42854213563dc18508a39de4dc85f95f08c1ef29358e21731b8ffb7667658e0d

Analysis

max time kernel
81s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/02/2024, 23:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

files.html
Size

66KB
MD5

0d266a7de2694319dfd4d0d4a741afd1
SHA1

a3efe7db4f3bbcd2737c108d81368a468c436380
SHA256

42854213563dc18508a39de4dc85f95f08c1ef29358e21731b8ffb7667658e0d
SHA512

d42ab9efd809c0aa2b8f7573d196142bb61ab942c87897a55b1ed86a7e3a5f818d09a7e7b21a4b30b2392dbf59296942e766db71d121c176609306861bc3e533
SSDEEP

1536:WKVRucoVs6uzyCqkC1XD9YE8iYkDO216BalNIkD02tGuPjoLS:WKV8/Vs6V31amDO21HbD02tGuroLS

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{26216FD1-D1D9-11EE-AB14-E299A69EE862} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a700000000002000000000010660000000100002000000096953d637de829878dc651ba3c9e8cff46a242f2e8f941c0f28dee1612bd5c27000000000e8000000002000020000000ddbca6e74bec6435cbc356e8950cd4165e637eea6e6b0d0ed4175845c46e1c5390000000f444131b8a9482b3ab03a674067cafbf906bea0859d81531034670a11c76210c661759b7dfded82737d4a474e839da40c4e12b03b1108f9d6fb988a80a152a7c96422be4464aa317fad9ddc626d211b253e2a6c8ae0c857a08e1924364921ee471f23693720c79587963d651fee25cf15c614abce00631e0abe50f291481c40a3b9875905a6cfeeb43ffae3d2dc4172a4000000020aeea12b9c82264819add7ea095a1735904d44ce4400c3a1bfaba73496b3716e521bc51bf85efd24f2f6dd49825010b51b54685775914bf5f313b93bc11aca6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70dde4fae565da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414805975"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a700000000002000000000010660000000100002000000090515c48283a1cfdaaa289e42dae463f7248239dc2774a637ad2535c9910bf08000000000e8000000002000020000000ec2990c59d312d2c7cbc882b432e02ff711d45d7e371d1398324bfd30d2da3b0200000009248613f28fbc8ce06181984e6d8fa1b93bfbb5acd2b857ca4f9181d4ff38383400000004c4ef34ad42667caf091dd33451076c061df1801660720bf3a66aa1a3c49d76b3fa57b87f7684dbf46e093f917ea425eae4cfde5bc30aaf522c6095a1e33b0be	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
688	chrome.exe
688	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2612	iexplore.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2612	iexplore.exe
2612	iexplore.exe
2332	IEXPLORE.EXE
2332	IEXPLORE.EXE
2332	IEXPLORE.EXE
2332	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 2332	2612	iexplore.exe	28
PID 2612 wrote to memory of 2332	2612	iexplore.exe	28
PID 2612 wrote to memory of 2332	2612	iexplore.exe	28
PID 2612 wrote to memory of 2332	2612	iexplore.exe	28
PID 688 wrote to memory of 836	688	chrome.exe	31
PID 688 wrote to memory of 836	688	chrome.exe	31
PID 688 wrote to memory of 836	688	chrome.exe	31
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 2508	688	chrome.exe	33
PID 688 wrote to memory of 904	688	chrome.exe	34
PID 688 wrote to memory of 904	688	chrome.exe	34
PID 688 wrote to memory of 904	688	chrome.exe	34
PID 688 wrote to memory of 2348	688	chrome.exe	35
PID 688 wrote to memory of 2348	688	chrome.exe	35
PID 688 wrote to memory of 2348	688	chrome.exe	35
PID 688 wrote to memory of 2348	688	chrome.exe	35
PID 688 wrote to memory of 2348	688	chrome.exe	35
PID 688 wrote to memory of 2348	688	chrome.exe	35
PID 688 wrote to memory of 2348	688	chrome.exe	35
PID 688 wrote to memory of 2348	688	chrome.exe	35
PID 688 wrote to memory of 2348	688	chrome.exe	35
PID 688 wrote to memory of 2348	688	chrome.exe	35
PID 688 wrote to memory of 2348	688	chrome.exe	35
PID 688 wrote to memory of 2348	688	chrome.exe	35
PID 688 wrote to memory of 2348	688	chrome.exe	35
PID 688 wrote to memory of 2348	688	chrome.exe	35
PID 688 wrote to memory of 2348	688	chrome.exe	35

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\files.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6709758,0x7fef6709768,0x7fef6709778
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 --field-trial-handle=1160,i,16686934053395283825,7402288669192590559,131072 /prefetch:2
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1160,i,16686934053395283825,7402288669192590559,131072 /prefetch:8
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1160,i,16686934053395283825,7402288669192590559,131072 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1160,i,16686934053395283825,7402288669192590559,131072 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2344 --field-trial-handle=1160,i,16686934053395283825,7402288669192590559,131072 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1928 --field-trial-handle=1160,i,16686934053395283825,7402288669192590559,131072 /prefetch:2
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1380 --field-trial-handle=1160,i,16686934053395283825,7402288669192590559,131072 /prefetch:1
  2⤵
  PID:492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3652 --field-trial-handle=1160,i,16686934053395283825,7402288669192590559,131072 /prefetch:8
  2⤵
  PID:1316

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74a362f8fba0dec677674aa250b54629

SHA1
861b0c629288f77bdf19caeb7b76d5fff8ce8035

SHA256
45c1b7d716f4899b8bcb6f3f4d41307a6b478dab22c09866db4ed318b8323822

SHA512
6808a2cdc8d016c5459e71359afd581f9d88eb6d652fab3f20336503fe003c33d62cd4907651fd49a07be272e1461bf6fb2fde78278aff98d1f86c6ba6268f03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29388c1ed9474a519abb1ecc9374a5a3

SHA1
04556738edf9cf7d2fdb00832cccb61018b52fc0

SHA256
ebb7d4dc540b8122dae926aef7b097482ef7f7b2ca89cebd808ff3e2ac36d436

SHA512
ed02bf1c7aac7a25ccccba18835ed1e69d1e9ccf691f7c802fa7bb703c7711f7966c96b400ae00debf39550d816de3e4d3416eab5db6e52503666a50b1a15b5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9de5d5ed181abeb2bca0ec241fabc276

SHA1
b2086e713bac9e32f31579959aa537b17e45c7d6

SHA256
09b04f20a271df0166ec011c056a12aaffe9f3c5f6c0ed364cfacf97ece722b1

SHA512
f7b9a3cba450c6821cf98e60c36506c37d9ddf5f6736b792a4c55dcb5334ed709ae6960b99359d5ca8179c71b3167eda16085e77d4c99b33bfce70292f495ba9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95ab5886873a30a5fe6a61c684ebb2a0

SHA1
a826348bf533636b957a55615aa50a5144396bf9

SHA256
861c1169e0ef558de49c7eb9fa0deaa522155e19f56a5d530105de3aedef3e66

SHA512
be0cdde0cf20ba57dd426b2de796bc1a112d209f361dd3afd42a6119a1bfb8b704026369783fff1ea1ee3f9d5c31c2308f13b9c842f936a038ebb26236f9e6ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c03bed13ba8feae454a31760e4feb2ff

SHA1
ad39f8dab31b7928c5ac3e145879b0d45546f81e

SHA256
924ee92c23723557fcf61044192510788110fa977e312dd532657762ee033f98

SHA512
73dec7f515c8ca8391b728a4dcd43fb1e9e1c554727f5e1b18bae9f93926cf3dc3db680ab01c3b60449f689e8078f3dab6e4f9f1eeea15ac0c332bdbc647e851

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df6bb8bdc41375eac66ee49e5f6f6668

SHA1
9d696145341a46b2af1e82eba16a2800d2e68e04

SHA256
fd0b5bd09a5158b439c4392c735a1148af047b46a513686252efa3ae9c2571df

SHA512
ac75875697949bb42b813ce5cc8b76fdbbd083f03259e7f17f460bfcfd571cf381d901f1db28e5b9c808658f672a3ea5b87bb1b1b37c034698ecc2fe61472b01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b593c37ba654863c796dc7d6e1040b40

SHA1
0cd653b0ae4009ab4fb9d732e7add29d2d3e6a3e

SHA256
87407d81c94b21adebe6b9e1dfc3c39c4807a52ff60e610c8edaba12106a2894

SHA512
5c65f1d812aaeddffaf1b9266eaa39956b9d557136a8a32a1c93f3778d68e16b18d3568119b8438711e0980462a1123bb2a538cf0414758798c65a9bc64f756a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be76ab604f55a36fa461a8ba48bfd3e0

SHA1
30b0bcfdd38b972f8888fec786c7f09681b0e60b

SHA256
acd68d8d3da489175bfa01869410c80e4a1f8dc7e6ef848de5e5de1210f50784

SHA512
f8e96dff00fce276674eba4cdd0370060b2fdae547ad98c840dd61437c95cc3fe123727a44288dbb474bfecf30a94d0a3df25039085894cb8db952477569df5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34cc387b905ea756752d544803279b2b

SHA1
524eb6486f41a679a2291203c94a38feb268efe9

SHA256
c28b3873d549fe92b948b4d966dba29d932bd4412950d64e546d8ccc02e4cf01

SHA512
5f9ef588abc8d30727109e87ddbbc29f584a65d9736c12b3a89fc8afc2adeba139ed1f0834fe60252667c4cda23598ed6a75b5495b5e33692e9e3c57b2eee149

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38532297897aca958479dea58986e555

SHA1
91d0f5aa58c99d890f3db82081d0f71740662551

SHA256
f939b07b54bc25a663e054be1857f7a6b9b12d8d43d17bd3c6c38c5efbc373e0

SHA512
ef094d84b2f6475fcf26f3b9e6ec1f83ea495769f06ac6a4b77022e8d7c371e89cb32087581df783024e5eafb66cd76ad95487e9973c9d70054dc24ff4126fdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23059e489072a5c1e6da2f1c985863e6

SHA1
93e43e62ba450904c7cc844c90e4b98610c64815

SHA256
ed2884fb4bb5c7ba55508c33bd4fd76dd4595e0a909fc99a6fcccb6a9be23996

SHA512
a5a8dae7594afcac8459d2f662867a87fd2c2ab52a1ba49d27ba05b4b075e7d9f3c64e86700bad633a3c42000725322d48698d87656306b0f42ec20d79ca5a53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7354b385d7f439907a0a6142cc6ae693

SHA1
6adc6bb335db42271d913c29d123df9f6d750e46

SHA256
041429e558723d7c915c2849ca91d2d528069477a63b76a146438bea2b73884d

SHA512
71ead20acfa545756b64805bab77171edc8191a5bbb237d045ad19d07375efa20ccfe80318f1cab855488828b6e10c26fd466e2f2277e553e1b68c72a4cdff83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6cc9e27295cc9dae9504e84e423d39f5

SHA1
5aa16ab1e0e2e1e31dfd5d2600f12a6c424b95a7

SHA256
6e8e49e5232dfa88d2d2b0a5db24ab281839f6340b9b88398a844bf2296f2df6

SHA512
8d2c63c062faadbca375a1ab901e16e836f74794b6e7ecc57ddb1c23fb79aaad7ae9090c5e61c93bc320ff49db10df0e666e141d294e2731999f92e4d620cf8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
240df0f9711f5c308ef3db04b9645727

SHA1
d3dc678520820dab826bca103090f874597dee47

SHA256
2ea5e571dc3df2d677cf792bf6e4418aafdfa00af63615686117312145176adf

SHA512
acca4f45a10b6382969284b9ae9882d7d26db2db9ebdac0c0fc53e27b3bcec209ed1fe02f9189029ff15a6e95322805e3d80695ae1288278afcfee4f4eef106d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0eda0e9f2ada0589265503c304011d0

SHA1
122f48bb2cb539bf4ae9d02144e1a67873802879

SHA256
bc596eb55ac207cfe9cb9ebf1daf3ae3d90d5548b44095daca69b4370720af91

SHA512
492b178c9c73469ac8e9bcb157560564ba47b0438dd9002502c053731df8cd4bab2364ddd643f5b9ebbb5dd1cf0cc88d96c895c47744f2f9a7d9c297290fd4da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46731f47b11b3b6aa4fc238db9754817

SHA1
890d69a78d07a16fd4a2e1da93e1a5c934decb24

SHA256
e0de77c87e6e2ae7629a5b09d197faa3a7a92d6a890a17029d73dca67254eb17

SHA512
4c9c33fa51812cbece42b5462b64b0d0ce0d21f8ef1c64ac67da73817bb6d7ea12a1baf6f88020137de6712508e86b2e4d65c39be067a4f67a4b2c1d0b796cc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f051ec4f764c512f078412383760e09

SHA1
d87419c27eb88547d135bd8638908a92296f1d35

SHA256
dbc256b458042c732e2d9ff3db193f9c678d6b072be7d72d331b80c74f6b3dc7

SHA512
f29d18c1ffe913bf4e3c816fbcd2f9d84e32b8531160cf343acff0fe447f0ed4ba06cb08bdfa230c39afa6dec4e0fa0f608d266cab27d8e6d42c23cc1480745e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff46a8db2a5dee08043890f6aaba2f57

SHA1
e748170921f509430ba732dbc0a0771b75b91164

SHA256
03fb422aa716c3e795e708b531b79e79e8d0de7720a57b11939bbf5b9fe13705

SHA512
a547f98ecca93fec689fca851b294689738b0d52a9ee3d6557289138edcfe98a303b2e9d2bd5ed0d164ac716581a6bdcd8cb7223d57f0e527b8a5fe861e63ef9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df19d2375e7eca1a10d7fa2bc8c2a9ba

SHA1
631547560331d11f48da8151229ded0124097d7c

SHA256
5383119db01a130ebfc024fcb7e7acb9ff6032591ab3fdfc7b145e19463ffb37

SHA512
e3e880eec94637dba0ee66fd861afd0186aca9328bead33a1f2aa225690e8f058ecfaa1c96477a78875920d5f5d1a3b020869f750121f32c5425c103eefec23f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee965f783636629aef9015bdb67cf7ca

SHA1
b55048ccc22a3975129c9a77ada0bfc3172c9cc0

SHA256
e6e14b90e0e871ef9210154b174c1f2dd9bf0462c5efab1b59a73b07a3c09bea

SHA512
11ba15128ed7863a63b074a6b5c0089df10b1e3a587ea5e16ea0ac047e2470f8b76c67429b7eeaa81948ba65301a87be0bf70b19a036de22f508057a28352619

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
36ecd2ed0b955314d07e3b8e1a1f8794

SHA1
c9ddf0c78d5d021e8da719e3ba470792883f9d7d

SHA256
4419934e02aaf24c2c8286ccd3da5bf2b0a2e59c7e38c318c1e42c9b66bfb6be

SHA512
f905ce0b05d7435a5ea8756939dd3a0207637a8885514be72ec4d23adbe92a03c5b843e162dfc6df3e27f0948c1bfa388dfec9c6a8cbe3cc455288bbd696d0bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6bac04d5e5eec238f8fe18dae5e9d7e1

SHA1
80238a17c5761ad3c9a62ef095deb11e8dd059fb

SHA256
4694e207ec8fe6508e0b73510e2da662ddbfc850fd364cab1bcaa48b94c1dbc5

SHA512
cb3c5f59ac6bdeb9f6d17babdb5248cb0cf16877a0b41dcbacf21787eb1fa917638dacd33851eb919a9464ebbc0e3c82a8a16b5090543edcb6e22c449cfbba5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
129KB

MD5
6c2c4754acb77b666e5c218ec89d579f

SHA1
f5fb213f3f6e64c2cbdf0bc76605be15db97695e

SHA256
4f39d619370c39f113aebe75a4994f3102f129113529e744d28e48ae92951a95

SHA512
b0b7bcbd1e920c0b63294d147347422eeb36bff30d761b88c1283b14a39c59c2c7b90fc459b50904202ff639c5f0d084fc42a728f35b2ee428dc6ecfccf9e7e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
987B

MD5
d476bcdce20398e88733e2ef99ddb34b

SHA1
ab49150cd4c64466748b59bc803c86b2322c1761

SHA256
771c3bdee8d375a7624d4ed1986a5e2ac59fbc33805f4c7818b0a2e48c2ab36a

SHA512
07e1943b5d216753123030c7b94a1f3c57677717d977b7b745e1437bb4730c7a6513c09664192cfad38c6a590cd0acb82cec6da05536990fad9b57baa9f730a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7cdf76ae99218903be1aacbc9a18d30d

SHA1
293a59eefbbafb5e86a2396e973cd685cae0e392

SHA256
0d7ad013b289a539881ad87795baf1dfd4f89b558c0f321e46cd76f6dab0468e

SHA512
c0cd15af1b042fecb05b4397736a18c9d32311fa959c64950bfc30c755cd71ca1cbc0e42fb9a95062d081e3a69085ebfebc0857af462a5513149db1f0c130b09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d6e3838c632e869dd1b8651720c9c0e1

SHA1
98f48c20f90951e92f9f580f5833ff9fad747710

SHA256
d83a6fdbf15ceff513a8e68417d6ea7851b427ffe0e1124c322ccef9dd713408

SHA512
36fd7793bcbbda31292abda83063203847629121ddcabd034d229764228aa1baea829a78b0acdea770c479eb777c72dd69d8880a1e55181b251121cb2c105d33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab11AF.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar128C.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit