9c82bd01d2e0d9d925a9d5a0131e5f115fa1490d54119d345e02543e50ac9f6f

Resubmissions

05-03-2024 19:12

240305-xwl8asff85 6

05-03-2024 19:09

240305-xts8tsff45 6

Analysis

max time kernel
72s
max time network
138s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-03-2024 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

N00bs Account Generator/MetroFramework.dll
Size

133KB
MD5

a3a380676711eac89f67e0043c21b5d6
SHA1

587c765dc3ca8d3ea2fa55b9f227cef284287522
SHA256

c23cdacb0de78c5c6e8a1dde085cca1bf8261d3b90dac39379a4ac4518d212d1
SHA512

98a8a6741fce19d7817e412d0d2fbe772d8fbda527a3f3a56ddce8dec0bcd23c6e0755402ad816af089f50fdd7b33bd8d834f3af6beb85dbff53830b5c130697
SSDEEP

1536:evymZ39Uy6/ZDJALk8TWPdQNqUkkNZ8TS3SAqAxi0P77jRnZcHe+YNb:wJ/D6/lJAL4kqUZNMS371xi0DRFtb

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
19	discord.com
20	discord.com
21	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F78EC011-DB23-11EE-9CEF-E299A69EE862} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b03612cc306fda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000af916aa6968e53750e693d0d26d78776678a371bd323d9e8140bea2f72c5f938000000000e800000000200002000000051a3d16caec06291dd625ebbca951fa7a9c498fdf1f079f34d301ee2dac03d34200000008f3eb25952b832e25a4887ac140909d04993c064e6b83cc87db50c6017748c35400000008c0e5bd7331111dc61ad71eb9e0b4bafa7f6541220cac225da0bb6ab4aed4559928a25c0ea76a16f532a2414fb35ca2d9a1958a663adb9d650fc04263d7e0244	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e000000000200000000001066000000010000200000007dc49ce582d56aa2b61cf59add23e9ecad99b7536051720e3a2160de23b1d8d6000000000e8000000002000020000000d2f4bae62fed35ec50ec743ef4bd61639f8dca66d340f70e9ac8ddc0e6a98e319000000073d9986e9973a43681ad21d57179dd34be134d66fb4118b7824c9e616d5b094e64e2fa690cd1f0d21eedfc67c83997521c9163015cef9135aec92469f402c9ad04725f14dfa77bea6968dac53883c94e27ee83d55d0995d288aec41ffc882e9eb0b773eb56c2514bcc1740ffcb190973db3521c6495b1828ff51e1c649fc6cf68da2b44401baef6e97acb49ba39abbac40000000416cb57301ae1eea492347f7d559f033d8a98b423b8202a2eeddcf49ec353f02f64b8a9e420156fca7c40c7b785c01581dc99432f4973bd190973b1e7a0f5abf	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1088	chrome.exe
1088	chrome.exe

Suspicious use of AdjustPrivilegeToken 50 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2748	iexplore.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2748	iexplore.exe
2748	iexplore.exe
2448	IEXPLORE.EXE
2448	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 2448	2748	iexplore.exe	32
PID 2748 wrote to memory of 2448	2748	iexplore.exe	32
PID 2748 wrote to memory of 2448	2748	iexplore.exe	32
PID 2748 wrote to memory of 2448	2748	iexplore.exe	32
PID 1088 wrote to memory of 1828	1088	chrome.exe	37
PID 1088 wrote to memory of 1828	1088	chrome.exe	37
PID 1088 wrote to memory of 1828	1088	chrome.exe	37
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 2864	1088	chrome.exe	39
PID 1088 wrote to memory of 992	1088	chrome.exe	40
PID 1088 wrote to memory of 992	1088	chrome.exe	40
PID 1088 wrote to memory of 992	1088	chrome.exe	40
PID 1088 wrote to memory of 1768	1088	chrome.exe	41
PID 1088 wrote to memory of 1768	1088	chrome.exe	41
PID 1088 wrote to memory of 1768	1088	chrome.exe	41
PID 1088 wrote to memory of 1768	1088	chrome.exe	41
PID 1088 wrote to memory of 1768	1088	chrome.exe	41
PID 1088 wrote to memory of 1768	1088	chrome.exe	41
PID 1088 wrote to memory of 1768	1088	chrome.exe	41
PID 1088 wrote to memory of 1768	1088	chrome.exe	41
PID 1088 wrote to memory of 1768	1088	chrome.exe	41
PID 1088 wrote to memory of 1768	1088	chrome.exe	41
PID 1088 wrote to memory of 1768	1088	chrome.exe	41
PID 1088 wrote to memory of 1768	1088	chrome.exe	41
PID 1088 wrote to memory of 1768	1088	chrome.exe	41
PID 1088 wrote to memory of 1768	1088	chrome.exe	41
PID 1088 wrote to memory of 1768	1088	chrome.exe	41

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\N00bs Account Generator\MetroFramework.dll",#1
1⤵
PID:2952

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2196

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\SubmitUnblock.htm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2748 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5aa9758,0x7fef5aa9768,0x7fef5aa9778
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1136,i,5864758252883727723,9578650519046883889,131072 /prefetch:2
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1412 --field-trial-handle=1136,i,5864758252883727723,9578650519046883889,131072 /prefetch:8
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1480 --field-trial-handle=1136,i,5864758252883727723,9578650519046883889,131072 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2276 --field-trial-handle=1136,i,5864758252883727723,9578650519046883889,131072 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1136,i,5864758252883727723,9578650519046883889,131072 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1660 --field-trial-handle=1136,i,5864758252883727723,9578650519046883889,131072 /prefetch:2
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1264 --field-trial-handle=1136,i,5864758252883727723,9578650519046883889,131072 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3652 --field-trial-handle=1136,i,5864758252883727723,9578650519046883889,131072 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3692 --field-trial-handle=1136,i,5864758252883727723,9578650519046883889,131072 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1624 --field-trial-handle=1136,i,5864758252883727723,9578650519046883889,131072 /prefetch:1
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3668 --field-trial-handle=1136,i,5864758252883727723,9578650519046883889,131072 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 --field-trial-handle=1136,i,5864758252883727723,9578650519046883889,131072 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2344 --field-trial-handle=1136,i,5864758252883727723,9578650519046883889,131072 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3968 --field-trial-handle=1136,i,5864758252883727723,9578650519046883889,131072 /prefetch:8
  2⤵
  PID:1528

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b76674830b9137f82f1895b924837fc

SHA1
b75373df90357e21cde7832bae3146957f15f15d

SHA256
955faa9c527e87486669a57a456edbba527a49994eb6a22d7dc4b5961dc5140d

SHA512
21d399d1b817b9717dc2f405bc399c0a579a23c39cb9260361a3eb86cec8fa62d958aaaf8e26d7bd514d4e54afea7e1cb915be7ff28be9af3365aa8f95e7ea24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6f697993015178c48c2a726a323c6a7

SHA1
a10e6704d830bdb64d4e55c1f86d0ac80c3bb92b

SHA256
12a34718542d1c11005876566e6dca39c96ccfc2a4c3a54c373e2175e7c9807c

SHA512
0bbe08c629ab0b37de1040eb0261c604768015140d0978a2eee85adcf8e347139ac194863c169feed59615ca10126f6fc0eed78cd7826c83d69f04856dd78d66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23df33ae2f2bb8b20886ae44418ecacd

SHA1
d028fcdb40edb5ec9eea7547a75668d46c980d18

SHA256
bc63ea24bf30fa76692644e5cacdb5700fab996be0781eee9d4095e1cb7325e3

SHA512
dba1ad5c5994a8e0ea54a9295c685a07bf9d11cf44853a5aca14ad43c1700bf11b8aa51aa3e230110aac86c55ab19c64c035c981ac3b20521ed30844efde0eb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
27be93cbc3b9e8454d787171dd811ff3

SHA1
6cfedc4366b1297185da60b976cc712f81f02042

SHA256
cf4bc0873ea1098110d9d74b2eeb425cd891dc036c74723df7ba3f0a157726d5

SHA512
264aa1efb87d24472584d3a62986899dfaa393213af5af157539c235d69de3d7586e971b3168f979b31f64a01d193cc909e75cc165201369847d92024f81359e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8df87830b866ba676ae139cf83d2f97d

SHA1
f04487f97de2f5c8b9ba86edc6e5a376459b55e5

SHA256
f8a4a1fd9e7a3b3c804e9c52daa1577f7e1bc3a9b2e8e011d881575e44e56e3e

SHA512
d2fee1f95343c6e278c364caf640777e452982ef58c6e296cc3edc62ac8ff81eeae4d027e355950122aa4f766dcf07378d6846e58f4739a442948cad08911710

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71bcd4980e6676098928bb5aad05a01f

SHA1
e0936a3eadcef845e03f144f8658fc4eded42c3d

SHA256
f1f9839e9eeddcc7ffec12f3245cdd86628c1279e15c961f2f0579ca60829ed3

SHA512
a94192b1480599e405ac2a9961d6d6fe9a97f7632f683cfb5e6f9bcaf0b7e7292fef698f7ea2c7fc96e5a7f875021d392d3b06552b0593031de7ade0dfa6032a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c30f6ebb155c54053fffd0074b245ff3

SHA1
6f3356ade5fc3d0e7b6a33f23dbf501954aafab0

SHA256
848dcd815bb5e6b96cb83e9332dfbacb4649d587cceee070dc4b17c96fcb25cb

SHA512
39e35e54b087e28e489a4b44f12e47ddb19ea1f92a36306f7872bbb8961fce6cf0235e87ad9375737ed304e9e094ad336c88ce364be18294dd4a124d2693b0d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17616f5a12c781ce1ef8e14e0e6921a8

SHA1
b3ef2239f498766f02362c8e2c6419be6a9c5bb2

SHA256
ac8024f076dfc469da28b0cc3238350f5fe5f8cc756f600df5dab5cc2fd2c83f

SHA512
460169e87744c775e8f1a8ce708cab81ec6d93d1e103a22cd0a3c033c538fcd6ab02980167be317b00d92b693a65203b945b1752349781bf889c8d0e34e3dd9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c7ddbcb2839bb512f43acfae6a65e51

SHA1
d5c9d8ff29faafe4f5fda04c1979cc1a7857d2da

SHA256
a75179e8fd096687ba7bde3594fc7e2c3e6bc99eb0af3cefba6714ac543b3314

SHA512
6a556136cef1da45befabfdd06b3358752a998679a0186e7465736eb4e0c20df75b730ef24f509d246b17ebc5ded12522665272e2c5d3d72cdb5b5da0bb7157d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
944bdebf91cba358ac4aa4767c231ff0

SHA1
74779a75519fc044e64da1f541cc4fec472f6496

SHA256
3734c014c28979cc95a0da00b13cb979cc4d34c5eb936b996cc4516c3a322212

SHA512
358abac0e9708f6528671b91897fc0b8ba8273ad2030046f59cf0d3a6e78e1b539c640f518bab6830cb56321c11f78539f23f41e85141c3b5a91602c460e94ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
3c70c67256fbfa624336aae0ac159171

SHA1
c95b0ede60c25520bda88182289b217bfb097948

SHA256
7fbc774f876dcb113a484175b9b7c1b9e9958b2e88cb85ff3588131ed62b4742

SHA512
61660c74e954f9661160f53d102507f9a2e74edad3d1bbff24b99cf99c671ecc0f96cedf806897c8f4e5ba972a84dae2f4b7623a9eaf14e90e2d66436733eb04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7a9072b87744efaeb09453e3ed35f7eb

SHA1
44a10caa3910f24e18a424fe20f9ac23604fdfe8

SHA256
3694d140c09b62e819e942ef13064e565cd84ce38532dc73d5e1b3b136ff4f03

SHA512
9da4536047e64592f524f2219b6fc6fca8e28fa79aba2cf9be7aeaf6e54278057605433b2d6f063a66045b2320dcda1d06bd5f39b49c1a532b0f7c3555e16de6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
526B

MD5
baeffd15e085faf4743d2d308aa76737

SHA1
7b67119c60910ce4651379c196893afe8b398d1d

SHA256
8bc092c3ec248872776fdc85ebc19640ddbc85537a1b115995b1f85b34364a0b

SHA512
5aefdc25d5aa7f2ac2ecfc840ee73399f6e92e89b1f7ed553f89b22ea9d14ac8806bf6f9b6879ebf5ee2da9c7002a9a03db1399e359ce07bacda6279db43eda8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
172906d9f97714798a3edee955d653d5

SHA1
a94de648e8cc28e5e73e460ff6dc8082d95f766a

SHA256
d2df8eb914001931006aca7a15a2c8a425af8e1bdf7508117ccf4e7d1a62699b

SHA512
3aa339778a5e83507c52bb7d6e218b9e189ff144ed1ccdb8c3a83a3cf244fdbba12d1e5b3ca3f290acf2e13796ca128673ce0760c7b52057fb9772cb51352e7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d485b59554d3c88798c81fd0c69a5f94

SHA1
c142c5f75656515c833df9c693d7602e73759ed8

SHA256
fad54f3ebf160077d5b04818b73fc4b6ac65e72a9ffcde9223db090b96e054b4

SHA512
3a19e27ffc6ed6ba148fed7ce5f8a88e112db72129d21207a5bdfda6c30ee329be9cb00438f887753ba47a095c31d21910c3cfeb45cb33770e1f5bb0c70b0acc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
76KB

MD5
a6d4ad748470457ff30c90e455c10913

SHA1
3c9b524cc72e180de8ecc578723897cbdbdcb7c6

SHA256
9c40fcf20af9a87677d6d7362530c67dfbfa760f21c4aaca7d5094937d532c09

SHA512
b7818dfe96adc53bba742cd77d0e975af77a07be5056a4237d085bc9bdc8e8ce6946871e681566e304b8281c69a17704b58e1a4c2e5380c80a585361f863799d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC8CE.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCA6B.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit