427efbc733ba83d5f79afa3e6a92a933ba1964b8bba486c500e12796e448df31

Analysis

max time kernel
72s
max time network
152s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13-03-2024 06:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

4KB
MD5

c37afec807f45a2a95cf932066844c60
SHA1

cd3c6175ff88a94e0d44e42a867e6263acc0c3cc
SHA256

427efbc733ba83d5f79afa3e6a92a933ba1964b8bba486c500e12796e448df31
SHA512

62669d349b40820f6a1d07f1f18d5df234c95946e44835815498650e8dc3acade1a244502a7b6b9a6f2f6553530f9e70e466d1af68f45b38da270723b74b0678
SSDEEP

96:1j9jwIjYj5jDK/D5DMF+C8kZqXKHvpIkdNZrRB9PaQxJbGD:1j9jhjYj9K/Vo+npaHvFdNZrv9ieJGD

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{46510651-E104-11EE-8884-E299A69EE862} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c23067700000000020000000000106600000001000020000000a57be6d3d1ac9727cf59debe675b763042859e37768e10aaa6249c535033977f000000000e8000000002000020000000868852930e8964c6c38c8d98338524bec67121213a6cacccf8ef10220d2a232520000000c7ccff38227359566dee9989e874ecfc47d551057b4c780940c24e93f9a65c26400000002c30cb5df717233d5134865e0e73814e18a47b83d0b76af6b8284b4ee7efe7b9ee85074f4f402c27b957695dbac75c1ce237d926e0bdde4d494889b91c619a92	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c230677000000000200000000001066000000010000200000005aabdad7cd73cde2c48231bc71b9ca7aadb565018fc65e7c4f3c2f1d54974721000000000e8000000002000020000000f4dc956a57fa2be1cfbec0242b6ee432abe720ae41f7d926e8c29cc5f1b320e490000000b8576564ab7d133cd95bd0e6837cbee38ba3ed987930da484faaf49e59a43065ba152e6c62f3e76db15a75807aeb5630b6e19dde56b5dab93e098972812834324c00fb0f5f07a0f503ac2d97e7d919091108841b3cb0357fb92f79bb7d385088e738faf23b3fe325ad5b5c7d4cf2b78b66ce8cd0adae4a474e9b5c22cfa8a22cb4bd9829d10269602c32816b1f7a4ef84000000054dacacca849a189c163094bc58fa06b40ccc91a3ca3e903b36b741bf0d31aa2e6894d15388ae9b8cace6f35a7be6e23677d96da84bbcf9c363a075992a0214f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10b4401b1175da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2132	chrome.exe
2132	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1924	iexplore.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1924	iexplore.exe
1924	iexplore.exe
1708	IEXPLORE.EXE
1708	IEXPLORE.EXE
1708	IEXPLORE.EXE
1708	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 1708	1924	iexplore.exe	28
PID 1924 wrote to memory of 1708	1924	iexplore.exe	28
PID 1924 wrote to memory of 1708	1924	iexplore.exe	28
PID 1924 wrote to memory of 1708	1924	iexplore.exe	28
PID 2132 wrote to memory of 2448	2132	chrome.exe	31
PID 2132 wrote to memory of 2448	2132	chrome.exe	31
PID 2132 wrote to memory of 2448	2132	chrome.exe	31
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 440	2132	chrome.exe	33
PID 2132 wrote to memory of 892	2132	chrome.exe	34
PID 2132 wrote to memory of 892	2132	chrome.exe	34
PID 2132 wrote to memory of 892	2132	chrome.exe	34
PID 2132 wrote to memory of 1136	2132	chrome.exe	35
PID 2132 wrote to memory of 1136	2132	chrome.exe	35
PID 2132 wrote to memory of 1136	2132	chrome.exe	35
PID 2132 wrote to memory of 1136	2132	chrome.exe	35
PID 2132 wrote to memory of 1136	2132	chrome.exe	35
PID 2132 wrote to memory of 1136	2132	chrome.exe	35
PID 2132 wrote to memory of 1136	2132	chrome.exe	35
PID 2132 wrote to memory of 1136	2132	chrome.exe	35
PID 2132 wrote to memory of 1136	2132	chrome.exe	35
PID 2132 wrote to memory of 1136	2132	chrome.exe	35
PID 2132 wrote to memory of 1136	2132	chrome.exe	35
PID 2132 wrote to memory of 1136	2132	chrome.exe	35
PID 2132 wrote to memory of 1136	2132	chrome.exe	35
PID 2132 wrote to memory of 1136	2132	chrome.exe	35
PID 2132 wrote to memory of 1136	2132	chrome.exe	35

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1924 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c39758,0x7fef6c39768,0x7fef6c39778
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 --field-trial-handle=1412,i,2108959021724236062,11580985354730506255,131072 /prefetch:2
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 --field-trial-handle=1412,i,2108959021724236062,11580985354730506255,131072 /prefetch:8
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1636 --field-trial-handle=1412,i,2108959021724236062,11580985354730506255,131072 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2260 --field-trial-handle=1412,i,2108959021724236062,11580985354730506255,131072 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1412,i,2108959021724236062,11580985354730506255,131072 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1436 --field-trial-handle=1412,i,2108959021724236062,11580985354730506255,131072 /prefetch:2
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3376 --field-trial-handle=1412,i,2108959021724236062,11580985354730506255,131072 /prefetch:1
  2⤵
  PID:268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3820 --field-trial-handle=1412,i,2108959021724236062,11580985354730506255,131072 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3836 --field-trial-handle=1412,i,2108959021724236062,11580985354730506255,131072 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 --field-trial-handle=1412,i,2108959021724236062,11580985354730506255,131072 /prefetch:8
  2⤵
  PID:864

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87d7104c2a0a8391698903276b7facbb

SHA1
18172f429120395a4857ca0b545d7c39cb4d1bd2

SHA256
350e6d677c1f3b7535cada40f915c1415207aa3c2210f5f9eede1ded82e139cc

SHA512
60b2d60158b2203a4946b251cde21119acf14ef9f6093ac05d76604846d5a51e09effd09e885ad317a852149e858846fe5c0c0a388d20ac453357507ed2d29a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62394b2aafb0efdf843c4acabde4fb1a

SHA1
583bf7623660fb81837cbfffe34060a6631d9fec

SHA256
65e4f29919427a1524169efef0c039aa9976855e2a21ecd22a3a66892bebb243

SHA512
f1b0ee7cc75f541cafb31d984d2dbbcc37dbb903a5f526c77b94498a10b3d7d04ba7d66807cd24da2c73d56b1ed5ce153a793dfba767a8dccd23161a14470592

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
930f9b574cffac82c07dff087df4ca35

SHA1
c79ecd97dc2d882eb45d4d6734a2c6f2faad1447

SHA256
8a9a276a96c4b4264933a912e14fb15078209bea0061dbbd1dbc4d96122fb2c2

SHA512
1cb33d59abd1acca975e76c14a7d1252ae370c089f5d52ba168bad39bdee9204ed03fc9a455de2e401a1a045841d5263364a577ff283ae217c21e3a7ed8e58c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b605fea06220d2993192d1d1b23e0b8

SHA1
3c4e8f532839a58f9ef0df7a989f9346e0da390b

SHA256
a3f720a30adfd13b6f7403063630db55b102a9f31139db85703c651b62efcab2

SHA512
5a2d48181d001377918111ddffc52de170b577b3e87e5a70a0dae7a55b8d5b0618684969d18a46f76977ae16e0ff6a51fe46a0d35f4e5ffb00d9b90e1c600e14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f79f3b5fde9a8ddc69acd795f1ede690

SHA1
8aab41385cb41b0b958ecb496afdee05b0b6c64d

SHA256
7fe84d1b9000f29def487d8774b06df5ea78027a40a34ffeaae5e9fd5cc739f2

SHA512
c348b7d6638bc2251125e55a3f4ed942f883be5c29a588658d77994ad144ec0946ab8894f9c542195808091fa3c29f119702d7c6576b1ed874c423e48a158ce9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a04e6385f4a224aadbfa1f15c0159c0b

SHA1
78f4a339233988ce3a6afe84a22acc00cec4d3f4

SHA256
3c7aa9f0cb51c4519414679332bcfa2cf7951937f996bc57de36207cf34c2c6f

SHA512
189d8a7abaf5a43cdccef2cff9714c0a0289d41b144ed417bdb31ac828f28f6bc172395e16677b3a40c6c25c6760c33b45405604fc56a03944e54858950a78f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c0122bf54b6910247cd0b9b1ee1fb09

SHA1
1bf061432b4bd72b6af0499fb8de4b92d4fceac8

SHA256
044e361d1c28ecede0b3dc3da03df60aa87876d0fcec2eb9c45d0cfeca7daa2e

SHA512
a6e69febef66b9944f634dbc1c704c4f4af08063b2dab027886c8c22edd95170e2f51a8eb02a9319bb6a6cea64d5b92a393550f83185de2e92ff541bc6822b49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
493d59ec20d702c7879d4b05eee8cf2f

SHA1
035a98f7188eaa74a9bcb98345b6fbe0690df5b3

SHA256
dadcbd7e5d236c83a1698f15cc012cf4bdf8fc16ec2f01dddb25f27242b8f376

SHA512
64f086d2b316d3d9bbfd898708364a965b943751d3abd8058dc9e7905ed31b96a8f0ac1064839db09ededa9d88817a6ac9e1297a0604d06f377c0b30c0ac8b22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e78695addefc1589fb819d74925a9fd1

SHA1
cda3ce4dba503d949853f143ce946d8fc37ef5d1

SHA256
679b4188b21fbd0669e4627e0deac2bcfea9702a106f071a927b053e923153f3

SHA512
797e99452b9f8b3f193b5c00b21dd96495042b90038366b2b3a89c7627dc0556b570c0efd57d8b7cf3cdd3e2e9b3d37cc2306de989684038852d1441c7531b9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6e55759c-2778-4afc-88a2-762a96ab9add.tmp

Filesize
262KB

MD5
33357343f06ee263a7b1a1ea5202c165

SHA1
8f40c5e01302a4be4bc20b4f5fb5d0abeae353b9

SHA256
9ff5b273cf0bb33cbd0c8596e710dcebff8735900e35e2fb145f35007c8973bb

SHA512
76feeb12119024bda166383a411304e9229e0c7930dddf3f43186195aae5b0f4c1a6ef02e5073705d4373d53e5c4f228be24153509404dfd8cc1a95011bf3d8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
6435618ef4ac4d501a8c7ff169956013

SHA1
4d9685a2d7d49e42788872439f470335eb30ba80

SHA256
cda67740165183fe3ae3de57c0fcb50120fb6f686911aeb688599013fdbf1629

SHA512
182c82664dfce0b10791db05912441513ded873cbcb6ac61a073426abfd5142d77a66b17a6498e363cd5a51813b4db0fa0ee2ed47e0659af74e060e757816a5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
afd65ae7020059d7396b8a48a70c3dc3

SHA1
8e9bd79156e8f7e8ace7b3779aa7933056c4917b

SHA256
519d82ffe5245ac51f610786e582784b98038e2f37912fa5f8add6700e0e796a

SHA512
4f633e21d2a31eba034416d5448281ad5ee84f3a34e1a31ce37568bdcae996b84ad38444f8576e440ada86e42498a496569f1b777eaa508c1829d9a5b2a10487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
d88b0866e6b0abbe8c86e688146cefc1

SHA1
1933503be1b69b711d1f540af4c7c9a6cf98abca

SHA256
36976f1728b4c913a9a772a17cb293cc884992fa87863632b7712bfb960041df

SHA512
a9c64ee4e9a33e066d9c09991b2f4c5d4b2699b3ec8b450268ee72711f65d5ede502a7141910237a9930a6768e6d88ea0dfc21234b19ca9ef23b10e5abcf4b42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
2fbd9ee6c2a56d1a2665e28e3ace3bdf

SHA1
0403856a06b2873bfd8e34d2d01fff71990c2e0f

SHA256
47b689e6e5fe377c7044b387ad5de52d245d03437017be69a30295c10b979ead

SHA512
79fcf116ee6ea4e2ed4f650c5c548c9da2337bd7f2aac642178a2a3220b68652f6ae28760a7c34ba44ce2caf0e25b85d32810b813fa3e48f8e4ce7a2183cf331

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab71B9.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar72BA.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF8D7CEF78A6616E23.TMP

Filesize
16KB

MD5
80c2679940c088e2a8057ebef44165f5

SHA1
da134d7fef2f51c379912a1f7619756e6c7d287e

SHA256
e4356ec7f1b83908d0d8ecc45bd62c8a6a46182bffcc9b355db76126225a7c91

SHA512
999a4976444adf797ab45d98d0a3d71df35a8a202afaa540dfca8ded449031d7855bb8b314209172c6e18a96311386cfbda95412bb9bc873da19e4f98f2966da

Download Submit