hxxps://www[.]youtube[.]com/watch?v=S7cCvCngCtI

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/02/2024, 14:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=S7cCvCngCtI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000005f6462603cdd6cf5cbde11c7085098d2a940747b6e974c15edea7b9b550eb649000000000e800000000200002000000024c6e7a715caf954a409b9bdfeb7e6bb19a7e098cbc7b1ba67211d9d8dc518dc20000000d00a538b0177d084a29019a1cfaa10d3bfdac33c64a98222bb35170b4f9305974000000086095976870142c71a19320f4746182470cc86637f3a497b6604ace7bb795eb19cbad5fa767a1ba07ecaf56fb611889f5690e176fc5204bfcbea0cf0fbeafecb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{442311F1-D25B-11EE-ACCC-D20227E6D795} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000031e4ddc156c154670b0b8f193901b756fee8d42aa7695be6229d49e5783512b2000000000e80000000020000200000008e684d515284d2d6b841ee755bd4ae8639e79e97f47e3bf08fe7e4a3c191bcc1900000007a8971e2362400ffc93cc063a824549daffe5ff9bd92656415c6f5d461a618325d37d8d2b9a507579fb6774e5d06e58ed67f0cb507ea1d841c9161f6a2eb610c02bbe6d38f246facb285c76695475575f5e15a282a312a9eccb3476a75376a7d0e058daf55e9ce482ea951c5c71c664eea3fe21edcd9b4ec3090f839b771dee37dd5573c4a26a9077bdd18144140feda40000000f2d3fbbb44696830f521a58185b3050fc95879097aef2af77766a60da0dfd1f5688f25ff99b786aaced51b7919702ac159e746e986f44104e4bd28bbb151000b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c07ddf196866da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1092	chrome.exe
1092	chrome.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
2720	iexplore.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2720	iexplore.exe
2720	iexplore.exe
2968	IEXPLORE.EXE
2968	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 2968	2720	iexplore.exe	28
PID 2720 wrote to memory of 2968	2720	iexplore.exe	28
PID 2720 wrote to memory of 2968	2720	iexplore.exe	28
PID 2720 wrote to memory of 2968	2720	iexplore.exe	28
PID 1092 wrote to memory of 1124	1092	chrome.exe	31
PID 1092 wrote to memory of 1124	1092	chrome.exe	31
PID 1092 wrote to memory of 1124	1092	chrome.exe	31
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 656	1092	chrome.exe	33
PID 1092 wrote to memory of 464	1092	chrome.exe	34
PID 1092 wrote to memory of 464	1092	chrome.exe	34
PID 1092 wrote to memory of 464	1092	chrome.exe	34
PID 1092 wrote to memory of 2776	1092	chrome.exe	35
PID 1092 wrote to memory of 2776	1092	chrome.exe	35
PID 1092 wrote to memory of 2776	1092	chrome.exe	35
PID 1092 wrote to memory of 2776	1092	chrome.exe	35
PID 1092 wrote to memory of 2776	1092	chrome.exe	35
PID 1092 wrote to memory of 2776	1092	chrome.exe	35
PID 1092 wrote to memory of 2776	1092	chrome.exe	35
PID 1092 wrote to memory of 2776	1092	chrome.exe	35
PID 1092 wrote to memory of 2776	1092	chrome.exe	35
PID 1092 wrote to memory of 2776	1092	chrome.exe	35
PID 1092 wrote to memory of 2776	1092	chrome.exe	35
PID 1092 wrote to memory of 2776	1092	chrome.exe	35
PID 1092 wrote to memory of 2776	1092	chrome.exe	35
PID 1092 wrote to memory of 2776	1092	chrome.exe	35
PID 1092 wrote to memory of 2776	1092	chrome.exe	35

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=S7cCvCngCtI
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef59d9758,0x7fef59d9768,0x7fef59d9778
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1308,i,1207068467023757781,769918441216983436,131072 /prefetch:2
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1308,i,1207068467023757781,769918441216983436,131072 /prefetch:8
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1308,i,1207068467023757781,769918441216983436,131072 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2340 --field-trial-handle=1308,i,1207068467023757781,769918441216983436,131072 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2320 --field-trial-handle=1308,i,1207068467023757781,769918441216983436,131072 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1400 --field-trial-handle=1308,i,1207068467023757781,769918441216983436,131072 /prefetch:2
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1368 --field-trial-handle=1308,i,1207068467023757781,769918441216983436,131072 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 --field-trial-handle=1308,i,1207068467023757781,769918441216983436,131072 /prefetch:8
  2⤵
  PID:2288

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
088fd337c5dd20af88887c935787b5b3

SHA1
75a1afbcc3c286b59124fa9c2499a17f5dfb456c

SHA256
6adb2c40431531065c4376a04f96964fd0645c2dfbe0edf8785f8bfad55fd3d7

SHA512
3d0007d5c7f59ff096639a9c4f892d12a8e0c5bf7ea1718238313014b69aef423b7c6095e51d91b8e38f4018e135a2d035ab806bb22315c389b07969ed17848f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_B744ED683086DD422B6453395135F670

Filesize
472B

MD5
9d8e54fdf27dbdd2b0fb937569368494

SHA1
a9a62f22322a85879698d7cb7f426ea8fd5b12ac

SHA256
3eda29edd01fe502ce8dcc4768df7d0198372c1d87be7843ae423453826060db

SHA512
771cdb7d34984a31f8b644b211c6eaa49d67cef8b2f4004045a7f2fd4cecf116194a1149948491ddfeda8dfad188108156b3503ff9150709afaac99f702acc76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_BBC8EE443265F117ED41E23C259776AF

Filesize
472B

MD5
af143abaa1a3dd9e719751b0d8cbe107

SHA1
017b6851ee5c5ec01d49c3e77611196e2db4326c

SHA256
926ac85efe3e9b6ff7b2ad9e8738227b5d3f49952f0309a1fcc0ff5ac0aca851

SHA512
d2f971b9eca089e26f266241dd879502da09411fc82489fd231dafb2cc4d29f12c8214cfb615a51ee7fdfd0b72f1f493f413e3a9755ca98e73ff9fa9a8ed59e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
c80d025b23aaeff8f8cff71bee3c8fed

SHA1
3a9bbafe2b162df4480648916aff1796f1667914

SHA256
660b602c7dcad19f98f0c1946cf251439c2a6f826b791b8f5874435fb7e30202

SHA512
5c8f3c66fa03ecb0b2f74cc63ac84d1045dbf574953ae37a1c18348439cf1c6f72329b3b3eec89bb6d3e263eb49a230c39b43b73ba94b425734b35fd67c383f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a88bcdddbb161c22b22f3e1024ec78d8

SHA1
b604880be71508e193cae75742ee79b81c90d2c3

SHA256
8c7e92d91ce4445e0593a413961330fb7ccae3a1d2daeb80893c186f531f5bee

SHA512
f9cfbe87c2852e32ca823cb7a799c719f449493874434dac2926f5b56d0e9e663103607f0e1f2df3c9c6ddf4851735fa7162b813109d0ff447da2032190aaad1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee51151756d4c946f1aae35697ac5404

SHA1
8b5ca4ae9735c56ea3af1575fd7a467cb41f7171

SHA256
2c627ffa43f65fb91207a15aa21ba785921e3daed6725aace76c996389bdc907

SHA512
d4d26a944c0c3218524c8cb4aec7a303cd24c7220749af6afc16fefa7a9b0f88451866337b3819dc544e917087136da63c354fd3f452ec201bb74df04ef0142e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffb1e0ccf7f75793f9cfebb45e1d2aaf

SHA1
3a1f5a2dd6e8627bc556a1d947e7b534bd73ded9

SHA256
1f6f95c3dcf9307863b419804748d79cd008d0b3907b80ae705228047bdad045

SHA512
e39a368a65e1a32c2653944e843d45e1d32be686a33686864a04e41c4f0c30b9811a7007b17c27e3bf0962b322e4a523d33560f3ac24c67130454863602f2ff8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f581c914b3cdc880b0939c2b5fbde589

SHA1
22caf8f88f046463f3122a52678a0ee9a05ef978

SHA256
a4075e486bddfe75d4b4fb81fd2900d3c10aa90e4490118eb25e456970345d3b

SHA512
cfac1216edaccd2af56e9772894491ce767353fdb506b2fe28e98fadca75939202d2d3f2b452020e83dec00658a2a0e55c7b7c07ee592151fa6babc0f0d25630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f7cfb8234be57e35bfd9ed23b331af1

SHA1
c43ea2dfff396263eee11dcd14fb04dc6c146d7c

SHA256
af8b166cbf6e6d977e5d84b87fa69b02c3fc0cdbf96f01ac2af7ed0f09c80336

SHA512
a9cafe299834d094385e6f68dd2eba92cbdf81231f5960a7a74b8a5049a73088af730c740339b02be53f8562ac95c5df902a2d9cabeaf9ab521da613784dd5fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
199acd49aae1544055e3410d246b8d93

SHA1
9989f3cc7f8310bd9d73fd8ea15fcaac0880a19a

SHA256
05e65d3b7bd4d3a1442b6913720ad3c217f689dd8696c5ce03158499aabc51de

SHA512
9b46a95e6dfd53987da1f61cc51f82d040c841c09be58ad934b56dd1238369cc5680d6d46c42078802b980eca655a373be792df97da17f9897c1ed4f3718fdd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4bcc127dd357ec519f8d13d89fbe365e

SHA1
daba8384d63e3b8983c05c2549a2a1d94ae94477

SHA256
42a7f73abfddbffa65499e214f4221ee6b1de7a8db5f46de9ad908d86d1afa37

SHA512
bd50804142b16e4b438e76db0e427e3bb99147da68c3a1ad16ad0adcbe57934f57debde3ecacac374894845a986a6dd19172e9789f6529f7564e8114435f2be7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
07248d718840c37fa7dc69ee58cd7d55

SHA1
94572372db7ba5e553e47a90c3b3f3e30371adb7

SHA256
06e87236b695ac78a075881ffa22010c22391b164dd706861f587545a3c5ef16

SHA512
9fc5019132362d84a4e5cc5a505db342e2acf9a3f67a642209886b264c8b03ca423ff7b49b3114260ae78aef59609e308ab1fe82b656b16f5818bdf69efc36b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e51c849356bd666fef75edb35ed5aee

SHA1
61e32308235accd3f7ad09ee4d7b8b24a41cd731

SHA256
62336d2f5ceb6b1e936604fd82d45c476d2eeed66b7aa1c491d29d634f24d697

SHA512
f697a89c5143f6c4c5dbf982eb8aaaa36084a0ebb1424c2df0f9f2503ca29f628f6895b2beda4e7d74d7a4d1ab47ca461211fca7489a644f73d6cfcc9cc6999a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8262a0b03cf799029bebdbd40a1df92e

SHA1
d35087594f34cf3d902816ef45c3e7a693693278

SHA256
4f9c49316f8bbaacb7bf90d4d7b4bc2fcb9394279fed2ef9c84527ee10eef28b

SHA512
bc7460b10bf0af8fac40913547c8df0ba755df61abdf62779e5636bfff4a61bd6bd1bae3cd753ba969f2a2986d1ec73c06de022af41dc91914b08d67ec3fb46e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
207782f05ed26672b1cc7b1e9e136847

SHA1
f6604b674c699e3101b74c937e2aaea2faea15d7

SHA256
0357c19eab5edbfa104e1bbcf44c6632dbf85458a36474fa017d0e200a0d3a61

SHA512
0168f9bb1f04fa455b461b2ee1b3289ad03bfc51f72c356e43dd1ed251fc1fe2b59dd94869ba73188921b7e36dcd0a60f364bdc3e90c54f6cd7bfaf458aaf704

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_B744ED683086DD422B6453395135F670

Filesize
402B

MD5
5218fac5866855f3b8d89a92ad3b4300

SHA1
692ba83d5672eb73cb88a42fbe1d89dfd9b4de93

SHA256
91a1a375a131ab41376492f165dfeb22d78e8ff554dcd7e9c2d4b068b3f76733

SHA512
1a601169ebc22b7840dbd16538e07a6c7427f92f091d99a907f144ce12b9732da4e8a5a99feb9827d650d283a17208d08eeb5037204a8973478bcbdb1a8ba560

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_BBC8EE443265F117ED41E23C259776AF

Filesize
406B

MD5
f28d0c18f2b5118804d1259aa4c1c244

SHA1
a9a4e048c3bdc009527e39fd2af4300ef1b9df95

SHA256
c6608189911096996afb661a16eadc4c0fce3ed419e2dc0df84e6a76110b0775

SHA512
5fd7524847bd91b5432c32fb0b368457b7c1bf8641ef7f6c58507e082c43281e82b0b0b5288d2ef41c45c2295ef11843bd1907a502768ef123b44945d0189332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\80737800-75a1-4a65-89a3-e5223f309d06.tmp

Filesize
256KB

MD5
7d669e54e26601fef0dd36eeb5968c52

SHA1
9cf567aa4a1b9df594348909725769ee9e4207c7

SHA256
3b4bd691ec098b9146f89015e463918aa6c7b8f76e489e1111e3345453dbe4d5

SHA512
7af79a03998bf76dac1bd3b47907f0a6c44eb675ed4ae192d3184ac5ac4d361d0cb6a366345e9c5ceabb19157f39ddde3d82122265dd4d54be2e1506a715dab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ec151eeabe241e875acacc70a78e834d

SHA1
23574cfb668ae5b16fc795d65b46fef94734e8a6

SHA256
96106a24c45306f6fcce16f7086b12fb1ad595f3eb903f1fc0d071594f80bbcd

SHA512
7868a1f682deeaa4172646c70374b44c880d092b547c70560edd3ff32d1b55ccb8b9e5d871312eae0ba22ef2c6a200615a3b1458dc9b2e1ef5cc799d9fd8e455

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
a3caafbbf34a2827f9e042e5fea40686

SHA1
84f53457cdc1cf8cae2c2c193828c17d0672b608

SHA256
1bc152f7056eea5f41509a185c19a362d4a61a282fcc10be186f243ddfde4a60

SHA512
5337d127ba1b304590f1db2d3590906b77460a87a23235d0479649d7686039a744c8ecdbd9e1970c0cd72cf7f77f58834b7e13618d61addc0732465fa02bc76f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q905y6j\imagestore.dat

Filesize
1KB

MD5
6f6684882a23da29d4077ae25e776ae5

SHA1
9221b13bfe193a16cb1af0c63aa56a64915969c8

SHA256
c6b1cf4c2dadc46675245db7390ba1d437bfe8ed37e069e3e8aab2e0d0475444

SHA512
6bac5d04b6cf4b1ddfd2cbd60e660d00cc548465b1ce4744968585627441f8021161307a32e6a623e5ecb3a4a6f561d7796dec5d0078e396910eb7fac3bf0e2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\favicon[1].ico

Filesize
1KB

MD5
f2a495d85735b9a0ac65deb19c129985

SHA1
f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

SHA256
8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

SHA512
6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab86EC.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar870F.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit