ddeb0b62d25bde95d65a27414bd31e71fc3b530f62b939e31ac0317e56030bea

Resubmissions

28/02/2024, 09:00

240228-kygz5sfg4x 1

28/02/2024, 08:57

240228-kwvhfsfg2s 1

28/02/2024, 08:54

240228-kt566sff8s 1

Analysis

max time kernel
39s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 08:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

appstream.html
Size

307B
MD5

3e60a575a326b5a43ac18c8517df5725
SHA1

664ed302e149ef42f0489bfa6f0babdca778fac5
SHA256

ddeb0b62d25bde95d65a27414bd31e71fc3b530f62b939e31ac0317e56030bea
SHA512

13c14c3235d4a3802745f5028fe6eb8a309be7327087b631d032bb548c3c5347b9746ba3c4e70eb544594cb3420dc423ece7f32fc8a4eddff7ef454a20c76c98

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc5000000000200000000001066000000010000200000004a321d109a5479b5c5c8edf51783f3035390c3807c11ccce06120e44e002b79d000000000e8000000002000020000000ec17af8c7dab51c1c362d717275d20a6a5be75d6b42d0ad6a122e2553808797a900000006f7822039ecd20614902dc4da439175af711f11547525902b4b6c2508d2491b1f9504d4c6e1c8599c4f205db24cc446b8b3c89adb834187826424a5c6b36c5a3901455f7bca3d67f7ea24ef2d5d3990de12b43ce0ff2a7cf4a1fed4360754f9028a24fc2fda6643922ca022aa5b760159fc2212375b9eaca30e3cbc9719dcf0ba17e6692c62114e540a311e5837370bc40000000b16fdd225d6664719cb2ee6dc4e09a4bce022b8cb0d914623badd1545d14349d7ba139fb0a367833e670920e6b88d35a38268506d8d0d1d5f30d95b8a1768f80	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc50000000002000000000010660000000100002000000017af13079427bccbe6a7c5c7af05735a02db5ac1fd3ba7b76a8d8e8be03d8285000000000e8000000002000020000000c3e6810e3be405b341a47e35969342762f0d5beccf11692248fcb5e3416e9e35200000004c6361672850ab9f6b77ab99350efd7b6c84da3b4bae49b6024b658584039c3c400000003ac52b5ab412e04a17c6c0a91d0d9790789352435987025dc9dfb71b354849071750d503950d93a0971cf1ae997c0a236affbfc79d8271d4abcd5144e0b33b6b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0202C581-D617-11EE-92AB-EAAAC4CFEF2E} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9043dcd6236ada01	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1020	chrome.exe
1020	chrome.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2348	iexplore.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2348	iexplore.exe
2348	iexplore.exe
1716	IEXPLORE.EXE
1716	IEXPLORE.EXE
1716	IEXPLORE.EXE
1716	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 1716	2348	iexplore.exe	28
PID 2348 wrote to memory of 1716	2348	iexplore.exe	28
PID 2348 wrote to memory of 1716	2348	iexplore.exe	28
PID 2348 wrote to memory of 1716	2348	iexplore.exe	28
PID 1020 wrote to memory of 1576	1020	chrome.exe	31
PID 1020 wrote to memory of 1576	1020	chrome.exe	31
PID 1020 wrote to memory of 1576	1020	chrome.exe	31
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 1868	1020	chrome.exe	33
PID 1020 wrote to memory of 2816	1020	chrome.exe	34
PID 1020 wrote to memory of 2816	1020	chrome.exe	34
PID 1020 wrote to memory of 2816	1020	chrome.exe	34
PID 1020 wrote to memory of 3060	1020	chrome.exe	35
PID 1020 wrote to memory of 3060	1020	chrome.exe	35
PID 1020 wrote to memory of 3060	1020	chrome.exe	35
PID 1020 wrote to memory of 3060	1020	chrome.exe	35
PID 1020 wrote to memory of 3060	1020	chrome.exe	35
PID 1020 wrote to memory of 3060	1020	chrome.exe	35
PID 1020 wrote to memory of 3060	1020	chrome.exe	35
PID 1020 wrote to memory of 3060	1020	chrome.exe	35
PID 1020 wrote to memory of 3060	1020	chrome.exe	35
PID 1020 wrote to memory of 3060	1020	chrome.exe	35
PID 1020 wrote to memory of 3060	1020	chrome.exe	35
PID 1020 wrote to memory of 3060	1020	chrome.exe	35
PID 1020 wrote to memory of 3060	1020	chrome.exe	35
PID 1020 wrote to memory of 3060	1020	chrome.exe	35
PID 1020 wrote to memory of 3060	1020	chrome.exe	35

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\appstream.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6989758,0x7fef6989768,0x7fef6989778
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1108 --field-trial-handle=1252,i,7234424394308212053,9786950797188111492,131072 /prefetch:2
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1252,i,7234424394308212053,9786950797188111492,131072 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1252,i,7234424394308212053,9786950797188111492,131072 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2360 --field-trial-handle=1252,i,7234424394308212053,9786950797188111492,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2348 --field-trial-handle=1252,i,7234424394308212053,9786950797188111492,131072 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1376 --field-trial-handle=1252,i,7234424394308212053,9786950797188111492,131072 /prefetch:2
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1388 --field-trial-handle=1252,i,7234424394308212053,9786950797188111492,131072 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2836 --field-trial-handle=1252,i,7234424394308212053,9786950797188111492,131072 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3936 --field-trial-handle=1252,i,7234424394308212053,9786950797188111492,131072 /prefetch:1
  2⤵
  PID:1016

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
918c69c74593a9b6acf4b97981a87295

SHA1
e0b794b2eda65ed573834cb14ad9e0136feaf6cd

SHA256
7e08c9ea748cd1564f8aa19affa4de94415e4ac3a4c8f53cc828135cecbac904

SHA512
0b07632807730f6a1949d7a18b1cebf96a6bdfb97aa582fcd85168d2ffded66fffb09c32c91cd7901f4517835c848fba3516cec991773cf73438896c56fd8ae1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6820a97cb6e81a0df406c9ea2af2c4a

SHA1
dc60f0f1fd70c8f7656fee08f9f99637893e3e39

SHA256
7e3fc113283b74fe68e26b560920dd6301ee006bbbd86894958b8cf1de1b7ab8

SHA512
8db2abf950d235119494c8a9a7a20b72654e61a856486cb16809424bef21cf8a36df00b42045910cfb693b329a0304a0b42a54dc48835b345a6f05c36cbfc586

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb1a34c6d3eab83608df3720c8859087

SHA1
112caa27390b168056002c90412138ed497f34eb

SHA256
c6bf333867e14ae066c7a58ad831a1db2ba1023498900db4d37e839f46ddccbb

SHA512
34a1f543e469cf41360a9c1cae4e9ae3bd061f30aa8593ac176550effe2e3f7f95593bdbc1ddf9252170e789f901e261b7a5b7b6fe4bc25eeaecb845a5d1d31a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
683ec98df0cbff0d7580d57a9e9e982d

SHA1
b74b4b3c20c99bd45bf958740d2088d1a53e5060

SHA256
9d7ef4b57e335b32d0c6141476d9a6bcdf00525777733aef19ed1b8ac908b331

SHA512
dc487efe845e3b2d4e5ee5ea8e81c6760493bc64f06773819f79da835320694c8c85fe470ed82fb2a93f7247c0f21f8519c8091b4f78b9caf88209e00977f163

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cede86bd2aa5e48a13093c558bcb4e9d

SHA1
7051159e9da6b72334301d7d9e6488e8e7c06472

SHA256
51bd92cde30bceba275487dae10792891398e0fe019ee0be9672c252677f0131

SHA512
0d10ffa53936847a55d324d92331f166b5ac88fbc1ee1fcd58d6bcfc500045772fa9d3fe2ee5353d01bb8d143afa6b415fb38279be9ae5f35dbad8b4f466caf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
947d247dab20ea4a4fdbe6d594090e80

SHA1
d758688137555ba5620f1866b1b883f813daa371

SHA256
a2b07b69445a7000346c4164255b267e9dd42997df3f1bcf348c04bffd9ad13c

SHA512
e1926556488cb608a2b794a7ea7ebc5fdb0df3de516d750dd97eb7b70854e59940772d8fa5f52b764c300f561266ef32d4899a29cd6f8dc271eed09b368a8856

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
459534faa5dac10c6461f564e564fe8a

SHA1
ec404ccf3bc1cda052b6517beaeb7381a0d12f01

SHA256
6fc930cc289863729cc092f052b0014f3bca316806aa0847581045557734ccfa

SHA512
1f96b45219188516d55ed87ddce4aadf47998a854d31ed01a2fca37fc7110b29baaab939d6672910d3b7bb9f952fd337ea9139ca39a9574f2b3bbf2b91fd15fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6562c15ab10b671e41cc2528bb62919

SHA1
f624cefa9f23d592f661a3ea8fb0b52533694f0f

SHA256
db0ac535f61f9ccde282d2fe47a32649a2a5fbd97a4a7b249696bc5ca14faa39

SHA512
5e4cf52ce8c710f81fff1597d93f87d4b35093f813fa100c008bb5eedd095e9a7d3180cb4f89d7299684523138318979a6754d6f64092d2071e327490bec375d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7046107a8ce5628a1911ddbcb1afbd79

SHA1
253dfbef697ba9859158fec6f921bcd54a5cf75e

SHA256
2244dbfc3a8c80d785be884ef06c3a8ff6fb93d66319532245feb7008f3fa078

SHA512
49821efe7052f4d0813f10b12ee537e9aef59eca6153c42534101bf33f0c7a50d13ab8994b501053d7249fb363d18835a681125a38f6e904e47f042352c09507

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92a5c87597f90751868c57e70bef03ac

SHA1
5c3f8c1147d6aa8c644d1f558e337af027f62cd7

SHA256
147e6b772019eb0bcf86dca44b73065a6ad0135345bc92adc931c2bd371b31fe

SHA512
b6a6a5d1de074343fd0c9e5124438575f2d641e107551258cc3a13f5981c837430e6a745d0a7f74790e74fef966e36cb28f90d06a3b6559ef246227eb13c177b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80868bd0c8cac321f85d1c1eaa5e68f2

SHA1
e5ee79102d159335d4a994f7ac8343c6347d53a0

SHA256
4c3d530cbe4cc9cddfcd23684bc64dd084c5ac2f495d4916226b81b2813881aa

SHA512
b211eac6ecfd82c13a6245ce0547c5939da520a8244ec2ae6969c191c10b94a0f14bd420d2246e99bda0051555badf424371cc9eccac3b0533ee7f94a47b875b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76a0b8513784661d4dd503cb3f61d342

SHA1
b6a7ae42b2fe243f4e62cd51dbe97135554aaa61

SHA256
f6658f3e8be22b525d155751ddfaab2a9b3e95de6f251743fca0af7ed3cc5d8d

SHA512
083a88e342f3c9017bd7d8fcad8a5febb7219043114fd17f0cbaf0cc78a85989bd97de82ee6ada386615c4f3af02f5f1f2aff19d665efaec1e65ff83cb688451

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7fccc1b41c1a602949b1f6137c96fe18

SHA1
65b821d258580805acf81335c602e07fea9be81c

SHA256
611bcb4e70a278436fdaa6c6cbeb19faecfdffaeaceffecaf21ed15a29748ac5

SHA512
3c159e13346c7200170d0e5fc273f78ac5737b90d69318b31573f85562532ed33a530c61dfc966fb82b9027f796b4ddd857e3c7c2e9a8403f5e7c4b3561ca18e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d856e41e1cac949c2883c833c888f56

SHA1
185b4a2d07f502174b999271c87a9ad57f2bd50b

SHA256
f7a4966e69383c4fb3858061e5838a78120709e203e821a19787aee1320ba178

SHA512
94e06c81f8112add36d3cac53e2b6f955b33fac4984a934278bd7398d18e196dd21faeefd1807ed769fe9e2f20e4259ecc4364c798e87c8e51cd1609e4d49dfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2cc5ba73bd86b5a5205daab6ea8cac29

SHA1
eeb3eabc902b22f136d54a15d2b71b8d736ec2ea

SHA256
4d5a247fd31060f99104d0d39f7efe8f18fc4a7e66a228548a8243bcf162eb52

SHA512
29b2093b51bfdd1dd5a82b1ef2421b400e671ac0151eeaa73da7ce965c78b946a0885e57295e3f4cdb5f257ceacd79bcbf377199317f9e4fa8695a064cb20a6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd677113552e3fcc6f0593b239b409e2

SHA1
f848bb92d5cac6fdf4f18a5e5d068765aa11ae68

SHA256
9d8df3fbf84e97628ae11a8a4e8f9f2266db0437fb5029d7db3b5102f45ea1bb

SHA512
c2c063e4ca7a7a71d68ee12b441a3c818b2b22d8633eec087a04ae2b972f74cf60ecb248ba8f3b2f940adda9c2d0cf2a4144f6081314227146dfab29fb1b9e8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75e966d79a696a494b615517463b030e

SHA1
498269ede73cf983dc1d20347e70cb08c3cbe6ca

SHA256
1f682bd2d2f9ee193be460364d5aaa0e568011a6015be494771157fab15b02f6

SHA512
2a59758a298f2a98b23ce92c67aea520ce67f1115e4e312d4fc4a3a3e13081c06ef1abc8c5ddaf2bee17253bd3ac288a9f683801b83d61bf7f062788cdfc9a58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5172fd1c634ecbe62f9f28db0e4749e

SHA1
3e44a2c2ca9f58a0dbd4e7af04fd55aecf2b66aa

SHA256
ac04a30c06e0468d4363351b913de1993d36a55e4b6cb9c2a5efb5c7e47e602a

SHA512
50dbd4d701e48fc6c7138d4e3078d446a08b1f27d5d9517b781917c113aab049b559a9d79d2be6456d4ef1150431c3822b4da90caf3c996527bc6cedb31a87a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
34c4ca85f8fa80d448bbbf04fd62b5a4

SHA1
e6d50cf53a1ca479a72dd9458935ef92fbefb842

SHA256
95d729db2bc6b40cf02794128b1dd7f9d2f36218e7ae95a4fffd7a32d27afdea

SHA512
29aefbba7ec8480b884793a6316d5a0a18b1dd2009111b5c3b2570e957bbbb860cd71bbfc4c79d2a89e7e37416e537974b42bf909e900fb25cb5ba4f309c44f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
1286d747067a8db3d5fadeaadca20d11

SHA1
25cfcb9cd65e4c101d67fd46b01b6498292defda

SHA256
360e9a5c4004dd8283de0a61bc83ea65ab1fc3598a380e58be6dbc3b535af84d

SHA512
45910ef9685225e6a614eb9c40d1b3279791f648ee6f4f75c059c05fbe85e911e71c78d8a3709e1e4c77fe094afbab61440c7364bd9062b408eb2dbd8010b2fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
d8bcdc9f0bc14d61c2e16cf4b060c93b

SHA1
02ee12a53922f91004815ed06e8495e8693bdd43

SHA256
bb6c429dcd461969de254d2abc57443b1d35e6eb0ca346974bf725c5b90ba914

SHA512
f5b5744ed5814ecf8fe776dd4c0f674155a4c1719a552c80bfc935110486a5faba711fc551d6919b845cb769b3f460912e723dd37f9e989259808f69510db79b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
9d2c2fb3ca178d7dbb6284ac7360939d

SHA1
8a9113893169dd97298117b0f4481d16e60194ab

SHA256
c898b0f5d3e8ef7e6f358e34e1e8268fc18b7a2652c32c50528c4ca6d4830da9

SHA512
bd872b11b5fdc9a7c69ea2c3356b8c957ee0e8f3e888e89fc7dfe756fc86ba385d79b932fe9698659f6c941f89f0505aa64a3071407f3c9b3cd2d768b60c9313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
74ef00f499431b75de43d1991df88495

SHA1
3817776ac3d739a11ed4d6431bcc592c69094d7c

SHA256
51d555725c38d9ba6b9bef3ad245bda202f2100a2f4e49072a32cf3757d97703

SHA512
0c51e48578e81cba2fc7c038e76fc899ede1c450aa678323f8e8c5f8f37a60a07c58313dfcb8ed131e5438ebc8e578a73af3e4ea6805adaf699f248d09e5c793

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6F09.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar700C.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit