hxxps://tria[.]ge/

Analysis

max time kernel
40s
max time network
78s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
28/04/2024, 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tria.ge/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c6000000000200000000001066000000010000200000000547ccfa6c1a074f09e15114b4b31497cfce4733d143409d60affe9c83c17c58000000000e8000000002000020000000e5d628b9177684692ea00f87db3ee3f6026cfa2ce680937e29caf22bbae4bbf020000000cac35721b58c7c63e0e4aed8261a003c4aec90ddf885ed0f9373793bd6854c0e400000003b7d085e87caec2e2ed54763d457fbce00aa94e38c712c155bc50551e905e447b3d1a4752cc132743bdd45fb74d5a94b4761a62ce12dbc6ea27bb53b547d78a1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d039cab55599da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c600000000020000000000106600000001000020000000549dbeb7a92b603666aa38c3317e15615cbbaaa82496b91caf6ec5bd0265e62a000000000e80000000020000200000000cf3f03f255e3b8926ecf5dc6fe69880ebdef8d4209e452abcb1d099e30bfb3c9000000016bc2a595f16687ec949b4f77d1c9774c52a36483b5584dc5272c332de89343e488ef3f1cc07e9d5fb2f7d6f0955ac767dcad2358b9943c27ffde6b4e24d2542a0923ea595bf7cce7d77cdd5e6871847a5d867806dee743397970891066a5eb6fd8ef523e3e0f8c4c7b2d4d3aa635ca06b0fcc15df8dd9ab061eca1c63b4a1694d974499255dc91113eba1e74c86bc6f400000007dedbdff505d6528fa06e80b18c42f18c126f5d0acbb68eb92c870151442b7f76e82d4d9738683fb8a2dc861391ca2d07d352c406203d23e5c3a45d80c118f2c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E10F01C1-0548-11EF-9DE9-520ACD40185F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2928	chrome.exe
2928	chrome.exe

Suspicious use of AdjustPrivilegeToken 38 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2952	iexplore.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2952	iexplore.exe
2952	iexplore.exe
2052	IEXPLORE.EXE
2052	IEXPLORE.EXE
2052	IEXPLORE.EXE
2052	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2052	2952	iexplore.exe	28
PID 2952 wrote to memory of 2052	2952	iexplore.exe	28
PID 2952 wrote to memory of 2052	2952	iexplore.exe	28
PID 2952 wrote to memory of 2052	2952	iexplore.exe	28
PID 2928 wrote to memory of 1332	2928	chrome.exe	31
PID 2928 wrote to memory of 1332	2928	chrome.exe	31
PID 2928 wrote to memory of 1332	2928	chrome.exe	31
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1572	2928	chrome.exe	33
PID 2928 wrote to memory of 1076	2928	chrome.exe	34
PID 2928 wrote to memory of 1076	2928	chrome.exe	34
PID 2928 wrote to memory of 1076	2928	chrome.exe	34
PID 2928 wrote to memory of 412	2928	chrome.exe	35
PID 2928 wrote to memory of 412	2928	chrome.exe	35
PID 2928 wrote to memory of 412	2928	chrome.exe	35
PID 2928 wrote to memory of 412	2928	chrome.exe	35
PID 2928 wrote to memory of 412	2928	chrome.exe	35
PID 2928 wrote to memory of 412	2928	chrome.exe	35
PID 2928 wrote to memory of 412	2928	chrome.exe	35
PID 2928 wrote to memory of 412	2928	chrome.exe	35
PID 2928 wrote to memory of 412	2928	chrome.exe	35
PID 2928 wrote to memory of 412	2928	chrome.exe	35
PID 2928 wrote to memory of 412	2928	chrome.exe	35
PID 2928 wrote to memory of 412	2928	chrome.exe	35
PID 2928 wrote to memory of 412	2928	chrome.exe	35
PID 2928 wrote to memory of 412	2928	chrome.exe	35
PID 2928 wrote to memory of 412	2928	chrome.exe	35

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://tria.ge/
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2952 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6679758,0x7fef6679768,0x7fef6679778
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1236,i,8928445494261245095,2566626114818070941,131072 /prefetch:2
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1236,i,8928445494261245095,2566626114818070941,131072 /prefetch:8
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1236,i,8928445494261245095,2566626114818070941,131072 /prefetch:8
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2276 --field-trial-handle=1236,i,8928445494261245095,2566626114818070941,131072 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1236,i,8928445494261245095,2566626114818070941,131072 /prefetch:1
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1380 --field-trial-handle=1236,i,8928445494261245095,2566626114818070941,131072 /prefetch:2
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1360 --field-trial-handle=1236,i,8928445494261245095,2566626114818070941,131072 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3420 --field-trial-handle=1236,i,8928445494261245095,2566626114818070941,131072 /prefetch:8
  2⤵
  PID:304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3532 --field-trial-handle=1236,i,8928445494261245095,2566626114818070941,131072 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3728 --field-trial-handle=1236,i,8928445494261245095,2566626114818070941,131072 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3772 --field-trial-handle=1236,i,8928445494261245095,2566626114818070941,131072 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=672 --field-trial-handle=1236,i,8928445494261245095,2566626114818070941,131072 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=1236,i,8928445494261245095,2566626114818070941,131072 /prefetch:8
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2728 --field-trial-handle=1236,i,8928445494261245095,2566626114818070941,131072 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3932 --field-trial-handle=1236,i,8928445494261245095,2566626114818070941,131072 /prefetch:8
  2⤵
  PID:1920

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
3e7be9936c47bcf07ee480fca911d620

SHA1
00dc00ce4723b21647823b8e11c251ad607c24a2

SHA256
1513858dfee4d5e227db21e196213557926ec51c4170a568e1048aef00f54c09

SHA512
98857cf7b4e05da73a294ac055ef19b88a84208c4be48e1d1ce553e124fd91eba76a2e6cefbacc991756d85e9da1dc0e3af818fb1fc55c19e03e310e492b802e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
97d6303c33ef028f669b3ba41ae932b3

SHA1
54a3fbe06702917d7ee0855965c7a240377fb3d1

SHA256
fd19d4de26ecce13449d4a6b1dd249e62485a1dc75a866c12255c8b18109f34a

SHA512
4a6752b76590aab719a8bda9a4572b2b591f780b8649457b8ff3f5ad7d8fb83ecad4c76ec000d7d1e596dcdf6817a3a742378c632a023696b1e3142e932b1e49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
08b32b1e10226f2cf6c0acba38790b9f

SHA1
b6783cb428a924f559a69a936710bfaf500ac013

SHA256
5612237d78b33bb5a8b97422bf597845797da5c320b3a87a6670fceba493fbf0

SHA512
d6677220fc6e8d2f4d862ad3bd2f9a0a856e73675eca32725cf35e7b3c1d6c0f2b6cc7ee83fb72350fb76a0f2f214a81488d0843c23c4f39199b83b39c2d334e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b2a8acbd14cf4c26bb3687d99c5af62b

SHA1
fcd364c9b5ba7246a064691435acebe34852a9ea

SHA256
ed65ad3f3f7246ac5048080efef33f6c810e38be5a37c1594d7897b90233b75b

SHA512
1c711a7a70095451b743e62c28731b5006032988cab2ca328c14cc5490341b8023616a758900a3e80f8825347af0acbbeff2bc094d437879a266ec06212524bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d2241c32ad95e2ecec9bc132d58b21e5

SHA1
40e25ba59ae17361637d95f115d999a5f429897f

SHA256
ade768ccbee2dabfa902ace3cd2864d6612a673c05fd72c8f7ac19b325eee51d

SHA512
db16a80f7d2fcc82ef8e36a9c19ff609cba300e4a54823400cadd1d9f4ebdc7010347e563c66833edaf0bde7474059db0fc3ee884fc0ddada9e17dc60110d18e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b44aa9270acd8605c86d13ededea2d97

SHA1
851b823c760e3ec55b31cecc09798d93e5b20bfd

SHA256
0f457cd224e0e40f637b310e2bd04790a9e4edd3730cf75b2678bbf24880d4d1

SHA512
af147fe326d7c03500c13c03a44ee57edc73d4764b43256691e75a716536d870ecea22693a79d086eeba25270d78eb4fe0cbb1daa6ef0773d3fa537cc9ffb2ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
aa122e87784d7a675db9e71b3756f222

SHA1
2e621d2e104afcb48cd81668edcea4c6169da146

SHA256
c534a3f560d96ac8c917aedf0349731277baa2740549e775d4ce4dd5c2d23a66

SHA512
90e468972c5a34535af76fe21788b8a330e30f93f43e522d06ebe63e9286b0cb9e9199a30c5cf3cd7cc336fd9ea96a78e97db9f46fe833f0f70abb6cb745879f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
fe8222343db184d525899b0cd403da6f

SHA1
25f86d6c135e12ff0126c5eb6c65f142a8cee072

SHA256
d9f5e4c960bfed12289e6a7a0c6a14ac2a76b805d7921b9b494c1af11f138a63

SHA512
23665a86426a10899ccdc44dbc00f849370b2ee4dbd0714bb868d5904e67a45f22ae96b3b6df13e91d9f9e8a69e38a0d7dca0996d1dbacaae909b8088fc8f456

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c8cdcbf4f6548888f934740d65a7b10b

SHA1
ef569a52a74c5b14de0b5910145fd7f33d398e0f

SHA256
86b03fa7bb5e142d3b08b3664f4aff0aad7822e7639de2eb02d22aec903ec289

SHA512
12058e4f4b8d9901d664d1b4b124c8075986772104007d382bfa90e14ecc5b5fe7d9a1c9905779bb111a7117feab627de21979a3e79a3c5a7ff3d4384601f208

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
65dd8a7df76456eabac0bc69afdb71fb

SHA1
5efa9e3cb16faeae08a8f65660a361b3dbbf5c43

SHA256
fbff85350e2b2fd0716e26fdd9f8de200d3daf5083c147d0a69da4d7692e5413

SHA512
d6641a0073b87868a4c1f914773e8c9330cb0152e0ff39e54eb168e8c713226b855f8232361fde2ac1fec5ed5753c87588463120c0627886d7596246b9dd9adf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
9a3525de409dd5e04e4803b53815518b

SHA1
9b5992882cbc4997a38288a27aef246369ace865

SHA256
5f34badeae1e1a2c67edc96c926b976cfa4ef448a713dbaa865689aed5a77bd8

SHA512
84f7e80ba9af1c1b09385bae27933e56bd07773650862cad8fae4c24c9134d922956335b4589be2232d9c0086bc143908e9306fdfe4f208b8ee2a3b8738807bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
2c013b04154b9dabf4cb88c8ecf72871

SHA1
72b4bee554767434f5cd6f1fbdb38d436df36d20

SHA256
252b4e9a13ad6b6cefe8cc2244ea4592447d2abb295a08fbc05ec27e61635e7c

SHA512
36d43f54ca5cf24ef92a617e74858d8e5a71d92d0e62d46140c5fbe6d128f2b63d5b5adea4e5d8cf180de0638138c5401f480566f7b49689be057632a7182b34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
117bb8238bc0b8e0505615a81cecc56e

SHA1
1d87352874c5c2f43cb3546c224e207fdd82798c

SHA256
01c525770c5f72caf98ebcba5fb54c688ae2dd817ce45adf4f7b5395ef4a903d

SHA512
2268bb18aad8a499cea9e87a7aa8219a831c729e9771d323229673b20f1134cc33a5b86da876c6e3a07f7c2f73a28df51d457bec3dd4c73f3491730deed79890

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
feb5381f5bc911f3b90291b73c277e5d

SHA1
4389bb2b8a8266ad9d6df2df492b94fe6f9f483d

SHA256
c53c747cac32c8a9ad1855422dca9177c77146aab9e1673d7d722dc4ab4aa60c

SHA512
cc25b5626544b1d1a73143100225bf9feb1cb6e969316c959cd196a3ca47aa6b70eaedde06b8cc5fdf0cb1fc9410d54179d4808f6538d63872612b78bac121c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6649fd9f-93c5-4f32-9801-36c4f234a47f.tmp

Filesize
267KB

MD5
f3b1008efa7ca91f5daaaf0ebe6b4b25

SHA1
c670acedb4dfb517f24926569cb002e05fd7a201

SHA256
02ec889bb8ae385a34586d045dad71001b29bb12ff1c4c24c5c78df7bf8041bf

SHA512
f66504d8783c12d0cdf84fad9624488bc96c5e608857a0fadb997ee6e47debc5c0ce28078517507749d017935c1c899a16e502f5c7f67e3a19d55bc5b556d04d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76e4f2.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
1c54ed109ff6567f37c32b9ab5d2b177

SHA1
c1453d0f559ffe1cdd5fce517db258903b3fee79

SHA256
9557f4fd052c9b7c730811fd85cbd9dbc612aa4cef24439c0a73fa5d31cf1400

SHA512
064308d85a362b221d597ac099cba92eff7989cee269ddcf3918481a635903d737cdaf565f2b9c33d476fc316ae21bc5179634dead9383c7048c55e8e626058b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
86dd77d016887499badd23f1ebe45964

SHA1
487a08e0f4ad1d4b6d47a0b68ba97172c859ff1f

SHA256
9c1e198a698371b7ca64681833512be6d380cd1ce5d6db31e24bc5972530549b

SHA512
d345228c7312f67041cb0113e8d7e857cb7ccad83a09cb0bf815606a71a3c8639f647f1719fed6911f094991aa28065a7d65b484a182e7bf284ba8c5149e4c70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
40b1c0496f0d452e1ed1782d327a2e5c

SHA1
d0c8d65878cf10d457ab8d0413940bf9727ee4e5

SHA256
4564738b336cfdf25d2102ff581f59530789ae11c7dd759457002dd06aae52c7

SHA512
d7c0ccaf257ccf91c79dbc0161e75f02085105c239a62813cc0aff46b0a5e8c43ee385829c093da2a8dcd36c3e556f39d5bc27d6788e8fd026a8fb9531532313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e4a23c1506670d927a03e8b32aa4eeba

SHA1
3e18f57b57b22a47a2c17d9f171e60ab3c61fcf5

SHA256
f9676a028df9a8415345d4f98965da1eb01bf48810350c8c49dcf6976033155e

SHA512
f674488e10df3474182edfd030e9d479f8ef0946d4ec992e3af6ef2235161f29c0d0511934f4e3ba8f3482e6b625d3d72cc66025f2b551bf4c5a365559f0608e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7a5b124e7fca2d37e0316a2f8b42ecc0

SHA1
cb1636e970e77fe452ebe9d55770e50d2aaf39c6

SHA256
530812c264a7ab90582727b8333ab4c6c3b44cf266fa41545b92b2a2e6aba792

SHA512
a87dd5e2e0413d6f2851c100bc898020b7ca5c43de35c3a1c3f61f19ce2f8d2f652d1b13cedadad226a52bc74522f041169884745f2374258ac0c88506b023fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8c1e0c68b5d017c88f4b9c0c4c22d2f5

SHA1
8bdf462416597e7d77de35acd9c14651c6e79f06

SHA256
3a32b839fd6ca556d3c6c5fb6f3cf4fd740390b5b047f5ac4734c93fa6bd2a15

SHA512
808ef19f6e4e4b3b068f4dd74ec32fa8d9ad863711ea05c91c9c568b9ba217a17da5765409df11b2868ca6b6d3b967c62a11b024d4253bca396cfc27a855fbf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
267KB

MD5
c75adc7aa67a320718824e7153ac2e6a

SHA1
db0145f1b781ab5aa38b095065ad329e6411bf45

SHA256
7538dcca1cf5d0707618b48e1919d0833adb004e3829b8b41d865b4af5be1b88

SHA512
5c16e0c014a7556a86e7fdd83d98a5bc9cc20c84f5f55144b115f3d68e4e731060259be728182c8db237ada1677324b31bf75825c3da28e8601720e6ca04bdd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab26F4.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar27C6.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF4041E289E83D9A39.TMP

Filesize
16KB

MD5
20c514cfde6d65dbfbc1115e08d83e90

SHA1
41163c258a8552cd32835832f9620e2f1e59d11a

SHA256
a8672b93a5edd93b0d7afb7f714474630d316990269857b91836750d658f7a90

SHA512
e16f46b95acd2026867238bc676a13e7cc287e408b8f15bc708c910b1ce5d11fdeaa2d8409da534dbbf086b58a708bcdde0e7583d4eabe0d5c7cd03a0f22e891

Download Submit