2443089f92e80e43cdc9e4a5f113ed6687c9e4b44031325fd051613494457d65

Analysis

max time kernel
39s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/04/2024, 13:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bcb96a3-1595-4103-971f-1e8bed027c8f.html
Size

500B
MD5

0d72715a82a23dd51eb8267066bc78ef
SHA1

5148bffd8cf6cf8b01c67a464161668134cd24fd
SHA256

2443089f92e80e43cdc9e4a5f113ed6687c9e4b44031325fd051613494457d65
SHA512

29abbe7fc4696db3bd2a9dba88d27062d8ae318bd522fb6b4f39337ab8baf9349dcb21db4703825d6a96952e71c8070a20007f5066dfea30ea2f11068b2bd5b9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000006fcc8dba4160091421f6947ceef577ac9cfb00da636193326952e3a4fbcd65f4000000000e800000000200002000000013dc240acaa62e16bd707304d6d36536bc2c8965e729b78e4dbd26ae89f7ab3a90000000c279b784b1b97aff93a38d765321981ac4b09ac25faa8d7b0f68b85f5e68d73a31784b6fb607db0b960f50da67996df63b50ef6c521466abbfd8f481164e054a940c9609d0a8eddbf9bf728b9d296538836851cfc00703cd177e848f866472c51a83e16b0295eaa03dbd891a54b7c569660dc0a52c2db06d82e707ab9d771a8b22f90f10f82313d85500ac60dcd4f9f440000000f72bc3a2659be2e3c3ea18011c968572b7850f6cdec70eda0efa166461155d57f717fbda736ea3b4a6df138e3fcacbb466eb89d71d73b07dcba81e548493d2cd	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2B0836B1-0176-11EF-9201-6EAD7206CC74} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000048381271c3adceb1622c0dd3e1faeb01360241ced83246f10541d94ace91871b000000000e8000000002000020000000a811ae84c15b77bb89c96b4f5e622a722f0bd588d932c493aa660c7dc2465d3720000000a9f63b8abad41332dab2b1f5d92570a274b8f62177ba46422dfd53eeabb64506400000007cf27a656ace8d3c0ba19c35dc3a538bbf164bb62c4e640ed2d42450df2cb7a2223707d6d8842ef194881e623095b1e7fc967c2068a96398e6193b6e43e21ffd	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0bde6ff8295da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3012	iexplore.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3012	iexplore.exe
3012	iexplore.exe
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2516	3012	iexplore.exe	28
PID 3012 wrote to memory of 2516	3012	iexplore.exe	28
PID 3012 wrote to memory of 2516	3012	iexplore.exe	28
PID 3012 wrote to memory of 2516	3012	iexplore.exe	28
PID 2052 wrote to memory of 1708	2052	chrome.exe	30
PID 2052 wrote to memory of 1708	2052	chrome.exe	30
PID 2052 wrote to memory of 1708	2052	chrome.exe	30
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2016	2052	chrome.exe	32
PID 2052 wrote to memory of 2224	2052	chrome.exe	33
PID 2052 wrote to memory of 2224	2052	chrome.exe	33
PID 2052 wrote to memory of 2224	2052	chrome.exe	33
PID 2052 wrote to memory of 2228	2052	chrome.exe	34
PID 2052 wrote to memory of 2228	2052	chrome.exe	34
PID 2052 wrote to memory of 2228	2052	chrome.exe	34
PID 2052 wrote to memory of 2228	2052	chrome.exe	34
PID 2052 wrote to memory of 2228	2052	chrome.exe	34
PID 2052 wrote to memory of 2228	2052	chrome.exe	34
PID 2052 wrote to memory of 2228	2052	chrome.exe	34
PID 2052 wrote to memory of 2228	2052	chrome.exe	34
PID 2052 wrote to memory of 2228	2052	chrome.exe	34
PID 2052 wrote to memory of 2228	2052	chrome.exe	34
PID 2052 wrote to memory of 2228	2052	chrome.exe	34
PID 2052 wrote to memory of 2228	2052	chrome.exe	34
PID 2052 wrote to memory of 2228	2052	chrome.exe	34
PID 2052 wrote to memory of 2228	2052	chrome.exe	34
PID 2052 wrote to memory of 2228	2052	chrome.exe	34

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3bcb96a3-1595-4103-971f-1e8bed027c8f.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3012 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef66f9758,0x7fef66f9768,0x7fef66f9778
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1364,i,1606216316137523345,5270860573092634996,131072 /prefetch:2
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1364,i,1606216316137523345,5270860573092634996,131072 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1544 --field-trial-handle=1364,i,1606216316137523345,5270860573092634996,131072 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1364,i,1606216316137523345,5270860573092634996,131072 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2264 --field-trial-handle=1364,i,1606216316137523345,5270860573092634996,131072 /prefetch:1
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1376 --field-trial-handle=1364,i,1606216316137523345,5270860573092634996,131072 /prefetch:2
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1464 --field-trial-handle=1364,i,1606216316137523345,5270860573092634996,131072 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3448 --field-trial-handle=1364,i,1606216316137523345,5270860573092634996,131072 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3548 --field-trial-handle=1364,i,1606216316137523345,5270860573092634996,131072 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3676 --field-trial-handle=1364,i,1606216316137523345,5270860573092634996,131072 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3792 --field-trial-handle=1364,i,1606216316137523345,5270860573092634996,131072 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 --field-trial-handle=1364,i,1606216316137523345,5270860573092634996,131072 /prefetch:8
  2⤵
  PID:1604

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fcf84967e24b0c6110c3e92f9bf1b9dd

SHA1
70608b200f2cc8d0e4cba201ba194a13cac247fb

SHA256
752e3f39b82b2ab974cd1241e6a40813e306dee30a6ef3a67d71b022779bbace

SHA512
5c7652d5f022b9df6595606cda47ea06a2c2e4f617293410d5d4a7399ba4190453c8ef2d74846548e929a9c95e5ccc70810cd494eae0940e942dfbd62253cfb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b4f3c36232ae85b99cd6069ac9011cc

SHA1
ed3c6f367935cdd957e13ea357b1ea34aea072b3

SHA256
4d4791c745f7447af17f8da63a491b717bed8a16f3c7a6408a46698b659cf2b2

SHA512
b95b7a6338255f68351a119ed6974feff7220f010baa516110989d653e9b350ee28703be9c2193ca81601d73fe2163ed67b4ad523346b021a0cdde4a8ad2b4a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
455c473f65bffd87c7584510f03bdd7b

SHA1
a61bbfe271ab3078f1c9ac5c9f82a6bf42fdc1a0

SHA256
f41530a340277fc2b38f5b751fd81a43b74f9050e256e4c69034250fff8899c1

SHA512
1672049be18a07036c1b139933bffa5d1d282b7c2989c1d0dcb72595624e3467f2cf1c0229a9c00cc8100fa077a85bec866e8a24be0da9c40f2e9c7f2ac8730d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc1b1d089e2dcfc841acd77b3c06d267

SHA1
b1ad09404849da9cbbb338b1c7ca8a40d2fe960e

SHA256
5585733bda77446750cca0bda54c19091dea671e35b78b35826c8af11a4d33a9

SHA512
560e32395d28f7e2223dfd924b5ccde3d138717b7897c120af5589d2d606df86dfc4b259af225d3d4f06774925955d7e2f0e4a3278a18be155142c7e7f78f140

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8bc92f275d01d46d09c7bb33010b2c87

SHA1
8668f512902327b280c5e46a826adcc8f69f0149

SHA256
b333626f80ba9f91ef29d3c6aba979b9a1d934b92a36da64138abd6e294dc5f4

SHA512
df00fad527053ba2b0e01f0efd1e5fafcd46d1d55ddfb94e136a6872977d1bbdad81402a27c159d03fa02c5c3eeafc91b526844be22c1d0439b372ad8233e485

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
002cde5ecb7446c9bb62bdc7182b9eca

SHA1
31c5b790d25e7e36ef4f3e6651695c768ed9987c

SHA256
8de755cf8af8133174612aa1992f260ee1503c62208b8f543acad12c254c967a

SHA512
5487cf95cf880efea8a6ed17fde5b7df519cb8f646c1424656732a80e92c8f7af7bcd429e381dd616697cb366f622a6f040d1e8847f2f7fe438af2ddd8821dc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
826ea5e3bf0aecfb15a31b2b60cd3aae

SHA1
bd47ac3491c239935b4b11a365dc7805e9c6fb6c

SHA256
d74f3f474e093d2524bea71fd3c58b26a9679b0b38a2c84470185bc6dd82cff1

SHA512
80b62f92c40ff7043714e8c437a0ec11b2c68f0f4180371ef88bac03aaa04531a3aae4334aa6d608ddbe0d56ddb946901bae40a6f32accdb4af5a8a10e1e6ba8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
604b294f1ad0e48b7b49066c30159dea

SHA1
43f1135056bf4ea2f1ec353ab0161e036f7e5d33

SHA256
44cf4152a5d220ff0b8f6c3b579d5ba6623534ed80d81aa51a9187db942d719c

SHA512
3d8fc94f372ebf6c9ac48abbf0736f42358d306370952fdd363f5ff7b21e808dbf44776ba92184b2098f14d50e4cd6da3502933a34cfacf2579e1795db9cb119

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fedfcb391bbb205ba6a3966c5553e347

SHA1
6ebece8de42abdb780adccb52c3c87f8d3bc7016

SHA256
21d872c73a93f1bb84f6b09b0c01904c3f811f813065f809b57c63f01ce9c4a4

SHA512
eee5d053a554f87a2019d86e61e689fce68d63c89e557072a95c79968967427426e38ca1aa75684218a9b7a32668a864691b508f0e5a8219a1e911f7bfda881c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a560b94a358fc3d154fc6acf0d3b4ead

SHA1
26ff8b6fc53ae9d2ff0bf0266f5e9f7bd006fe61

SHA256
35604626b4466c314e6c0c1c3300f02586071d430a20e685d506f63ef4092b8f

SHA512
b07c3791a6b44877199b7e0cdaaca3cda1aa238671d01a103e81332da9314d39687b20af25055041279d430bdf860dcdde48b47fcc8416f060722f3af9193090

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9cdb657f0daacee05aeabb7d28571ab

SHA1
ec596f53e10666b3ff02431e755e7910fda8e916

SHA256
4a1e216c2d9896c933a0a79405d34f17f32a25cf7217d88bcada1831ebb21b26

SHA512
e385a9ab22ba23a966b98766078f4e4ba84e209bbee7a0ba745d1613b6a796b73e70f7d7ebe892dc6507c0d01c6ed52807993bf8fe458039643c7af52314547b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
afd8396f6148fb1cb1b928965a3e235f

SHA1
a06c3bd394b5494911f901bca96196ea02dbbb9d

SHA256
d4a644d5a77cbf73b0c52fe7958c461a73f32139da349c86715d3fbc68980ff1

SHA512
8f17d7803bb22a86806bd96aba8af7a7cb07f8f71ceb16e5103d56f98c22a36d2e19f30f46af72824f57dbedccd1c6f3614301e6d91d7ae8c981a99ce36e3e73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56de3a6df839d47b65c414221062877e

SHA1
298a5d81e7dac3ad45cf20eb09e1b1bb54a5bffd

SHA256
3b1cd3669293e4379929177f63d4b486d49e1912003316fa84dbf9128a02a2c0

SHA512
6f88fd1236761fe67ed8c276135678b363db7720628c10bbc18a3786a47a18ae0d46bc0d97df61ef2e4ab91f711ad7d2112c5f64cb8b8c83bcf1dc5470cc0857

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
639c21ac51155495d784e193ae7c3e31

SHA1
0c2c1d7d3f102a2352812fae326e19496401f020

SHA256
4e168a311f28f7810f1dcaf1c5b7ed38da68d18b0320748cca1175f58e9f0dd2

SHA512
2bfb5ddaa843399f676ca33b2ed2f87cb5da4d74b443514c6aa82fb456750f91e1dc66004b8b1b9c07eca6dea3ab950f0c7f00b5eb60d14cb9d0dc3c28019526

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51244c3a84aadd61774ff4a43c2f067c

SHA1
8f32d58c75eb4d1d4abc21b4186bc6e4b0fdb81e

SHA256
388d15d17c1f64ca0ed5709e524af542e0d3de9711de6d20c70abd6b8d28cfaf

SHA512
ee310f1b63fc5d601520f06ba5e07a743078bf8c8ce6bc2cd32537572a9038e781320ce357faffc38fc01c8ad9aa637249d7ea6da7e7cd7e0234a2ae1f536be0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
09a3959027732738e135909890d1c22f

SHA1
09645da9ab0cee053fbf6d41ec66147f1590a979

SHA256
52ac334017d81e0dd604f095ab37563c58d58cb20507c0b7e42f61a0e4b73e8f

SHA512
082e5893b066999cc04e384ced6cfe8ff1618dcce94abdec6ac192cb0d1d630588fed70492fc320b23c38780945aceacbe7d82f978503f6b7d0c8ea1150da685

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
207d72e7f70c0c1902586c2692e8e1f7

SHA1
8b672dd092213d9b8abdcbff96dc8058cb6b092c

SHA256
9a4a68f52c608d2ea73c34a5c379a4ca626bd9cacf34f5f1981b979204bb9e70

SHA512
acec879f2268deb804d2f221311e7184690a957a13ecef7ab4f0a668098d817f2522193e245eedb73a08073f16306edc1ada6c1730bb342ffc5b23a3e5729afc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f25e68873a6b1489f5cdf31f0b651bf9

SHA1
f899e5724650b1299955c08b977c3ea6fc790c3f

SHA256
bd6d77d52f0c49d81eca3556e61d77e40b6812418d0df7eea88a69822c1b7b4e

SHA512
acf3e713e0e7b1bbb2b26bb960482d3a7d1ed5e138fa04c9cefebcd405e1c239af61f7d7cc5baa2cefc77690f252399b62cb72187255b8da915f88b4d7055159

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
392a11b1665b11897858c5bbdd293777

SHA1
551500e6fa72cbda2b97bf2a9bb60b384e92482a

SHA256
4962cb3eb68cd0218f37e65a5052c929df4fc3cd83b4149522c6e00787538074

SHA512
f24728f424fad5f90b076af28fe21c19f9a21eaabdf1e23d24f32efac00d735f01d09416bb70a0f24cb30cdd6d3bdfc612e6416bc7444b35bd2c7d5021f22c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83e0ef8d57acbf0f6fba3b4b77cc7c6f

SHA1
0a83e88fcc8e16e254502d6bf030d7830fbd51ae

SHA256
dcdd2deefb7229b23086e66c4c16258d8db22b816a36435b00a64ba59b548649

SHA512
81457cb39fcd23f2198e114aecc9a3f60d7c4ec76d647522dae9c9ae19ef0986ba9f773e3bdef008394eca3aab8023ba500ba66362f104c213665044ab3eb1b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ab1b751373ac828f0299ed333e3efe56

SHA1
ded7fdb6da0803ee96db6994cdd7435f35ca12ec

SHA256
68f69c0df50223329e9705c487ead54326b033a0e11f682a5c020b754444f038

SHA512
06ae309dc80f976ff31b10bcf1da187cee8d712e816dcbd02340a402018aad0a0e1453d988d0334d08ee04caeaf6a3adf779ed7e34f9e2a8053c983b4aca0da3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
81c46e2035b66b633221c912dc746075

SHA1
3fbcfc60abde6db4d9b978f250178ec6a86d81c3

SHA256
0d3889ac7a1aea92f6a3d3c7bd27f4015ade92fc11a2f9723dc68d7fe1b43db3

SHA512
d5921c2e5cc9479dfed9e89e44d3d45f793b16f634c99a47353d36fa2d8ed25ba8c44b90cddf395eb16746b7b02a321234e165f7100faa83c9713259cdea6066

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab81EE.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar839C.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit