hxxps://netorg3404708-my[.]sharepoint[.]com/[:]b[:]/g/personal/marvin_sprealtypartners_com/EU7Y0lkZkZBIlHtbps17P-gBM3GS2tQKVt7xcB_7xtcFYA?e=qInocs

Resubmissions

10/07/2024, 20:18

240710-y3cswazhjd 1

10/07/2024, 20:16

240710-y2jj2azgpe 1

10/07/2024, 20:15

240710-y1vkxazglg 1

10/07/2024, 19:57

240710-ypgvnsxbrp 1

Analysis

max time kernel
39s
max time network
50s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 20:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://netorg3404708-my.sharepoint.com/:b:/g/personal/marvin_sprealtypartners_com/EU7Y0lkZkZBIlHtbps17P-gBM3GS2tQKVt7xcB_7xtcFYA?e=qInocs

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000c3fcbcdb8b353b278672cdfcd0bcbb6f02f9148d582197a5d34ab5e7920b612f000000000e8000000002000020000000fb67ef91fca2722b9e01da1bfdf351f184da921651c77910ed2f9a64dd56c9c790000000cf156f6e2cc8b6c7b7ac2b6f0a630ded88c48810bbf8846ea73d9df1a40557891d3b241e5726002b93afe0d96b80a044e611ed08654a49225a4b85dc98892ad527afae147b74e793b788a16fad39db7239b8e2b6fff7cb8e37b77f2499c4f54b0b9fe0b6d3c57c44ae91e9d210bfe89578c0a162e3010f7bb9a3cce630942c32c4e73a05fbbfbd0cb86bad6ac89b41c14000000013f9875fdcedcc3079d6f41ff2850e250249e1827470de217752274acb31206aa6bf91887a9f2a9300597305e8397434c9d4945e686b030827cf03a70b63f148	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70332a0406d3da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f03551000000000200000000001066000000010000200000003df86572cc4f3cceb84178c05fbb909b2685743be16952e1f5eae8e1ad762a7b000000000e800000000200002000000060647f764c6c8307703e7aed6a501a5613932955948f5606ee55c21dcdf0570f20000000d8f38592895a391fc972f0399335f18684d8472e21382f943485baab86e663a440000000e637d89ab7aba836072d069f9ca0fda2699539b6ae97b4483850d950b66628f6dbf54564bd81f69f103e050f9d90dea5245c8e188d35ec47a3e15649df4d5634	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{308F1161-3EF9-11EF-91DA-667598992E52} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3048	chrome.exe
3048	chrome.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1296	iexplore.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1296	iexplore.exe
1296	iexplore.exe
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1296 wrote to memory of 2252	1296	iexplore.exe	30
PID 1296 wrote to memory of 2252	1296	iexplore.exe	30
PID 1296 wrote to memory of 2252	1296	iexplore.exe	30
PID 1296 wrote to memory of 2252	1296	iexplore.exe	30
PID 3048 wrote to memory of 1756	3048	chrome.exe	34
PID 3048 wrote to memory of 1756	3048	chrome.exe	34
PID 3048 wrote to memory of 1756	3048	chrome.exe	34
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2696	3048	chrome.exe	36
PID 3048 wrote to memory of 2940	3048	chrome.exe	37
PID 3048 wrote to memory of 2940	3048	chrome.exe	37
PID 3048 wrote to memory of 2940	3048	chrome.exe	37
PID 3048 wrote to memory of 2620	3048	chrome.exe	38
PID 3048 wrote to memory of 2620	3048	chrome.exe	38
PID 3048 wrote to memory of 2620	3048	chrome.exe	38
PID 3048 wrote to memory of 2620	3048	chrome.exe	38
PID 3048 wrote to memory of 2620	3048	chrome.exe	38
PID 3048 wrote to memory of 2620	3048	chrome.exe	38
PID 3048 wrote to memory of 2620	3048	chrome.exe	38
PID 3048 wrote to memory of 2620	3048	chrome.exe	38
PID 3048 wrote to memory of 2620	3048	chrome.exe	38
PID 3048 wrote to memory of 2620	3048	chrome.exe	38
PID 3048 wrote to memory of 2620	3048	chrome.exe	38
PID 3048 wrote to memory of 2620	3048	chrome.exe	38
PID 3048 wrote to memory of 2620	3048	chrome.exe	38
PID 3048 wrote to memory of 2620	3048	chrome.exe	38
PID 3048 wrote to memory of 2620	3048	chrome.exe	38

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://netorg3404708-my.sharepoint.com/:b:/g/personal/marvin_sprealtypartners_com/EU7Y0lkZkZBIlHtbps17P-gBM3GS2tQKVt7xcB_7xtcFYA?e=qInocs
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1296
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1296 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef64f9758,0x7fef64f9768,0x7fef64f9778
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1104 --field-trial-handle=1476,i,17989924004389506219,13783028454186078947,131072 /prefetch:2
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1388 --field-trial-handle=1476,i,17989924004389506219,13783028454186078947,131072 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1476,i,17989924004389506219,13783028454186078947,131072 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2168 --field-trial-handle=1476,i,17989924004389506219,13783028454186078947,131072 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2176 --field-trial-handle=1476,i,17989924004389506219,13783028454186078947,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2648 --field-trial-handle=1476,i,17989924004389506219,13783028454186078947,131072 /prefetch:2
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1504 --field-trial-handle=1476,i,17989924004389506219,13783028454186078947,131072 /prefetch:1
  2⤵
  PID:296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3476 --field-trial-handle=1476,i,17989924004389506219,13783028454186078947,131072 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1560 --field-trial-handle=1476,i,17989924004389506219,13783028454186078947,131072 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2656 --field-trial-handle=1476,i,17989924004389506219,13783028454186078947,131072 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3384 --field-trial-handle=1476,i,17989924004389506219,13783028454186078947,131072 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3380 --field-trial-handle=1476,i,17989924004389506219,13783028454186078947,131072 /prefetch:1
  2⤵
  PID:816

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8242161753d6cbcd7a7fc8ff564003f8

SHA1
a6583254941d7d311934e8bba4bd3de279dfd109

SHA256
0b91c1884d4e214f600729d6249316e6318c1d3cb4dbd28312ab6de414a5177f

SHA512
9e82f2131eb15f744610bed882e74a7e196e3d297ef8aa315b9a8e4575069b2a0379485ab33acce75ee4b5d0d9168df70fcf6332008143f3925ecd222d4f011e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b7883e1835405572c635d638ea05a56

SHA1
c1cf17dcf1f7539ff71d81c77cf4948bb6f08247

SHA256
f716fbac88c31f6f5f71b066c8a2df5e52669349e7dc846bbb57be382c8cdad9

SHA512
af66157a1df49d1d3f9a407c069b8782f6a42c62420875c48fa9daa0258e58a245551a47a722b0164bd4033bdc056d3ec1fe161539362a19c177cfb08c158d03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28564e898c09b3fe5006994d16a8d4fd

SHA1
d2c973ab0db13a5ccac8db75e2b29346afaf8c3c

SHA256
b28ec8ed6f405201115f79ed8966e82ecf6d77493e390be8d5366670295fa532

SHA512
9370db944d3c1ab1403b0808345538082d235d0fa65270dcc5706deff758c7170117d9793c1b6f20a766ad8af9c2579963f5c887ffeb6855312e01e48707497c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c358627cb16145db91e1bf294cde841

SHA1
bf0544b169296b6c620f954a7500708e32847be3

SHA256
ac6e50561679c7689938daed3bfe78e2132cbce66e58cd3a5af938ee6233a77d

SHA512
7aa99c524c1f6253b032063dbb4d2e60bb3a2fcfd9df3bac5750f2ca2423c649ce17d29728dc8bad200db32a98dda7a0728521ea9b3726d048f774aedb05a4f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebd12f227f0c4ad3d46f2ffc3c582c34

SHA1
ed9c68c416e4061d7add427f283734f8e10a5f03

SHA256
6826e4a6504baab496c97ee1c713b971cd4e1b763e2bdd405fd76ce9b7a13e07

SHA512
d90724b07c4ad1ebe3205d3dfe8ca30731990067aeeb145933e1d011e0a388f86fdea8e641f34ae6618c7177a0f1a238c13a903b93f6c18a2846b1609ae6b377

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb159ff3a7be668be21bf7889c65a09f

SHA1
9aaf40e842ee3bc216348ea2806bb55f45194180

SHA256
930b843b1253875fa7f975e2d05ce20dd7acfea4914892f6550065b5a26fb12b

SHA512
f01b3d6b5487dd26a05c9020070463774ee5f7d07e1e0ed30d253c6b5927a6a4f246e4dba997c3420dd48ab0122def49524206ff91c687ceb2bf748ef3e9a026

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21f8add6f8cd476a209e0f90e644d082

SHA1
8c1e5e6f675eeb25e78d3a9972fecaddbf1051f7

SHA256
51939836189c405473df65c519ffa3b0a97f6175ce26694fcd8726fc58814a0a

SHA512
9e4d871d4b7533ba5bee69e18f131eefe6858b324d13910d65dea84c4cf29baa064ae2c7a7c810d4215ee953028f95facd4a7ccef04d6f3e1fe1df5ffda74e97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11d0a7965f9c797802c878f53f1d3f8d

SHA1
88865ee7741ac944460f211d82ba4b4a2a1f19d2

SHA256
0c49b2ba6ee2dce9c4e22fbc5a3b03174611a6a9b646eb06cfdf830cf7cc441e

SHA512
e0a1096b9c30b98e74d90cd7729015ee35560bc90aafa41800fc055e5e73763694181991d6be350297c35d40840fcf69225301156433474f40fbacc0f50112e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3977d9d62b2646a230b1cdc7b8bb85f

SHA1
78c5ccf86c38db8c6377e78c3d4e384fea72bdbc

SHA256
7996d9153518b94c075b184524b03dd194dd38e6ee5fe4f82026f62b073f80e9

SHA512
bf89fa419969b12681cf9a0e49a7d44318c17c7634f02dc6aeaca0e8cbf2351bf2bfadf7e9cd88ba859bb6cf80b2d6eecb07957ef1d8a3eed3dbb92f96fd8212

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
489cfa7b4241b1cea6e6cdd4621da350

SHA1
a1eaf15e9a14996b15765da4d30cc9f958ddb4ad

SHA256
00fddc02773953afc71623dda9753ed73327993b91e5f056971c8714b0c4365a

SHA512
0c5de785468d156196042f423de0dd418368c0353de03f2e0f70243b8976a4a0ca561a7ba07f1ccca7f03a8814e2b76f6559654b6695a5fb28e631f083ac01a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64f9047260c004ad61dedcf72d7faabc

SHA1
b6d77cab4f695d722da38caf5d83cef634772a06

SHA256
376d4f4bd2532519e39074e4638d183d1c58514cf3e0ce04d69297750e4322c0

SHA512
b2a2b88157339ae759473670f581bcd1aa4627ea1f1646b140976c920b5e9e96f76ad3d4115202daf85e9b90438b56aac05939610707f59ccf51f7cf88e04c20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c49f470a03f58f42c3648cc35121fcc0

SHA1
8f08cc655efe93e973052e38235ae7a83425e5ed

SHA256
f638974190f92b82e0f20726a16e6b6cf6271d17fac956e940e976a665418406

SHA512
70bd8cbc98f4b693e77c4e2c05ee121ab95ea470dc4fa21886f9c697daf8c72cbd2a38b6cfb1ff51014a5c6ff42a373a62d8dda435d8e8792faab3ac41bf7c8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f2e50c884fd004321bb7841302496e8

SHA1
135246913c88692c16727c8bdcd371e5de674f62

SHA256
2ceb644b931d6336f3cac84e5ce46e2f8ec558ddffe78fd8ed599da0eaaa1be4

SHA512
63137b3a42714548178c0817c9752cec4a6f1841e946152428e9dde2e0bd60e010847e29018f5b8f3a144629934ce9fd44436a05231dbc72cab0f8342266c13a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81f9748d963a4e2c0e2847afae78bf3e

SHA1
52064621de4adee744672af581ca6cf584394bd7

SHA256
3384590c4596ac9736d6cfd5adf2935a0f1ce45bc2242dae9e34d75ac49e8ad3

SHA512
7b68c26a3f48956b1446227eaf2860003eacf84e07d6e8951042a679d166575cc31a8085f72586060a3ebe33400c728272b4ee6babbd866de694d967e9d66683

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ea3286d0f7da6798160a99f9aab1294

SHA1
3e0042e5abc177b471496714a8036014a9ea497e

SHA256
b56f1e0ce8414f91448bed45f9704c03ab847d51aad2a93bb812b4c7e9d547be

SHA512
5a78783890f6a296be5f5c4d1d9d6d74a9c91bb10bbaf2dce9938ff62469f26a682cb0393ebe89ddb0220b12429d8d65671a2a0a87e5134909e05a98c4152bc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da14850a60856e579362eb4c00753283

SHA1
8481fe1aff8306853cf5fe618ddd4d9438240a53

SHA256
10a445a9b2cc2e49c879cfdea14353e4906f1a64857f3b5dde50f26d29b5b248

SHA512
40e69bac8c4d12347d90ea085e61c6d5f7480d8c05987664cb0d75f300554426382283be65833a9378cd914e7c1d35228d2339bb48d5c5b4d080395d9ac77813

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35ad8a7e64e0744171dd622d2da5d0a6

SHA1
baef34b59c1f29cc18e8f358e62f99b9c55f1551

SHA256
0a2ec2e92e406409b72848dac7c3cabbc890c780895321152865f73a4b271b74

SHA512
f6097970b738656674d4da89bbfc285da04430801719371aedabeea7ad061c38e8946ff0c89cd32319e622a6df880f795eb618ab292c842f3552b65365649b8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a028b9af64391cbfc32d27b7cd826cf

SHA1
2b01b9e554f4f124c0a02d8b2afc33393b4beefa

SHA256
6447c5418a5b7d143ffb70516592c01793572bbf765953f05d1e176e7f548e01

SHA512
55d3e01777bc4ce270a5635de271c24efbe79cb3e23c1c510655c445067cdab1e5292d9b135e002eb4d749cf7e82079d2c8f43cba0e0aa9f8effc811b34aede9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e31ea482fb9eddebb824dd3d11d97b63

SHA1
3b5766b3570add28c031526b61cf8d6facf6990a

SHA256
b6039f77eb0bbcce4ec013c74aa3d887c282f472aac5d42e81e368f1b3ed2d57

SHA512
897dd741670f61515d8f95a1d9a0cf89855e91ad7edf468e0f7141a9980c26bb32943c2072a1bfed368f113c45cbcc8d76ab493c7741e834b606fcc684991439

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b785a0440006fe3b61491daa02d66b0

SHA1
9a2f6f539a03c1b93baf60daa8e7a223b5e8ead5

SHA256
bb752d84629c9ebf2f39c49c45f27b0bcb9ffbc74c4361e669e73315717a9f91

SHA512
34f95f1f47d7700e1bc1c275797ae78fccf27019c3c33a13e37c3d76a696965392d5d3ff640adffae928577c89a1c9a7dfe46afc7d26dfdf546dbf350a24a256

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e191a68a218ba0c9c1c44c512222b483

SHA1
75407d337e1ab8fae84909a498452c8317745baf

SHA256
9c2dde5a2833bd76d5a15aa9b72bae079407f9d2e7c119a6d1ef9b477f57043f

SHA512
61765576c1ce462e235ec0dff20ba9975627200e593eb4de8d71e076111a3d72a77eab1f6ad1617de171cb8e2dd5ef0537b85d1b11f11f48a94bf49d95786a05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ec8d9feab212721eae8c419cce9cf60

SHA1
2fae0ea8139f28f1cb4ba1f762772221ee5fa209

SHA256
93d3c0a66a3a0033724918a1f45c3ec301b70eeee9c351ace06fbde6c5ed6691

SHA512
ca9b27e87812b24e2028b91c0c36383bfd0726e7ad651b1e5cdd72aed4c3eb1c0eb1873541d763a9f501ef0f94613c81a7f44577b7b0de5c77d69b15f34128d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14f518afb00ed5abec7e2e80f8dbebbc

SHA1
d57f9efcf126ebaee7bed8aa1068348aabcb3a0f

SHA256
3fb47df30b126127c259ba7d25c6e5deafdcaf1a9b647cbfb3f7cc6df6921f79

SHA512
5121aaf48853be6cfc2bea4152d81f42ada9599d5c975aea19c63d506d9baf169659010b9a91489aeb3e45184b52ce669e3d7d8ba67e7afa16c48c743366a0b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6588665d1c9727cc10fe7ad60071065b

SHA1
fef0b8b80ebde65488d05138d62f0c10ddf1beea

SHA256
218b5e275f1f2979bc597a7c9b9989f33bf500414e51011c4a45fc13548752de

SHA512
695814e2e3402f58f4812e236a1238f6703b2467ab704962f74b6a720d9b01a881a5580320c0cc949fda534844e5a41fd52be546c87c5773427bbfe65928cd7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\85y7ywt\imagestore.dat

Filesize
8KB

MD5
ab97c9e3a4156f56d9b37329f19d75a5

SHA1
fd2ed91df59b79534142386b3c7554a8c80c5003

SHA256
a8f8fd62de43d4e0404d31ca4eea677e1d8fde1468614cfcdeb086f71e33102a

SHA512
327f6d31dcd8a8c1cf16e1831beeba97a8960363a7707c65cf38a376c5baf5ae69f5a97aa529d1c650f766458a9cedfe04c96b0455b800505bfd7b24239127e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\84EXSCRK\favicon[1].ico

Filesize
7KB

MD5
0b60f3c9e4da6e807e808da7360f24f2

SHA1
9afc7abb910de855efb426206e547574a1e074b7

SHA256
addeedeeef393b6b1be5bbb099b656dcd797334ff972c495ccb09cfcb1a78341

SHA512
1328363987abbad1b927fc95f0a3d5646184ef69d66b42f32d1185ee06603ae1a574fac64472fb6e349c2ce99f9b54407ba72b2908ca7ab01d023ec2f47e7e80

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB9DF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBA9D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit