hxxp://oculusus[.]com

Analysis

max time kernel
360s
max time network
973s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
08/04/2024, 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://oculusus.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0f9d50cd589da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c600000000020000000000106600000001000020000000012ed3815d733c16d3a2e2a52aa0f6068d870f0df3766a02024b48bb76854eea000000000e8000000002000020000000af6a873eee8fd6f9ce3552e29910f6d72f689d2c4d2732f66efe3f1b7d21801620000000eeaef3e4d662586edb156182e45e40b990793bf689f32ea1a24ee9468e74ea714000000076e07c92543a324ee71d209446dd6b3efac30924617291b34bf478624800efa57817c3c725e092beb865a1caa9f303e3ee2f9d6250599e235245a7de6d640128	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3569BB11-F5C8-11EE-A41C-62A1B34EBED1} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c600000000020000000000106600000001000020000000fd06e31b503647eed234b3ba99453cfbee556d4ca130e4aa3f022b3fa4296430000000000e800000000200002000000088395e8c5390310d831e2ff612beb08bc01878103fed77ead642c414dba9eb0990000000cdfb11ba6146aee0fe8b5fb3191b0c2965b76c6c533f9ef60af831d21400a996ac539dee04b1f1ddd5f131bcc7080f1043730ead196fdcc9a70e691aac21c85fac2a0ae5d16c24cde1b83f20a1af653cdbcecfdccdf8cca0ed78e04e91f07a095235ff1a1a52285d00f3e425b9be2c59b357c379d4d8b06898c2334ffed13f888db38eb5a3d021b6fcea449109654c4d400000006e954d0ac1fd667c3f409415d5cffca67be3ef9914bb84c87d88b82bfa5c9e2ca1380e0414a18fe25773e04a520446dc9b3c18171e08c3c24450d8e45e7140c9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418756958"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1668	iexplore.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1668	iexplore.exe
1668	iexplore.exe
2596	IEXPLORE.EXE
2596	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 2596	1668	iexplore.exe	28
PID 1668 wrote to memory of 2596	1668	iexplore.exe	28
PID 1668 wrote to memory of 2596	1668	iexplore.exe	28
PID 1668 wrote to memory of 2596	1668	iexplore.exe	28
PID 2620 wrote to memory of 2732	2620	chrome.exe	31
PID 2620 wrote to memory of 2732	2620	chrome.exe	31
PID 2620 wrote to memory of 2732	2620	chrome.exe	31
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2676	2620	chrome.exe	33
PID 2620 wrote to memory of 2960	2620	chrome.exe	34
PID 2620 wrote to memory of 2960	2620	chrome.exe	34
PID 2620 wrote to memory of 2960	2620	chrome.exe	34
PID 2620 wrote to memory of 2548	2620	chrome.exe	35
PID 2620 wrote to memory of 2548	2620	chrome.exe	35
PID 2620 wrote to memory of 2548	2620	chrome.exe	35
PID 2620 wrote to memory of 2548	2620	chrome.exe	35
PID 2620 wrote to memory of 2548	2620	chrome.exe	35
PID 2620 wrote to memory of 2548	2620	chrome.exe	35
PID 2620 wrote to memory of 2548	2620	chrome.exe	35
PID 2620 wrote to memory of 2548	2620	chrome.exe	35
PID 2620 wrote to memory of 2548	2620	chrome.exe	35
PID 2620 wrote to memory of 2548	2620	chrome.exe	35
PID 2620 wrote to memory of 2548	2620	chrome.exe	35
PID 2620 wrote to memory of 2548	2620	chrome.exe	35
PID 2620 wrote to memory of 2548	2620	chrome.exe	35
PID 2620 wrote to memory of 2548	2620	chrome.exe	35
PID 2620 wrote to memory of 2548	2620	chrome.exe	35

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://oculusus.com
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1668 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6079758,0x7fef6079768,0x7fef6079778
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1276,i,10521899687241883343,13522845607870570671,131072 /prefetch:2
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1276,i,10521899687241883343,13522845607870570671,131072 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1568 --field-trial-handle=1276,i,10521899687241883343,13522845607870570671,131072 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2180 --field-trial-handle=1276,i,10521899687241883343,13522845607870570671,131072 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2192 --field-trial-handle=1276,i,10521899687241883343,13522845607870570671,131072 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1276,i,10521899687241883343,13522845607870570671,131072 /prefetch:2
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2876 --field-trial-handle=1276,i,10521899687241883343,13522845607870570671,131072 /prefetch:2
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3220 --field-trial-handle=1276,i,10521899687241883343,13522845607870570671,131072 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 --field-trial-handle=1276,i,10521899687241883343,13522845607870570671,131072 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3700 --field-trial-handle=1276,i,10521899687241883343,13522845607870570671,131072 /prefetch:1
  2⤵
  PID:3020

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c3edabdb490f0aacbc3c0a8261d7d75

SHA1
a6bb97b20dac8616ad5915f3039aa2ae5b8d2ff5

SHA256
05b198fb6a048fbfa1c4c66e61e04916bb6d480b0fbc84a0c9fd5cac6a7eb184

SHA512
88a323b8c6b5877407d15c3e96e5dd8c60eca8fa609886acb3808dcd1e8bab841c7aad86f24e3a655a5d7a1a4fad7dbc3ea716bf88375dc75d247581919cfaf0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db3be342e354c6385f8371419dc9adfb

SHA1
05a7525c5c32a275bd6a9ad26f6eab428fa594a5

SHA256
9b5f7184df389f081d788b9ce1e2f96581226424caf3cb76a617427e3e1edac8

SHA512
ef05f756030a8cbb4b5a4ba91fe1bce04b6819bae947d4373bc511c159289146cd7b7999eed0c39b67db9110c18736fbe61fc728ee0fa74bfd7b8471525fd846

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d8eabb7ea4d40d100a7ce4116f35ce8

SHA1
4ca9836693404134184b2177fa7e807fd257f6bc

SHA256
a245d21109ef80d9c9507eeb93e7e9c9df76a3905afe7a65eab7dbe40031981f

SHA512
c9b4769fe5f73aab47b923f39b7dfd3b7dd2f15a163081d509f2d77e2816703c39fba5b540ecc49c0fae4459232754fa8fdfadb1d69299be8c94fd1f5bf37d6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45834a11af2a5ec6762a3b1e77cb57ae

SHA1
2a8aa9f8030db6398848da2f3d4059559711b8f1

SHA256
a41abe8b5a20b77c7a96f2b843fda0f2e7ec9c3b1d55fe7bd89f5ce612c2a13d

SHA512
559e6554be4a7a6d9f7e3cfe904fcfc3deaaa4f184a491bc7af57a3fec362d3448a935d68355e1eede2c6595cd82dd173baae16e227a4f935e5bfbfd8988f50b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2930c346ba97964a73eb65eec6ef6419

SHA1
8d6fd924c0a96df3388deb0627b1701b7ee91018

SHA256
10fc5243f7bfb2696bdfed0c239c6c6a836b5fdab18a35bbb01328aa72b94772

SHA512
d92532a3ab0ebd7b9cc29b9239526c1cc73bee165ac37904ea5b627e50f3882096c50d33e31c388ecdf7702a2024e8a482e4818498b3993fe993723dec119bd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76db32ca58a2f352d946354fe425663c

SHA1
eafdc506236610b34b1c6a777311c4b5679bcc78

SHA256
d343c0bb917b4da00bcb233445bca7d7d0d3732bd5b7a4a64872098c5dbe51ab

SHA512
addfd71b4cb09e8d01fa1a99ae19378304ccbd1cceb8d73475f4136d12e453020e2ba1e5a717a94e3c07e41f35b80366b2212c822d967e86f030c54c497d4424

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d0c0ba6cae15bc2f86e9184c69d397a

SHA1
2c52d32c7b33e99f5c1c5992b34a3b21f0c1ca0d

SHA256
f9559f92f90619fa365079479765125cc2f94194d6d9f7a70bdfd1eeeb1e600a

SHA512
71f5ec126ead271072526f299e9c5a9f8273faa3227ae7ff86bd68f82b547af917e1d9d03b6b698e2a924a01e463b02aaecb5c50bce8d19d7237cef47ddf3494

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a4f0aead63028b835322917610d2efaf

SHA1
0328a79d7149c7bea1c850d06a578daced2473f2

SHA256
f1533d5f4822fa75479ffd06fdd56b059daec31335faff8ecdd7597e0da1c6eb

SHA512
48bdcc7c7cf48e47c7a67a5e5f77ac0036edf3e87d97d9a9da4a67978a392fa9bba19abd4908b1ab7f2b9ca408c491e370fd5d070e85cc0db115635e0abdc231

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72d29c71a3720c02d4e788379dbcae1c

SHA1
d55152b1636f7a1d5f6b1a2967c727459fac8b85

SHA256
de58b2dfc5eacc6def5be0de5b17232cc8fb56daf910d9e66aec329045bac6f4

SHA512
5b2f6c4c9c80f58751b329b468f40d508585467cd71731f65da615fea8fb6d19b8843b4585e3562be03d202deabc16c583a9439c1f56dcce667bacad6995aa3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
664798f64676f0ccccc36fe8d1b1d87a

SHA1
629a14e44f4600979241a1e7df0ef9609fcf78e0

SHA256
7e84da5b2ce271da11df5a798807e1e0126453eadb0bba0341116f56e74a1f32

SHA512
ba52af4dc91af79740ca7275624696ccd33d6b62c2484d3ba7d7f9a14756aa5821fb25eb37dea9ae2a9d87ff80be7237a30f7151c1d015fcb2119970943dcb8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b78b80ad9c03bbe6d582e8e4d1b8632

SHA1
764698457968ca57598db1e24beea3d2422b9897

SHA256
4629cf8cd38e2dbc5f337139f6da9882e5aecc169548a6dd8ec420ba89c93d59

SHA512
23bdbfb2612aa0f08fbd650293fd998d9f024313587996f5f1915c2b0c2ba5e802fd028021ac869952b6c7d691d8f13af807c60eddeb9d3355f265d304e92a0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
484e836ce799b369ad276c8fa322362c

SHA1
227f06d33fc58258051531d28de50a279fe06801

SHA256
3cd801793546cc123d0800e1afdef36f89bdac907f4b69aef4e8e26a7a48fe01

SHA512
8014f873dd56ed70e94994d288ad1e613498fa5366341af78d51beb51de15d2fb719ae2a1ecfc728c810141a1c147c581c7097d34159935d92a2ae9491724207

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe7b954c289ecc48f054282f0eb7a352

SHA1
ae73c7fa38a0f368f6bcf44310a7fded00f2d108

SHA256
909c035ad9dd4232ebf9a819a7ad214d2ce15b3afad005aa162f84385b308d8c

SHA512
d51bea1e1983427dded6738251fa77892c6c7b2c2495af0e27caa11e45ee1c3b093669b9843e4b6bd70f3a3cc69be4ce254e496c6233fdf06c54ca66ad53779e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2715b72e1cc3652fa61dc3e8cb64070

SHA1
139fb29bd37823fd13ef5a266aebbde595c75740

SHA256
378f50db5e58be61db3a876317dbb52339c4edfa97d810cdcb7bef29f45373e7

SHA512
96fe869eaadd2926745ce4abb4354082f9a859a4871f8093d919f56eb445aacdda3d9293bd5611999ffe886a6cd20dd4e13dbc100702a062c58099b2a3669d4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51c9fa9477db170bb1ce1daa071b25b0

SHA1
779eaa8d0e19ccaf4e6f7b330248d3aae5c1f6cb

SHA256
5e1ed6ccf87515b2422d4e47ddc0036083d09b17102b181ce09897afa587172a

SHA512
5fd41a4bb61e40e71cd470186dc40a6c292ee35629119e9ba877e99d3a11dab207d28c1987e774a14854230b6707d274c8135a0219fcb6b727bc515ceeb5cd51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fcdddd98bbdb703e59c62c1c85def2c2

SHA1
160b4db9851699a5f59ef6834d5eeb4849fb36ff

SHA256
fad64b6fe942ccbc86f8d5635682e0227e8a536f071c271b404a896b394bee41

SHA512
4d0ddbc27f49346cc034e28e7d73ad87f60f6c7f571d347bdaf871af1b2d5c350e82c71722aabf833bf197e7d3baccf7d205300fd260653ed5b23ffc399c3595

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
844865cf910165214d9f1824de80f60d

SHA1
663316fb23faf37fe41feb01e5c80e415f8d851f

SHA256
1db77329302f01c6c9fc5404c786102673ac5376fa0236c84963d253d289912d

SHA512
8ce664b34dff0e95aff25ace06e51e7bd201eba173666c64e383fc7ba9993d59e612da6fb2608a23f0eab6601e0468306c571cbd88f88919b791288dd738062f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e79117744f3ba366c69ea6573028c78

SHA1
47eab00ef23a9b70029e4f2f17915cac1e2ca147

SHA256
97e2974feebbdb261a5b47b6aff4ca63cb09b6616ee8eed451b810a343f0b359

SHA512
e410b9a5c506cdf1b12350f26b4f030efc7f18487b59888ef40885057abdfe7190342290d81f7c87bea37a131b139b1dd919afc565a730ffeef741ebbb94b8be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
352ffdbec394e0ecd9d8cb6bd8a7b56e

SHA1
969eaeed117078899a7016c1ac9228d0cffdec1c

SHA256
6906ba03b55ba0cbb925f0b5604a30c5a5341bd15ee306bdd1ebb2ef1ea124d3

SHA512
a4eb808f46972fdad2f3d71dabde2be875d224bc40da53b010094ce929456b0562f288c2be148cd6aa57f5bb127ad1850dcca8e430609aaf5741247087299bcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ddc3aceb166d63d6c68d49df99aaef35

SHA1
ce16a577a42fb36d9b7323a3c320b8841428514b

SHA256
2876b23d7f918eac5dc88382da3f3f2f09f7ad09713812a4ee5c43aa396ef02c

SHA512
5bc580a0d5fc47c25e3a5a8560150bdbdbe8f11a486cf358461bc3350cd0c7ab25e731ac53861f0e325d2ca4a7dc1291067fe33856fbf087c8d0d8eabf94758f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e2c4c12d6b7cbb60c0d884623920b81a

SHA1
d89b7bbea147902d67c2a50168aa7b0e6d916c74

SHA256
0afbb2b8b75ab361ecd6281897399efbb76e1e3ef420656f2b5f426cb448f595

SHA512
dfe22c552882e61fd52de5a7acaf8ed1331c1d3ba2654f648a24c136e7c11e29af91354df3e4b0e9f7a9c58b62e586755dbb1a04b81e98d90c637d65d0ec1fe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
c156649319a9d4a8b21aee5dd653610a

SHA1
0e72c821d50ce540ed56df5864b5364f594986a6

SHA256
2428e98fa7dbeb97de50411f04d1c7bf65eb78db0462e09f29a0cdf45a3314b3

SHA512
636fe8c6058f365b86c5681e61171db273039d1a15722986ecfc2af85b3c6ea240ff0b5884fcd5d1225b2a02061cf3d31b73811a745d34e8fc3aeeca8a8dde84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5b0cb56f7da5fa5e4dc71ed7875a6aa7

SHA1
bdafca39bd063c55a2dbb47d8a7c26c27d0c1abd

SHA256
57916725004461b169717b34869edd5c82c7702f5b9a761bd11491cd4b1b7e25

SHA512
74e671292795452bb0f26c3aa49676478e58c16fae3574cd1e13251a8685b86b3190b904349041f38f1f9c092d36af7d48255c9f0b91a004b0898f75dc0a7a7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
37dc5f34fd70bc37e618a984fcfa90f1

SHA1
24694e17df648d3e25ce2fdbdc9171d1a900d395

SHA256
8aeb26055b9ce3a5f2fedcdaef5061039245febbc00a965619cfafcc32ea142a

SHA512
fe66a02a2f6e1ac2982c37e4db74ddd03d087b3fff3fc3d4fa53dde11a16eb0ba424fc981d823994622188f92279358ecf454863f51fa6c148fb30047931a7a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab407D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4AEF.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit