2843049f3be4a69c88ecc170515ead4c961d0eaababc26764b7c1d6bfb624167

Analysis

max time kernel
53s
max time network
152s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-02-2024 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

download.html
Size

16KB
MD5

8c3ded3c69e35fca1e051f6f1831c4d3
SHA1

d98590d5f387694f6c30b9589f6523f4964e29df
SHA256

2843049f3be4a69c88ecc170515ead4c961d0eaababc26764b7c1d6bfb624167
SHA512

5d817142cb6e6a6575b63b6670fe13984488e72b4a949b5c266735e24ae6bed3b814a576996c188f1ecf2bbccad50e6543afb45f5286bccdf219619b1278b3a7
SSDEEP

192:PNx5Ssv99qXoqTJkNr423pc2Vbz/6s/46x1yqKBTV32d6lJ39ZLwI5ls23hJrnG5:5Ssl9qYoJkN0QxO4QtVmEz39ZLDdJCrN

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc500000000020000000000106600000001000020000000f15c7e709b1e7586cc3515e8416b7e8cc15ec403e3ade43eeaa1b5cb4d37ba98000000000e80000000020000200000006e363cc77588e4af4acfa7b18c819d56b9e8000bf9e25d5aa9fd54e2454d327a2000000085c9c4b18f9e35b8a99c8fdb3e8439b1a354293a0f438e8e25271ad5a1b825b9400000009558c3c840ce181c777efaf99f90babb3108a27cd6c4e75a64f59325d1804086444c9cc6587355c4c63023f5c9cb68bc58d576777e08fcd8feeb19366e695792	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{12B1E511-D2B5-11EE-92AB-EAAAC4CFEF2E} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc5000000000200000000001066000000010000200000002ce24b9d8ae3c771eaec4c1193bcd39b96e45f54c3fd5d1b32d56b4b49dcf92e000000000e8000000002000020000000dfb11f723a7e7a34ff4df6cb08c54ea4b234f62c05ae4416fb16446eba44354090000000172f52304241c3147c0424f120a0e70840c67a9a8220307b8d70ce6f0c1df576c80fea0bcf911e1d596ed21fe3327db98e31bc2c5def1f012c8dc857dee093ffea174608c3d4ef1436f1a9b1334d7deb3c099ce934b6ad528bf7bed1e5ff27944a4657393d6cc57aeef33f473d3a42689d9b7e4fe7bb545d4543bc0dd24adc2fc8c937630d8b75bac5aa72fcaf63950240000000715fe483c4cc5c00e43816798693c471f7d342a32ab3c33ca66cf70e3cddd54ee3346c6176814bb376f952864dc1ac62baf64426c1c18be4e2323c99ec463211	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 405fece7c166da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2664	chrome.exe
2664	chrome.exe

Suspicious use of AdjustPrivilegeToken 54 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
2348	iexplore.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2348	iexplore.exe
2348	iexplore.exe
1716	IEXPLORE.EXE
1716	IEXPLORE.EXE
1716	IEXPLORE.EXE
1716	IEXPLORE.EXE
2348	iexplore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 1716	2348	iexplore.exe	28
PID 2348 wrote to memory of 1716	2348	iexplore.exe	28
PID 2348 wrote to memory of 1716	2348	iexplore.exe	28
PID 2348 wrote to memory of 1716	2348	iexplore.exe	28
PID 2664 wrote to memory of 2704	2664	chrome.exe	31
PID 2664 wrote to memory of 2704	2664	chrome.exe	31
PID 2664 wrote to memory of 2704	2664	chrome.exe	31
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1720	2664	chrome.exe	33
PID 2664 wrote to memory of 1356	2664	chrome.exe	34
PID 2664 wrote to memory of 1356	2664	chrome.exe	34
PID 2664 wrote to memory of 1356	2664	chrome.exe	34
PID 2664 wrote to memory of 2636	2664	chrome.exe	35
PID 2664 wrote to memory of 2636	2664	chrome.exe	35
PID 2664 wrote to memory of 2636	2664	chrome.exe	35
PID 2664 wrote to memory of 2636	2664	chrome.exe	35
PID 2664 wrote to memory of 2636	2664	chrome.exe	35
PID 2664 wrote to memory of 2636	2664	chrome.exe	35
PID 2664 wrote to memory of 2636	2664	chrome.exe	35
PID 2664 wrote to memory of 2636	2664	chrome.exe	35
PID 2664 wrote to memory of 2636	2664	chrome.exe	35
PID 2664 wrote to memory of 2636	2664	chrome.exe	35
PID 2664 wrote to memory of 2636	2664	chrome.exe	35
PID 2664 wrote to memory of 2636	2664	chrome.exe	35
PID 2664 wrote to memory of 2636	2664	chrome.exe	35
PID 2664 wrote to memory of 2636	2664	chrome.exe	35
PID 2664 wrote to memory of 2636	2664	chrome.exe	35

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\download.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6989758,0x7fef6989768,0x7fef6989778
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1204,i,8036429237691257549,11378757308576115876,131072 /prefetch:2
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1204,i,8036429237691257549,11378757308576115876,131072 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1204,i,8036429237691257549,11378757308576115876,131072 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1204,i,8036429237691257549,11378757308576115876,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2284 --field-trial-handle=1204,i,8036429237691257549,11378757308576115876,131072 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1404 --field-trial-handle=1204,i,8036429237691257549,11378757308576115876,131072 /prefetch:2
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1128 --field-trial-handle=1204,i,8036429237691257549,11378757308576115876,131072 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3876 --field-trial-handle=1204,i,8036429237691257549,11378757308576115876,131072 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3840 --field-trial-handle=1204,i,8036429237691257549,11378757308576115876,131072 /prefetch:1
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1192 --field-trial-handle=1204,i,8036429237691257549,11378757308576115876,131072 /prefetch:1
  2⤵
  PID:296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1784 --field-trial-handle=1204,i,8036429237691257549,11378757308576115876,131072 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3932 --field-trial-handle=1204,i,8036429237691257549,11378757308576115876,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=676 --field-trial-handle=1204,i,8036429237691257549,11378757308576115876,131072 /prefetch:8
  2⤵
  PID:2640

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f02f75d4eb5481713143ab1bab62374

SHA1
410955d55e1c6655e5534671e95101661ade309a

SHA256
7f285311faf5a2cc8118ccf5231e8b31b44da8ecb22ba277085124ac451192d4

SHA512
f2f9a17a85c60f9cacda7e32626c0f90e74fc7099db395b063c7cd0a66a605e2218130a1f8960984c3a83dfd50d17417fea771af285befcb9818ea5ecc03a79b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
268902da500a8bcb60555ed63187e71d

SHA1
f84eb91e5ba26c14ef81ef34d02187b46b787e65

SHA256
223cedd021acde66555b9a755984a74ae6e65b601e56b1f344774695fdfd7ab1

SHA512
95a33beca4aaa861423c4f7a8d510d9f3dbb9f0840e54a91549f84085b967989566679c73d6c5bd5bae2f11afb3f431b826037b7ebf9db574c21453b236e6015

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87bda9e2f6d61f73662e7f0c43e0b14f

SHA1
41de3a8902a04887cd75b5f1919ae3d8c385adb3

SHA256
af19b672f1613af094a9e328185ef879e42b2c68713cc427c069dfcc7a0560b1

SHA512
6a6073283075d4ec5f8ff546fac74ba671a0ea0ec34d02438dadc724709539030a3ffa17e59ac3da08a3c693dd5647cb945907b52502b16166e0e89b2d51ac7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c827087624ad8cd83524c0d62ef5d0f5

SHA1
b57201f18552cf90ba3924194d7719f62e24c437

SHA256
11b12f89045d18c53ed048c86a8e4421af10ec3a9143619193d7fe44c42fa8cc

SHA512
8f2b84f3db19f339c89a84e3e3ce99504bedc62ecc796a35c2e4e34fcaf43cbb1a5601aa09134e40b9011879be89520825ca6e8efda29b964a46a2110ac8a021

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e42dd570705452c20e1ccbfc1263e1b

SHA1
eb01383cb953995c026d5e327c07598d29b00c58

SHA256
9190f76eb36e98c25d3574b240ca53a1876b0fddad7214be9a3caf5ead18b2c3

SHA512
0da1150b1cdd3b746490e8f6bcaff17e97c11f783d08c3fa3e6f6daa940f4dc0c5d808ee1015ec2d2d2bc0ea4e13705729c4a25c5108ffcaebe3c8dabfa1b252

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b6163ab27f7bac39bb6d131eb77e76b

SHA1
ce9ac2486e6cdc737a7358a1473124152a6d1358

SHA256
b95f28e71a3436f05703eaaca6884f1f04f1841e6e83ac703bf3a09a25ff28b8

SHA512
241d5b8d9f29d6144b31b42a27a3ead2703ef2cd240648dab7049532a8b23dd7b13ca5ffc3391d51fd5e23f7b0ec70d795fc70affa59bc7aa4865cceabc9b8d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17d65926e063c5f2102894290e418612

SHA1
3c3debb28e34b0b9c1fc368ecbc2788c9977e115

SHA256
2d77cb558cf7b839562310232a6b082533641a422d4591b7edb7eaf2da59cc42

SHA512
27bae6bbb1c1a28eb444b28d9d4e0094f7081557eba0e2c5d8a8bba4de4f51ebce0ad18e054b9535d3d7f1ead3d271b20a8d1dc20c1414684ac7a309aab763c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
482cfe6e4e26d4b1815ce48736beb817

SHA1
19c867ef634cbef5a8087924d150056d12397f19

SHA256
ef9f408ef44f17812937bc63910f18c0380850511811061ff6301ade20efed23

SHA512
85ec5ce446930c0adb2e70883807795442edd6124d988b0ef038de063c63d24aa92d56036c6f94577b7a9eb415dce58b6ace37c9b381550b72a4799cca1caa7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
362daa73ff1b12957061bd65c7c00a63

SHA1
11aa2fe6e5211bfe6b6f19cbb844fecfd13369d9

SHA256
0d808a2c927ae41901f36b82b636e24a05a8dbd66e08318d168746aa66d8eaf1

SHA512
ab23fec80467624a3877aa0ef7f185789df2c51c7e74e33123641a2eeb8285768de21f1630e8da53753f9c83297b9869757a4f588fa86777b17427b4f04e21b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f90079773c6122a76061fd33e7d675dc

SHA1
d61116f4dcc6aed84af2ec76cb5f9f240b3efa14

SHA256
a768983d5672f825a54930dcff8e7523fa6bee23afda30da8f33ee61c6b75893

SHA512
b327071217a12acd4298b2866c89bd61e81e333b0094278e1b4d73ba570be171be2bb3c492b44d2cf81556396a90511dc8ad45a51c72db61d630ea31e2ab839a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df3ab9f80474c550a7c4c1c7db9502d1

SHA1
5be01b0cd44ac9016e78dd8c17a06c80feda083f

SHA256
558c24d4c7c8ddbc0eaf75e63942f1736a0fc739c36d728e148590b799d4ffef

SHA512
00ad67f19112a2ce7779f36a69639fd45190d4c1cc817ea5d700416aa9a6310754be00060afa16c9285f37cb0a50174258e9f1ea477c1a10155f6c8fbf13ef8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
11d9a0a0923beedef9f395425bb8e078

SHA1
ff192c7fd520b5e62757322896df6f65597f4e74

SHA256
f57482c266477ac39f16ea97607c85f339244bb4f196f0b7d83520dbaa51a43b

SHA512
5edc87fd69061009f025f8969b0644c8b2a6aef15586eb5d5009398462f4e8682ea1880b062c07a4c7b73160ea347a4dc6a3816550639326c6163f58fa50aa8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8fb5ccfda1c956c38279e6c97af3f33

SHA1
8442126c4dd62c195958deab69727a6937e3778b

SHA256
4cf63ae12d264b6226e411add46e6193ba29d862976d8d881f5fbd030a4b3bbb

SHA512
4fb89d4a87180c6ca201be5e530ec506096f85eccd407c99f0344b616b56d2c051861b2b6e58b627e20e410ab81d7a0554dbdfffe97919a7b0525aa1c20d9ec1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41c78749b3ad72fc87662761dcbf1dfe

SHA1
aa355cda9f5d539b6e2aad631fc9a87c9f36541e

SHA256
d491e2ba7b6324a1cc6a73c79ff9a610da61c37e7d84ec79936e0693fae777e4

SHA512
a80f51170339753b48402e8d63cb4716d48067320e75d5ab547e52d657298f674b61a64d4ae2cd1b4a0936b38259fa4acd3fb967d3305486e91ac799d33e1a70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a0304744afe449a83c1490685cf9e1b

SHA1
dad5092e5377ac95af575bcd959e22eed28cd650

SHA256
98aa323035b8494860e8f52dfe0c6bfd056b48e57ada5fc928626a68917935e3

SHA512
10bb32386723805a3d00448b3fcb8d2ec1d7a12ce8f8d245b0bfd6b425f31cc2b2558dd619b6f14669ef9ee504a72a496776145a865594fd3fbad4dc93391ac8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_graipeepoo.com_0.indexeddb.leveldb\CURRENT~RFf786097.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
682B

MD5
df0a57d540a431947daccc48eec0a031

SHA1
ff7e00d1c9db4e0f61c1915fac5c1b791674c2e4

SHA256
d6e9f5a07c8f799b82bc55b224713b2ad6dd8c22473ab4d0474c1d0b1bb113db

SHA512
6b84118f9628fc01d138ca80123582233e4f2cc80f35a844a7808c6c2929d1f4333564472b30ef1b306a694293138a63d5d8a5d9df5b7c8889dce739e37c8d85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
844B

MD5
abdf3055f9f0a46a3d7be2ac5c1e869e

SHA1
d006afd1d84c6569ed94948808424918351fdbc0

SHA256
57d98eaec2cd9e10ab4834e9ba04affeb23698003b84d2488e013d8597d28a37

SHA512
a620e4c162111625264d30f603931f3d751b525d7ee761c507223860095c7d548e6c2afa31305c9277da1fd3647f8e4b5d8c28c62c5b018a5f49617c45ce6be7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
2158d6de02cf42232d834e5f50eb703d

SHA1
f3251af4887b094af53fb8d12697297a6d8072dd

SHA256
8f021120595d5ed2cd201ffb24fede03a04aaae687ee5b328a5e742ec4c717ba

SHA512
ec6d6a085f279893d4bafe8f17e6b7e763d3a79867b977a4ed66793ef9ca1c3abe07bb204f1f6041f17f7c0f5e62f9b34b0a9554c1a395265deb06a34f33f3f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
e35c3797305354a9b5bf7056458d780a

SHA1
feb7147e84dc6d6e9799b8793f27150e24116ae7

SHA256
46f32e8e65b75d0500ca175b1f4cbe492e586aa4aa8514ee70b172e249e88b0f

SHA512
cd00c108664b14226776a1fba5b2cba19a0e048109f2a96b0d31d34ea33b8acbf5c6297ee916541326197847767920f88ba4e3f37755b74c7d74485ca33aad0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
331a1607abe72df48b27819d5e4e0ca1

SHA1
74010d361983819e46f68ca5b0fbf4976defa2f8

SHA256
e6120dd8aef13534ef90ec9d7313dbe49c9b3d23868cbb5671fdd53ec7733762

SHA512
57f7e5ffb461132c68e9065504be01cfb575ddaed675e2addd11d5b6551167cb4fc1cf6de90cbc043ecda977b4f94dfeb85341e3160dde9d7b20dbdde79a6832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ed8e2faea05a8aa44bdd0841770d8bfa

SHA1
28b1dbfca47ad17312b3a2c885b68de1f09ab297

SHA256
e4abeb2ee58a0786cf04fb4a1336d001cb1019701c9bbbeafd44f3011c0692ea

SHA512
338508c685b2d994d41477c0b198bfb5cdc04cae752f567bd5765fa66156ecf60a6ce6c414bf156285be4aabcdc2cb0a87a88ca6c119beb2a29d62646c702bd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
a5751e61a1486d8b1948006d5302c415

SHA1
c8c80b6fe40d983cdff1f6be1c11535b9fb02ed7

SHA256
70645f4fc3ba0a07452af267b48ea4f365a54aeb607f88ad8ad1dfd23d66090b

SHA512
52d18fb77ef35b1a9f859c82c42b1c05966fbcb179097a80ed07bddc39010a4e8fdb41bf514f843b752b462cbff258793a3d95be81bdfc27f970d3edf0c72280

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6FE6.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7085.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit