd5ad242aea46fd0504f8ff5c9d75f3078d926e69ecaf

SHA512
5f4e12cc0ab95e6a6806d74e45a85fb15cfee8bb29125efe65353519d3b40e32b73947a65f2bdd244abd814477298da5c988246bf00c63586c37d3966ac06a86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f624081335f2639927f0bd1fbcfe7799

SHA1
f5cfe16c9467ab8b98ff71f638d8de0dc00543ac

SHA256
dedc132c1d0ab3822579ff366dc516db03f16282c6d99f2bed636a06c943fc75

SHA512
ae63d1e4d370098095ad610c008a95e525c26743db478f27c886a0c0e7a562e9e4b9e319e08dec75d1073a463d287c8399419516e43a23630a3dcdd6979bba41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a328a6d5d8b3b788dec6007f68016529

SHA1
a0fb6e6da8d7c10efc486bdb056569e8f81180af

SHA256
a4d2b42c1963edd889e240402915df962fdd67961a33b0d5ce9aee653b91df78

SHA512
12ac23e8fe9a6741ba7937d07db4a16cd86492add5690cbd66f5c2c6fff8bc7ce893b85bc826253003892a8671ddbaa601f0e5518a3b522f9dbb30b4a80980b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8117799ebe0266a7504b9435be4042b

SHA1
84f15f3db79a29d485ade5d47b04bdecf12c56fa

SHA256
d3a590fec988de2161836299d8707d5d0313d047c60a46e677902e8a97fc161a

SHA512
7538b9a76b8ca570cfacf73b80368faecb8a47c88ee02d906a1d218488c173d57b55c0ab82c75ce14fe37759025dbf820dd94520997904ce56b8dca4c4a40d2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f43a53da195a8d84b546a132514c3b73

SHA1
92fd55b49b5a6b3c4401ddd5b99771be994ba7cf

SHA256
7bdb1f6833263a348d30f1c776fe626178dec018ff664f1333024d6bc0e2728e

SHA512
d60949b653ed06c94017247491f5007c73d5c1b250d9915a402c903734ef1146facc9408c55f21fcec69879aca0b962a028953d6ef109b6bb6884d9ffee4d5da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90484959d4de0a04a0c94ee53f9f0e56

SHA1
2c4e7877fa13fdff868587671028267fedb26066

SHA256
6c17ba6f35bb0b81571c243921ffe663355c33fbfff17238db48a836f804c4e2

SHA512
7103e933d1364873404f3c60cf2679729dd1150af3f8725ad235d8ca0c528bb5db7b901a076996055195182eb80368d68f15ed2fb4137dae98b582c7c1baa41a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
780B

MD5
fc1da3c5ae22111e59b1c032ee6199d3

SHA1
f5e155959e794c5465536eb1c50f3cb22c41ba65

SHA256
1f45ee52163198f1ca4242b1fc5ce9d5ab3c14d58e154fd6c85969caefca50f0

SHA512
18bdb7e2ee39ce4352fce38b2248c963562eacf76830b7e650ac78849c54f216f6e74822e5646853f3ebd8008269563b25f9d911f39761e31fdf8f9545355755

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
169c5584cc0c33f73460a2628f533ae9

SHA1
c447145f1e9784b7ff592f3bdc42c4b8457f387b

SHA256
aba7ce5e8b7f48da2e21b3c5652e37b1ae0f454d3fc53aefad87ae8a8a70f7ed

SHA512
a6a909249b0c48e8b5c52dd5327e83d43fe69051e43fd486af3ff3a0e835101b7476077ec3d59ca77f7db51d1ffc4f4d4b2b6c91fe602d00cc56f9bd8931a3c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
0e340fb51fde3ea2daa84eabbb7ef9f8

SHA1
dade8ff4a4251c51430d8f28ee1a080d89bdbc90

SHA256
d5063afcf3086090f12068bebe7a55735e17ce7cdac0ae63443b4355a5a20a48

SHA512
88a236e79e19fe8294889dffe9239fb3f36ae3575a6f7f26bedde3d3a1ff05fb3da211541eee76a87f20aaae930044cfeefc6dbeea76a3a37d63eb9638d9720c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
863553cb4f9b528b4b78c4f7211165de

SHA1
2060c45105ac21c6f2a38f3091ffd21f6bd91b30

SHA256
dba8525c881c96c63346e5dfd4a91bf7e8cad760a6ddc303618793ad82921be6

SHA512
7ecb959ab54a880710709b7dca8c06332f944afb334ccd34fb8c2ef4b2211c564d283828aec470c2d04829a0fdaa4f11e1a97d88d20e25206c70c7e2dc3e61ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
238KB

MD5
f238a4437e4fbb4b4b405865ca0280f3

SHA1
ce459a4bc3bf5d672ebd1c869d83e2dda3bbc8e7

SHA256
62a48ae8bc7452f24a1ac6725cf56c375161249d9900b6ad5adfe2dc61c84687

SHA512
d97c59a1f5ae86cd75f13737107c0e32c7a76d59e141d8e1b82e1ec307848b564071c4f4afd815c9ec834d4e732a9b1bfacae5f9a0556c4be56a3d7f4e8b1da7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a549c4ba-bb68-4578-9b13-acfe4210d0e6.tmp

Filesize
238KB

MD5
9c11a6f4f563720ca9739e9de4291831

SHA1
070b56e368dd64108491d6ff74b8a61b6f544099

SHA256
7f2a159d838f38e4f6c6bc7dd64ec65840f0087cd62825c0a63f2977581e8de6

SHA512
03acbefcd520d692d6e7b69704881d4c575240fa5e74a4cde425bf7250986c9030d7c10abc449be18e950d11847fe991a36a93d8ca3decdae4bbe82ea7a5da67

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4EFC.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4F9C.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF8A30A8C112DCF528.TMP

Filesize
16KB

MD5
e52ec7fd84d5c9776da43c32ce323e3f

SHA1
a3cd46516c726dcea343101e0977a608216d8a2d

SHA256
d63123f255badeaefa36c8bb07cb5adfadcc2bab09bf2323b330f3bac762af66

SHA512
13b0ca6a75b8835c841d0071a7f53db60caea189d4d1018dff4bfe53b605626d5f3edbe66be5a452c12dae1f0db68f91553c3704b298b0c250e546e606b46d47

Download Submit
\??\pipe\crashpad_2032_SYSTSZVQJLGKSJEF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit