b3ab92edbf5f695b8de6a6dc7215b81355071d5919e81e482701e102ca904374

Resubmissions

18-03-2024 04:17

240318-ewpdjsga35 8

18-03-2024 03:59

240318-ej4mpsfg67 10

Analysis

max time kernel
31s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18-03-2024 03:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

download.html
Size

2KB
MD5

4e79e21cb97b8518a239e31cf0d11fa3
SHA1

2dff54cdc32d26278d9fe2919ed8bf3566092749
SHA256

b3ab92edbf5f695b8de6a6dc7215b81355071d5919e81e482701e102ca904374
SHA512

94d6729a958c7967ca059a9d6b31d1522e372fc623b4aab4114429b733c0686af306a7166bf02681f8be9ec4b01ccf5d5d17d18e5ca0f087d4fc62889bb4830d

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E4059D41-E4DB-11EE-8706-CEEE273A2359} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1292 chrome.exe
1292 chrome.exe

Suspicious use of AdjustPrivilegeToken 58 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

iexplore.exechrome.exe

pid	process
2168	iexplore.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2168 iexplore.exe
2168 iexplore.exe
2804 IEXPLORE.EXE
2804 IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exeiexplore.exe

description	pid	process	target process
PID 1292 wrote to memory of 1448	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 1448	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 1448	1292	chrome.exe	chrome.exe
PID 2168 wrote to memory of 2804	2168	iexplore.exe	IEXPLORE.EXE
PID 2168 wrote to memory of 2804	2168	iexplore.exe	IEXPLORE.EXE
PID 2168 wrote to memory of 2804	2168	iexplore.exe	IEXPLORE.EXE
PID 2168 wrote to memory of 2804	2168	iexplore.exe	IEXPLORE.EXE
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2028	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2564	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2564	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2564	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2392	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2392	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2392	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2392	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2392	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2392	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2392	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2392	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2392	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2392	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2392	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2392	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2392	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2392	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 2392	1292	chrome.exe	chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\download.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2168

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef66b9758,0x7fef66b9768,0x7fef66b9778
2⤵
PID:1448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1368,i,16136613907793608215,11299145110939926407,131072 /prefetch:2
2⤵
PID:2028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1368,i,16136613907793608215,11299145110939926407,131072 /prefetch:8
2⤵
PID:2564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1368,i,16136613907793608215,11299145110939926407,131072 /prefetch:8
2⤵
PID:2392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1368,i,16136613907793608215,11299145110939926407,131072 /prefetch:1
2⤵
PID:1532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1368,i,16136613907793608215,11299145110939926407,131072 /prefetch:1
2⤵
PID:1616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1380 --field-trial-handle=1368,i,16136613907793608215,11299145110939926407,131072 /prefetch:2
2⤵
PID:3044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3304 --field-trial-handle=1368,i,16136613907793608215,11299145110939926407,131072 /prefetch:1
2⤵
PID:2236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3708 --field-trial-handle=1368,i,16136613907793608215,11299145110939926407,131072 /prefetch:8
2⤵
PID:1468

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:528

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f7121de1e0f9782b37f4e21db6be182d

SHA1
0350d1c8c7e6fe6be9ae6bb19856cc24c4a886bd

SHA256
110d986ab89bded1872b6c39a1b28eb5fbf8b412649878865e581b4a799f4514

SHA512
cbb52d2f757fcf98763c0459c3f5275958f030fa4ec05bbe938aac95e6c8373166d59cdb008853ee783ecf3687a95820fd3ea0f3825ee8275d13ca4c4b6d98b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
351f752e90ec4dd93ea705c98b7d3264

SHA1
a1f6927b507183f5e353efa0ab745efe5e3a59d2

SHA256
8de63f0e7a8ee82a7d9f47a13153138c2d90039c68d8367dfae2d06bb0ba1cbe

SHA512
ca3b2a6d1adb59d2b9e38edbddb05f2c31bc4449bb8a481a69837dfda764a27e628410b08d35c048260ccc1f1983b4f927292333708537cb8c669b93c551c740

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
191d1c408f0c8f43a7852f1977d37c7a

SHA1
4d31f0f9e326fedc55d72a69a9bc9393f5bc2f6b

SHA256
f0b99c03e033a5782c33cd4f9e82e43625024f7569ad22e803585cff3ad080ac

SHA512
88a188f14b1478bef3d39f67693fec3c3f67fdcd1a98440cac87398d609f07e5da9aae248627ae0f01502b16fa5baf10629b4d4622cd585a83612ba0443978df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d0609347056c5127fa83f602f53ae71a

SHA1
3f2ec2ab6383b04c29088d33a9e2954abdd248f9

SHA256
750b587d66adb22cba2218440f43ff80c293ec1a7bf4d356b1f09b18d7e4fa39

SHA512
d197312a13c4f0c71333927f677b116b8b3cf0b55b5e3e3d3a05f1e71b233615129a59c7ebc04ef835236f3ef796e6134913cb28d981e2d7e7e61772d6ed251d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
30d2e9f5fb5c2f642852836a958ba5ec

SHA1
dba73c6fdf4bb3cecbcdca223e98f635a813531a

SHA256
3d48c4289b35d8f42eecb8cb6500b1393780857a743f397d6483d06307b4ef7c

SHA512
5241b7496f436b7920506c5cb8c5d8fe147653f5cc2df27d8cc1b4b921549fa4efe67f18a82a55de2a896ecd4d81cf80e2e6ff1a10068609a11641130d2aa787

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
34fcecbac57052a93094591ca721bca2

SHA1
0316d7bba6521f431a583194fc2e539950353e08

SHA256
61393cfb436f93fe396ffc9b9f83107363ce127bfe4d7f026cb9bee453a5958b

SHA512
27508db64d86d7e79f54100a45bd88faf7f5948399ea28fd11b0db6576d2dc63b5cd4281e7d440c4be0e3ac6d164cdc0b718774acf26a66eb9d0fac8ac19a999

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
45ba7ae3c14fbd9c14232e03a3fa5b9f

SHA1
6c44a418e0716f9155676b466fc207c79b7a3de9

SHA256
2cd6f58f29dcb4ed3bfe321a9d4ad041fecd551e6e37136621e56c90c53d2d19

SHA512
16a343b7fbcfccc2b6b0ad3b9d99a3e53388f56acfb351c0e3e68fd4bc0704f32ed3b84c9630693bececdb6df8a88327fb63f51ffe47d16fd501eada46e2befe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
95788c41cd22acfb131d82c9fa9b1bbf

SHA1
2e6364ed56bc12ca53784f62fd9d6149148b24ce

SHA256
13b1e48d54086e15a8e2be0c4c48a1018a7f78a74d3218c6066d71ea4d8adc70

SHA512
d5b67e0b4f43ca72091dc7bd91cb79a1e7822b4c2e08c056f92500b02ead9415038353b59f3107b4e01c963503a9508867b7344c7320962589af144e31107639

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
444377ffa2418e2fe5c7d90368af50f5

SHA1
74555824a1f3d1791b25e6b764270badfd2db86c

SHA256
082c0a4bcdd0bc31dcd2ab53ec903ebe552d84640bf68d6619148810cccf7c1a

SHA512
2287d22ccffcc9f46d51d23e3674c2453cd5295f1ff272011c09519a0995eb4389673ccbe7eee4e97fe9f542470cd9a490bd6eef22dbdb0f13b5636d973e863b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b714fd4a6354c69fc510c9ca9e35e78c

SHA1
1873b873a0138daca61fc1399db20617eac77626

SHA256
a31d3c87c161f91437dece06d7ddf42a4047e9f0642a5b59e4de8718d7f791fc

SHA512
63edafbf462e3d1b487f2c5191ddd402160bf845cbe9d99036dfb4fb201bd6f9c5192cb88943cb1bff8d6de6d94584732ba8cb334f400a34680f7aa9deec8287

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ca2e33f771943807b424af5b8f354548

SHA1
c27088d585d7b4856d271223e9fd405c205d5be7

SHA256
c3ae22321cbabc4b8a00191a40ce7cb8bf8e5f39c52f234d64c110c32a9acd1d

SHA512
74cd5c925352b76584213288e815af17f6426f0e605837aa0ec8f7bb229f5f447fcb2d9dc0681e10a5a19ff5a99476b98de2df7bfc1645ea0e5d334643ba8cd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
281ec8f05408aad9b1eb7ea3e32ea0fc

SHA1
dd41433570564700f3941c54d397d5fbd2baca70

SHA256
0d11e677bf2b3adb625f8d7b144a8f1eb0e3fd25018a3b27dbd9d8be76496618

SHA512
348958a8b8d85d21393db876b63bc8aa5f3cce1d4896f0de4fa97fcb8c0cbafa080b0e3416574d59d44a495db0ecace981b2275f8fd3f9c746ceb09d146cbaa8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9201e8f673eb17bd3d6b25951727db01

SHA1
d14da0b21528b453524946c4b0a34b8d0f1611e1

SHA256
54b81fc5c933eb67b3eca839a4af3830ba4ece5036d9e9bf9a3d00865afa1f5b

SHA512
02442f09562e076ad41b3db67d0bcf03ce264513ae934b928377f74fbe1d662c5eeebf8f10ed64b0a1fe301202864212c8c4cab345b29e7bb8d25a1285b04830

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
07d0a0258ac1ac90a8dd5b5ffe6707d7

SHA1
c3c64dd068005315aabb21e26fc8a9cc17b677de

SHA256
ec2d7624677b3db72490dd80ee1e6c641ee6571b02251e761278f190905967d4

SHA512
3069c7c96fb938f2a74ea71343cb75aa7fbcb43a93c465a2e689d8b77def6f2291cbce087f778b9151a5740ab80a54f594312660ffc575050a00ada03c590ee8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
759075388c5c46869acbfce7fd909679

SHA1
e65fe35fe3fd60ed8d033bd6c0843da637082ca7

SHA256
e7123d71724ec2c84661ec955f89fc3245abc3029ff6bed5e403f8d16907cb62

SHA512
46587c1f8d55ba1870285f296a75e3535ee30616463e0072413e2447b0cc825ff05095e95cc965ed25f4977db49748fc72df847dde7f979484e666e528ce0fb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a5830f2bdd11f216351b1fc096a971e9

SHA1
203733b1089042e81fffe86ba8a45028789ac6ce

SHA256
09b399b7822908373cb26142186f2454debcaa0b660bec7bfe92db7c685698de

SHA512
af3fc6388ff74bf7ccf135e45ddc0121055040fdcd7eacd3577404c3ee9050efa4c6ed1161cab7bb9055cc3012f7b96c054a84b854035494e3d64adda6ce8d12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5a0e78a3162a1f4a1d85e686baff1811

SHA1
35367340e83ae3d69989390f4de26aec1e80d67f

SHA256
7a4613b17f87d399893deef57a1208d8a338bc92988a9e8e477da5b47dfe6e01

SHA512
1da8814275f74197c9a4b3a34da3e16da6f85f57d33d47616739d5c7c3bf7b6e68bdb3ac060ff98a5c73ab8c272b827266ed0deade5ab57f7ebdf7b9fcb024de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c858462e1d013021487a87553215c639

SHA1
89d34d0ea165415e59e5f3b00eebf5fabbf876f4

SHA256
cb520ff860fbe1c277d3b024ace3a63c3ab6bacbaa6cfa4a0730341fbbbbfc4d

SHA512
8baeefc5233bc278e4ffc66b5a0d80275aad45cc385d331835e9a2607bf06a7c2d531d7a87f332ceefec0001c3162135f154045069b6a5d8855da2460086945f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
508a0408de496bf3abeb0454a6ea9112

SHA1
4944322dcc753790c3c8297d9b921840817b79e4

SHA256
b2952c7ef78009f13c6542217cbe69820ab38fc0cebbcb0ef8d5c044d8f239e5

SHA512
60911660792c20ead5019eb5db9c92853bc9c06eab91a189e51724e85d577fd86a85b4b32f6322b6c3e4b1411036829093c8b14fcb740f51bf4f5d5e2ad90e19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
987B

MD5
32d5db990d0dd0728dc779e3c8686f1b

SHA1
1635161663360e91d1526be469188aa99e1f066b

SHA256
55d4f3fc021fbf665090360ef54dd6d37cdb104a2cc06e141921a99ebbbd5df0

SHA512
d414e27cfd0dbf93dc2d3ceb0cc175fa506013e41f5536cbc06860eafd122fdf8260d871d09494cb50faf74d40964b527468a85514ca8de397ea4084e8b440e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
1ce061951c63eaecc199754b7fbc75c9

SHA1
dbf6c99ac7eb3e3ea8a074c9999a3138efef00be

SHA256
7156ea238e93b99b5095b1fca49b02bf3e6a8e5301091816407814af4d4a5679

SHA512
0fd64bc5625f9045f309bdf6429c3037846dd84222fc25c69a9d436ff8bfd796e646d6585ab7afe05284463c1e3596fa108330a1c59ed0d8a2d4880b6e2b6c36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
1f0b0a173b8ff16ea2be29cc3e11cd09

SHA1
9df5d27290d45c4ab4bcf24115613ff2f984db22

SHA256
9f74e2c9bf087ab7826c1400030db9b8646c3811dadc6ea794300009c537feae

SHA512
a0a7f88a740cc281e3b557f77ef6ee01f3e71b6ed158f443bfdedc069110a946c01758b1c77c743eda8e2095d135a3e59add4f115a820eac32ed1a86f497e91d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab986C.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar99CA.tmp
Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
\??\pipe\crashpad_1292_LKNNJLXHSFSUHLUF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit