2687082962e823b46a9e7e4e8ae2293cb9531fb822a32f0f55bb4b342488f85e

Analysis

max time kernel
150s
max time network
147s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 12:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3240 ..html
Size

67KB
MD5

44356d8ecf6d7d22c6a2bfc40bf8bdb5
SHA1

ca4bcb16ba5e2ff5f52a8bd6d3cd16cb4cf2d8aa
SHA256

2687082962e823b46a9e7e4e8ae2293cb9531fb822a32f0f55bb4b342488f85e
SHA512

4fe5b179cc881739817d8aed1d23ccb5cbab7b04b3e6ad41962a0160314004d0128fe94c027a6a34622d7a1ff070d701fd2157257ea84a348605606bb784c3be
SSDEEP

1536:rToU1gWypCT6sxsxsxsSRmnsCToU1gWypCT0:rTzgWypCTTqqqSgsCTzgWypCT0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd000000000200000000001066000000010000200000009089d1d5172cedd8e7edfe028ba793b9213c9b67dd5bccc08f295035688851e1000000000e8000000002000020000000b36dcae6338f0e1959977d77cff2a1baf3817fd92c966916b430fd56ac67d29520000000b5ceecd7533fae167e4b2aad0521ed7e250508159b184b5df7e62338f91acb4a400000006c33b0ed591c227617ba0b527dcd870d43f4da6362e798940859c9948a1da0295535d1ffa1342fdd75c660806ee9f507600d25595735087c4cfac87299e54e17	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000ec8e85c782a36b82cd313945a221391c06446072962d87bed3d2789cc50c6010000000000e8000000002000020000000415050155437134a0ddc86424b32f065e0c9cf0c106980df8e23664d10dbd35c9000000096e93e5f2dd7340bb27ef18516a953f224e2103add07fe99072abc5c85cc94d0fbc0f45bd8c41679498fc44ff80b69850bab48dbba4bbcf3fcafa5d1fb19b1ae877b101b0750c55b1e88f17496d3605164bc57f78d1e3d0ad22889c2f7b81fe5f654d2e54d787ac48c0216921831e3abfb203cdb56af57b2df34da56182432e274ca8ee8b28b4c80eb8db22a73815dc5400000000b4bcc0c3620af139ff7d3621d0c71c32745e7c5d39bce1733d54c2247560a407f3e4d02b261b248e379b2ea59371bad74b2bf680df1beaf500f0f9b12aeff8a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427209283"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D63EEB11-42A7-11EF-826E-EEF6AC92610E} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90ff6babb4d6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2780	iexplore.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2780	iexplore.exe
2780	iexplore.exe
2932	IEXPLORE.EXE
2932	IEXPLORE.EXE
2932	IEXPLORE.EXE
2932	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 2932	2780	iexplore.exe	30
PID 2780 wrote to memory of 2932	2780	iexplore.exe	30
PID 2780 wrote to memory of 2932	2780	iexplore.exe	30
PID 2780 wrote to memory of 2932	2780	iexplore.exe	30
PID 2296 wrote to memory of 1948	2296	chrome.exe	35
PID 2296 wrote to memory of 1948	2296	chrome.exe	35
PID 2296 wrote to memory of 1948	2296	chrome.exe	35
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 1496	2296	chrome.exe	37
PID 2296 wrote to memory of 596	2296	chrome.exe	38
PID 2296 wrote to memory of 596	2296	chrome.exe	38
PID 2296 wrote to memory of 596	2296	chrome.exe	38
PID 2296 wrote to memory of 1584	2296	chrome.exe	39
PID 2296 wrote to memory of 1584	2296	chrome.exe	39
PID 2296 wrote to memory of 1584	2296	chrome.exe	39
PID 2296 wrote to memory of 1584	2296	chrome.exe	39
PID 2296 wrote to memory of 1584	2296	chrome.exe	39
PID 2296 wrote to memory of 1584	2296	chrome.exe	39
PID 2296 wrote to memory of 1584	2296	chrome.exe	39
PID 2296 wrote to memory of 1584	2296	chrome.exe	39
PID 2296 wrote to memory of 1584	2296	chrome.exe	39
PID 2296 wrote to memory of 1584	2296	chrome.exe	39
PID 2296 wrote to memory of 1584	2296	chrome.exe	39
PID 2296 wrote to memory of 1584	2296	chrome.exe	39
PID 2296 wrote to memory of 1584	2296	chrome.exe	39
PID 2296 wrote to memory of 1584	2296	chrome.exe	39
PID 2296 wrote to memory of 1584	2296	chrome.exe	39

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\3240 ..html"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2932

C:\Windows\system32\verclsid.exe
"C:\Windows\system32\verclsid.exe" /S /C {0B2C9183-C9FA-4C53-AE21-C900B0C39965} /I {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} /X 0x401
1⤵
PID:1892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3240 ..html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6009758,0x7fef6009768,0x7fef6009778
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1232,i,2379768400802897432,8321282844914468501,131072 /prefetch:2
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1232,i,2379768400802897432,8321282844914468501,131072 /prefetch:8
  2⤵
  PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1232,i,2379768400802897432,8321282844914468501,131072 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2104 --field-trial-handle=1232,i,2379768400802897432,8321282844914468501,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2116 --field-trial-handle=1232,i,2379768400802897432,8321282844914468501,131072 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1420 --field-trial-handle=1232,i,2379768400802897432,8321282844914468501,131072 /prefetch:2
  2⤵
  PID:344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 --field-trial-handle=1232,i,2379768400802897432,8321282844914468501,131072 /prefetch:8
  2⤵
  PID:1716

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
7fb5fa1534dcf77f2125b2403b30a0ee

SHA1
365d96812a69ac0a4611ea4b70a3f306576cc3ea

SHA256
33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f

SHA512
a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
1bfe0a81db078ea084ff82fe545176fe

SHA1
50b116f578bd272922fa8eae94f7b02fd3b88384

SHA256
5ba8817f13eee00e75158bad93076ab474a068c6b52686579e0f728fda68499f

SHA512
37c582f3f09f8d80529608c09041295d1644bcc9de6fb8c4669b05339b0dd870f9525abc5eed53ad06a94b51441275504bc943c336c5beb63b53460ba836ca8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
20b6e95900aba29af9d9b5c74f9ed6a0

SHA1
3b92e8bb15ee0e77f572a3a800f626d8fa957340

SHA256
941a180333208ea8ef53fdd4059f7249480f38dc177b06251f163d7e716beceb

SHA512
de58a44b738140099b584c45adcf8bd1952d145be9bc3e749735f5304aac5f490ecbce39df710030cc6b125ff3310792ddfb623685aa8f1ddb5b74f61f9a89dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82014ee9862accc0c4b6ffa814de87d3

SHA1
112dcf54690434e947c84f59bbe44cdfc1245ff4

SHA256
6bd046d6e6bc92410a1a225062af03f121ac6e7fc0536b82b98402f188510c27

SHA512
ede44b0e4d438db4f19f231aeb85425b8d55bb43ed9da9e5d878c09f1d59993f5197f8508f681146ff25576be73553055ccbe4d37bd2eeba642a0a2ef0a58d05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c216977a7cd3b3f0926bdbf19b69165

SHA1
aa76881eb0546c963e456a7ce66912cddce5ab8e

SHA256
a89a0f7b8caa80e9da81323c6fae5e7f534bba1904d26f2c24e226e29836d85d

SHA512
12098dc621b2089f3a84a27698ade9ef10971e6737dc110b555e01951f6484691ef31801d1f8b1bfc4ab45e68fb561b11f6a57fd42ca852bf9c17f759a10285d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9f01161079c1ff6420c6660c0f27dbd

SHA1
035f651784281b404cd6ff992b5fec5a169a8315

SHA256
d4327844336ac9a0e7dc409ce7a72149813bbe76c1b05eef2eb0fea0c07f91b0

SHA512
bde936c859970838177e411f16b4fec95a19e02ec8e7762cd0f97df656007fbdcf0e5eb4d78323f0457b5db7e1ec12a1cfe7f10f51878c4bea76bff5b895afbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ea455b2fdd01dee256e87aa7e352fae

SHA1
98b39ead6440b17bef1b75cba2b92da8b6a427ae

SHA256
0bacf3f6143e7690974240fbd36a3c530add38e66766907ef4cc5417b6c56b65

SHA512
c57c2e44cf4eca75acc3f2554957dba47215a37d32949046ebb955b7597440baf7509ba6a431e22de9f0e0161da5cdf5be5b23b74810c49e7095e9eb94c00a2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a1f3bf8db664c4a05d58d68a2c211ac

SHA1
f4bd2db42a8dcd29d9c3507e551895b915264f55

SHA256
ab7de7756a0e3e4d624c5396a4f1efa643b205d41b6bb14bf5dac6b358b82bee

SHA512
da99a43654ce7d2b48d3db6eae9756d1d8f639be662c08199dc06ad5b7154fb5f764d848fa4ef00558fd4bd20d1eaf3629799b1396d8c0ba65fea5624879ecf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50d40f3ebc6b7ff1f5e4a2b4984213c2

SHA1
d2fd9de9304d3dc703ad00b5ce662aabf3ef4fc9

SHA256
e39526b7241bf24400076a9287e76443ee43c495dd8f60f3cda979116a3ff063

SHA512
6544c2045cb6373e749ba80493f6ede3d26ed008f2b0cc597192212f00ea8780e25db51c0983f8378c45ca43c02a50c42426c20181bdf853de7ff56642f45071

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21cc9c28e123b2a8628faefbbaea6280

SHA1
72a41681c196f540e7e99b2c419cbd0b67a29b39

SHA256
478865e88b67c2e10da7ce4d2c9c659e9282a30522b41fac955dd84f188aff4f

SHA512
87f86d9bbf66999ac01c09114396f56b572bd376729ec92b46c558949485d253139efaed63f9610d8dbf13a32e9c3347c955af241c682e2a20d36c27b5b75848

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95778a5a50a224e1449363df242d3b53

SHA1
9a57a5db58b19c62f0e8389c829253040f3da559

SHA256
1ca70e646030f1717594f7d3d9fc5238861e866955bd3a4f320a51745a75d694

SHA512
a569dd8dfae155995881157c2cd56a6ad02f0c7a7931bac4a7342cdd0d58144d0b606e495e56f0ae3487d453b2751c7aaaad34f096374082d925e39684ee1309

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12dd00082f57157cbb36a0e9e527f0fc

SHA1
bdb1750aa5d22e746f2a10cc4069eae84f30d829

SHA256
72c7e87c060718c966198f91cc271f233969935a3b44edbcb7b5e95faedae801

SHA512
0a06715dce7c6789a028ebaa7d4af4c3f1f30df2743ab0d9c660e3dd0d8af918bd1ce70e75a8104a2cc3409865e52cce8238550b0997fca04bd49bce6ee286be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d42161cac33ea40b8461a8025dfe4664

SHA1
339738795286bd24997ea27023c10b0398306b1c

SHA256
6c8e8f3960b4a2f705eed0f8243a236a06da13058a73cd0bc373ea818fb69d0f

SHA512
d83b70ad1365ae92e5b279e9056afc6a6069c2efb4a5bc0c13ae0c7f4ddd5d1448debe2784be5723c3f135fcd4a4b76a5d76e3d8351dd9bd3eb845c12d790648

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9daa595d941d1b8d5a0d5d023fb2e7e

SHA1
4791156aa3e34828e4fdf2528ba2207f3f96263d

SHA256
ddc6bf22ba736dbfcbf71fe61e48014860a2fecd184680adfb49d0a9e55beea3

SHA512
f9946f6f62e89b9c1b0c9f9a4c268b3d9fc547a11248d630ed404be7cb907245308e6fac75b132a07ce02fa79dc22c7eedb527fd30f0560d39a034ea8709ce97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c74007ee5d10041fb5fe763e3fe1cf1

SHA1
f43286afcbce4d43fcd86a9ffa33269d395e7526

SHA256
3f5a9daafc4b99218950761cf9cfc0df745b67c99f2bbef6e227f27fa93379a0

SHA512
d88e8ed1acc0e9c1e166c5f5366ef55a2a15e69e5d86c3b04e7d278efac13baeee7a8417561e12be9c85067657702f9c00f9e09b5edfd0a78b6fb373427d6a7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c87a21e978c589246800c3994c8c6a30

SHA1
6641683e6843f29eaa42405cb56839d5b8aabc0c

SHA256
85840c2b7f94f34fd5afd44ec6a11b03cba342fbdfd06413bd8baeae35160f3f

SHA512
a7a5bbc38d194865d24bdc6d8ec81073f53d76f024918f40e71d15d5a2a8571ba3b53999df1ef1d7e9706b3577d88145d48a9677cb0fcc25db7c4e2d5c60676d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb2e21892dd2096c355efc85c5c88898

SHA1
2053c4306bdf3a0b41c5b96207ef8e9bbdca0828

SHA256
352710de9ace1a7c16d64e5e634bd455e0d38f477547790d4ce017edef3ebc6c

SHA512
b552306dc32e7547350e2533e41d891bcd4d958d48fd6445ffd9785dbab08b0411d9729ec5c2c73d6a311e9c5826f1f311134ded94f08ceae7997ae563986693

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14474f2c0ec550b391c51d88cc3fc84e

SHA1
093f9d4f6927751074ac1e93cc12dc176e9a796c

SHA256
882e1ed37f6861d376348d3673942d6b9b54f4d6f1aa2cd52f5df9615851f3bf

SHA512
e2c51ed3663a2b4081a88ce433a7d8a8a3595b6357a903de8d0df54cda667f60e587aac333c82bc8dc91c462a25944b3dd3adc74966287d3a772206cf3124662

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2eecb6280f34b5f933f0e939d2c87cdb

SHA1
5432504d97e055c28ef4ca9e4b09d252b56b729a

SHA256
c14b7991dc2e219fc5400ba69f557ae3467cde587f0b728fda5cddfe4353677b

SHA512
6739ef2da967253812ba2e639c94b207e90cd2f065b9dacae9347a105c3a99f60dd1c0f424a0f04eed0ede6024d354db110d79b6715659206d6938044dc0fbd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
def7894452f45c0484c09e6389df0189

SHA1
69a463cc8e5979a844784ea2b1b8c256f5481289

SHA256
b5229f2d938f98e0cf9505a09a62d7e03bcaa5adb00dea6c469d09696e9e14a9

SHA512
c5a7c759b2cef0f5531f573fef5e7f37e73bc66524ea650b3b3295477aa757a961f80e0eb2010e2d77e5788e4466180da3e1be301250758a6c1945d35aa87d41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a16e47955b16b66499711b05c9f944f0

SHA1
8a8073c79f361c364f171e7aba07c0fae5777935

SHA256
85eb9722e4dbfb1efc1b1e5df893a728253bdff8da4cc5e5efdbe320ef03bd3e

SHA512
3ba9aa357b99bb2a32d637062b280031973e2470ea464097cd0caf74dfeb620f05b62763090dbca68db8ef92ae7c68c41b0d67c392824e81319422167571c51e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1188b5256f943e26d25c0bc8e5355acc

SHA1
abac5fe68005f55a9e77b049f4912ddf23c7cacf

SHA256
a1b9dc819857412838c9a2732cc44b1c56f2862d135a59f2ddaf1c1562afd933

SHA512
3012215af167247b0ed7512a3a076de550c65b6dbef8886fef924d8d2cbfa1936516474a3a42d90187617f686ed52cb14f4d3e73e8098bb87a133cfdea2b2d3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1784a9bad26addd62e642edc0e621c52

SHA1
811f82ac5b08ecc3e7ebf64159f3756c6150fcfc

SHA256
3065a4cdbf44059ced775bde196cf8d1f51b80a1843c5955aa5e59068ca18694

SHA512
02a0d496ea3ae3aa76eefadcfdd7b2bda56089f5f64218f5dcd3d99be43dbf41eb13ac365ca17bdbe0c3e67c968dac747c60f678da5a16931555118c2333b730

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
b0e7bba01ad385601c632d8161051623

SHA1
fc30ff1fd91f47dd37e59d82ecaeb18ae4c58b81

SHA256
26f02f6f725f9a91c948deeb5b58f77bfad3ffe1e8fccc9a8110b59295fa12b4

SHA512
856523d62f777fd6a1f8393eb34bd8bc8d1ba3d7ef0ebb7a5e7f898f58c68837f6883e4d6ca183c50ebf4175e3f8a7a116044f5e31bb0ad0b8f632d67b6b40f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
987B

MD5
345a7f06b810f9a73311909d23cbd063

SHA1
11147edfc7c9f2d403db2009066529b85698c5bc

SHA256
c3654810ea5702686cb8b938ae301e5e8e310d7e292a9d8d966a4225e0c89f8d

SHA512
90972d682450b7644d4e9afbf8f6c92a4072d6b1b32158e6c1e58d532723f58b3e37a90982c867c4e829a3b6b06bdd7cf6779e99f4f649db41dcf6abcf4da711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ebcf8c178ce888b267e7ad44342bb2cf

SHA1
cb921258ca0585e86cd2da8af5ff3c8a760930d5

SHA256
43d9fcdf5b20da322da757d44e04f786daf12e828cab6c4b4e5a1ab8659397da

SHA512
d1f62c3ca65b23a1a23158960bbc70e43289c2a1f30418f624b05a3d5b883d0c4a988a934ab01ad51671833687737b49d8d37b8e00c0cb00a5be3fead8773508

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6c062b053cb4fa074599a041f3a33885

SHA1
0bbf2f57268ee92bd86da7f23a316a9ac7858425

SHA256
284aab85a6bb0c5a76ff60b5c5edc16ebe9d5b39409be5b5ea4a20ab7a6fd75e

SHA512
24c3c28741abc4e4183c550d75199694dabd23123a9a3e5610cfbecaf2e1fc5bb43cdac3fe6536ee9c7a0d2ed0e18d6d78e521adc652b3eb63bf8ed0fb6b5fc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA19D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA1DF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit