Analysis
-
max time kernel
138s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 18:36
Static task
static1
Behavioral task
behavioral1
Sample
.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
.html
Resource
win10v2004-20240226-en
General
-
Target
.html
-
Size
68KB
-
MD5
ba7ff96135c2a706cddf5f6c8d93a93c
-
SHA1
cd455da92fbd94c40326eb8e5136860d5db6e0cc
-
SHA256
80841d1a1a0203d9316994925575cea9999fcb9c4cbb534203026738fd35e9d9
-
SHA512
c355e4251f5b7a7674bcc93bc715a068be72008f0454adbeef964af28157b38536a77e3d7aab69b930c0c4f07db8962a2bf7711d9603371b08afc91c9c7b002d
-
SSDEEP
768:KYSLUpqLZA9pNN0Lmwhw3UnaosMnp6HVAjgOFo5LOF:OIpCZA91UbfpNgO24F
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000002e3a654f515c90010bb090997a6ec02a51f62c76b40ba21d7a4ab3aaf87ac1a3000000000e8000000002000020000000c837a942b50c257597aff6867af9aaad7b0b6143c443d897072fa6695d28bd3d20000000dbce7fc5954baee442e2bc2bb8e68c3891eea0bb3377c15c11d98bc78f0a4a4b40000000c3f4717f5043867a70242a43c106ad7732aa3c600282271daa576e0f32458702268e029c831373f816496a77a9b6fa7cc0e09319b16ac218294154f2aac5a8ff iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90332ca1c0bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000086f6cd7b433fa6798363c3e28b478a659ae06430c9cd67b49e2eb7d35645d102000000000e8000000002000020000000c48d648e87fffcec90533f7d0306f5a3d0e7e0ae6e5e65d63e6080d6ff29345b900000006268723f46ca4d18478fb2089ce4b6f512646f659712809956f6eab963277d7bef50c7828660357c8c96b0b0966baa695d4bfac73b1d0b62ff92f55c5f7f002f3e638e037c1dc65001ceabd06bd2a8b50655d41b1597a67b4ec04b877964fb3c7bba4f7bd18745645095981d94a5a969abf42316934929e38cfea644655e7e815756db60e6b57111fbbb4a7ce845dd43400000004c3cff2c28b4668f1000a487e9bb3345e3a32a849601d36ce5504256e8656a1b4bd9cfbb485506ef4f38e15fd628dbf780e7d7e31a7036b970608f64dee67c2e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CC0B34D1-29B3-11EF-A8D3-D2DB9F9EC2A6} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424465635" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe -
Modifies registry class 22 IoCs
Processes:
IEXPLORE.EXErundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_Classes\Local Settings IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 5200310000000000cc58f81a100057696e646f7773003c0008000400efbeee3a851acc58f81a2a0000008a020000000001000000000000000000000000000000570069006e0064006f0077007300000016000000 IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000 IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff IEXPLORE.EXE -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 2208 chrome.exe 2208 chrome.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe -
Suspicious use of FindShellTrayWindow 36 IoCs
Processes:
iexplore.exechrome.exepid process 1732 iexplore.exe 1732 iexplore.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
Processes:
chrome.exepid process 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 1732 iexplore.exe 1732 iexplore.exe 2644 IEXPLORE.EXE 2644 IEXPLORE.EXE 2644 IEXPLORE.EXE 2644 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
iexplore.exechrome.exedescription pid process target process PID 1732 wrote to memory of 2644 1732 iexplore.exe IEXPLORE.EXE PID 1732 wrote to memory of 2644 1732 iexplore.exe IEXPLORE.EXE PID 1732 wrote to memory of 2644 1732 iexplore.exe IEXPLORE.EXE PID 1732 wrote to memory of 2644 1732 iexplore.exe IEXPLORE.EXE PID 2208 wrote to memory of 928 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 928 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 928 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1944 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1580 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1580 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 1580 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 808 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 808 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 808 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 808 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 808 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 808 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 808 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 808 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 808 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 808 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 808 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 808 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 808 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 808 2208 chrome.exe chrome.exe PID 2208 wrote to memory of 808 2208 chrome.exe chrome.exe
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1732 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2644
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Windows\addins\FXSEXT.ecf1⤵
- Modifies registry class
PID:2480
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2208 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5699758,0x7fef5699768,0x7fef56997782⤵PID:928
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1192,i,12088000357720339112,16916275892361268373,131072 /prefetch:22⤵PID:1944
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1192,i,12088000357720339112,16916275892361268373,131072 /prefetch:82⤵PID:1580
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1192,i,12088000357720339112,16916275892361268373,131072 /prefetch:82⤵PID:808
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2328 --field-trial-handle=1192,i,12088000357720339112,16916275892361268373,131072 /prefetch:12⤵PID:2928
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2440 --field-trial-handle=1192,i,12088000357720339112,16916275892361268373,131072 /prefetch:12⤵PID:816
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1032 --field-trial-handle=1192,i,12088000357720339112,16916275892361268373,131072 /prefetch:22⤵PID:2148
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3384 --field-trial-handle=1192,i,12088000357720339112,16916275892361268373,131072 /prefetch:12⤵PID:1752
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3500 --field-trial-handle=1192,i,12088000357720339112,16916275892361268373,131072 /prefetch:82⤵PID:1904
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3612 --field-trial-handle=1192,i,12088000357720339112,16916275892361268373,131072 /prefetch:82⤵PID:2080
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3280 --field-trial-handle=1192,i,12088000357720339112,16916275892361268373,131072 /prefetch:82⤵PID:2408
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3824 --field-trial-handle=1192,i,12088000357720339112,16916275892361268373,131072 /prefetch:12⤵PID:2608
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1060
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5182d78ed5b21ac8760d203ae388eb62b
SHA113ede862fd8e231c805ac4030aa1f45e206547dc
SHA256a92680349e92def0ed74b6c5135d2ce5645562de36edf4e60cd33fd0eefa4a7e
SHA5128d327ef5ce484c31103b782bae85a19bee2e0b9af9870ece111c1e7ae6e91a069d74f197574d9443dae8ca7ef974e2fd15e014b58dc1841a17cddc6265102ab4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD562aac2f934042576892794c573d8e583
SHA1d7bb1a2273f1962582aa3ba5ca9f83608a43ec6c
SHA256e2575f91993ff15ab701763a9e1fce118e0be66d35639f17735f0ae797ec353e
SHA5127683995e171e2a6bb72cd2ca50fd51c5ac29b3edb2420126c8b46b9953e0ec254123c20be3a28b80d3526c2a862e7bff06c51648a766b53f9feed4c6d80d9680
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD560006fc7e32d4da4f75a6be37facd04d
SHA12eb5c2d6677f7c085cb984bbc1acb12d43db710c
SHA256155467897cb07b72bfd0361ff9abe594cb29c81fdf41a440cc16edf9cdfb08d5
SHA512c5435a65d43cad4e3743b1773f3dd72f42f6c3aa6ad30a93c9920a5087d68341a37ba060a51c38554aa47d38bdbf16bbaa3c5931e7ebe6d0eb9a339ccb28a47b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD521e29bef1e8001efd1b233dcfaeae3b8
SHA141e3d61ee9eb5f255e6ba97637e917f68232ec86
SHA256e3fd198964bed7e0903dbb4fd5358b63e70c4c9d66d8c60e04dfafa779e49a4a
SHA51298605b9affda474c997f346e9b665a9fd344214f310b64ce0902f191c8c17cbba7af979c15342e067bc5414154c7ddd029b976e762e6604816e76d6958b4d82a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ce7757ee044e7022a65305403db807b4
SHA1de79d03f2332f2ea411d946638c00d79e653756d
SHA2566a3586575a3f68c0cbbc99b02f8b1b758bccc04dc022b1509e4113c5b6ccf90a
SHA512414c85efed771fe90184002479addb4f65dd7c3febd8c85d19ff27e500884f8ec41186e4277424f376392964fdb35753751337c5a26e8ed249db0eaa1fe1931e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b37a574eb40c89849ec74bfa0efa9749
SHA1219628afe420e8bde26458ec52c7b3c691547855
SHA2565e2284dd34ae7d37282f4f3309e21406ea87bb61f67a09883b2230ad5ea99e1b
SHA512508341d5b6ddcd9464b0aff576defad6e626cf0433a34a933c8618708d9b23e271018dd656dfe7c54716037909da963965cf86a1aae7c61dddbfd860bfe21aa0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5381eaf15be04467417aa0da2aaaba8a7
SHA1c694a5450ea1e4410d54732e4dc3e758678dca3f
SHA2568108e4883ffecc9cd14fb4832e306c78b6367befaf78f6dc070c9b86c869efcd
SHA512c60c21377a21891cc6028b2e528ad03c59356c5da59b4ab84e3639d3ac001bc7a16db33a4399c6f881f88048c00d28ed3615f6a250d11af94e8e6854f8ce5a87
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e6eb9dfa1fc24f611e82b47d95a41942
SHA1016f1ca9dcb67c8394dc6cd26cc609379a26c704
SHA2568164216d1ba1b5ca78f711e484f425a425051c55103bfcb02b23a90f644870e1
SHA512c3f3113bff433d0f3fd1cbb5599de34aa8ea79127602c39be701659832e6c889ab8b8d319085a528f98c708eeb389e81725b517dc1793a83e1c26e48722ba1ef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD530683605f68140abb97a561c971616ed
SHA184a2a8b6f05f9eb97e93cabc7b6407000a40f8a7
SHA25642d0182b120798bd02bd92b4832902f31ecf056d1d3319d175bc26d6d1b98cd0
SHA512cdae693bf7b635b5b59b0e29f3ffece147749a0476ecd52ceebfc4fb78a5464a2fbfafca998185200d2360fdb5b326eefe4a7f2db495740fc17043a483eeb020
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fa16003b47c7e96347f78b0a45934d4d
SHA1a04011976f5795adbff0c81c152b3bcf948dccab
SHA2569ebc8cf7166a84d54c563db3402494f5c87b9bab9197dfee6bf92cc44ef3907e
SHA512e6394f12f59b2079d05c77f78c0c36da0bc35206fc375512f8492e0deb576a35b51da086ea0763680280ca2c743d78bc4f5e611774e79e0047df010a40003624
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54d2471681bfc19f04740de5c966575c5
SHA16dfac6086681e1c2c83fc5f3e625cf4fe90b9051
SHA25687ce08b4f516d67ecc7d88f34de13971ff3c20a98f91edb0ca97e9635ecb3b03
SHA5125816765ebe5766cffdb652d42d4ec962ed7d3f1a94195cef74cf99c41cb992ac9d6f3cdbe17472ecd2cc638dcfba2503a4f74bda6564f639f50e756be9c20150
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f71f5a900c3ec4b1707aa821b80864ad
SHA1c15f5717e863d412702b05200e97dec1a7833b12
SHA2561b88c3fb3c2a41158bb34dcfc99149fb60c0e9062ddb257a11b7fe7af1017adb
SHA512269e8a99864f12b42084edba67696f50921c66e7f811415014bdc69909d9e86eec2eb5585cd4a253834dc8817cdf4dae3884d04190bad906c0c5c87dde71778b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD516d09e721c729f999126151ce03a9352
SHA134b99c49bb172740db73c2d88c759c2350870fda
SHA25683be8c4b978ad87ec2136bc79695522ed8a6c5290413cc4944b53d73f6907292
SHA5126242fa8f678c764ecdaeacaa442b57210f1523dec4810d6331498526df1bfed2d69a6b5e5105423f2912ab1c40cf814efec33850076ba999fb44ae4a5c16c1f2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e8371dff39019236119a0db789c0ca22
SHA119a8a9174e11f05d87f1196087050482d8f4fca1
SHA2560c3e39ef5f4e30d1f7e0ea0b7f28b2c37d51f1a1d708cd37a2d2a8273ce5a910
SHA512a01d24e97dc83d53760512442c589bc665d1bea82f4943eab43cf4808b2da56d576ece029fe21c5a7601e1486fd1a06e94f79216b0dbd6aa2e17df82b04d8060
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD564287297e56605f1f7c4d6718515d53e
SHA1a80ddf38909220bf31698712e47d63f9b0af205d
SHA256318f846107f3d932eb2f1ab441f752ad8a58c10bc7a57b3b5cb58438d86b632e
SHA512df9ca118e9589e2c39d6dcd5b867b0abd8bf1d236440d9a251c378e794ae0fc37baed8a7131ce3a24f8409b8a06541f887abf13ba2546b12454d0282ee5caecc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dc3e3f450a816f395ffbe46d2d68a303
SHA141a9b8c74be4d1126044270df05e5b9b733e075a
SHA25655681fe550499853b3515996ed419d11e72a6697c84d7c4dc4ea7cc34ff888a0
SHA5120741d7fe87e7bdc18e83c27c840c6648ef6ad74401ad788805725e7302152471295706d6fbe31e93b7d6de58a57addad52105b8ad7ad5f717dc14126a8dce113
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58d7ef5dd26f6bcd782d88b49961c856b
SHA1d1e01373f5a066aa406dc1ca510420096b9f5ebd
SHA25603638cd48e596f650d0867d3e8e93f0349dbdd4be539f763f042cef407f06e7e
SHA512cdcc4d90b4b55ecd3e757a11142ca03714d8cf74312934d87133288d90db83d14818c21a227910412dc82db298e2f6e6f20b9e286bae9d31360c1abd071c2f7d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e0b2940ef60ec87d53dbc921541a8258
SHA17b79dfd56a6a41b6c1de8a843cc4cff4abd6c22d
SHA256cd57a8ba9c4babc9b99a38f8f275a8fafa4734b902bc989384183abcd108902b
SHA512567390c13321b063336666d45b3d7048d6d949597af89174661facf1e2199b396d96b1021c6d6b746988f7089cae6714929b707557c5d4be4f1ee97575d03951
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e