32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

Analysis

max time kernel
31s
max time network
142s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
06-07-2024 03:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

146B
MD5

9fe3cb2b7313dc79bb477bc8fde184a7
SHA1

4d7b3cb41e90618358d0ee066c45c76227a13747
SHA256

32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
SHA512

c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000930ed985b08cdd4cb38e38023150682b000000000200000000001066000000010000200000003d03f6bd07ec1dae70b6df62b3a35b910cc1a347ac08542a944794f0ec08915d000000000e80000000020000200000003ce98883ac300781b78234fe48793a06b2a843fff7c664bd2a66d219870c850220000000f2b36bebf5950e287bfb3b133b8262b06f7f4bc3d894f530008cd885f5f060a54000000004442678e4c5fe7645e0f626b5f0e5c41aa8e2c629b44111c33d3987fc7b525e3de165135ec65eabd1ce9bd7230e5f700c8c999a2d774841653a26e68048af59	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0786c8958cfda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B4D078D1-3B4B-11EF-9337-EA452A02DA21} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000930ed985b08cdd4cb38e38023150682b000000000200000000001066000000010000200000003bcfc4576ff6d8dec53a9142b6520c6679fa5a1a860d08edde0034177da4e5dd000000000e8000000002000020000000ca9d5390d994a176124016fcd55e9c284809d5bf564cc3888a015b3727e177c6900000001c70521bb36afbc63d7e8f8a5e1b74c865c6db1eb2a153257448c2b80974d7bfb3d8d62e36192a43cec6f1df87f4f7d4b8c47a53af369b7789f40f3ef6595015716e5010d92dec93246fdaaffc23169974b1b495d4c1051a4ae189814319bbf84fb83856e4e064d9576fb51ab89af9b72cef49d58452adca8bd0fc61b7d07fb4b49abdf391ddfdf4951ed9aaef7df7a1400000008a9104ebe86b6da7d422b9c16a8604b7bb3aa3fad04bbea67299a79bf0da12a9228efb1f232d9dbf492a8a3bc3901d16ac38a900ac50d2a01bfedb172e985cdd	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1624 chrome.exe
1624 chrome.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

iexplore.exechrome.exe

pid	process
2072	iexplore.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2072 iexplore.exe
2072 iexplore.exe
2792 IEXPLORE.EXE
2792 IEXPLORE.EXE
2792 IEXPLORE.EXE
2792 IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exechrome.exe

description	pid	process	target process
PID 2072 wrote to memory of 2792	2072	iexplore.exe	IEXPLORE.EXE
PID 2072 wrote to memory of 2792	2072	iexplore.exe	IEXPLORE.EXE
PID 2072 wrote to memory of 2792	2072	iexplore.exe	IEXPLORE.EXE
PID 2072 wrote to memory of 2792	2072	iexplore.exe	IEXPLORE.EXE
PID 1624 wrote to memory of 2748	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 2748	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 2748	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1064	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 2124	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 2124	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 2124	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 2344	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 2344	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 2344	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 2344	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 2344	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 2344	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 2344	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 2344	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 2344	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 2344	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 2344	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 2344	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 2344	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 2344	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 2344	1624	chrome.exe	chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2072

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef70b9758,0x7fef70b9768,0x7fef70b9778
2⤵
PID:2748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1264,i,11122898823291219851,850895043662899617,131072 /prefetch:2
2⤵
PID:1064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1264,i,11122898823291219851,850895043662899617,131072 /prefetch:8
2⤵
PID:2124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1264,i,11122898823291219851,850895043662899617,131072 /prefetch:8
2⤵
PID:2344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1264,i,11122898823291219851,850895043662899617,131072 /prefetch:1
2⤵
PID:900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1264,i,11122898823291219851,850895043662899617,131072 /prefetch:1
2⤵
PID:908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1388 --field-trial-handle=1264,i,11122898823291219851,850895043662899617,131072 /prefetch:2
2⤵
PID:2248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3300 --field-trial-handle=1264,i,11122898823291219851,850895043662899617,131072 /prefetch:1
2⤵
PID:2536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 --field-trial-handle=1264,i,11122898823291219851,850895043662899617,131072 /prefetch:8
2⤵
PID:1688

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad6fb114f31efff34e9bd91d75549015

SHA1
04b0c446dac3cb31b1e5f46c32da7cbd79254e89

SHA256
5b2448cc61a5e0f56f775a8b303755928ced3c7d1690443c3fa34ae5f3cfa7b9

SHA512
1640cc0b0c6457410a4c3767dd943c89e2747a78b705c585149e4698c5539062d9933c6ca9519649c0a379cc3022c054d67d533c04fb8dfd2a7ae2132f0da531

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52d6ebc969af0c738b7cb8fe88771583

SHA1
2e9096d4e6112b69d9bac0c776be156a35877288

SHA256
8fd5851c03f6f437e682f4ab595f75272d8222232e8cdf0ce41a454a329ddfdf

SHA512
734858cdc3eedda2aa0cd916fcc137c7a45a14ba36d6753064a9cd41d9be92c4f89a0a59bc4c8eeb1343ffe3505c06fe66db6058f33ee138b0ea6ca557698124

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a80610e056271789c776514aa84b704

SHA1
7014eaec0e07a7a81562c6569dae7b9b79abd147

SHA256
fa796465a39c54c2b0cec21dbfe02263bdd7093255cd84049cde50f54f301840

SHA512
5fe5e177090c51d2bdb248ea77d130c9ae21f68d6f5f4c59a6cb54c1ba9bce735b21242c829c90a3dd41f980dcb8dc790e51582e34cbfc8bb34e97eafb2c45c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef829ea898bcc80b4a0d0bc2645efb6b

SHA1
04bd36071bdf970957ecc143509ca9383f943679

SHA256
6c4559c34d61bcc40553e00b143a4ba5a1fcf85f8fdaebabb239c6ab8eb2004f

SHA512
d4c09a368ab5c28c1fee67310779fe02a06afa24502668b731385a0b692e52f6619461e0893c19ff758a0ace70445084977696e28528171ab063eb2cecd696f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b950e54433cb716e537d92da586aeb9b

SHA1
2e432c9d1da0a3ceb15da42c86d89cc26e83141a

SHA256
43149e5c26408c35ce5c37340ea3caedad888000d1e7adbe5f0857e8342b2f2e

SHA512
3cb267afecd6c24cdd543a18f55013a141e5b74f86cd63d329ddd760b8d2248155994778f4a9308b870f6d83d76e44a4b2ccca5ca44c56c3a8aac0f98f40fbb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51248c818afaf1d6b30643fac1bf39c9

SHA1
c791a827f7b0f20e53b2ba79da126076220cf756

SHA256
441624903b203162c99ee2c0fb5dceb8e67c9f3a8a021296465865e8f9e33503

SHA512
93a65eb35c79e5708cc17489afb38573884d3f9135356dfe6c4c5c5c5d94d10e20ae827d81e3b711d49519219103a7cfbaf9cf1095878e5e6fa05e130efc4dae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59ab0bc841352241492f16f1a9de3b21

SHA1
9dffc7bfef2888e2be2ca201e8f89263490621a9

SHA256
000fc62060904c938ab80781e51f573918803468f4665d67e5aaca7fcb0e9860

SHA512
3bb7582575b3c0dc8d93bfbe096ff7b77c681b4df752dfe03d25da46df9d6eb621d448eb41b5cd54f0e8dc9649b2ffb4af5bc98fa7d3c9bf23034244049b8f88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f447d7821037f497f66c7d41dea00f7

SHA1
b06600d5bd6bb2a8ae1771c50d66265e29c513f9

SHA256
b0968cc94caa6bae63288ea69d78c7540b542a915ddbd61d9c72e1997c929bfa

SHA512
c73fd0e43a148d7339ece1db0f1f878c1fbc57102749256ce9d7542660227ee55b69dce8c52513256e448c7664f03cb69a2167d545b0d409441d5ecfeedbc812

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6fba110048723427f7b02f94cfefe037

SHA1
8c6bd407b9644537d68a4f9af2c47b658fc0de96

SHA256
c036f9e7afb570b6c97e7ce20ede2d2079c0d80854272b6a5f94632614665b8f

SHA512
cd81b2fb22a9be3bb20ddac6f4af12eaf793953cb9d4a47c2d7f1ca8b8207410adea17906bdbb63e69fef4f2022f69bb8e233868b88f7197ffa38cdab3046ebd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d185147ca1002399454c314b9cf6a03

SHA1
558bc7bcf421de02bb531673bc4c1fbdfb205e34

SHA256
c9efeab4c7a01c72bd12f49b1198c4d3ca16ab43174049150d16dc6efa36f876

SHA512
aa2b81f32f7ba85642e1a21caa53aa792b06e11f4970dd38e91f238088a0681bd3e189475c06a6116a38b5a5d8753076fc52bab0f0e93d87f20b2e679f2505fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb56a5bf58908b750c532aed8bbec932

SHA1
744bd88855abe336effe7b80125a05dc162790d6

SHA256
05960f31cea4b801834cb117ed0410b5491ad546afd93ebac351848ff59e8e91

SHA512
3c3e55d1e9d2af87ee352fb70f05c3634506e5ad24ae02f5009ff6be252c7cbfbdbb99b4356f0b37b2ed174e56a1e7ad1afba9aa027b55101f5146e7e3abe5d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be5007b7eb401a9b69cd5ed51abb1669

SHA1
92211b8397b9d23deac443f73c09ccdace0e6945

SHA256
14916937cfc1b9d0a26013ace396ddbecb6fe2a0976673b20009dd249d7f0920

SHA512
382dcaf921b6ceb1817dc4009ed512aac7706ff69c22e93c939ce4e5e7410d1577bd6efa328826c5034785f2fc0c5bc061e2046a5430e47c071d2b26ee1ba163

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b4e48a15fc76ce70632c69961c4cd1b

SHA1
cde53c36a602d48f99d52bc19c6919f47b3f2207

SHA256
f2d7a6124b71b5807b53b53cbfab07674a70b88b7332c56a55bd6e2916731c83

SHA512
d09b535ba928482e854d7e7a5e6ea5fdd644dcbd8c952254c9adb0896412587ddf649e61b6ae00e85831934049bb6b938c815bd6931be41971677626a18b01ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
978a0f825b3ba3b8102f1f329f5e5a0e

SHA1
78656d4cdf614863f0c7f0228fad85521db8f900

SHA256
559539b44c8e68f4e0e5f1b7ef5ed71fecf246cb8e05409a0ec75c02b1e76314

SHA512
6c4226b5477d242746ee0f151e9ffe97cabf42b9e08248566bbb927cc391274dfec05392e38381d93ad44edccb8af25d50d9b0e0242a2c05de64faf7e1fb8855

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a38750987c454d81987624dce0e0aa1e

SHA1
b844accaf10cfe12157ceb458a8df8c221bcbbe6

SHA256
d9a4316bdc5e98166daa89f7c7cd333e92baa34cd56494b2bce11f4f436b21b7

SHA512
07e0d1ba91e054b6e55f5c8862dab48a6047ece790241b1f5528123279d5acbec932b45011b4ca8efa2575a0b46a5fd41a714b537273210ebe591b9259002a56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5cf4a7e1bce64e7f3040323a46241c4f

SHA1
86802d666e2ed7b1536260c49ad0136dec271068

SHA256
b534db6ecca5dea0562656db2e2cceb974e63b1c64dafba09ba94cc77a49fbaf

SHA512
4dc0809e80dfd9131f0cc30de69b99321c830a54f74b91e8f4570224750cf097ad74bc4abfb14fe9346e9c30d66ed1d6c73feb50afce84cb29addb731f32e5fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
decc61848c6f288ad7866e3263f5d4ad

SHA1
7d80f8be8faaf481f59f0ae0e6d0b60abc70d1af

SHA256
dd32fc0364ac20c9b1aeaff3770a907ba662ea3cbdcd38b14b712501897a1f81

SHA512
0020a23a6c479af882b0056450d55b19c8d14d14a8f0d580c49333a2b4639c3ca3bd821780906d4f7d0b100e24917c474401190748b3710590950d3a4432ee23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bdf9b23e940734dcbd0585d53562288a

SHA1
fe4a3e2de433eab61b63695eca05fa565d1f3de5

SHA256
f6d2d7ce0cca318cee86b0d20f1279cbbb84df8345fd99523f6f63962ff9c867

SHA512
338851a157d04a63d04a99e76feebaa8fb52c53fb7d776377080dbef780ecdf856edb6b9734155e2e6b8620d182e8dc80a05c31ec6ebcade2f27909624eca8c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2228ff55ea263b2dd5e8591866ba3c1

SHA1
651a8a60f70c5e2bcc162b1a54cc09a641eb877f

SHA256
01d83e5b21bd95f07e9abeb7d4d34b7fa10c8cf3b83ac79ac4bfda21e88d88bb

SHA512
b0d605f283d2ae01d8ea755da9f4e3eec599b4fa4451eba686784d598a5d32628ef7be3009d40667a6afa7ae652bd9bb18ccba71a560903080906fb635d2259f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
4c26da85f5c07da34ca94995ed60aee9

SHA1
fe03a08198e83ddd1bf26f0e466fca57e8723d45

SHA256
988f9178c2318501d081663843edcea2fe1e973976a69e3adc5ecc47e39f17d9

SHA512
e52f8240ba2bc3d02154e3353a552b8c92fd31f6fd82d05957842f1a7fdeb9d05d142d5bcb1706fd9af9d87ef123bcff2542d708084d833c6a9ea304c9f33343

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c30dfbd3cafc8cc2455c8deb69e7ccdc

SHA1
83420e86cd649ff98dcffb1711e27a8b5f001a7e

SHA256
936c1f46ac6c3680650b07fda5b7d784dfba9f40ffdbe5da01d2f224aa901000

SHA512
c101b649ae47166b6a5c9f371e700c60ce22ced8a5953b140025e8d761686e4b60ea9ba3ad978352ebb0af76bb0eb57a2d951efff96be5f6884b299153f54099

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
36c8434b8ace7be67016f11fd77714a1

SHA1
9acb6d62aa997e3751611e04472fa3bb65cda436

SHA256
17d1cd95df182127cf948a87668489914a658f0483bcfafe0dc85da9db59cd12

SHA512
a39ecadc924432a46c7396588d802013b3d73ff8d88a4700eabc252649aa5cbdc5e0ed9f3b5dd9d4017e1ee9e350884a09af2addcfbb8d3ba1ec069cd2b05a15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE37.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEA7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\??\pipe\crashpad_1624_CRNSRUBDBVTUTCAL

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit