547914cbcfdb87baa85fb8654669241fca4b45851c158f3400e3ba577d2f1160

Resubmissions

12-03-2024 22:35

240312-2h17hsef58 1

12-03-2024 22:32

240312-2f6zzscf2y 1

Analysis

max time kernel
95s
max time network
320s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
12-03-2024 22:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MntyUA7a.html
Size

2KB
MD5

4892eb172dc36b19350fbc64b96a082e
SHA1

8ef0f7bdba805c2db8f7a8ba74742eedfcd2dc84
SHA256

547914cbcfdb87baa85fb8654669241fca4b45851c158f3400e3ba577d2f1160
SHA512

fa687b623a2c13324415007ac18d6168b05c4f4811a58d11bfa6eb0685c6199dbbc57cc8efa0ed2f3d416b0035c39d0f15b749f07c9a9099b976b309f050a94b

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000c919a3295fdb47f0ec1ec5a0694f9d6287f2539bbdabad50d73ee3af28ba9b87000000000e8000000002000020000000f8510f24d565a0a8709346c9967a77342c853f9368f9fce276cbc0118f474aee20000000801e712460f4706464b91316b03bfed946874cf900fcb4654bee7fc482ee72d440000000aff1b79160df591a13bc65715b68fff2ac7e168a1345163a14a02385819a3d545cf6a40d3574545a1dfbd0fd96cd355db6cddb58f407bf2f6c5467cefa1303e2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000553b7d4585e80bfa181abb5df2a4ccebba5a4bdb191a8ea7645d17cfe263d81d000000000e80000000020000200000001df0d99b5c3bc5f65ada39f277c2b33ffdcb0ac48781e173e48a80560f6e81cf9000000009c2df0e298c8436d4bfe64580915b4bf531dfd9e4dafe9421d4a0a6fb8e1cfb8947cca11638b4e50f7742f480c8f54ce4594bf69bfa036def984cb6e06796b568049b21a672045bc3ba11c2185d68b42b6bcd24c4b8a170f5472ab61144992797f6572f65995b8114734541a7143f4b467bddb503bc47b1aa8918d2dad42008ed90cfeeb8eaf24c2ca200f1183cf2e74000000030943c2bf8f2b49de49ef04ddc775bf54ab3818ab5a5e141334cda3c193eea16ab4a99d602bcf8a8ef97abbaa13cf2fd11b6044bea41dfc5429aafb3fa7ef63c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E1E3B7A1-E0C0-11EE-A1AD-46837A41B3D6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 904384b6cd74da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2272	chrome.exe
2272	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2308	iexplore.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2308	iexplore.exe
2308	iexplore.exe
2176	IEXPLORE.EXE
2176	IEXPLORE.EXE
2176	IEXPLORE.EXE
2176	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 2176	2308	iexplore.exe	28
PID 2308 wrote to memory of 2176	2308	iexplore.exe	28
PID 2308 wrote to memory of 2176	2308	iexplore.exe	28
PID 2308 wrote to memory of 2176	2308	iexplore.exe	28
PID 2272 wrote to memory of 2828	2272	chrome.exe	31
PID 2272 wrote to memory of 2828	2272	chrome.exe	31
PID 2272 wrote to memory of 2828	2272	chrome.exe	31
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1208	2272	chrome.exe	33
PID 2272 wrote to memory of 1128	2272	chrome.exe	34
PID 2272 wrote to memory of 1128	2272	chrome.exe	34
PID 2272 wrote to memory of 1128	2272	chrome.exe	34
PID 2272 wrote to memory of 3056	2272	chrome.exe	35
PID 2272 wrote to memory of 3056	2272	chrome.exe	35
PID 2272 wrote to memory of 3056	2272	chrome.exe	35
PID 2272 wrote to memory of 3056	2272	chrome.exe	35
PID 2272 wrote to memory of 3056	2272	chrome.exe	35
PID 2272 wrote to memory of 3056	2272	chrome.exe	35
PID 2272 wrote to memory of 3056	2272	chrome.exe	35
PID 2272 wrote to memory of 3056	2272	chrome.exe	35
PID 2272 wrote to memory of 3056	2272	chrome.exe	35
PID 2272 wrote to memory of 3056	2272	chrome.exe	35
PID 2272 wrote to memory of 3056	2272	chrome.exe	35
PID 2272 wrote to memory of 3056	2272	chrome.exe	35
PID 2272 wrote to memory of 3056	2272	chrome.exe	35
PID 2272 wrote to memory of 3056	2272	chrome.exe	35
PID 2272 wrote to memory of 3056	2272	chrome.exe	35

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\MntyUA7a.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2308 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef65e9758,0x7fef65e9768,0x7fef65e9778
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1820,i,12172840800750869511,8372550446097584997,131072 /prefetch:2
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1396 --field-trial-handle=1820,i,12172840800750869511,8372550446097584997,131072 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1456 --field-trial-handle=1820,i,12172840800750869511,8372550446097584997,131072 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1820,i,12172840800750869511,8372550446097584997,131072 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1820,i,12172840800750869511,8372550446097584997,131072 /prefetch:1
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1832 --field-trial-handle=1820,i,12172840800750869511,8372550446097584997,131072 /prefetch:2
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2212 --field-trial-handle=1820,i,12172840800750869511,8372550446097584997,131072 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 --field-trial-handle=1820,i,12172840800750869511,8372550446097584997,131072 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1436 --field-trial-handle=1820,i,12172840800750869511,8372550446097584997,131072 /prefetch:1
  2⤵
  PID:1192

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
618d12fea9257f1758bbfdc4efccf8cb

SHA1
acbbf68aeeb16f2f81244644fa11d7c27c82a680

SHA256
0fd6a201330719e5dea9ec73cd1f0b14363d12f34cad35aa380c3d5fb5086a70

SHA512
963955963b99b733d4b60491baefdf4e547eac244780a8fbfa3695ed8b15416f7f19717b8007ae436033bef5e0c31f161b39133c65e318197e37075144568875

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
73542ea7136a5cbf212093563f97b0f0

SHA1
863606a86c03263ded036b904b018b893879d909

SHA256
4a8bc69ea068186b82c0badb502dedeec431d4fcdfd3d981e2a10a212813be66

SHA512
01d8f053db6bf0f21987d951781e80fbeb060062dcff39b507d941e5bd5b6e6f9b2ec0d2fd3e52d31a93f771057ed77afcec3fee957b439d1b7db0324170cc75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b151565e3dd6ce24199dc359c94ef26

SHA1
ca6f39ad23c89b20ade27f3743798ee3136105f2

SHA256
cfc02982d3f0113adb8086a9a88221507a0fc6d392b9c81eddcf0b27a74497f3

SHA512
976c2bb9468e75cc3fc7f021824e45662284b50131202788c08957444e71f239fe72c5dda58ee0117bcf04bd104cb8cb7de293b66c469a5bb457f87d0fb8202a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51ed78550708aa9270dcfe0b197390f4

SHA1
9e306561194937d0a887870cf40f2a537ab0f3fd

SHA256
b719a1fb4c05b261712eae3e8c72cdf56f679a239f4e21240854cd7c89d4e509

SHA512
74b1c0a8d33e254addade61eb45906d8ebff05cba381358014a33eb4e36275ec26ee97bbbe6ee941b42ef7a33cd42b86c410479278d196cc5446b2b2ea9f6ce2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
afcad04039f995247f8e3b8f99b47658

SHA1
aaf3fffd60bb9c1b7a8560f934e3db68ab20488b

SHA256
32ac6e64a02c7763f17029f01e3a4b1d09a11749561f2b32220944f8b9738b75

SHA512
bb382b7e77a40524dd7372cbaea435f849633113c35f26d3a0c0000bd3c975d91feaf303e28af889c033d6dca21bbfa6dd4eb425654602f1dace6571fa1b212e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e3bcc93f07d626f1b1531458c71a1df

SHA1
5323272e0cbf4324c058c2b341fa6c03fd98b4ab

SHA256
81c3f274267fe64f32f86ec61b308a53932c8439c477cf6f59740078fcab54b3

SHA512
a43614d8cac4ff079eadd018f3273063f596dd91b1065e22f344ff115353ab1c7a39ebae8cd63aeed35cabb22be8b7695c8d085707cf8f17de62f9e73de78354

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c341b7dd21310fe62419cff85d859a0

SHA1
9856d952f3c1267077b8adee97c2fb1fa263bf3a

SHA256
cc7fd0dd917b11bea840708d5dd1944f0e2c52b925a2c86cc47cc56675c8678e

SHA512
5e3653f90b6427c1383819ca123720b7b7ff0b0fcb5a5dd1268526c9317ed872d8e6845d30be3f4a7ba45ec58ced15e4d673ef20b6ef07d254bfef320e6661c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
57d056932b7b1ee64fce1d86aa26595d

SHA1
93d535ff35531dbede889957cdb16bc24db555f4

SHA256
addeb91eb72084c439fc03560d46cc60f17b990cf1911e73a2c048c3d13dfcf5

SHA512
43b49b780595f995f2ea003ef82b12f906db0842e7ce14e05559b6d929897a399e229a030a9e6248abdebd7191726cb0f6332d5aa9dde5ceee1256d05aea36eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
b948bc23532a3429d917f814b33d73dd

SHA1
160b5f899c33f68d57bcfa8a91f442cdf4f6e0be

SHA256
a96e026b38dc4bc962ffedfabe10f45a451e37588977797daabfdae5296504d1

SHA512
4e4485f4fd5a8c2a2f4032a76c98de576eb29c38cafb9ccb10dd40ed6bba464664fed5c4e87cd138e9004bd44db9cf547ad09e066fb35e4d43c9486bc0a609a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4173f7c6236f4ae896a3702df30ce5de

SHA1
f2a126c751898f6a65c17184ef3445a7a37f173a

SHA256
7eef80da7177bda6461c1edfe949f3e8091ba9d92c6ef2443cc1d3e23bea6e96

SHA512
ad34c1ebd986ca77ee2493b8ea94f1fb61e5c4d20e804df8533c0c138d7665ff2584fc1345b89b5567a63def5d24b4781c58796a3fb27572b5a2569db7b2678e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
a42477851cc8e1002831b7437e78460a

SHA1
455839106f88787c4a19dced3c89e7ca2c208466

SHA256
426420dceb108f0c586bad8fa3a53a1c81ef257da962f63897ce934e790f09b7

SHA512
b8034148b4cf3a68fbde288c5c4de13e7bf0bbf1f2c022b5b18f7d44f52bdea585bf3e745cc795dc7a3abcf1f843b47679c7f82c08eeb52ee1cee6fea36f6f1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ad440e2583e4c6876ede64c51b25d048

SHA1
720c8699ae0e80c8794a667eaaea015b9024e24f

SHA256
3a88d130d7c62553d606a5dad68c5c5f097b883507f7bdd3d6fafbb49c791774

SHA512
6a8a6b236fcaa420174303398eeba3e457ec6757c5f374e26ed6e23a4dd6b6d85489ddeb203044e4c1d4b5a93345d1af90f7e5f5354fe5ae77277da8678abeb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
4d15d7f10522ca7cfe6bdd77e7b00a31

SHA1
d91902b79eb37f47d56f16faa1d65ad5c61fcbbe

SHA256
1f4cec44c2aafd77413fde153c576ade1470718665290be9f3cbb4bd832be320

SHA512
532018075b5aec610ef17267cf35a90cad1572527d46da22d72c43f48e9315696d72a7828a4c5a7b3a36f618b1ab5f0c480a5e28e2a95821f200205995316b1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
15d0df407b1057643da4ca7aaddc09c4

SHA1
65f41aeec3d973db7c146915b0af85c127777244

SHA256
7cd217dbdeacc04ce2a169418ee73c3e0660d28ba4348d04c814f5a7498cde9d

SHA512
eb4838a37b3ac4d54cf438df4bdae427caff079c4833365c84798da07e130ef2f8a7a26abadf30a46b0a4f8f7ad238e53f50deba6ebe8282ac14651940f65c07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
44658793bccf7baf4a400a008efc5198

SHA1
e9deb34df17e4c7ef477c72d6992af11e17364bf

SHA256
70aa99472729a0ecd5873f735507b22b105139bc176e1364f3935037f0ea1af0

SHA512
a685111069aeb6a3d6e421aceec5be97ecd49e28f1bf47db3441ebbfe0277f3922e65716ffe44e7f60650add2442b94b95403a0c76cdb0303dbec1633e612ba9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab22DF.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar240E.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF52D8AFB70422E7A7.TMP

Filesize
16KB

MD5
434800ccb8c377f829ba944230beeb17

SHA1
1cf2927906ad7b35f61bd78fa6995c662f25d9ef

SHA256
9c549ad9b265d760fff43323504525a1aabe372bbe20a74ef21f9e567ce05fcc

SHA512
396fe77271088966ba8a858dcfe778fe91d7b3e2a38678d0042fbe6acc7515b841cdf187065a105636eb1fde9bc0f66d4cbe236ab8f6dc02b1ec9d998b9ec5fc

Download Submit