9c8c654fe26ffff624d54b10e91c30938ac4019fe8c64eb6d739783b9b5f10d0

Resubmissions

04-07-2024 11:52

240704-n12n4swfpj 1

04-07-2024 11:51

240704-nz8e9swfnq 1

Analysis

max time kernel
43s
max time network
174s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 11:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sd271azjxn2h.html
Size

162B
MD5

b6a1a37fc4ff7a4133530bd086b1e7ca
SHA1

67b4ee209cb3c69b38693c5884a8f5267c7407b5
SHA256

9c8c654fe26ffff624d54b10e91c30938ac4019fe8c64eb6d739783b9b5f10d0
SHA512

b572fd77899459294e8c437f5cfcaf092fa1021558ac8271e82cc57b1012c1c198899b8b303518c5910144a81e7f008524f8cf3b95bfefcc0f750a74a2e9b05a

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 000f34c308ceda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EDC267D1-39FB-11EF-BE23-DE271FC37611} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000005702ab4e63c41f1b25ea138500cba4924a1a483a5d80ff39a6544f45780e29ed000000000e80000000020000200000005f4926fae75d1b98f8c56d31876d8139e35dd602650a2e994339f7daf35a48f9900000002774731bf2c2fc12043272427d6d6365d84c9b625a9e61e2f2b5f5e4d7f736e87e0c05d38f6072530aac8af7f933c12c8948650187fbfc150dac16ea9fefb96cef80fa5fcec9f9b9c3bf5b38bfe1f96679e562ecbf0b9aa731bc4f1e6a281bbf1c12d74ca838791e69c538192fa960fff6056c27d8f02a3b3c91966fbd661afc663c1353a35d440830c542c74bc49a9a400000006ce2b921774f85e339147e339bc1e7169ce873aa86521539cf7a870cfc1c2b33c86c204eb62893a3847aa740cfbd5ca2d511f0112822414799719c56f7f6378d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000f27e6d2bacb121c018d1d69408e47040a807cead6e2cb97c4ca810d34f957df3000000000e800000000200002000000040b56d2822b4d404d32ab51506abfd52dc28269d46d212e89edc8f1846a671bd20000000c9fd4883d8b3d4a1fd5113f67daffdcbf7d14fb4cd1275ddbce3f0fc1a17900440000000f4b747ce1448df6bf5052c056ed8e76de784738d5fa2fb4f2be0994dddb2e53473ed90eb86da4702044e25f2bedfd912b23225ac944d5dba0efc3152d4d87395	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2856	chrome.exe
2856	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
2752	iexplore.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2752	iexplore.exe
2752	iexplore.exe
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 2324	2752	iexplore.exe	28
PID 2752 wrote to memory of 2324	2752	iexplore.exe	28
PID 2752 wrote to memory of 2324	2752	iexplore.exe	28
PID 2752 wrote to memory of 2324	2752	iexplore.exe	28
PID 2856 wrote to memory of 2704	2856	chrome.exe	30
PID 2856 wrote to memory of 2704	2856	chrome.exe	30
PID 2856 wrote to memory of 2704	2856	chrome.exe	30
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 1884	2856	chrome.exe	32
PID 2856 wrote to memory of 820	2856	chrome.exe	33
PID 2856 wrote to memory of 820	2856	chrome.exe	33
PID 2856 wrote to memory of 820	2856	chrome.exe	33
PID 2856 wrote to memory of 752	2856	chrome.exe	34
PID 2856 wrote to memory of 752	2856	chrome.exe	34
PID 2856 wrote to memory of 752	2856	chrome.exe	34
PID 2856 wrote to memory of 752	2856	chrome.exe	34
PID 2856 wrote to memory of 752	2856	chrome.exe	34
PID 2856 wrote to memory of 752	2856	chrome.exe	34
PID 2856 wrote to memory of 752	2856	chrome.exe	34
PID 2856 wrote to memory of 752	2856	chrome.exe	34
PID 2856 wrote to memory of 752	2856	chrome.exe	34
PID 2856 wrote to memory of 752	2856	chrome.exe	34
PID 2856 wrote to memory of 752	2856	chrome.exe	34
PID 2856 wrote to memory of 752	2856	chrome.exe	34
PID 2856 wrote to memory of 752	2856	chrome.exe	34
PID 2856 wrote to memory of 752	2856	chrome.exe	34
PID 2856 wrote to memory of 752	2856	chrome.exe	34

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sd271azjxn2h.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2752 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7389758,0x7fef7389768,0x7fef7389778
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1304,i,1620157179826351913,8319084002979841339,131072 /prefetch:2
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1304,i,1620157179826351913,8319084002979841339,131072 /prefetch:8
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1304,i,1620157179826351913,8319084002979841339,131072 /prefetch:8
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2292 --field-trial-handle=1304,i,1620157179826351913,8319084002979841339,131072 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1304,i,1620157179826351913,8319084002979841339,131072 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1320 --field-trial-handle=1304,i,1620157179826351913,8319084002979841339,131072 /prefetch:2
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1428 --field-trial-handle=1304,i,1620157179826351913,8319084002979841339,131072 /prefetch:2
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2224 --field-trial-handle=1304,i,1620157179826351913,8319084002979841339,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3528 --field-trial-handle=1304,i,1620157179826351913,8319084002979841339,131072 /prefetch:8
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=776 --field-trial-handle=1304,i,1620157179826351913,8319084002979841339,131072 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3524 --field-trial-handle=1304,i,1620157179826351913,8319084002979841339,131072 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2480
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fff7688,0x13fff7698,0x13fff76a8
    3⤵
    PID:2256

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a60e55f5ede3133e0b88c3807c6f8d4

SHA1
0f1f26c572810df6b27b50a5c6cfcfd7ecd337ea

SHA256
8ed4b4c5f8f28e3fcb467e2034eade066cb016781e37e8bec32cd920a853f450

SHA512
1c40b3dded39158145118b479cc1ca22770c2c8240c6bd158cb437c9c506eff3d9210704212b207e51fe1bcdac3267ff19919d1c0953d7a991d69cc1e76debd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8407c29d4bd8d41fc3bf7c34cc1acd6e

SHA1
dc1e21ff35b5c71e3a5ad60d31615669e179b510

SHA256
fc9f9c0aa57ce3bcabeb08e7b28f7afbb4308791939b6ea1833f0e286170c5fa

SHA512
cfa3a6dbd1a655023b69b8879ca6607393c8f6bfddd5d36ff2cdf14d6ddb7bd498ee7564b394fbadbd4904f4f3f3ac481060f688cd117c21f5f65f8a48718db9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa1a15b355884507ab10e47fc7abece1

SHA1
13abaa2c3c194ea16469e209247024d41eebb885

SHA256
af0ceefa6a83d694385fc1ef2a397fa1327b6491b59abaf979a36eeba6c69d20

SHA512
9b75fded0a538a1a16121ede78c28f286ee3193f692c03ce2d788f4f60696479978b8d5abcc762ae7fe97bea8da363e3144d079e693de91fa0faad1df786301b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60fccbbcb7e43f3c60947a16d565057c

SHA1
cb424312e5dfbca9172dcfe71681c3e6fc1e1eda

SHA256
45b4ff246617636f70df4b2eb3dac3780a569a2d62885991566c296f44fbb788

SHA512
8ee938da3d7013102015abf9170a3c5456c5675c30de63df233f5cebae69eaf0ba95b7024fb4c379488ed6babf80b92524dda38a678b7081f6b20030737f3976

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc95495cb1986b04ff81e69b6b6423cf

SHA1
fbd163b95fd5a4bef92855c7e13ae9041b19c799

SHA256
72381a0892dfd6bc3f562fb87f0358fce5455d2d5fbf4d8f19ad790848bb76ae

SHA512
6db247000ee111774d8bb460f7d6ca4a3205b7e4edc6e130602d913f80616794e1d2ea66bfa6e24fa8921a8136ca99f2ac830d19aa90de6125716dd74b5d9c51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2bf4b391ce5acc0800e95fc58aee6d5d

SHA1
1f7add135579da59401a9d95ce13e15078fcfedd

SHA256
985e5e0f076384bbb8bba2b00926f30146a05d0b4db8ad73696e361f04bff753

SHA512
c30e7510d1ecbdb21c3370c5d1307a8efb87b49639edd4dc77628f37d5f72d1dadc04bde7a5a58df96b57cfe6d479c6f94d1fb1ac19b1d3e69a2989e500c13df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97e66357c373cbc906ff337e3b3ac598

SHA1
d15fc3693ad6299f1917418dd35da96e2cf1c5d4

SHA256
23d9c013c2ec4af88aa78d17721fc2f6a4d085b177121a9cdc2cf5d5728be772

SHA512
0042e596f7c0e5ca5f5328535592442176e45034e52ab429820732047faeee2f4a606fff53f5fc6823ef9217fe287f42bb2a519fa2e4bcd345bd900169267273

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76d837d407f0e5c4158e93e2465e18dd

SHA1
48ed59026248b5fcb308fb25827e473c0e65f736

SHA256
492675b5815b7247a1de631cd128aaf909027f2d7dc5cb22f862351aa4509efa

SHA512
c085a24417e20649f8e1b3badc44b1e007528190276dc4e0e5cc64a874eafd41d584b22e70cd0e1fafeb3351f40ab2d18b817d4fa8ef41526ec3cda116d79621

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a86e583833044a04b50bab9746f3945d

SHA1
c1e45c83f2d71b5a0d8917f31a2d8f0ac39ca9e3

SHA256
aeed8433ea7dcdd0dd3f6e923e53f1b925ae5e8af29bd7a3523dd42f2810b82e

SHA512
e8e98368e354497965f24d67bae7b0a9d244c7439e269672a52e21e29b09c80f363302ae73f3b47bacbc22320ea678feb60f0cbaff86fe7e85cd453372524cdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
29484b6b4c197794326aa8a09dc0e068

SHA1
695015e713d2f1f53b08dff9ab39300ba1a3b349

SHA256
fe441578dcf86a52aa9cd90af4c06fca87e2cab1eb4abd73ed358cbf47d1a1f0

SHA512
857fe92cf7b3925119341828ce6c54773d1ab8c065425c35b95caf5b1845a21e0f48a01297abc4f3b6877f2ab48d537f275e995dc97cb401fcf96571300c06d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
816fc581478c7acb0d67f96bc7e5bc23

SHA1
1571a114e61e6f351448014515c0e13c0517be9b

SHA256
4ab82245c478ff53e7aba878cda4db5856e6df063611b7020e59ce7aa81a6000

SHA512
5c3807f78df0bbcfaebbeb10f40f9be04408273ab4e177e2261bff5d07534fa6d0fe2609c9f39f21295a4cc2106696bd3e133efabe97eb1a5d2afe7164f3a3a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
16745eaa61b771a979eebb0394eec6ca

SHA1
339cd02527695289d6ffc8ee0c78163f2d457cd6

SHA256
5c29b20bd4271f1fa6b8d328376cbb8fb3ea7a75ebd50d0427cb8f81f18b0777

SHA512
52fccf1c2d406661f24c7b2aab8fc572b5d9ffec6524165e65648f9831939eec2d5277c90e2e8f7be0c5a9c914cfaaf8704b0a428f189a7e5107d225c789b550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
d296fda7f805c27ffbbb22f22a47ad44

SHA1
171153c8b607c614a614924b4e820dd75f0a04d9

SHA256
47904731f43c39cb1a6ebe3c0b24405d1d4eb064c15cf04b0963966ccff97670

SHA512
b5c11e83d2d4b716f97a2d2414bdaf1d1c16fb3cad0b759aa7816f07455df0bb1a523768eec882c1ca8626def822d013d097f2f1102cadcbc5a1f69e71531441

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
300KB

MD5
003c0355ced1d8b41fdfec829450b14d

SHA1
2712c3725b769f3d4625db1b3dc7404843611bdb

SHA256
b451e494fbe1995ddecc88ea8c44c1da31f84572ea655c612d8c3dd1a5d1b575

SHA512
d58900a32ce58c468ba3a7714ecd44361f5a058ff428018c7a425a9b6127764be5cf666d5b773de89af8085d237981ce8e2c701139f65f35c1d4eb4062f1e537

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab94C4.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9572.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit