fa7536ad8ff022bddfcba4faf09c61b66289c57391899eabc22e764b90872161

Analysis

max time kernel
134s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-02-2024 08:39

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

atpazinimo-priemones.html
Size

101KB
MD5

b8dbb184ded71c7ed3a23de25c6c8ef4
SHA1

695aa964edb8df0f7e866d603cc79f255b53e400
SHA256

fa7536ad8ff022bddfcba4faf09c61b66289c57391899eabc22e764b90872161
SHA512

aa183f72d7d98bed1b7c9d35228bf8ccd3a0d73aaabaf8cd83b2ed9ebcbacf1e69671ef406ea220cf9c52d882d1596e519aa92c9191f268ab54b05277b36ea3f
SSDEEP

1536:vhXvaQAv5lpTw96sy55zTw96soCH7Q7Q7k7w7d7r7nAWd7X/6MxA:vhXvaQDO

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fffacc0240230f40b575ac5982df49bd00000000020000000000106600000001000020000000f20d01c159703649960fe37d7fa6783fc9aa9aec24d371b30d80370f3be4aa40000000000e8000000002000020000000f9a58b42af3a2878da411a941c3739f529a8bddd2c9051ebc256946b9970ae1f20000000507639d2f6e3f405be9d6b595b62fdaa01fdb42a961388a24a2afdc8ef6c525c400000006c2d6d26e26bd736a140436eda351178622e538254beec20f90ceacf306e21231c4a71cd365ae22ac10b81174c8f252cc50315e7985993bdd4efd2df609eadb7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80f5c3b3216ada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415271430"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DE47A7C1-D614-11EE-961C-DE62917EBCA6} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fffacc0240230f40b575ac5982df49bd00000000020000000000106600000001000020000000d6b96f451f5143af481b71541e8fa949bfcd6c69a082009810caf87556a31fd8000000000e80000000020000200000008869b065a92ce6156ed9b6ecccd8217e18ce7e2d91e4b067cc7f5e97ad61cf5d9000000073f342e6a3db1333104929f7059068582b1a63308eb6248d8288819d2977f178fd9de9729242ab1254deb2100e51de286a19712ca5d73fc02c5dcd92ac49e22d49e2bf872a11539db52dcb351e58204ab79d1b154739f6a7107944f671b16559b76f9b8a1b4fb7e4a93f59838f2550c511b7ceb14f038f1864f7c02a98fa4b6819fa34f0d8f3cbd97eee44d423f4214940000000219cecd0923719479602129532453268e7edfebf649ee52b45c67be1eafeee91e82fa56182c67f06d94400089d89e824612bacd6160af206313da3c192d999a9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2276	chrome.exe
2276	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3068	IEXPLORE.EXE

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2928	iexplore.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2928	iexplore.exe
2928	iexplore.exe
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 3068	2928	iexplore.exe	28
PID 2928 wrote to memory of 3068	2928	iexplore.exe	28
PID 2928 wrote to memory of 3068	2928	iexplore.exe	28
PID 2928 wrote to memory of 3068	2928	iexplore.exe	28
PID 2276 wrote to memory of 1900	2276	chrome.exe	31
PID 2276 wrote to memory of 1900	2276	chrome.exe	31
PID 2276 wrote to memory of 1900	2276	chrome.exe	31
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 3048	2276	chrome.exe	33
PID 2276 wrote to memory of 2316	2276	chrome.exe	34
PID 2276 wrote to memory of 2316	2276	chrome.exe	34
PID 2276 wrote to memory of 2316	2276	chrome.exe	34
PID 2276 wrote to memory of 1800	2276	chrome.exe	35
PID 2276 wrote to memory of 1800	2276	chrome.exe	35
PID 2276 wrote to memory of 1800	2276	chrome.exe	35
PID 2276 wrote to memory of 1800	2276	chrome.exe	35
PID 2276 wrote to memory of 1800	2276	chrome.exe	35
PID 2276 wrote to memory of 1800	2276	chrome.exe	35
PID 2276 wrote to memory of 1800	2276	chrome.exe	35
PID 2276 wrote to memory of 1800	2276	chrome.exe	35
PID 2276 wrote to memory of 1800	2276	chrome.exe	35
PID 2276 wrote to memory of 1800	2276	chrome.exe	35
PID 2276 wrote to memory of 1800	2276	chrome.exe	35
PID 2276 wrote to memory of 1800	2276	chrome.exe	35
PID 2276 wrote to memory of 1800	2276	chrome.exe	35
PID 2276 wrote to memory of 1800	2276	chrome.exe	35
PID 2276 wrote to memory of 1800	2276	chrome.exe	35

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\atpazinimo-priemones.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2928 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef69f9758,0x7fef69f9768,0x7fef69f9778
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1256,i,5240913304138829607,8222751043673206827,131072 /prefetch:2
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1256,i,5240913304138829607,8222751043673206827,131072 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1256,i,5240913304138829607,8222751043673206827,131072 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1256,i,5240913304138829607,8222751043673206827,131072 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1256,i,5240913304138829607,8222751043673206827,131072 /prefetch:1
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1492 --field-trial-handle=1256,i,5240913304138829607,8222751043673206827,131072 /prefetch:2
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1388 --field-trial-handle=1256,i,5240913304138829607,8222751043673206827,131072 /prefetch:1
  2⤵
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3856 --field-trial-handle=1256,i,5240913304138829607,8222751043673206827,131072 /prefetch:8
  2⤵
  PID:2644

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1940

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1128

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x458
1⤵
PID:2464

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db92dd0ee290b05b3bd9ec06fd9c8506

SHA1
42978b627b1012bdadacec2863a28471143e0bfe

SHA256
cd50debfe0f4409ffdae3f6ab940c7a479728f205304e6b3ee9990a0f89ad9a1

SHA512
0d5a16757d85fbb81b1633f53ab7a8402a273b0ec7e43f8c1b517837150b27fb5ecbf59a338f391e9f4da4a46dae06705e28ccff08ea7c551be90c4a6a679b7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a84dfb1b81e94aaaa1a13765e1fdda9f

SHA1
aae495a59e0bb21bba5a97f8aeef6c08ec166bf9

SHA256
5925ec8428002209991c770192f83e7265541d8eaf683cd41a867ae33d3132cb

SHA512
757f8366c10027cffddb7993566943d31cde31bb11f9718f33dd84c971653d087174ad44a7d70e8893be561b725ea816f18f2ad1f0fbededa2d9cf6c74b4bbb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80f4f3d1604b8949b3dfea7452d184a8

SHA1
ce054ce801d9121ecf5215bb2752ba16f6f6bfe2

SHA256
690c07bf5403a477f058a7af1c7b81d91cf373915705fb08cd09bbc430de9f82

SHA512
255168fedf5e286355903ff508c8f7d47b3db272424cb4c86016b999f7823ae889b4970c88cef075a97d0280ed5b8cbb0837b0285242f4a66865622b2d4b1c41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0dc34a0f253fa9b880345ae779dbc4f0

SHA1
cdbc75329c122209e99efe8dabf74ac92551a7cf

SHA256
a416e75471e373bc2f89a95186216188488e381be2b3ff93456cf9c46e7237fb

SHA512
232e44a3ec1ed0a0f063c1e4442f199acc51ca9ff492bfa6dbb3270fde9f27dce55d16df751bb19a451fd3487c3afc610bee2ec766d177151bcf153aa91a81d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7010453649f9c21b2763d46f655b0b4

SHA1
ece5c7cb0414d2ab4511dab2dd76af37ec6dacd5

SHA256
41442c2f68a209e159005786f1b295686cb75693546919fef192044a97ee2c28

SHA512
0639537c14a7ab7fc218b9cb823e4f6cde149f33f1f22c583c46221224e2bcbf292dfd13d53724d8caf16ff41c13e62034c60026be18afa6f6bb6b9a45a9fcb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93a30f9d6ab3ebe1562cbf84b307b143

SHA1
fde7a0e91ac0a1ed27a27a1840cf9e93238030c7

SHA256
5ae297772597b4f4f8449ed011fb16b8cd7f296b0dcd675d1b2d36124d498d3a

SHA512
75b2b0e8447b12482731c2ef0f3be1bcb93708346904fb71503e47f883a060770e32fc97e003f49ac5bdd9a9423c563a9ed902273da997168cae196912eef159

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d68909fb33ffb1e9bfd6d2da2b29f94

SHA1
5cf73e064a1c4b723102e751d1379ea3b60d5b7b

SHA256
fb41b16797e2cdb058eee00603f8dd0e7d050446045c9a45e89cc403ea94988e

SHA512
df9965ead3e378a204723037ca109742e94fee7b72e15f3accf05c79a32a9b435df794b040b8e6910936c11923a3e725e80514e2fb18991adb512df0531870a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0424bfb222747a992dda9c49e0613a87

SHA1
e60fac146cccaa4bbd005d4e8f94513dab3125e1

SHA256
b94a7ce6ff53180b37264e85da7edc0bfd664f93a5b371177a37aa7668d38685

SHA512
41f763b587862eb3ef1c48ed8452e2898c986eea632f9fc9ca42552caa893ebe0b631f0398e97e10418881a9cfa8d423b87cefeb8888b57621e32a82af0f417b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
437da3c2cd5d013075c1e9909756414f

SHA1
282bd0895fa396350f6c60e8b277256406c0aed0

SHA256
9ef9290ac755cd598854e531c1151da3db23640a9b11ec0813086fbae02c8665

SHA512
60fd3c704377bd6475defdaf011e0e64d0bfe19fcc1539e78b43c948d55075465ff097244e66fbad486730b2dd5a62e91a38ab771b72c9b52479329ec4bc72f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0820dac417fa3ab622aa959ecd6b31bd

SHA1
fb349e3cd094de54f14a78a8e47514b4b8fa308a

SHA256
e5f142a770417e0cb91f6ec4626c88748b92e9beb20a7d44e2ceb8cbf7bdaac8

SHA512
fb3803deb0a3d3e85c0d2ad48e0e5cd9733ce51f4835a244e4d86e52f0bb1d084e82077ec6f3d1115ab35c99156813de46f2b3e1689e99b9240b92f119f98c9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7bd8a4117fbc3e46be26d251cf5d183

SHA1
b32092711e126250cf36776138242820fe4a8650

SHA256
d5b0e8fb2e25f5a5de9fd93ee02dba8e8e363541f2eb17cde6de7328672772a8

SHA512
1d5c255c128c31e438edfc2745bebce47ba64400e4130fefcb5e16ad92e40f49e4ae8ce243bf03c1f434513dd4bacfb3e551ec1cde7b1886903e64e66eef4ba9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe5924e65daaef0158cb71986c532281

SHA1
55a74e38d15dcb25daedde9d43f00241bf1f1aff

SHA256
8a95cab6f5820ae66d26c9ff6e69fbb8e8f14d01438cb49d35ab4b1b0ec7ffa3

SHA512
4961f6c6e754a0b4eb5718bb07049777f80d0086e4c5ee6edcfbc9cdfaf7f26a62d8f48e47ceb4722881bdcbd39c1d6d3ab7d5a8385e1f9ea4b3128f2b7a0943

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5b0b56b35d2d7d9abb139ba99fd43ea

SHA1
760eecc57da765b0d745426267d3a7028b68c8e9

SHA256
070c246d29bbec598fdd7fc40b13a279b665f47124b1853a0895441f17553083

SHA512
abffe6d1d7558f44bc2a5c4bf83a15f3d9a4cba6eeb615f72e613566f7d7d195774ee80784f342dd93f9ed679db3b9681eb2f0ea6f15579d1f859526e1354f68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b896c23707afad4d2b629ae6e4ce453e

SHA1
37786b39589d73e485e147ba64e04e28fc8b65b5

SHA256
656d01e1ff48132518ab84e2177fce6877aa5d35dea0623408ea19adcbec4f86

SHA512
dd0c920f5d84f1bd2abcd7dffa678528665c74d2357586698025e74bebac1229cfb6269e9483151eb8055975da52a30a9c28dd132e1eb6be3d7b4f6ce26aa07c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d045367a251dfd1ee8170d2c5177016a

SHA1
bed8ca6141b1a750a2229f8d18cbfc5f4f66cb88

SHA256
eabfd001fee9202c45cc186f239cd058186591f1829e1fca7a693b0dbd88cfd7

SHA512
4364861628a50a894f94696d52d5675945bd11fd9af91999365a595db8c8f70fdd704c0b9064b84ce6a93d688556e21d3666ab06635babdacd864058809662ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec0dae364c706b9b5514b115b3b140fe

SHA1
5788e27ed2e5ee5c1156ecde0525e7bd27c5e8d4

SHA256
ec7f93a92ab1f98a01956a2f62bc3d6b1fbe214843af328ac26d93ce97451880

SHA512
8db92f005a66893898e3ad1b4f02629f557756ce47c346dcb11a01c6807c8216d30607c96511ee3c9fb750b10655cd51d4932ed346aa853ab78dbb6fe4cab65c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b6a83dcda84cda24ae1ca56046c45a9

SHA1
7442b593619de1bb83f4b29518a2b889ae16bfdc

SHA256
9b96ad45999f1eea90b610704302c2152de766b394a7dc0f060fa75ba1abedbc

SHA512
0b1434fe668cd120f563c30e24e6a3244f5abd6b7497e169c809e61e0a43838a9cf4aa5114284f7a98da0051b54aec31e7278bcb4462a4a407eb45865573fcea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c3d89ed3f86d0c55c7bfaea4540dd74

SHA1
0a458199e0b589f87b6a0d1199cf8ff73aa9cc25

SHA256
74a89e56af8982025a2ed67c7386ab2e899e4092f247748a9e747ae89e594774

SHA512
ebe0aac3637b78e2dce4c219cd762cde0dbaa3618736ea568273d9a5a0a7d34c5dc9058b471b3ad5afa8c777b0989099d9a55074f08ce96d144e3661238e14ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcbbbc1ceb78d49110b36164a4563077

SHA1
8143879c3605cca0c915a6ba5ad7c5d41df9e128

SHA256
c32db4f6525f786be84a27bb8124648200d784461b08590bc2b249011aa5387c

SHA512
cff25ff80e89cbc0cfcc9452c4569ceec4809e5e3e4272f4dfc1fab2a9eaff0a4b82e1cd7ca8a2597299a7552b85a8e5c4d003e4437b0a7591d9b3170851b4a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\02cfd1d1-83cc-419f-aa0e-452a8d5081a0.tmp

Filesize
255KB

MD5
859d81ba95e01cd72c10008d44f05952

SHA1
73bd97a2892a0444b67dee1f58cf9cecd5c54e58

SHA256
108a209273af39a99d8b04c104e44a15b7303c1a717b85bd8441a578db054714

SHA512
6ded869e904d6885f5dc05e829bc70aec8ea8cb25186b57ce6960ee3c5cdc41d5973db7ac5be5c8c531a829875712ec6d20a87747a3260b353abee672854c8e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
5eb4814cff7b0993f054bd452e741e09

SHA1
7e80122222a0b48ccc0472494261d89cab722ab5

SHA256
1a53979bca8bdf0fccac57b2eff4b4f4be4a374bd70cc77ec256433f44525faf

SHA512
eb18fa60da993b2f99bb7d97165191f90564040287bf313a230d21c4ff4061f566d8e0e075f1151e2778cefb0695b2a2f31b053926122caa91b5e794f07b4329

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d6fa0fc9-455d-448f-8489-01fa8d239bf9.tmp

Filesize
4KB

MD5
ae24dfa3ccc0177bc65e70742a0f572d

SHA1
896b7b3279e2a832c7f55c4f0960dad6d13ea404

SHA256
40a9473a14bec1e8e41855b15041c16552fe0167c8a6a48f3fafed00d5f7557a

SHA512
b7267717bfae295669e1207743406ec18a0c80badc3b4683eef7daa80b3d74f8a19863f04978d178853fd4cfc536e3bca9dcc3ea147b8635828b49f460e1a8e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
6d7b0aede729296aa8028cd99ec5aa6a

SHA1
d2bc3cf88386e12bbfce64cbbc0020bfee975faa

SHA256
f308702cdc119ff9b2c12112481b43ee43da00e6374ad081d2f54d1116b53d01

SHA512
7b43369b1970be259397d396558ceeb612aa138e34d2f1b0aff650bc2e0d069dea3d1287ba33fdc9ec6b9f1a3a9a8036a7d4bb32669bd4329265b7d4644d3c63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7293.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab73DE.tmp

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7411.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
memory/1128-1130-0x00000000029C0000-0x00000000029C1000-memory.dmp

Filesize
4KB

Download
memory/1980-1131-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download