d5b473bba1a201ebb4c72da1da032b5873a792d6c66d791fac515a94d3052691

Analysis

max time kernel
899s
max time network
1844s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 11:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b74fc90eac76055a5ad.svg
Size

762B
MD5

7b3a37fa249a857b0ff136db0a73f44c
SHA1

31d00d4c6d14eaccc74ffccce60a242f3479df0e
SHA256

d5b473bba1a201ebb4c72da1da032b5873a792d6c66d791fac515a94d3052691
SHA512

543e7840e4b90c889e1741f7fff9f7f2db23ad5a7720a7cd687778f7da86923b1696293755423add6ec7a880ba4e4ee903d6da287b91d1c46b9602f8b865a4fc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc500000000020000000000106600000001000020000000683a423effef81bfec5142709c4d8c04a845872b06e7091f8cbf8f5a869deb41000000000e80000000020000200000009a775600e118bd04b4bf3b9ce68da20d15c43b62ab0de92adc1434777f54afea90000000afb752c4795f421f38253fa23a2b5d0aab8644ab37a4296d2691f87d924cb3efcd21b4a114cdad845d7f60b9f855f6b1a8719af1be93f9af891c690f80485a429b9077c8fb897395ac5df16de07e744473968fa3b5e0bcd4d8aba1b584b8e6134e942081e4b3183e8064e53bd3f8d40c107a64a1f27d2e571680e8edc272c36a20ebd3de8422e2e202568da37c92b00f4000000090f1e23b5c2b5a90c0395b920375cd2ab77ce619e97f178da2c9d96ddc046d2be9a54c3841de8fd48cd426ee4bf91e7b2927e5c5b8415ccea2cadd328f8a29df	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{00C09721-DBB1-11EE-B52F-56D57A935C49} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc50000000002000000000010660000000100002000000091e920954afe973857ab74301995a5848038fe3cc6c40ef13ac4679103755742000000000e80000000020000200000001cbf631f37e02bf6b30be99475a988bf1ee24547135244f77658acc423f01b0e20000000a6a3903ad04448e60d70ee93a985a22a9f2d8b64c226455b6f7290b137d5c113400000000362dd5891f8c25f6284600274a9d4b20ec931a0639e7a1c3725a5928e19be78c302a820a9fe16d3288f924950670156e4e73ebb2f586f970fbf186021c11e2e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0e7c5d5bd6fda01	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2280	iexplore.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2280	iexplore.exe
2280	iexplore.exe
1932	IEXPLORE.EXE
1932	IEXPLORE.EXE
1932	IEXPLORE.EXE
1932	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 1932	2280	iexplore.exe	28
PID 2280 wrote to memory of 1932	2280	iexplore.exe	28
PID 2280 wrote to memory of 1932	2280	iexplore.exe	28
PID 2280 wrote to memory of 1932	2280	iexplore.exe	28
PID 2188 wrote to memory of 2316	2188	chrome.exe	33
PID 2188 wrote to memory of 2316	2188	chrome.exe	33
PID 2188 wrote to memory of 2316	2188	chrome.exe	33
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 2996	2188	chrome.exe	35
PID 2188 wrote to memory of 3012	2188	chrome.exe	36
PID 2188 wrote to memory of 3012	2188	chrome.exe	36
PID 2188 wrote to memory of 3012	2188	chrome.exe	36
PID 2188 wrote to memory of 2864	2188	chrome.exe	37
PID 2188 wrote to memory of 2864	2188	chrome.exe	37
PID 2188 wrote to memory of 2864	2188	chrome.exe	37
PID 2188 wrote to memory of 2864	2188	chrome.exe	37
PID 2188 wrote to memory of 2864	2188	chrome.exe	37
PID 2188 wrote to memory of 2864	2188	chrome.exe	37
PID 2188 wrote to memory of 2864	2188	chrome.exe	37
PID 2188 wrote to memory of 2864	2188	chrome.exe	37
PID 2188 wrote to memory of 2864	2188	chrome.exe	37
PID 2188 wrote to memory of 2864	2188	chrome.exe	37
PID 2188 wrote to memory of 2864	2188	chrome.exe	37
PID 2188 wrote to memory of 2864	2188	chrome.exe	37
PID 2188 wrote to memory of 2864	2188	chrome.exe	37
PID 2188 wrote to memory of 2864	2188	chrome.exe	37
PID 2188 wrote to memory of 2864	2188	chrome.exe	37

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5b74fc90eac76055a5ad.svg
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2280 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1932

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6309758,0x7fef6309768,0x7fef6309778
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1252,i,13978429184941389376,301986200815387754,131072 /prefetch:2
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1252,i,13978429184941389376,301986200815387754,131072 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1252,i,13978429184941389376,301986200815387754,131072 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1252,i,13978429184941389376,301986200815387754,131072 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1252,i,13978429184941389376,301986200815387754,131072 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1464 --field-trial-handle=1252,i,13978429184941389376,301986200815387754,131072 /prefetch:2
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2228 --field-trial-handle=1252,i,13978429184941389376,301986200815387754,131072 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 --field-trial-handle=1252,i,13978429184941389376,301986200815387754,131072 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1984 --field-trial-handle=1252,i,13978429184941389376,301986200815387754,131072 /prefetch:1
  2⤵
  PID:2336

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f2a98e7d797f11e25e29ac1ac08ad4b

SHA1
1125e089aa1982734f316e4137aabd27dfe5b44b

SHA256
fc5530167e87d321bcdbfb4c0b2b46f36041befa6bdaa45d3e77af4696f921f7

SHA512
ebfe239317fc5a79159182eb46ff59635e6b7da0314a0be2bc7dd006e4fa1895ff5ab750ef372d27bf821685b176331619dca7ec428dab2aaab7d96874f2cae4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c7a59a0d5c2e80478723dd033407c86

SHA1
ec1304074b77190fcea6aae0b5fbad78b2c535f1

SHA256
03ea3f8c2d1e2327e08668f23a6307f17d140b8b9585ca3ccdb398465afbfa01

SHA512
336aee90505f9579100dd21250d4eb2d9ef95f53c1006a604f5c19e47a8a34cb0e9abdc2844d0a3f2bf621bb49975a9d395fb7f70893bdf50f4a0b52f2aa3fd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
463a652ad5b34252d99a12fdd4414891

SHA1
f8ecac3a3a46383a279742c2c57a000e0a2cb30d

SHA256
a68f442d5faa839a9ff85189686fc485bb432f36da72bed9f433e8996c5f8820

SHA512
fbc66c0ca8e127f8744ddc36405a4ab8964c5b1024313ec8313a409edb2738a9b09ae22a8c418152acd9aa06c256781f1a70a6941cc051db3d1343a19a04b653

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
89d79dbf26a3c2e22ddd95766fe3173d

SHA1
f38fd066eef4cf4e72a934548eafb5f6abb00b53

SHA256
367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

SHA512
ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\57c5bce7e97afc2e_0

Filesize
280B

MD5
0049db67b1a8c8299022aeb44caac62f

SHA1
421fb5827827abc96da16bee60a206497b7aec5f

SHA256
ea8a10bc3567d5cea46c1a86c0fcd94513685abaf2b99a05af79634a6676c10e

SHA512
649732db5981c3b32976521e723adfde397576f1c428922a3f88dbbb14dd00bf1bdfb1e9e3c72f59bfb33e6b91c4458042d239788a0041b7f93a7da83580573a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f70bc989dfcecbe7_0

Filesize
18KB

MD5
abb58a3b5004fe5be2e70fa0983218de

SHA1
6a779bba138cf2ecd5e8b59437202394dd1a3f3f

SHA256
b0d4b96649a2a371a626c6243e1c827bc76af16f7c8b8e198702a4ddf0262d13

SHA512
6af05c5fc7fcab941fbbf4caa27c26ac0c346c78bbdad370b0b0af81b9ff17b0a1e7caf140f8d470facf56218ac2ac32bd8b00282bb51a766d75c66372842e64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
cd983ffb1e1d593e104b4aee08fa67cf

SHA1
6754946b72dac764d4aa6b460f742f73d6ca829e

SHA256
e55f3184834716698b54b5a5814ad6c151ac16b754217c0293f619bd46eb27c2

SHA512
1a978dc733c9a34458c732341eb66d1e7d6c70452f2f402e4ba632496272c6acbbc3eab6be893fc169f4c66fe64f7ee1503408037622c5d83dde5de2ba7967b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
83d7d45f37b322b31576150c796b3d70

SHA1
2b77f187707de09167dd32fcfe8ab949c99c7050

SHA256
ac4d122dc6142192d32d7bb09e95da44c5e6b89fbf710ba9db5047822354c9e1

SHA512
06ccc22b8e6c09cd1337a3fc3cd2ae4e50c64fb35c9db35d8355b1be3af31352775b8721997323e7255255e5c3429aa5b99264d3a5cfd7cd7ef1a948fff931e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
ee8a66eeedbc21d3965f3cf5287f637e

SHA1
29066f09f432c05e30c2026e76adfe7382b46a41

SHA256
e3018e943e35b2fbd590bdb701318b0c603b9cfaaa182fab7f88b69873f09016

SHA512
f1bcb78efbba486b1981ca5415b24aff4ba760b8835fe5e41b0e1deb1ec6c9dba12cdef399c3f33047b0e713c9a429a7c9fa9b9a448c3e32d6a2cd1948ce56d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
8ef3c7f6b5c1b03e1017cb0d95ebf12d

SHA1
6f74b2075f85cc3fe1ee8616d1c657594829fedc

SHA256
f48738359217421d2d7d563acc4a02cb739aa26a739c9ad487706d4b60448f9c

SHA512
c4d645d74e2ce2e594001d8ad2b3e672066a6491c5f2cd0c674bd31d241846c6f6b97fa66927d0aa7b0f6db9ccf157aa86c9e3d4b3178958665db5faa4599aed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
2cba940f4bc3c3679350cc1df24582bf

SHA1
e5858773457addc3424b15097ca8d1a3d0c40ee2

SHA256
3d7d8e20470b0e8dd0150b0c4a8dd216dd9cc593fcb3abbbb366a505cd53a309

SHA512
e7cd6cb1e21d05d9184e0496f40812bbd560c0764f85135b42f54d0c4c853fca6238b6bb7406b7fbce51d056b1f7dff55a8a743ba3415363344378a0c8cd6cfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
36daba8a0d826ade164a76b752e2c14a

SHA1
2072480faadd7d55ccc6552667054b68309de728

SHA256
4bb2ffe7844f0caa9240bfd8e5f10d03f5e26890c0dc35c60451cfa4a0ab816d

SHA512
931c31fc1d779e9c710fd396acb16ef771a4a47b52948cbfef7ee0d6ace0099e407a30c9141f778c1c26a4d375343b1feaaefb327dfa79843dfcabd6a8e6be3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ae7b8280f66bbe5ca1ca3448083d6745

SHA1
e7526b1d2416547e6be7923fa7e587928c4b40a3

SHA256
b6176d867e9cc2daaf041587c5d7d6b321627a5f82f92b05194cbe0cb5059d79

SHA512
9b765424b75aa2e2f56d8e06eb44f448a35fe001d806e751dfd8d743501ad85a59da1b0fdb3e8b1ad999f3caba1afb6e73f4d2bba64561ac94c25c411bf7c492

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
db90f2f5b8a2907c52fe2199bf796f95

SHA1
c0cfec8094b33ded9035513aff429ab8178f59e7

SHA256
82a462b8dbda0a3da499d9a197f96926fa349047331cacbfb4b7b0f8436502ef

SHA512
cc9698b109371b63fb7c44dabd90314709f7c4b26ccc56fbcfe451aebd92dac1cc18a2f1067ada5e35d24a57e620ef4e90d333d3d3b04e8d84c7e1b150b680db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c2740b72252a894d43c8d63f355dc37f

SHA1
fc373fa8b24d901a32a8451f5f8a1012950e3520

SHA256
9d0b2e055eb65f56c7e5611d65db860b07c233ae6a304a132d038f527b61c588

SHA512
b56c1d62d5e4f0c7a69e54824ccc6bd273c2893651fa341ca4d85e7b29700bb9d4e730916326aa5110e0f8c7d3cab6f160bdc48e6e49bbe487f5ff2cbfcddd14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8eb4fcf947e2fe6889f0cf2065b9d25a

SHA1
109f1f3c0d37c31506086a50732315744f80a421

SHA256
b18ec2d534f4d3a7cfdae855970acfde22e9cf45c5752d61e50658f3ad7c7ab0

SHA512
7a4421fcf8692178111919ad78703463d2ee811a5111bf0b3765ec056899ddb2c01e549a0cef54f2d49283770bbaa4a11d007545449af9da5fc232285856316f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9d77e0a717f200b4869a0c5bbf343cbf

SHA1
35e14a1b86cffdab641982058269951ad9df8daa

SHA256
83e91b609ad9a63bf8a9538becc9c83ca268a48c3caac3f459a7dccf63150fd4

SHA512
f4f253f1bd4f746ee77322477b7245ad5c56e038a3025a994f6d38716380677afa56e044d621b8dfe509a3ca5a97bba5d801291991ca2c2a7ab347647a6f5f0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
ded73253d8c73b1c43c598d170434c48

SHA1
edd1ed5c09d5065354934104ecdb858c7136aa0a

SHA256
9b5d8bb916979dedd765dea1ba2f7f4e769ab645c76647fd7fa47ce231aa4674

SHA512
9b4646d5be4a5ae5f1caa2ef3723b5ffd61139af0dc1b1ef02d6d97764d4c1f8a9bca66448ad75863932b6156056b6da88dd646d3b40e1cc30040c79ff7668c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
30e83218a35d20e27a74245ec75fadb1

SHA1
5e86b2ed58aa0cf41d82676aeaaf580f6f8b91ae

SHA256
38b1c912ffec03bbf0464c9f3621630621c0015f460380eceb8c278770e8ac4e

SHA512
a67aa503b819fc187146879617fa1dd618b6a0a04268a1d4113945698c50385fe57b09cbff7b09cc81d0427aa8613402f8c71edd17d903448e00f0a3c70615d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2cca11cd2cc1ff3b557596ca5d7f95b2

SHA1
13868b22c1991b3a2dd1d75c07e45faf0e9cdf50

SHA256
a2e9e7944ef3acbe55ae613f25b8af21d2349724b3bb26a52d215c1470052868

SHA512
3b3c189291a461e2ac8c50e30162c6102fd261e34c90925c7ef9a3426fcfd6de788a5761853d1188d00a4cc2170c3f488b29898295329e0ccf4d6d53cd619a5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
e4b4c07f078f6a8c58814124c1e126d5

SHA1
91af2676087d30b49aa0a900130d65e5e1bc2b42

SHA256
6d693a89a6df2ba5942b8d5b9e28b28be0a49889b39966ff819020b8d1ccf37f

SHA512
00423da69324b46ad527c175ed2a726e3c2ba45253093a74846f2ef99518d49f99c1ab0bc5dad29273d63bde4311375ce82615577db34c9308c476e905dd9811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
63bec4f9847879b59ce6817c116f5851

SHA1
3f94de62482ef03160e3a6b21ca87afea2da210c

SHA256
e00aef616da2786cc6e140ccbcd3298ed11ba0f36ef3a7f80e61ca481c7fb452

SHA512
da2c4c3b8ff64ea90ef96a493bc3d54a30b1c99e45dde8f23f1c3a75be7e1fd7b85d24981918515f39ab62d95f29dfda5f454397e89c66c45393240253958030

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
37632ffff458147a546ee16265cd5df7

SHA1
33fdcc7897c1e3e311cc8ae613acffdfa8981183

SHA256
f099feca02f6f687dc7325a2920d6c229fd681211a08c31f7703e4e896cff8cc

SHA512
70fda3f9ef8c15a1e47e9ca6b093fcaa4d9352aab170e9b6fa3b71a59e8a8b69f08e0930d671122fa0521be10ccb9570895735eda1579ce7e8a6ca95802aa0da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
c4d93159573027484e125d5732ff2d0f

SHA1
e82e9f443875df5969a7cac29c10e42238aae2cc

SHA256
72f20cbd573b7326865befa979717371465d1c87c5be1c9073b7e20a782f2906

SHA512
8ee8c6f63136856e02a9f16982c2e605898daecc873c7efe13c1bd757f4836235213fe2c9beb880129f97168d50a9d4c6ce15e1519bf9612c7cc7c3384713a11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
171e1a3e2bf6a202c75656aad279398c

SHA1
5043472cf733e5daa8ecec8368a3227778a4dfec

SHA256
1ffd2d6498d445460dbdd8537b3236db0464fd9071483751944a19745f100a98

SHA512
aff7b73fee81965b35232a334e2721de2c15860d27953fde3b202068e63f6f1194106da564d6ea27b99bceb6c68266dfef326e40549f954605c7dcd01c09b150

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab56E7.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar59FC.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFCA97FE6181E1FC31.TMP

Filesize
16KB

MD5
7d073fc7e3c27ec54828d63c69171728

SHA1
7e7b3fd2fc567b5c7fa15c7c1c9f66c69b20456a

SHA256
570aca46f5feb89788b6a7675e0c0ef32c63832092dfba24f80553725b19e4d6

SHA512
74fba477754442a24fb710e5e6ad22325e7a46865b28d5b1f3c40948636c887166376508e0bc10a52073583aabcd6a4d4859996ce563939a7e551c40466ba035

Download Submit