hxxps://ascnasdfkjl[.]itch[.]io/project-monke

Analysis

max time kernel
54s
max time network
152s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-09-2024 12:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ascnasdfkjl.itch.io/project-monke

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0041a6b18fffda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b0000000002000000000010660000000100002000000008940f07dcd83cefb551df9982c2daff37cd63b87a3613c9b7489fe17a59ccc3000000000e8000000002000020000000aed6a8ce8784c2127a16e2e22971a5f004444543112de397bb434c0331e7b16220000000f717ad43621bdd0870bff0b6af408018fbf0e745a92e69e1888dd3bf79a27fc0400000005a1e55a4d574e52e5ba5586b78d4f9c082756fe58706aa72b6b9e8602b73a4dfa39a8f3d0c4950a7f1bbad5757b24eecedc0e7af74bd2d07cfd8a7cd4f0ec68f	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b000000000200000000001066000000010000200000008172febabfdb20c9886410cd5b22c47663444a2fc375c376094c5849b071b855000000000e8000000002000020000000860b8ff085057be524cfb49622ee3bbb995afe3d110ed3fdee09e63769f2af8990000000614f7f2fbda1fcf3d11ec29d6564b0e100fce5961016640fc0369440f2da19f10fc80087385133afdbe106b757e859c520a12bd8843dfe3eb6eae41349179c025be925067ffd97d525435315ba2ad1cfd3e11653cb27bfb7e082d3ccd4ff15cb10949389caa1f0b7bf557a1b8fe4d6ecd8c39cd947c4396f11b3ca6e9d290cf1d9a7c82af6f2b878169b55c914d439be400000003e5844c32b694293a87269639a29e487aa0f3088914b5b325d112a361a4071dd653e6569b84e1aba338675dac0ab1791c733aabffdf46b4b1ecf3f9562d0a5ae	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D9FD4F41-6B82-11EF-A0D9-6E295C7D81A3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpCache = e9fd0000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CNum_CpCache = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1756	chrome.exe
1756	chrome.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
2248	iexplore.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2248	iexplore.exe
2248	iexplore.exe
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2740	2248	iexplore.exe	29
PID 2248 wrote to memory of 2740	2248	iexplore.exe	29
PID 2248 wrote to memory of 2740	2248	iexplore.exe	29
PID 2248 wrote to memory of 2740	2248	iexplore.exe	29
PID 1756 wrote to memory of 2564	1756	chrome.exe	32
PID 1756 wrote to memory of 2564	1756	chrome.exe	32
PID 1756 wrote to memory of 2564	1756	chrome.exe	32
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 2436	1756	chrome.exe	34
PID 1756 wrote to memory of 3000	1756	chrome.exe	35
PID 1756 wrote to memory of 3000	1756	chrome.exe	35
PID 1756 wrote to memory of 3000	1756	chrome.exe	35
PID 1756 wrote to memory of 2404	1756	chrome.exe	36
PID 1756 wrote to memory of 2404	1756	chrome.exe	36
PID 1756 wrote to memory of 2404	1756	chrome.exe	36
PID 1756 wrote to memory of 2404	1756	chrome.exe	36
PID 1756 wrote to memory of 2404	1756	chrome.exe	36
PID 1756 wrote to memory of 2404	1756	chrome.exe	36
PID 1756 wrote to memory of 2404	1756	chrome.exe	36
PID 1756 wrote to memory of 2404	1756	chrome.exe	36
PID 1756 wrote to memory of 2404	1756	chrome.exe	36
PID 1756 wrote to memory of 2404	1756	chrome.exe	36
PID 1756 wrote to memory of 2404	1756	chrome.exe	36
PID 1756 wrote to memory of 2404	1756	chrome.exe	36
PID 1756 wrote to memory of 2404	1756	chrome.exe	36
PID 1756 wrote to memory of 2404	1756	chrome.exe	36
PID 1756 wrote to memory of 2404	1756	chrome.exe	36

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://ascnasdfkjl.itch.io/project-monke
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb379758,0x7fefb379768,0x7fefb379778
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1084 --field-trial-handle=1372,i,16253546096720204205,8634583408029839871,131072 /prefetch:2
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1372,i,16253546096720204205,8634583408029839871,131072 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1372,i,16253546096720204205,8634583408029839871,131072 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2328 --field-trial-handle=1372,i,16253546096720204205,8634583408029839871,131072 /prefetch:1
  2⤵
  PID:360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2364 --field-trial-handle=1372,i,16253546096720204205,8634583408029839871,131072 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1496 --field-trial-handle=1372,i,16253546096720204205,8634583408029839871,131072 /prefetch:2
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1248 --field-trial-handle=1372,i,16253546096720204205,8634583408029839871,131072 /prefetch:2
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2256 --field-trial-handle=1372,i,16253546096720204205,8634583408029839871,131072 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:3044
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f937688,0x13f937698,0x13f9376a8
    3⤵
    PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3816 --field-trial-handle=1372,i,16253546096720204205,8634583408029839871,131072 /prefetch:8
  2⤵
  PID:2220

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
7fb5fa1534dcf77f2125b2403b30a0ee

SHA1
365d96812a69ac0a4611ea4b70a3f306576cc3ea

SHA256
33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f

SHA512
a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
1bb0e2474268b85fc121b2d79e55674e

SHA1
a0155e56bb4db8e7f6d154c5c47b1c28a39e1b27

SHA256
191c759241627a0bac68b8fc8cd6c417af9d57c9ddbe9b6b2703447e37acf061

SHA512
0c14d73036f02709087109c4bf46cae8e87894d9e02c5512c2f1505cfaa577d92db16a4c6de6fd1cc1aea73645427db21f16801664e915bdea780d19379604c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e39d48bc1677245172c86cf21c18aec

SHA1
acaea54e805903a8cbc6dd82ca750b3b2d9ffa80

SHA256
d3a5f834d3467f3e52d5d39977c54d88a1a8b2735685a6003d48c3a13d8950ff

SHA512
55782181a5ca63074bb652aab076f228779a46a7127d2a95f8b1328a7f30ff66d8f44e46d60a6b99ae780dec5b622e59ab5d81e5e3956a4490d55106331046ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
077abb1a8420afb02ab364f6e0d4cb4d

SHA1
18c468223c74dc6535d462a9c6ef715ae36040d3

SHA256
75967251b68d1ac81a2aac19314222dcb34668df605c6cd78ed10aa5c8e56ee3

SHA512
ff121f8777b7b9078e0c102f421cf064e78faa5e7271f83ca3f157bffe52f52a7f0370db823357ff3b59acbc4d0861a3d5c6604db008f9841da6aaba9e8d059e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8e696c903cc90e52d0032575ebae309

SHA1
348e50bdc5bc65e7378f2da48d6d8879dab9576f

SHA256
7bf87dd23ffc58f64e754802e97d2646782fc7f7bd9dcb5e389f0a0a966c0f76

SHA512
ac247321741476b1b953238f42d2022eb75ab925aeffc62ce5636aafcc68196ea578c6668b968e6338694f0f506e307c5e8749822d669c0c26c0ba162031aca7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52935dd29736bd01db341f1ee4c3c02a

SHA1
18c652adb0bf17949e497d67967088e2c81f80f9

SHA256
50ceb78004af5b7b62ddd19c0ca258edc599011cf1d9d958e9e2594a33687e2f

SHA512
8519ffd655392f60016f69abbdbb5d0e68b463cb86d896f8f8f1c92ba3a68f66734a16f0402b39255572b0e12dd02e6278f3833b7c0f0fc132e58b984baf84d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0519947dee8d8301e75ac0b690cd361e

SHA1
4bd0cf02586ee09a290d3ce426ef1e099a16b715

SHA256
b5d9c9b62b9a9e6b4a3e5c7331ef77e6e73abb5ae5523d38d2f2e3e37cff7cd2

SHA512
7bbbc282c7ce195da6a22a12f5020de7d8c6ed77226c4fc901c6de47507737919716f4d75bbbb005f605d3c0e73dc20d2238138b67e901971cc4b64db46005fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
985f2d3612eb0d22e287451a073e1d15

SHA1
1fcf4f683a5c5b279cbd5aa0a29a7b434999c486

SHA256
bff7607e08c33bfb0b9ab21aaf876f78e3f8d29d5b68f74e7f614b5e7a4d639e

SHA512
b414dd556b2632d736006d17403b8248deae79f0a6efb3e4ff18e39f32158d014850f94d6c22030edb00665bc181bca526daad1ee49475a88f5f2b8dd442917a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78adb94c4a0aa3d2a64b942399bfebcc

SHA1
d73b057e21d11c0342a00b2d5496a011382e646f

SHA256
4cb02ed949bf79e31683288cb0c58b4d0945f225a0e679ef22cc4a3bb31aad1a

SHA512
cf86b64fbb817f86154905fe35e160e615bfb4571f7957cc8b55b3e8c155bb9a06edbf317eb6e8f60af341424ea77e8b3d97be332dea23e3408b4fc4dcb1d644

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
feddfcc599920b5985a62cab9be57dfe

SHA1
52f766cb1937bee2532b99b575ba3c87b820dbec

SHA256
163edf324a394ebd52944d9f354e56ed23fbb0571b8db33d88499919a6624aa2

SHA512
896dc03df1a1713531746bb57b1a1b8958644f6b52bd87fd173077966fe04898ee27b29ecea6a6796caa552bd8c6df52a7a94eb8552e145f0b15dcfd8c8e8fab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8eb5ce1ecdbf751c6c02a6681699776d

SHA1
015505859e15a72437e448a7d3a12778702ccd59

SHA256
7518d2dc2ff6ee3fef6ff5e6abf1a6e04754f072efe47a455de26458577ecc1d

SHA512
380621b0ee404ecfd1454a22ca1a34eff3201bbe6ac156f49089ded3dc32770e1965b7fe1dbc77d7bb7caa31fe36a6cf2d4335375b1cbb1ce0a99c4f75689266

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ffe212464d9b5576d2d0beab066cdb2

SHA1
d2bf1191457392d19be988324fecfec31e5158e4

SHA256
a818228ea87a36623d8ce214fc86e16200056400c0d85a49e70496c7cc1e11bc

SHA512
1aa74de38d20d0e5f6e43b9de1ef2be0c7e0751c33e3c27b12af67b306030652576ecbdcafdf36692e7bd8c5c23bf7645655a54913546da17653898e05ae01b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
3ff035fbe76e6e3b68d72cfaa79cac11

SHA1
a21fa8bc6bc388eec6cffca131b49e372d98214e

SHA256
975e60279adc3fd0e4bf93cc0b6a1958d871baf7169767713f0ac4aad1296440

SHA512
98021e143a39a9a2b981e83b63cc4a09de00c41159dd874ac9dd517789d090afbfd44371e068b64941bdf8ac616752678cb0d1818a3a13409a2bd5af9d8c96fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
3f4cac46593b127d63eb94880a0f1d8a

SHA1
3d647f5925d3e3a1ada85af1980bc925f0c1e4bf

SHA256
80f18acfbd462638ce23f86f224bb0b3ee2a13702883b2eba56bdf6cfe9aca43

SHA512
2823ec96ea127188e5075026e849bebdabc6cf4a4d9498b27c72a9aeee2bd406ca87049b66bacf2e00125e280287ab41bda6294e47be031568f894a57a7be186

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\lutsxto\imagestore.dat

Filesize
3KB

MD5
b27cafde3d5f7522424633936220802e

SHA1
c6b7642d39ea41ea5f0b696fc96c566eac9d3f6d

SHA256
0f0343a71c3bbaa43fa6488a9a13c3e659dae3e101ec8a92230fa3c133dbb41e

SHA512
a19597e57c27190b9e8fcb4434a756d67d3debf62648be6da7dd9ce6272b61b9c74420840ef9da54bb976afe9a85e8de8a68c87751498652fd4d44b250916fee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8H7UVK5L\mD7ERD[1].png

Filesize
3KB

MD5
73c475162d93676aa0f73b08c16390be

SHA1
112feb0c10455c383b3723a086b55371a34402c3

SHA256
2b205b5b388423376a4dde202f22297dca05b4f324869b1fd88c59568f511181

SHA512
b4dd2cca789112137d8ee8db01cdf642a105b05e9e5bc1886bf6fbc376b230209ddf82ffda5bc63dcce71d61d351621dc5c444fd0c43be9e7779b7f14f5bd6e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF7C8.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF8C5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF6DAE9F775805BC61.TMP

Filesize
16KB

MD5
43cb5f462787d6a1903ba5e3a393a28c

SHA1
1a289f2d6c3f1171e7205ef89635fb6d784fb0ad

SHA256
f6b1db4fb8444c4243fa04913283d0c209faa533338612b752b1e213ad2b168a

SHA512
eb1376f38504453cb4ce03361f9717b6345ef1ed9a40e339553e38d062e98a55b77a1668a1a8e4c3f4b187bb72c76f61109fea4f53ee4f1106ad7af1414cddd9

Download Submit