24bb4fc117aa57fd170e878263973a392d094c94d3a5f651fad7528d5d73b58a

Analysis

max time kernel
71s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/03/2024, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24bb4fc117aa57fd170e878263973a392d094c94d3a5f651fad7528d5d73b58a.exe
Size

250KB
MD5

2d2b66d90495c1236f2e557172bf0f1c
SHA1

a06d203ae9cbe26a3c2e389f1c361ac49ef54c08
SHA256

24bb4fc117aa57fd170e878263973a392d094c94d3a5f651fad7528d5d73b58a
SHA512

6c41ed49223001453c9e014fb16ca8f1ac8345f181fc92c6abefee8118a316133f74d37e67ca2fff2c1a1859b8aea95207b22b2515573875bb95a4af9a52bcce
SSDEEP

3072:5LPEI6w9gdroG/X2jOVYHfWfo/CTHOU9Kp4O58eJZygmOVYOdqTnHLnwPclIFaFT:VbExY/6uMTrO58K9F8TnHKUoGcy

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a70000000000200000000001066000000010000200000009632e16c7b9c7c653b689f7d1ae4c516aee5e1fe8d3842d3f8185cc40d15e350000000000e8000000002000020000000829d612ee00ae0c162fef8f0bc9718274b9164ba3186fdba6c69cd5c6f5f6ade20000000d25453cf5de73b9d9fa091d3779b63b86f2391474134325c4097baeca1cf58fe4000000046222085e2df16b415c70295f3d291171d19f0d940d730390098e9fe32bdfd32d212262eb1ec053a7a5960e660bb663e8c64ef20e09c0b9b67155eee395719b5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000d424e322b447ab5ade364f45c1d6819ce26be99ff4a9b3a82737e0500798fd78000000000e80000000020000200000004ca43694a1df3912aba214186592b2160ebaede873ae19a7a09e595207d9113790000000c70f003df708d70b167c3a1b5622a982993134a583852bfb807eab43046ec844e1ef37550a6ecc236a7d45780285b94d7adff751a9b0e4aacdf8f3805e48d6bd10d72b70d23b68dc468e91be588ad383fdeea54bd68a8145f7c1fb9522a9d402f4c1f2c6f0e3f5b4fb301f1e9654d3e6272b6aab90cc99b9a408bba0daec0c88ced82ffe9ebe28df2bf00f24fc2395d440000000f3b29ce39b8d921eb03e535c17a5035f0283eb1c070f2a0f5769b55ce158369e0490fc6d004ea74d2253c9337ebb2b48cd5827fcaef1da348d2963f01d110736	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0971d2efb7bda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{599C0D41-E7EE-11EE-A40F-5A791E92BC44} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
604	chrome.exe
604	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe
Token: SeShutdownPrivilege	604	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2592	iexplore.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe
604	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2592	iexplore.exe
2592	iexplore.exe
2512	IEXPLORE.EXE
2512	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2592 wrote to memory of 2512	2592	iexplore.exe	30
PID 2592 wrote to memory of 2512	2592	iexplore.exe	30
PID 2592 wrote to memory of 2512	2592	iexplore.exe	30
PID 2592 wrote to memory of 2512	2592	iexplore.exe	30
PID 604 wrote to memory of 384	604	chrome.exe	33
PID 604 wrote to memory of 384	604	chrome.exe	33
PID 604 wrote to memory of 384	604	chrome.exe	33
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1008	604	chrome.exe	35
PID 604 wrote to memory of 1648	604	chrome.exe	36
PID 604 wrote to memory of 1648	604	chrome.exe	36
PID 604 wrote to memory of 1648	604	chrome.exe	36
PID 604 wrote to memory of 288	604	chrome.exe	37
PID 604 wrote to memory of 288	604	chrome.exe	37
PID 604 wrote to memory of 288	604	chrome.exe	37
PID 604 wrote to memory of 288	604	chrome.exe	37
PID 604 wrote to memory of 288	604	chrome.exe	37
PID 604 wrote to memory of 288	604	chrome.exe	37
PID 604 wrote to memory of 288	604	chrome.exe	37
PID 604 wrote to memory of 288	604	chrome.exe	37
PID 604 wrote to memory of 288	604	chrome.exe	37
PID 604 wrote to memory of 288	604	chrome.exe	37
PID 604 wrote to memory of 288	604	chrome.exe	37
PID 604 wrote to memory of 288	604	chrome.exe	37
PID 604 wrote to memory of 288	604	chrome.exe	37
PID 604 wrote to memory of 288	604	chrome.exe	37
PID 604 wrote to memory of 288	604	chrome.exe	37

C:\Users\Admin\AppData\Local\Temp\24bb4fc117aa57fd170e878263973a392d094c94d3a5f651fad7528d5d73b58a.exe
"C:\Users\Admin\AppData\Local\Temp\24bb4fc117aa57fd170e878263973a392d094c94d3a5f651fad7528d5d73b58a.exe"
1⤵
PID:2984

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\StopRedo.gif
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2592
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2592 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6359758,0x7fef6359768,0x7fef6359778
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1220,i,13997397812476266235,16739808703526796366,131072 /prefetch:2
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1220,i,13997397812476266235,16739808703526796366,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1532 --field-trial-handle=1220,i,13997397812476266235,16739808703526796366,131072 /prefetch:8
  2⤵
  PID:288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2224 --field-trial-handle=1220,i,13997397812476266235,16739808703526796366,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1220,i,13997397812476266235,16739808703526796366,131072 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1324 --field-trial-handle=1220,i,13997397812476266235,16739808703526796366,131072 /prefetch:2
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1296 --field-trial-handle=1220,i,13997397812476266235,16739808703526796366,131072 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 --field-trial-handle=1220,i,13997397812476266235,16739808703526796366,131072 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3728 --field-trial-handle=1220,i,13997397812476266235,16739808703526796366,131072 /prefetch:1
  2⤵
  PID:2196

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
045a89b405bb2f90d36b40423e27b030

SHA1
3b57ea8e8db2926b80a0da2b06665eeb96ae2982

SHA256
02368f86392db680e894b362ea3ecf795a6ca65c9036ba708012fd212d4d7504

SHA512
ab957bfa8b935ec4173f72ca87d4668233790ff75449f3507109986fae0ea276679f05259141dfbd47739fbe75dd23ba22172b47c59e6c03a7dbe1eacc1cf64f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1eabd749ab1f715e1f7afb465e3f26c2

SHA1
a65c32d10678ca67138f863965c7f6c4af792226

SHA256
597d24afd7d0866458f8a248ec2963101fd20b7a6b56d066c3118b2dafaa0118

SHA512
40c152c5f25c3ab9f9b2eaad2f5c28512c9a00647c89668e9504e1e5fff213fb35bb6db780ef41eb4cc4aaea42c4542df23c122eeae7d99c5ade9c8cd83cc973

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a4be5eb595ef5dfd3e3780223ef911d

SHA1
54b8a2f584b0f33679291254529cc250f1e11ee0

SHA256
c04d7dea1a2a23f6994362b80c4a7e448b4739542ef85786e2c91434f8feab31

SHA512
936fb12f2ee65152c5b6c1335e1d15d39f419fd6fe76d50521675688713bf57bcfeec5222d9ec255587a56fd8d43490d72d7efe62e16c9c0270b49210fdf92c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd2e773948fb21b7175865da95e16daf

SHA1
6a8ac5ea217629de5e9a9802e5ab71879c3ac930

SHA256
310bc0cc1b63d96a6e33c636303c34326230784545a30f41f8539b6bce680883

SHA512
e4c5df8f48369b6170c186ed544b0dfaca9e1d5956198d495a548eac68195f157321917523aec7dedd2a9334a7edff8683a08e038d98d489c54030a9fcae2096

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7cb8f7617be1d11734503b2ae003189

SHA1
cffabcbd516cdf419ad16a376b02577ec51a748f

SHA256
82a650442eaef3008a9d2a188e83e8ea4f97dceb215529899f72af7c9e1537d4

SHA512
ed7c45a1bfcd6c3e61855d1bd066a828563b4a9e9df115c1cb9475358da7063a520418f75dba59a70cf2672d9e3fe6f2d0885d698ade4fdd79853dd2287b998c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18b4cf4abf578ce4235a184fd8157ad4

SHA1
68d4b46390410da4575a71596d69e446e7d6ff81

SHA256
3c10a9c0190e0f819a5d1ef9a019ea9093d845a654137d778f187816beedeaf6

SHA512
b0f62d743ba0e1f158bde99897c81040db963ea4b7d131d0422b06f436ef88fd0057b67ca782f862b3541bf203fde95bb8a8a05b16cae1dbf2adb65aee739a77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d60252c51a01486148c8e9007452a746

SHA1
f9c8d43b15b8b26f479af2bdd6b2e3b47073bc3d

SHA256
cad58a8fd591b11a042e065e6bdfd4b98b5435323cdac1a3dd79eb360e93bf07

SHA512
c5a47f5d5096f572d636a94834b35f850916ea52af7e77e78d1da189bf0b795009baba185c6eea7916678412d73e869218897bd762fffba46e9be4fe995d3d6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
82a0a07ed0a740cf74e1dbb6dd45b227

SHA1
b0871032ed65f9d731945162e77486642c4f6445

SHA256
ddad94ac1b882ebc1d2e1914b19d2e3b79fa87d5a4e9818cb173680523c10f74

SHA512
e485d8d6c206a0d3603b2710cf4fab7334ea4286a00911edcd3cab4150891769e6ed9cedd35423705d21531c5aac0e4a894904b9b0769257d676298948be52ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
196KB

MD5
813c1b41e435242e7365a4bcd7adcf23

SHA1
2d25e1564eaf93455640413b95646b3f88f9075b

SHA256
70cb2151ee4ef83195855d29819491a23c5eafee2e72b7ffd9041b35363d1542

SHA512
268c4fa1797700a205e37e716c1472592ad6242344645c703ab1ab8d4d68452c3ccce7cdc4d56a0b42d4061bdc793f1c79dffc397f038133387b94b2a1f4051e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
00a595742172c35ce81fd3e63ed1dd58

SHA1
5e5eee4223a58a0b231793f7ff70921b890fcba5

SHA256
1062419ed9998cfa83121d3f5f3820cc3a79796afe135318e5b0329cbe554195

SHA512
1a1cdb910727a857521319f9e7564d3c684d629da84939e9d1b535413282d8e06cb7ff6515ccf55911b6f4eb8c7fa791adb7920d8bcbfbbd445fa985a5649875

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ac17a00c09022b0e1035983f21f6e18c

SHA1
6a803f66342bc8ad0d5d33904695fe06f9451e69

SHA256
c0ffc5a426d08c9e2c884a03d909c8d3c9e159a05683d078005b1818cbd51acb

SHA512
f6647f0a75a1513a55099221fcc77060fa7d3d01cf9e1ac06e3b12ba83c87119620e7704ae670c445a5f9c8fd0fa90d45a3c5c7c031431543091474671d7b86f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f706beaf44875db00484f38227af630e

SHA1
8c2b8142c24939896b31cd0cb0d59fab4c6af0e3

SHA256
f5431cef7b7313b91a0e153219345636bf85d7fbf21abf65bf17b8433e92ff06

SHA512
26fbbe1518e85add34e8db21abb913f1b2d729bbc67653bdf945fcfd7683b996c97ee4e92ec35d3ed3e97f56acaa59842012ed4aeeb3cb1179d2b6e046168ecf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
73c8ace5aca8b061762c156c9d28d6cc

SHA1
34e7ff7860e6f1343131acd4c00e4a1f814c94ba

SHA256
fd7fbbc7b7672af75899f577bb4abec848024df053868b5f407e0d0ccd118849

SHA512
cb099e35b22a900f8ad4c28047eeb989286833722868ab157e9dfba84353c4c24c12550af36e1456a7ab871bdb2566fc47c6f0b5e55cd1e26d965a952afe12a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
820eaf2e729ea4c40ebff15a8e13a7f7

SHA1
fef39a63372062c0851330c6a8a53cc33b8ea26d

SHA256
1d7349e38b4e343b3db0e16f384b5c6f846ff2e62c5d2bd6fa2c0b1df39a483f

SHA512
c828c972351b2a80220b9a5d116e4df2056e774a8bec976d47ec7ba8289fb72aa2855dbd8fcf9afea48d211238166839aebb52fc153bb34d05b19968908cfb38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
d7f8ce74760f2f31885618e761af9e1a

SHA1
3f63ed123988e6358cf133d261a595dc9444bad6

SHA256
fa61fe7237ca078c0bc8df8170d57e6fffdee4f3b3903aae707dc750d9b6d99f

SHA512
cb98d631893e54f7ef8df2b42a59d745c03fca08d8d4c3f6a176f9eb2a65ca971f3eb819b56a302941135384bf0b4fa41452d23f3e9ffb662bcd5fc3aa6d76a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fc3bd62c-b61d-42e6-b1b7-5e82c4049697.tmp

Filesize
259KB

MD5
27618d4bcc113ee95a15de8a551c7bf4

SHA1
086c958a047f83c4e81e127d128da5f9cd1f51b4

SHA256
54724b21ec44fabe11146d4a17dfaf22a2df269757ddbc1c3559049dd0efa5cc

SHA512
c081027f61a78faa9da13b87af7d503de3325ed630a0115349a4a6570f3282b0f0399ee9e037b4f5ff6ac3ad6345466a1b4a6df9f4ba4f53f418b1375f940ccf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab742A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7597.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit