Analysis
-
max time kernel
12s -
max time network
29s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
01/06/2024, 20:09
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://mega.nz/file/1L8ElIYY#ExOYqknBi09xhhLR2P20xlIV_oxRLQwhaDJjJAqpoFg
Resource
win7-20240508-en
General
-
Target
https://mega.nz/file/1L8ElIYY#ExOYqknBi09xhhLR2P20xlIV_oxRLQwhaDJjJAqpoFg
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\mega.nz IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "65" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E03A7021-2052-11EF-9B71-FAB46556C0ED} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\mega.nz\NumberOfSubdomains = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\mega.nz\ = "65" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\mega.nz\Total = "65" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff680000006c000000ee040000d1020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2012 chrome.exe 2012 chrome.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeShutdownPrivilege 2012 chrome.exe Token: SeShutdownPrivilege 2012 chrome.exe Token: SeShutdownPrivilege 2012 chrome.exe Token: SeShutdownPrivilege 2012 chrome.exe Token: SeShutdownPrivilege 2012 chrome.exe Token: SeShutdownPrivilege 2012 chrome.exe -
Suspicious use of FindShellTrayWindow 36 IoCs
pid Process 2428 iexplore.exe 2428 iexplore.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe 2012 chrome.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2428 iexplore.exe 2428 iexplore.exe 2932 IEXPLORE.EXE 2932 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2428 wrote to memory of 2932 2428 iexplore.exe 28 PID 2428 wrote to memory of 2932 2428 iexplore.exe 28 PID 2428 wrote to memory of 2932 2428 iexplore.exe 28 PID 2428 wrote to memory of 2932 2428 iexplore.exe 28 PID 2012 wrote to memory of 2256 2012 chrome.exe 31 PID 2012 wrote to memory of 2256 2012 chrome.exe 31 PID 2012 wrote to memory of 2256 2012 chrome.exe 31 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 576 2012 chrome.exe 33 PID 2012 wrote to memory of 920 2012 chrome.exe 34 PID 2012 wrote to memory of 920 2012 chrome.exe 34 PID 2012 wrote to memory of 920 2012 chrome.exe 34 PID 2012 wrote to memory of 1100 2012 chrome.exe 35 PID 2012 wrote to memory of 1100 2012 chrome.exe 35 PID 2012 wrote to memory of 1100 2012 chrome.exe 35 PID 2012 wrote to memory of 1100 2012 chrome.exe 35 PID 2012 wrote to memory of 1100 2012 chrome.exe 35 PID 2012 wrote to memory of 1100 2012 chrome.exe 35 PID 2012 wrote to memory of 1100 2012 chrome.exe 35 PID 2012 wrote to memory of 1100 2012 chrome.exe 35 PID 2012 wrote to memory of 1100 2012 chrome.exe 35 PID 2012 wrote to memory of 1100 2012 chrome.exe 35 PID 2012 wrote to memory of 1100 2012 chrome.exe 35 PID 2012 wrote to memory of 1100 2012 chrome.exe 35 PID 2012 wrote to memory of 1100 2012 chrome.exe 35 PID 2012 wrote to memory of 1100 2012 chrome.exe 35 PID 2012 wrote to memory of 1100 2012 chrome.exe 35
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://mega.nz/file/1L8ElIYY#ExOYqknBi09xhhLR2P20xlIV_oxRLQwhaDJjJAqpoFg1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2428 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2428 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2012 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef66f9758,0x7fef66f9768,0x7fef66f97782⤵PID:2256
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1356,i,4795832984576330227,15118941111125598356,131072 /prefetch:22⤵PID:576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1356,i,4795832984576330227,15118941111125598356,131072 /prefetch:82⤵PID:920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1356,i,4795832984576330227,15118941111125598356,131072 /prefetch:82⤵PID:1100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1356,i,4795832984576330227,15118941111125598356,131072 /prefetch:12⤵PID:3016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2260 --field-trial-handle=1356,i,4795832984576330227,15118941111125598356,131072 /prefetch:12⤵PID:1848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1000 --field-trial-handle=1356,i,4795832984576330227,15118941111125598356,131072 /prefetch:22⤵PID:1824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2124 --field-trial-handle=1356,i,4795832984576330227,15118941111125598356,131072 /prefetch:12⤵PID:1612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3424 --field-trial-handle=1356,i,4795832984576330227,15118941111125598356,131072 /prefetch:82⤵PID:1664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3544 --field-trial-handle=1356,i,4795832984576330227,15118941111125598356,131072 /prefetch:82⤵PID:2508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3420 --field-trial-handle=1356,i,4795832984576330227,15118941111125598356,131072 /prefetch:82⤵PID:2120
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3436 --field-trial-handle=1356,i,4795832984576330227,15118941111125598356,131072 /prefetch:82⤵PID:1132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 --field-trial-handle=1356,i,4795832984576330227,15118941111125598356,131072 /prefetch:82⤵PID:1264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3680 --field-trial-handle=1356,i,4795832984576330227,15118941111125598356,131072 /prefetch:12⤵PID:2656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2404 --field-trial-handle=1356,i,4795832984576330227,15118941111125598356,131072 /prefetch:12⤵PID:2948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=1356,i,4795832984576330227,15118941111125598356,131072 /prefetch:82⤵PID:544
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1500
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c3732c98167b8f0e57c108c96873e6b7
SHA1eb32aaa189a7234454f1f0f48fa8446d88d32e80
SHA2561852e8d9e650a1ecee0498cd10b17293703f4a991039de0ae9918ccfc64ce990
SHA51243e3bb9c9c1b1bd0b1a1b11dad890c9f581d65ff4e5e56feeca72cca689543f18333cd2e0b2b1b8cad152bc8a5085c8e8cbd1386b79be1e3bf4aa169fae31ce1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59661bd6640a3e84c11b086597160972a
SHA131b366ed15f04eb07b939ba83b6cdd80002bd4c9
SHA2566787fecc68c112212848512406a6b0e77f2b0d738068dabfb012c55dd8ec3133
SHA51217022f7ef4de923c00493ff554d17a94d5e54677cf2756ddbc406b95dd39d259675161750f24b9c8377da6277bade5ac6a69f96a8455d1495f3875cfc609f767
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD578a240af4f1800c7a100c9b29238c53e
SHA19fe789e2d3f7a7d5300e6a7f8ebda7112747642f
SHA2569d8277112672e734e128ae530307474e23001ec028ee893cf2692b013e292a58
SHA51217c110033dadea0655188ab6f4f58704b8c279c096b277694ecdf837dd12faa2bd440a642e20a091030fa564523ea7b7c78623a7b7c23f89e63e774d10401655
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52a681b63bef5e2ec9865cac22221e48e
SHA12e3870b7bcc31dadf3f44e64c31a2e9201f46063
SHA256005d78549ea0c15130ef69126d2c29d69748eb6520df5f8c25043661b5f46a1b
SHA51264b765e2eb2735c2675caf3f56f917dab6b49246a95055af4b20f412c790f82d0f524e250e0ce56ebede2fe6b307e4b3d923e4c5086c4a165c6061b910f8d858
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f5d07d31c29e094ef2ea37670741ef14
SHA11c4b87fa4b14ca3153b4885499e71b7403b697f3
SHA256f46afa0e5f9c1861fe9190b0bf93a139d74f288f8f181a77fa0cb808154c706d
SHA512be162879e2357ac909c1512bc05ff132a7713d31dd70538c73e67f3a2f1e8f64e0f838959c09c552420ca472a3da688ba6151c0ba5e7df951c0cf89101440081
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52cb7c262ee95ed1223e71ccd2e4d33a9
SHA112bd17cdb99a34034f4597ea04d28d005b049d2e
SHA2563292229da987c1385dc2b50feabb9ce4ed7bacbf70603dcf2184c3312df4523a
SHA5124b6831561fd5b00f35e15019d6e4c5a90080828ff148e55fe8367265a1db1120dad3dab7556ecb0304ff25dc61e80632606558eed73de752be17e16e36dfc579
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fd1b68f05353b78894b4fcc1d25468b1
SHA1e6dd9538287d9c2a9d0429c6f6cb02f5a4b44a0b
SHA256b44c6aa8103b55fd5b28dcd08ee9644a6772188d6dff90075c0c9c7dbe19cf9b
SHA5123c15c60209492c1144dd8a0c5fc4e91d882f5264d7f2f4ada5a2a031fbf36056282d1f6a695430e5551189a0d47084a32247a758515e2cdae280c5d09e327964
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58d112182bb6d7b9bb5c490cf2e8e4259
SHA14aec7340696ea39822a7f1c648566a77cd2758b4
SHA2562353a2b1da6ec810a04e21aeb18ab0fcfabd5e3d743beaa19869836c154d7fac
SHA512d80c61cbf67375ca2c664969e27c3f92877f54c6a3f5dce80696967cc6895beeb4e7d68f4c2f118ba026476545af61e3e25e9a17451a4e51a3cc7f3bd060e82c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5733936dfa081f7e722dfe52d89123ef1
SHA1c8b985ccc4dae765f6d51855fef1f0becab9ab8f
SHA256ce972db933ce974d8778803e689abeec7961c379af756022bb603541396c51b6
SHA512f8e9463b391b77701a34bc1ae6b5540fa0e1225403b90d2d22426d5d025a98c2af7bd39ecc1bb173c6038cfa055c1c92a9bc580a4a4769c643a93c796fb9e468
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5021f28c6f20e513b75e2176f656a32dd
SHA18c516fb10c4b8538ae0bf4345c60cd849d1e1a7d
SHA256305e3a3f39d7e721946e05717129555292ec69561aaeb436a11ac7bcd83cb7fe
SHA5121f572603648b948407849ba476d1618f0beef4abf869aec650ad6d2194478e75ece6a38b71016cf7191cf198a3fb99c8cd6da8a9f33b958b9841b45fa07a5d30
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55781e5bc6cc0478bb571d9de22b42bf6
SHA11d732252248e65a961a14ac2fc2afbc1e3a8881c
SHA256a9938fc8e52bc811071e6a3d38689ababd34a78632ba255fe10f227816657c1b
SHA5121b876949a0259b38514cfc85acba7836ab9d6830103b9473c46eb1a434658eaf2e03282dfd5590c6a6c4932208977a2d4383de131fd71fbfd58c33170e4269e1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b4fdffcae0b337208910d49cfc3136db
SHA1b1cb14dbdab9413b6d20c221105a2b6d3ffdadd6
SHA2566af267ef981ef29f261b1b1140faf5e2e11f8b23bc15b3d0a3934946d7e7945a
SHA512f5657263b11b46a2b73bcdf4f2c44e7e5883ff4ae81493c5829dbbff210d5508a612a416c5c06498ecff26003fcc7988810d4711d5a3eff83e8975b0ab458a32
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57e6935cda98fbc783dea2257852dae21
SHA1dccdbd44e2e2c41843370d3d9033f9a40e197bec
SHA256b0d7737f16bdbfb87ec9039a937852c88f2d7f4dfacdba1932459bc0717033ff
SHA512125a31c27da599e68974629725f80a25fdbfdc9ac3239d490a4b60a9ad9d8e469e3b79299338b107ba72f08038fd1b627b0df2ef07c31c4bdf85d298c2ac11a9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD574394999d1752eb2426d2af7aff1b9d8
SHA17e70d04a167ae2a65712b44bc757b905b80a14b8
SHA256309958260779763eeb50f93bc955355516ba92c845e814a29ae9bf88f986498e
SHA51258d5d89f7d3fbb5d6e34d7d29e411c4fbd12bcf732f8ee985a245c10703994b422c14efb5cc37311baca129d8051bb9413803d2b042f5e6698365ef688f4598b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ea6557c68d75c3921d4cab2f2b54191b
SHA145544a2ceb6d109a46c752032453683c83f9ce49
SHA256adbfde2ee694897fe2fb2f99fc28495be12f18206cd1214b24f509b46738181b
SHA512eababa82f660c80053d32b13bcb6c8be9785f8b5fad6dda536907a7bb2fe0ba1de4a86def4a6b87d4e4accf92c0656c75328ad2dc3463d87f14d7f02812d90cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd15db3f996f45091583e0b9f80273cc
SHA1c89c60ff5185ce1cf3bd68eaf5d0ebbab5d308df
SHA2561f22fc796f2c80b73f04888a2985d4483890015d98e057624acfe8f369b8b269
SHA5128f8a78b7e334ba7922bfee27cdccda3aff6d4ec5011118a7f7b62d793b1051d838148d9892bc443af7703586726d4541d9a4333343ba3ab44bf1ce38eea3ddb0
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
6KB
MD5a1d2ed457e4c1d95e6f523cf0956e9ec
SHA1b48fba2198c481b67a1e9d304d6233fcb6117734
SHA256dd8a0729c4994c77ec3de4d8e0d370225f081776368859ffa3ab3b29023ff0d1
SHA512d4601275ceac5e72250a9f0d4a8043860338e6cbe2c8710371e44015a8b377ee345407f6182bf93cdc548d5842d27e95ae20d8f9933e6c61d3bf374aceab39a8
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52G8PVLC\favicon[1].ico
Filesize6KB
MD572f13fa5f987ea923a68a818d38fb540
SHA1f014620d35787fcfdef193c20bb383f5655b9e1e
SHA25637127c1a29c164cdaa75ec72ae685094c2468fe0577f743cb1f307d23dd35ec1
SHA512b66af0b6b95560c20584ed033547235d5188981a092131a7c1749926ba1ac208266193bd7fa8a3403a39eee23fcdd53580e9533803d7f52df5fb01d508e292b3
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b