cdea3f40ff14e31e8afc0810ea6dfea48d79f5d30dbf2b66673aa89546f40cdb

Resubmissions

19/03/2024, 09:13

240319-k6zvxsgf6x 10

19/03/2024, 09:08

240319-k38cwsge7z 1

Analysis

max time kernel
56s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

88KB
MD5

fa1f40ef09d084500e63cec86333d59c
SHA1

cfcb60bb7ddb345bdcb6505b0eedca58f7e93518
SHA256

cdea3f40ff14e31e8afc0810ea6dfea48d79f5d30dbf2b66673aa89546f40cdb
SHA512

e23475b0d98d736ad84555c6c475d239bee6e6619ead4350b94c1ef60ad02b264d95a5cc48221519984972477ec6be984ea1f9e8f7e2571e2712a2a4620c83cc
SSDEEP

1536:ybQBKbTtHnD3A0vuhGyUfjsfzf04PAPlPkpyXIQkvukuyOct:qHnD3AeuUyUfgfzfNPAPlPkpyXINGY

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc500000000020000000000106600000001000020000000a3b08edbae08895a6dea56692aaf7909cfe73f8c2ce1fcfd73b201e29784621e000000000e8000000002000020000000f8243505ead4892738422075b8251294cdd524b98be5dbd41d051e4c67174f2c200000003809a8e916cb182afe41307ed619a8458602bb0d0b577716742b593ae0365f3c4000000039b75f26c43ebb8cadef288c4c6cd4497cc1ff83ce23a2f62e2181458a23e24444d8341e234bcd69e7a4c9991cf49f8ebdb983cb5a8b26d1205c730653bb984e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0b8b722dd79da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc500000000020000000000106600000001000020000000aa586a79a26b67762f542a7518eb947a26bf874ec675a3cc73326c82bba3133d000000000e8000000002000020000000a96408bafac94431be193fa5bd4f8e654b255c6d10b7010c852a6cc0aed8edc8900000000bd7f144964f7f3426868999561017c08e65c6d04cdf28d580d5692994e4983d65b3d94a8192666bb507bae1260c1e3930ce674d761b5b5ac36611d1e182a050690b2dbb171758ce8f9e38207397ee55ce2b7caa43d89f05d43b7b53da91b327bd79db9680d3ded69967d125aa569905e19bc595598eaa0bedb3659188626a6622c981675140a697a51ac4dfae2fa07e40000000040cdf18a260cf4517c648ecd4268c9747951a0e16cd53382360cc73b8c66b4bf8891a509350ce2890f9cf2bf2a0df4e8482c43979658e627fbde2ed7105bde7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4BF333A1-E5D0-11EE-82D4-52C7B7C5B073} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2748	chrome.exe
2748	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe
Token: SeShutdownPrivilege	2748	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2836	iexplore.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe
2748	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2836	iexplore.exe
2836	iexplore.exe
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 2568	2836	iexplore.exe	28
PID 2836 wrote to memory of 2568	2836	iexplore.exe	28
PID 2836 wrote to memory of 2568	2836	iexplore.exe	28
PID 2836 wrote to memory of 2568	2836	iexplore.exe	28
PID 2748 wrote to memory of 1764	2748	chrome.exe	31
PID 2748 wrote to memory of 1764	2748	chrome.exe	31
PID 2748 wrote to memory of 1764	2748	chrome.exe	31
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 1276	2748	chrome.exe	33
PID 2748 wrote to memory of 3060	2748	chrome.exe	34
PID 2748 wrote to memory of 3060	2748	chrome.exe	34
PID 2748 wrote to memory of 3060	2748	chrome.exe	34
PID 2748 wrote to memory of 2072	2748	chrome.exe	35
PID 2748 wrote to memory of 2072	2748	chrome.exe	35
PID 2748 wrote to memory of 2072	2748	chrome.exe	35
PID 2748 wrote to memory of 2072	2748	chrome.exe	35
PID 2748 wrote to memory of 2072	2748	chrome.exe	35
PID 2748 wrote to memory of 2072	2748	chrome.exe	35
PID 2748 wrote to memory of 2072	2748	chrome.exe	35
PID 2748 wrote to memory of 2072	2748	chrome.exe	35
PID 2748 wrote to memory of 2072	2748	chrome.exe	35
PID 2748 wrote to memory of 2072	2748	chrome.exe	35
PID 2748 wrote to memory of 2072	2748	chrome.exe	35
PID 2748 wrote to memory of 2072	2748	chrome.exe	35
PID 2748 wrote to memory of 2072	2748	chrome.exe	35
PID 2748 wrote to memory of 2072	2748	chrome.exe	35
PID 2748 wrote to memory of 2072	2748	chrome.exe	35

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6a99758,0x7fef6a99768,0x7fef6a99778
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1316,i,17534088302955200389,5242059282075304644,131072 /prefetch:2
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1316,i,17534088302955200389,5242059282075304644,131072 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1316,i,17534088302955200389,5242059282075304644,131072 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2240 --field-trial-handle=1316,i,17534088302955200389,5242059282075304644,131072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2248 --field-trial-handle=1316,i,17534088302955200389,5242059282075304644,131072 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1476 --field-trial-handle=1316,i,17534088302955200389,5242059282075304644,131072 /prefetch:2
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3228 --field-trial-handle=1316,i,17534088302955200389,5242059282075304644,131072 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 --field-trial-handle=1316,i,17534088302955200389,5242059282075304644,131072 /prefetch:8
  2⤵
  PID:1452

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
dba737766caa750561a7d1ef422724cb

SHA1
c0c4be5ea552100f6d656d3f955506756d2a6ba8

SHA256
5709b340759d61e0be8d4258b9ba874f6de6e02e9519e6bb5ff32cef2f4b5d16

SHA512
4e3304b27e1382e71f2f9a0642acba8538fa71805347c00f731e9ed7be339e1a970bc204ebadef609c8dc64ce2e9e555480b36e5dfb4a4e3ee97c687754f8bfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_749F323800EEA448718955FAC254DD4F

Filesize
471B

MD5
687695c9b690ceeb0bca6e5c91c284ab

SHA1
2dc6a2c6c4a87eb179d4995c56d3e2e7e821451b

SHA256
1d2f702e1d216ba991898f8bb6038326b5558a3a18b662fc6d648d79a07d647d

SHA512
2055284000082c84cc11d122aefa8336a7240521660f0d130836d062264500bebae730eb5d5f9b46c45c6fda64ab608d241647e14ff5252064fbad61cf488bee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_A2CFFC3C54D475112D9FC5039EB0095F

Filesize
471B

MD5
75d139b442f0d6178ce0ae87fe3bd866

SHA1
d42a9e2c54fec949cbb324f88f054cf0a4a04f88

SHA256
e230a0fda93b126faa0303d9a1c274e5aad52a0c4e8a5377a5b01c0cbd996ce8

SHA512
64420b6ad8e356db1e2313afd2d4bcfb5007d10dd2d7d5332e29ce3f091efe48f249dd0704102c75fb57b31d2b86ef82fce55e3ffea4c1e2d1e0bf814fd4d785

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
5aacd4b27aa89d75a4dce6ea0d228bed

SHA1
b0da900bf5afca63b32384a4fc93e0bd36d810d9

SHA256
a0a5be11c84c4f433277c0bf7ffbf59915f119e1f84e97c23b1f10c0b93fb01b

SHA512
f721a2142fd865b2cac257168b035bf9110cdf345fdf129df49cd9a2136ef5d4d1b7195f7fb62eb80093ec759f6f065f4fb3415055dbad2a34d219e9863c3cc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93bcef248f9e1ffdc3a222a560de5d76

SHA1
5b8a16a19986640f6e7a2eeac4a62ad467d0ff34

SHA256
b1950bc5ac0bcead75764f78574f583dc27b2dc8458fac1e8703482299b44650

SHA512
712b25193d125aa2c324a5d9f52c483d7cc579eced8f8e2e2f68427035ff2d2c8d52f5694394106ed7a744e00cbeb8d39236e771f2fc1662179094a51dc0d5ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14395860c5a93552f41f952974c53a8b

SHA1
8d7be6ffa716a637c83386e6be178460e6c917e7

SHA256
3451968d8d009b04e6a182cb61bc8dfd5666fa70bb9853268d6e5febbbca5dfe

SHA512
46a6e6759527b260e4409cf401d66370e10bee3cbb4a46a799d9c52baca66cdc4fdc7b28c6a23ba2d3aa237eefb98357e11f0b0dffb415c22fc66b10a5a6e2e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
311f55b30f4c966ef0a52b79d476569e

SHA1
bb68aaf62b35cc04726f18f5a4a62fdc6fa76e3c

SHA256
423d5a5769713167f0a9676fb7c9c524bfda6918f6eae4fded4d28e4e13c59a6

SHA512
a10fd85ee902099e066d69df280b01f15f528b9c01551863abb6a90030f1889ee7040114b3b6ca42338d572227e93e5c935d9f11a6be6249202e66051dc4ca9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e147a42f8af93ee3c5e8c6456d68ffa1

SHA1
71291be3fd721cdeb279517370a3a724aa9f1d71

SHA256
fda89437f00c7e9e831e0a755c6112486a5f3b16d9c31da7117ef033aab5c3d8

SHA512
b5a1b6d6ce3cf4690ef1635563bcf025be6d54fe36531e51968cb16ecabb543f0d3484aa39d7f0b9a2c8fb831c1d1fdab963b39760ce0e1fefc0438608cd1106

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62b3f374bf979f389b3efd60d925ff57

SHA1
03156970a08d16f2141ec4f23c9c2f528695d713

SHA256
10ec2bacba67cc5e02d4fcec8319344427f1c1128529f040482c423e0fa1f19e

SHA512
f0182118ba821a76a9960dd6bea5059dac1563076bade835e2c99bde7056d57a1db4282c652be9a3aba4e02d38f6f0a3a23d5c8d030fad352123ebeb79f04720

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25f3e85f9faac204ec65f1d52c31a488

SHA1
6f2ca7fa390dff2056c32508b4652e228594f782

SHA256
1015a23dde3efffc99096410b9d188a63c85d32e998d841d2c21426e44128b07

SHA512
19e7eaaf3f16ca0eb8954d31bd6bd7e7e48f223e88a95fbc5161e6d550824345335d6608e4f6bb3664fab468e946e0b191e0d4f527a949949930e9f91cbd7582

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e2e766abdadc48cf975ad44c65976e5

SHA1
3aefa5bb549ea828a7293746cf66b45c32ee9640

SHA256
c2411869a46262482bd6db3a1003e42d0174a04e2283c8592837b99f22e8d11e

SHA512
94922c8806c722a3d4b6230e08410abb6d5fa417aae15f423c9e458d4c0150aa2d0ef0d6372b1bd0fc83d18377cc2b9ffea044327b5935ec4cb09c31a986dd42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e2adc8f6e768c36280730a67f96455d

SHA1
d07adfcfde6718e1cf3b36d76e4b0d50aa8f2a63

SHA256
5545b5953e050e6e9e6df351169413927273b8ce16ff124291edea23cc7f2f45

SHA512
f2c9e65661a12b6492bca637fb2fd796bd4da931070c177a218dba7cb9f531b0b114c1138caed45818a2667a69c90dc9fdc019a6930cacff6e8f34e0322f9feb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b5dd0cf64d16c6bf8d2b3fa441f9cc5

SHA1
3a555d76c3f07ac91bed2056fe80468195f48b17

SHA256
ebeecbab88334345c01a3b14f3dc9b90887e9d3042c85ab19cfd8eaa0ad2d69e

SHA512
2e4d25415f8b5237b30f7bf32914f3987bd5edf4c32a2361cc7f008b30ca80c6fa7752db167d300450049c6aade0fe43aa8cd2fb60e2ccf9a908d22534678ee6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c97b77e50b5584c48d658c089dee07e1

SHA1
28a9310b3c0dbce330cae0455ab6b3f133f076e2

SHA256
678bf29e04dbffcf5e063e05b8e33b98e2fb0c49b665d1702d3925ee27a0183a

SHA512
2d69df742ad8a1c88724d1fd859812ae0c1dc595d519c7e2de4974b4ad218eb6a84376d84eeb140ae18c1d8108e62a7e4b036a338c7b6ea3ef71af238d4e1221

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b51184517045ebeb966a70658da113f5

SHA1
cb6101998b31bb4d4b10c9da29c99ac545a288d4

SHA256
8f8082ad4992aab477c1224b71cd6aebcb5bf78e04c6c4b239eeba702ab25f38

SHA512
031bcc2977e15e084f7e5f0bea7878ad1789ef1a87c56ffc99123f6be546cb0755b12f710cae05c368f128fab587a7d4b96839d26be738b22d231cd13cbaceb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e220cc06236e27e9d57842fe19a8e63

SHA1
15b0d16f915e7a3bf3458c2016c7364bad142947

SHA256
7b4b5691fb3c81ebbf0e1f654a40241d1315bd1ca5fd36eb146d75d71c49ec51

SHA512
e816c818d45bf9783ebf7613797fd5f6d1eb74656664fbae2911e073ce5d862be9bdf3b3210f7108018c68f79c34d77fc7341b3ed3b204c5f1f0cdc4d72ce4e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9888ff17b63e7517b4ee0f829d7aae8

SHA1
584e75b5e162f7301d9e6192f58d2367e16a1fad

SHA256
45e141ed8231163c432ec6bb0ca7687c128132dd37f88c70c40b7ab95dd86472

SHA512
3d8ab9600d6eea9ff3155d64686be47f20eb8974499a429f3888e73338596dff2174e5c98f21985d233ba3af4633cf338c826222e65eb4ade436bbe7a32c1baa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1f1bc8faa021ed8425464c0b1d29696

SHA1
280817420d5540da696a888f115b68af064e0912

SHA256
01847d79db153101b7447c8d277b40c5d3cc38c8b875b803a5a98224ed548b3f

SHA512
df7eae77f54baa421c7780ffbf57a9bbdfb92c5470a7c78918cb72596fc84df043ce31199e4966b71da378fa2e607bfcf3bdcf4bcd93df05efd52e70986b10a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32ad8b6ed519a2fc579c064a1b6e272f

SHA1
91fb5fabdc13a78e81e9c2e372ea2cd7846c1ca7

SHA256
3e438b7d5bbe7ff331060ac95cb8ff15b71faf0a7a0c7defce0340a1637fb9c1

SHA512
dd42fe8779844089ec5b91a20756d026162038a983bbea058491f33c4048596162baaffa220955d5b1f999fedad1dff4465ee6301d60230114af7ade1772b43b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d765aa209419d24fe64947ccc2513b0a

SHA1
fc6a2587528164422886e2bd6ea95058df880e7c

SHA256
7434c76385502209ca4c36572b889f63197b68055d191d04b798eb01e66aa4fe

SHA512
65f5af56f89336d057370936eed645a059916d692575299cc56278e23c73ca49e3010f922c662f218520e3738e74292e395d47a94dbbc68e1da6696cea92201a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
7514719c42a4f82b52f072bd8c578bc4

SHA1
5d1698acb89aaade7d1115160f2942c7ea012600

SHA256
bb2ebd7b658428a61c14cc24baf2263b54cf84a09a6614dda31b62fbadf11cec

SHA512
5cd6d24a44c94f70cf38bf2f2032ebf498f8e3261c1f9b67717e1834463e960a371c6599e2f5042164f8b6c0fb3dc986e3b6deca3283873978407bf2c25ca205

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_A2CFFC3C54D475112D9FC5039EB0095F

Filesize
410B

MD5
b3bc19982e6553207d165fbdd6957265

SHA1
19d7c16b41ded2f4a909afab73dc5d1cb3df8d1f

SHA256
591bc82d2c93734cb2929b7651f3abc15185672590a2580d32e310bfead4da68

SHA512
974cd56bc0b301f3bdaa4a03b55024b5b40530e98c31af57c2e0f92a4ffed8d7b0990024de23db2061b5b0b0e1de67e9bde7ba9af49cfa7268ba5c163ae602fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
0800475ecdc92641cadf26d444fd7bc8

SHA1
37b3e7d44bb493a91eb6b2ee259cffc2e46aad01

SHA256
eb0fc77e0990f418057c8a8a6c7b549bdc281ec5baa04f0052cbeb266b9092b1

SHA512
ff83335456bbb89b18f29f4d09317c712b66036a4e2828a6c0d7ad12269251f08c058672c4b307d86b0289753c22f89d728c41eefd3f3f2a801a38191aa60495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
02da25b09a32d41729f8f91b86a995d7

SHA1
9e7d5dcf5f02637624e835ed84369f32a74e6656

SHA256
3e76ff9487de1d89407117374f8d6058f21ff1e98e48d546c9dc608de8cafa4b

SHA512
fcf2e6520cd2cac48a3dfb0f5ed6e1a4c42c0e4023984724611e3da2a95fe0c85962b231e4bfc14224de70aeedeb4c4f60d6b38bbb515b76085c94dfd06ca138

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
07a39bbc29d2cc956ccc47506e900444

SHA1
e4f7a0575d262fa74d2bc45c956e521465dc463d

SHA256
c86d3eed2c5622aad98ebcc906ca7689da0e5af1f21cc24006b3e662ae00773f

SHA512
cbb7b20034779118ee4ad4cc20e5b89092b3c7382f95395d6afe0a05bf8d61d30df246bca208fbea64692462e0de41cbb08d56fb59021eb4b1f963a8ce4ae654

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5CEF.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7939.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7B33.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit