c7a53cef7508f2abb86996be29a075c2ea63bf09b1bb08e1b1b7a592cf074e60

max time kernel
512s
max time network
589s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-04-2024 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

18KB
MD5

975aed651740cac29bc0fa6e3992d3cc
SHA1

42033f32c97b6be4e446c0a77690745eafc28112
SHA256

c7a53cef7508f2abb86996be29a075c2ea63bf09b1bb08e1b1b7a592cf074e60
SHA512

53a57fbf3952c5f0e08781879747d059d27a81f58c3f1a9f38c8763ba7aa8d31849e9797092c7624311b626e9aedd4937956bdefc54350ade3d480b04d1eb87d
SSDEEP

384:rTqN2DpmReVoOs41N9ylKeGM+U8HhhbG167uS2LjFrSE3+dVJCBXQL:rTqYBVoOs41ryI1M0Bhb68CFrSEMJQQL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70d720b9768bda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E4761A21-F769-11EE-BE09-CEEE273A2359} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007823eddbcee3e149bc4db86b21295af600000000020000000000106600000001000020000000fcc2bc72228b043a074eafabe2535294e98a091264bdffc489710b007e408f06000000000e8000000002000020000000be3a95dc259a435cf2a9bc65986ce6b85ee6f50a9a0fd853a4f63ed7651ab13b20000000a2d025e7990c9282c5dbaf066eb467dc54ae746c110a7703b76e3dcc2ac6090f40000000f8c539806fd30e90e86624212357933aaebb1f8ae42b1818a5c16f47323169084827e45f1a90e5b5eaf3e9d5a4915efdb30a4569bc10b33b3a281545519d16fd	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418936336"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007823eddbcee3e149bc4db86b21295af6000000000200000000001066000000010000200000008bb754ae276fce6f3be85c8479e1ff24216e479acbaf6783da2696bd7c62a11a000000000e800000000200002000000000a163339bcf8ca0bd214bbfa7c6ac401f649b946f26e6036ce07b9c9a211f1890000000691fd5bbd1fc7dfbdf172cf2b86b929b8ed7657a7cdcf2bcefa1031f1cd5842ea5a5ae9d8dd22b60eb0b7fb8ed06b4eb4ffa4c02ec26138fe75c68798d4c835c12ceedfaa41ca42b6901c284ee57bb702868b1d6a0c34b5ffed2fa9794aa455e899165d706a2487d60b1138ef449ba182a32374d720262d0ef6deb3dc55863670d003559fe7883026445f6832cff6e3d400000009d634900c2c0b0c50f2c9ebae4ebdfaea880a8e20b5b2c09abbec6ee599b3219c07e606b17d473797791db9bf25a216612f139bb4667c883fa1c2519d81f067d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2724 chrome.exe
2724 chrome.exe

Suspicious use of AdjustPrivilegeToken 38 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

iexplore.exechrome.exe

pid	process
1456	iexplore.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exe

pid	process
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1456 iexplore.exe
1456 iexplore.exe
2800 IEXPLORE.EXE
2800 IEXPLORE.EXE
2800 IEXPLORE.EXE
2800 IEXPLORE.EXE
1456 iexplore.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exechrome.exe

description	pid	process	target process
PID 1456 wrote to memory of 2800	1456	iexplore.exe	IEXPLORE.EXE
PID 1456 wrote to memory of 2800	1456	iexplore.exe	IEXPLORE.EXE
PID 1456 wrote to memory of 2800	1456	iexplore.exe	IEXPLORE.EXE
PID 1456 wrote to memory of 2800	1456	iexplore.exe	IEXPLORE.EXE
PID 2724 wrote to memory of 2732	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2732	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2732	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2228	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2316	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2316	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2316	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2492	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2492	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2492	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2492	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2492	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2492	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2492	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2492	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2492	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2492	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2492	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2492	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2492	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2492	2724	chrome.exe	chrome.exe
PID 2724 wrote to memory of 2492	2724	chrome.exe	chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1456

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1456 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7149758,0x7fef7149768,0x7fef7149778
2⤵
PID:2732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1384,i,16619803251340915913,10214492401849091939,131072 /prefetch:2
2⤵
PID:2228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1384,i,16619803251340915913,10214492401849091939,131072 /prefetch:8
2⤵
PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1384,i,16619803251340915913,10214492401849091939,131072 /prefetch:8
2⤵
PID:2492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2256 --field-trial-handle=1384,i,16619803251340915913,10214492401849091939,131072 /prefetch:1
2⤵
PID:2684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2264 --field-trial-handle=1384,i,16619803251340915913,10214492401849091939,131072 /prefetch:1
2⤵
PID:2624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1516 --field-trial-handle=1384,i,16619803251340915913,10214492401849091939,131072 /prefetch:2
2⤵
PID:932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1348 --field-trial-handle=1384,i,16619803251340915913,10214492401849091939,131072 /prefetch:1
2⤵
PID:2108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3456 --field-trial-handle=1384,i,16619803251340915913,10214492401849091939,131072 /prefetch:8
2⤵
PID:540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3580 --field-trial-handle=1384,i,16619803251340915913,10214492401849091939,131072 /prefetch:8
2⤵
PID:672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2816 --field-trial-handle=1384,i,16619803251340915913,10214492401849091939,131072 /prefetch:8
2⤵
PID:2824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2460 --field-trial-handle=1384,i,16619803251340915913,10214492401849091939,131072 /prefetch:1
2⤵
PID:1600

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9deac1d92028119dd6ac98d37de45b4b

SHA1
dbd8eff359ddfa080d8b1ac5dd6cf0289649a24f

SHA256
2ed9a6832c03fea02afb5939d1baef02967b7105c33831eac29d5b9420317d1e

SHA512
bb346b86f0f95acfc0233724279cad57987b7befe4cf1f79df1dcaccbe05407e19912df24db31f73cead277f461b8a82235ae063680b28e9cd9a16bd61dc3046

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bba767dc8e25a047a5991998f4b48321

SHA1
29344042378f830a3767076780afa863c6736d4f

SHA256
29ea3612af1550d4afbf50443b0a48e1ccbe05479c17572fc0fe2342d1ed4af2

SHA512
12ba80f6b17475e989f4e12ee6457791624d508eb7189d1251a8e95d116a2e936ef1e11c409f72f749efbe983d55632b6b2feadd662451516758d3e39679ba5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9091f56b58c0998e1e41df83960a7f2

SHA1
2e1098fab8a27231f8d6df8e404713594ecc1bd1

SHA256
56b96058561432968ddef1736c6a90ba0b25d3457668bdf84253a398037df88d

SHA512
d72783446cb38fa9bad875dfadb8408ce8f49ed1f6bdbb691519413d6fb69a55fb357c3a2bfab6d6c2d3d6a704ab0a55f11bfa86e525f27e82090bddb53dad18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e45d85e33dd7a927087addbc6449e8e0

SHA1
3ec8a9cc3d91bf629ee362c84636ed18914be4d4

SHA256
6d74473c867dc964b76aedcc1687d7f5a5ed85dea92e26bf2af57163cc2f19a3

SHA512
fd7700759ef77d84a44f818e304c0fbd35d87bb30579f5aa7c859fc0b9ef2e42b84a7665dacbcf96daf519d3479383ef21585554eeb49677b9b3ca06ec5eacc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ddfff69cc635fb978449804ff8c7be03

SHA1
9a9997a9cd9cc3f33e98ba2a6753ba366a7765f8

SHA256
777a7764daf60ef8a8032391c73b7aec3634de22f7650370596c615bc88c759b

SHA512
8d34d211da744a6046064afd11427e54163a65f97942f0706f2de7e8e02a03bc5966c905eb404f62acd7d4c7d4d5edc43d5b9ae2f640b9862d3b636010242ff6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c84cf1abe93d5808ad3aedf8ca1ed61

SHA1
d9e673420f18fb373d99c74621d047bc56ebf277

SHA256
a89381196fe061290ad5bfda75bd487440d5843156142b74fb9214ca7f478dd7

SHA512
f1cea8a1d7438494ffeb2e46240fd6cf9d7047939507200e7bfdc138517d0a81cf5959a9851903a914a26b0c8a21905088fcdd454680585ee30af10a9e5ea074

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9ed5b5ca0b420a5dd93fd18a12d4efe

SHA1
0dd8fe4afa5eabc80350d48fb3e18c3af455c350

SHA256
40753e8d6fee9c5134abc6be2a0a93efe120be385a02d796c094b1e0dc966413

SHA512
5d8523b49eaea4267ef521d0e099865fcff5c908d1e52dc2d7e7171abea098584600d7dda4d4a47ba830f5529e51e54e6c6e75673c42565c667f503f03df8d14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9eaba6dd676290f4ae21f4a636b643d8

SHA1
9d9f619cd60d1c41d47ff1cd89e72de7c7d824d1

SHA256
e7d32b9cdd3e10915384cf3844d08c44bfaf6456e2168ce6405448e5aeac7e5c

SHA512
9a288221a19fa6da2854999b5549e514b82f9ca77cbd1fcb37305dbbe82b004a47c2331ef3f0c966d7c2c2fb0a5969cd4d608526cdb41535a412d64a763ca786

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e4a9cc83e1f108f4003e6332c338709

SHA1
652e7343e4ff89451cd6e1f331c69577f57d4614

SHA256
6118e14be3436f6cbdef606cf3ce9ed234b5057a51fcb71098c4dc1b98c9631a

SHA512
fda80b87913b91bf9409657aa58a6f1e4201e86c1a25cfc998df577c93212aaa5153e0d9a28e452a6145770ac03e111718c1e60716ff74397e6f4370ad3a3c61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb327ce250530102d04ac519f188b15a

SHA1
27168404aa2c891e43509deb487c6efc1e692984

SHA256
76ec84aa3509b19b27c63fcc9db7c4b5fbf0404a1159736907e9f29e25fe437d

SHA512
7181b827345c9fbd1eb3b47e2ff4b8accb182a3df8f3dc5920212103c6c6bafe8829d8ce6802d97886d35403b1d888912e1371da188c8f25d0aeb5a8fcf9f8e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2475b3048f34ca085a29e79eb03fe0c

SHA1
c3be660eafaadf4e737bf2027b26bf4a5df6ae70

SHA256
ce5cf4aa223e19a7dde5473cd95a573a9d7ea3dff6cf9ff8fec2490b0e3a031b

SHA512
eccc37c813990dc13c7f644d55088f8c4ac1407baa0f8bdab8c9d8237333fb62a8f2bba860794ed2a213c7f68897a5658bb627dad9b2119fc06e54e1df18d041

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5934c9ee5d979578da8608b7f2d455c4

SHA1
04d06eb6d6883c035ba80f7d8813befa7f6245b3

SHA256
8bbb965158352c02e6d2bc3889fb7d3466d21d70bb7fb4c8b749e6003cd4964b

SHA512
53fa766287c4431fbedf781e68e05f26aaa642f28569a809c8db3e82584edd186c0fc1dcf0959fe5af5fe7dc0836bdcaeec5edbf4644f52a1be506a5203dc344

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2729d8225711ce66b0aab082a25a2db1

SHA1
2de2408401b1f82a30238045cab13dbe4fc208c5

SHA256
95a5d978dadbcf12936cfddb69ef32ea18a8941a92d50c20588c38ab7cc607dd

SHA512
ba25957c187ab9facb0576f3ef54cc4de1f752c19597521fa5bca8b36d128a138821fa0bed4cb263e7b2c98bf9b1d830c1d17687f0dc512ff130fd18b723553a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
969573e3731d5329f2d2172245469ac6

SHA1
f86f2842e9d2a4798ba8f1eadbabfe81947166a9

SHA256
a10d5a3ff54e8f1118eb82cc74e963ca6136794879f7a1231a89cb230445ad56

SHA512
c2c9730531fa30b8b2df7c696d4c8267a0656f38d1d7d307227cb02e20d9ab58ae09380f822d82418d53ba49b698954b69cfdde6c69533987d3a1ab355bcc441

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9337aa4102329b4a7905f096628efc47

SHA1
f319e4721be700982940b77ff95aa71034f4a889

SHA256
8ee364c2a54926e49b99673192d6ee428010f55e421b2277184908e29579ced9

SHA512
468a984f175e4b123449716cdc8b952733b7d95b7534476f42d1a9535c91795ccc843b9a8b673bb9213344c5a4abf50355a041b3d5ee4f1d3b87826722139849

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22f18a667644a7628b3f6fa82fe6b00b

SHA1
e1c277f475a04d41f537e27ab7f3650caa037937

SHA256
73eacdd1e65750f939a71764e89464b88294946579df0d2e31fb29db672d511d

SHA512
c3002f653a0b6ed89fd90227539f1ac1cda7235615d2a480cbe986d77fe3684df105d3adb0abb593e43f94189dddffa5049fe3874399683c9983b4301ec45cd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
678a3b9a9c9af60930051d4d12e7ae14

SHA1
7ec6b20bbda0fd33740fca1d5a06c1434f7e128f

SHA256
9e9e6ccd649d4041a4a71334b0fb6c6198550c22592cdddb3f820eac0edd8979

SHA512
b04d945a1c397700d9d334e3c9f270d247f22d8cf2b1bac48e71e8841f3209f614da676861d519ad724c5c15abbb41532bed8be8e56c1ce5b4b721971640bb56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0fcccd944527e98164eed7565a510ee5

SHA1
b6a05dc68c3a4ea24856bb48357febb45c694fca

SHA256
52620343180857b41131cadfc0e9ec7b7a0c347ef0146fb975c1b0c48b3d99e9

SHA512
791330573b2dedb68bad50180d347942a9dbb330f1be74027c8dbb3666be605a6fd332b52e33b127d638a5fa0ba72a5e7410bebc317622f452393d59bbaed0b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
a538b49d0a5e3a2a6e7d94d9fa7d5745

SHA1
ebc10e262262fe050d4bcc0b1e7cb15580470731

SHA256
577ce30a8b451644d9947e887a076ce1c9c3c9b889f0f65ac823c9e14115eed9

SHA512
82aaa165222f9763ae6a61187515b55cfa02409e49cecc340b0611464b417bc63c32883b27e819906c82c6045e409b9b2f76816f7c0d44086ddbb97b1342c8a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
912f8b006d8b1cf153f48d7cf66f59f5

SHA1
25a3884593ae4df5b4718b812e726c2a91bc638d

SHA256
1dfa4b829d79fa44f3946bed199a766f5e698c499684babf0a1dc5c0600d7be9

SHA512
533a704b98e10909cd1036d859bae66d36e9f35b9518f7ba62da10e7da5f974c96a5c150b7f74baab3cc20e17cb5eff30433b29f11ff4a6f943781f2c58f06af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
7282b84e01cae39eb92cc9f01ad232b2

SHA1
f2e04ec2351cd238fb3174ceedec3294c00765a3

SHA256
da64bb1d60af7bfa09dd26753e17b765eae5bee680ac49e7956f015017ef70e6

SHA512
eb3779eec2e31366ce4ab244f84845848e3e11f0e4ee559101d655093c4ad5eb0220426edab6dce8b83b633e4dadf99173b4bae95e259a05dabcb71f4400ee5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
d68b472d887746e7b668922eb0ed433c

SHA1
749d0e4012aedc1312fb343f185431d7c4846b2f

SHA256
8d109dd3841664b553b33957342a2bb41fdd6c99521e4f27e0b5ee62bdc6b90c

SHA512
7b1a688895c4c17a338f749375ad8c9bc870c977d79e8dfc4bdc4f07c3d48b8e5928cb126b045354a9c0cad43d3ec1b59beffcee43fd6132b0a2a59957c5f6e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4E5F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4F72.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
\??\pipe\crashpad_2724_NNDUTWNWUHQTLBRW

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit