2475ae14a1317dc672cdf7c895cfdf76f5ce6375aa206ee6f8914544e539619a

Resubmissions

13/03/2024, 00:04

240313-ac1v1sgg59 1

Analysis

max time kernel
39s
max time network
52s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 00:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

23KB
MD5

a62e8f5c0d6d77e942ac1502e2a10153
SHA1

8590ff7aac8fb3b1d2da7f495111f9906a19978c
SHA256

2475ae14a1317dc672cdf7c895cfdf76f5ce6375aa206ee6f8914544e539619a
SHA512

687fea800d876eb4e55bdba63deb88d5cc2993adff703d441bdbaf1ddc52034f5e3a9746b4d4c3d3312a0cac3c2577b6f79e81e93f4553ee55944c9dada5d2c8
SSDEEP

384:dFGQkVdXKIWoFGboWzRBjfgphODAMy8sIXiLABSBPu:d/kV4IWoFcoWzvj1yIXiLmSQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 48 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CNum_CpCache = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\AutoHide = "yes"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "18"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpCache = e9fd0000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc2330000000002000000000010660000000100002000000009732e8a5eebdbbecec248e8b2166cec0b054ac54747ef0fa43521f526d8220d000000000e800000000200002000000002e1b58c12d3d9ff20944b180b6ad2a6310c2ac4c40ae13a5f6cd6a52244bbcb90000000ead424904985ea45f9bcf654f6dc73042e8d7454758a6ba6b171b8248fb90ccf07966cd0e4e4afe1bf920b86fb719566498d6baeb9dd83a728fc7cd7284c40c90d29e38d3a7665670acb69bee2105afc266a39770d11be0acbef05b57a5f42d23932c78152b677ce66f98412e2e75e3a975991107c8f4b2133279cb443161adff4d66b738f60d255c6081ce093d46004400000009f0716a9f93a3a00fdc345954372d41c45fd3baf0b6436bf6256408dc770d25cb95c0a650dfe1983d0b0c75a94e8f96b1ee3cf730c485e7182cbfef56c5963a7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc2330000000002000000000010660000000100002000000095c3ce539c5074f598c9b8ce5d08a76f9e344877bc6f7fa3b59847228f224d07000000000e800000000200002000000059868301e7a810a7a3a8b055f36e9f50d9fe6e309ad32cbdedadf94121b15785200000006b1fd32bae11340c80d763dcfd86e0f193f92e27a82dcde4ebdfc44677f160bd400000008093cf7b9bced957a216a1a8b320a75f11e9c31f1e1cf46cff2c20e709f6bd28c18881d90da83bdf02dcd945fd7d8e5d24bf17997a19b63231fce6682bf1b63c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{532C26C1-E0CD-11EE-92B8-52226696DE45} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "yes"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6061a12bda74da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mhtml\OpenWithList	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WINWORD.EXE	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mhtml\OpenWithList\WINWORD.EXE	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mhtml	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2392	chrome.exe
2392	chrome.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1740	iexplore.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
1740	iexplore.exe
1740	iexplore.exe
2480	IEXPLORE.EXE
2480	IEXPLORE.EXE
2480	IEXPLORE.EXE
2480	IEXPLORE.EXE
1740	iexplore.exe
2480	IEXPLORE.EXE
2480	IEXPLORE.EXE
2480	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2480	1740	iexplore.exe	28
PID 1740 wrote to memory of 2480	1740	iexplore.exe	28
PID 1740 wrote to memory of 2480	1740	iexplore.exe	28
PID 1740 wrote to memory of 2480	1740	iexplore.exe	28
PID 2392 wrote to memory of 2400	2392	chrome.exe	31
PID 2392 wrote to memory of 2400	2392	chrome.exe	31
PID 2392 wrote to memory of 2400	2392	chrome.exe	31
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2132	2392	chrome.exe	33
PID 2392 wrote to memory of 2156	2392	chrome.exe	34
PID 2392 wrote to memory of 2156	2392	chrome.exe	34
PID 2392 wrote to memory of 2156	2392	chrome.exe	34
PID 2392 wrote to memory of 2168	2392	chrome.exe	35
PID 2392 wrote to memory of 2168	2392	chrome.exe	35
PID 2392 wrote to memory of 2168	2392	chrome.exe	35
PID 2392 wrote to memory of 2168	2392	chrome.exe	35
PID 2392 wrote to memory of 2168	2392	chrome.exe	35
PID 2392 wrote to memory of 2168	2392	chrome.exe	35
PID 2392 wrote to memory of 2168	2392	chrome.exe	35
PID 2392 wrote to memory of 2168	2392	chrome.exe	35
PID 2392 wrote to memory of 2168	2392	chrome.exe	35
PID 2392 wrote to memory of 2168	2392	chrome.exe	35
PID 2392 wrote to memory of 2168	2392	chrome.exe	35
PID 2392 wrote to memory of 2168	2392	chrome.exe	35
PID 2392 wrote to memory of 2168	2392	chrome.exe	35
PID 2392 wrote to memory of 2168	2392	chrome.exe	35
PID 2392 wrote to memory of 2168	2392	chrome.exe	35

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6569758,0x7fef6569768,0x7fef6569778
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1372,i,7734822167805731486,1367401139005890053,131072 /prefetch:2
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1372,i,7734822167805731486,1367401139005890053,131072 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1372,i,7734822167805731486,1367401139005890053,131072 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2332 --field-trial-handle=1372,i,7734822167805731486,1367401139005890053,131072 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2356 --field-trial-handle=1372,i,7734822167805731486,1367401139005890053,131072 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1416 --field-trial-handle=1372,i,7734822167805731486,1367401139005890053,131072 /prefetch:2
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2804 --field-trial-handle=1372,i,7734822167805731486,1367401139005890053,131072 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 --field-trial-handle=1372,i,7734822167805731486,1367401139005890053,131072 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3812 --field-trial-handle=1372,i,7734822167805731486,1367401139005890053,131072 /prefetch:1
  2⤵
  PID:2784

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
88ae914902319b364517ef2ac0f7507c

SHA1
c7388b8863b449b05a3c538a92da7b5ed5d91014

SHA256
3a9ad61e4c0e852be51f29e2ea2046f8994ba490088fc61f5e7956b47fcfebc3

SHA512
fe5f66e7f28de3ed2cc58cfb27e2eb51a670b4a809af614373f5c18039eadd31a183796f3c54e33df6ce0dba67408d4299b33df00261257f60588e900e1d732a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_8F0CBD8C47BA2D164C9E6FDB222DBC71

Filesize
472B

MD5
972ee869fcf67f5b052f76dc540886e1

SHA1
af8cc39715a01e77de023c88414d16fae6c20738

SHA256
5decbcbf2ca689d49c1804d478e4a25e1394259a6b5801eec9d85eb13ae825cf

SHA512
ddcc68863e48f7607ca2367af269d58abe14b639a4126f79f1e4b35f38cfb974211e047bd2d011ce1158f6b9e7b9eab4fa7d8b9f6e4ff914a7b778ea9c84d3c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
6b6e54836b1f420337950e8797a1802c

SHA1
85afe4c8d5d086d1506bd669ccf190d9b533e0ac

SHA256
0ad94e9629ee7a297229047f66577dcc7f98157c00325c2ba23e804f7e6ead8f

SHA512
eb36a25fd7c92c3f8a6c186306d03c505f0fee289d70904c74453a45c068fc51192d6d33e10a820c0bf6c14f17f392942abf3dea74bfea771f19a51bbc0c0f10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2da30c77b748eda5115c7332a2f75dde

SHA1
a4edc8c4a9b1946057f05771b9c075b60e9b982b

SHA256
ef9bf459b705309907edde2fd68e8674f5379612a00394c7f229a1a1250de830

SHA512
60a0981410fc4283750bbe408c6749b43317846b580d61d4ca633fc9dfff3ba816a88a9179e15f13d71334b92a200b3cd24a38529db9e14373ef699bbd438f4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e80efcf7e7a2bef299f6efa16d8e42b

SHA1
ecc6d620c3f960bb621eb2a86889a46ad8fdf473

SHA256
cbbc789bfe7692c8f53c4ef54ef8d17a1b60d3cd10cf92d4dfd675d7ef3fb921

SHA512
b7ad1a8d9395a6465e4ca69293be040af6b44280396b4dd813d88fe4a4be28231be543e2cf3701a4fdbec62ce26124ec984536d94ce6e14d53df09abf4d3ad33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e378d56e5bea2a772f5fe9b39f12c142

SHA1
0b2e2c1c5b5841b87dbf79cc9587860c1b260c63

SHA256
9d50528c3e648aaf25baa58c6ed03fcb58edc4ad311e636c1409d09550e16d22

SHA512
28857e3b21790f9ae5c4a9887a2d19de8d15354a2f78aee976617f584acf1a9af3e877b3186598faeb306fbc1de58c61f0ace6648ad59d8e59900c3ae505e5a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1807ec56daf6a1c1f0da91885625741

SHA1
eb8c1f380c45005ac7ec0406bcf40566fa207f98

SHA256
252b8ad1b337eded24d6ba346f4d7f7225fe81519c6ad5bfcc2d18a59a6d24fb

SHA512
ce29b230c1fab750d66edbe3f51b089a14b589580b166b771003f44355b6008ea9e2d008e9f65cd3f8cd24bcfb8c853854f2188048d84f0e7af66288cfd5d3f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b031d8c306fd05cc0d5cb46f62c5d3cf

SHA1
6676c101be7d97fc33323a1ca171ba234b13b40d

SHA256
62b6e390ddb236e6e28f51954a008c3ab61c6e3ecb0aea407c0bf34ba83db251

SHA512
20f6077902555b1b68a5f739abf16b99c5e1593b253494f305ec9885f0a78c74cb909aa8f342cf4da860ab05dd862ac84232dff78a4d22ad621948e3965a38cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3aba30d568df1d02b2d8aab78c01b5e

SHA1
8142404117740d98086decaf448a53b650759d57

SHA256
9109764770de1629cf944bcf696fab947fe4be904b4fa895331c0df02132112d

SHA512
a72b58424dd824918e64ea0ac0ea274445bb29aedc45c09cf0c765600bf9b6e460c115f1d29245b91e49d5f8b65f7def1536d0337e69a19b7f2e7c6d9955ed9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffa8637ef223dfb790f6cfebd6dc1ec9

SHA1
ca6d296f84e3919b0d40e24341a42488b195b33f

SHA256
5cac26e3ba140f69507a131464f7a18a219897a2edb7d921f3a14e1302e514c4

SHA512
80f35bb37afef42d21e48e1609f27be06f8c5ba8f0773930a3f03c3c955baf955c86983badd781a0a77fe41a2cbc0381f901ee6a9937350ef11b4d80e65ab183

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d14686c25fec26711274269568ed8964

SHA1
20b38b52494d06ad661ca0d65d42761f2a7d123a

SHA256
d1ad171da8a52e9b6e819312ab325dd6702f01040ceb7fcfe15352e0f4cc71e0

SHA512
18a1be7502f5b2b85cc5d18307c8e3e2186b9ab83ff6dc828a9790664c1af8f5fe4572a1a0de36d1567a596b52dae6be38daf9131cff6bbe059ee251bd34aeb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
588d89d7207576b395a5029770884ff5

SHA1
93b15e8ad98e8b09280cbd3701ba5ebc60aa9f70

SHA256
0f404d842c0fc845732d23ddad87c12a4bea8e3f1ae69e432599146743eb2d42

SHA512
c4bcbcf9c98575308097db602e3d320fa066dd90a33b87934259cad1fd936cd9779145690f9569cc508e0030f80ea78d9b037ea2b278bc29744dd29ace96d4b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_8F0CBD8C47BA2D164C9E6FDB222DBC71

Filesize
402B

MD5
7cc8997bb611d35c9e83ef97275877af

SHA1
e1535ea52523f9735c7ff4506d9215fd9f4c0a94

SHA256
e8220c514e13fc48fff2a32facde2e0e2aad89fa4bd91b07691880a2100656bc

SHA512
dea87dad365cc3c3c89bae05a41ebf921edd615729c568a5ed419162e5f0abacb1e3b2c200224a45fc0efe205c98565f148f949af5d56e49f6d6bd36c6024203

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
ee71fcaa5ea137d5d14ff916dcca507a

SHA1
05382cb944c89e3a857264ce4c9b0317d94e35df

SHA256
076ca347ba0548dc8645c4dfa0ba146c9608b713ef5148263902ff97851ccb58

SHA512
a10ee60f099c6e30041781c5cb953a5e19136f73201f1238e0dc00f3b0b3d13f7a8f957d11bb0ce1571cfe9a6d50662ae126df484a06089ad533e6ba589003fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4CCA.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4CDC.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4E78.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFF1E9A2200D00E65E.TMP

Filesize
16KB

MD5
b6c7ac37f998632d7ddad232b805ef7a

SHA1
e05fa534faff13716c6b5e340faa4b21c06be3da

SHA256
3d76de52463ad575cecb422d4297be3f149fa7efc33716c23e5773487dd5d1b9

SHA512
3b9bc4d807bf3c4ac4dc2054021dd5956e2bc581ef013d38009b784479131a4389b73fa362c77d3f2fb0e7ae2aa90237d4631bd33a01317786a41603bd5ac401

Download Submit