fd17c39f31d3ad3ce0c7d7f3ad03e85f0475e3e84e3e582dcac4864f8a2390c7

Analysis

max time kernel
91s
max time network
154s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ExxxxSet_up.exe
Size

749.4MB
MD5

fe069d8e3711f5c4ac4a0735a02fc303
SHA1

3352dcd0c6913f206dde60ea95afaff471895138
SHA256

dc5d859a301eec28319936a6b94d3eb439f7b62b890bcf177d25718a3b8418cc
SHA512

c0382e00c16c93e1e0c1a2a40937c84568cdb66f31e1735975546a3d1904d7b8ce12cb4d6c33ef07d993962daca6825a9446867305f308d29186729533289708
SSDEEP

196608:8lN3eZmCSq9xx0+tH8o7o3X0HXG6uq9+nkl0pIlKeRfMU/nV:sRExxrG3k2TqNvF

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ExxxxSet_up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 49 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9A2105C1-6D52-11EF-AAD0-E29800E22076} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BD193B61-6D52-11EF-AAD0-E29800E22076} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1648	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1584	chrome.exe
1584	chrome.exe

Suspicious use of AdjustPrivilegeToken 38 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2748	iexplore.exe
2148	iexplore.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
2748	iexplore.exe
2748	iexplore.exe
2816	IEXPLORE.EXE
2816	IEXPLORE.EXE
1648	EXCEL.EXE
1648	EXCEL.EXE
1648	EXCEL.EXE
2148	iexplore.exe
2148	iexplore.exe
1564	IEXPLORE.EXE
1564	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 2816	2748	iexplore.exe	31
PID 2748 wrote to memory of 2816	2748	iexplore.exe	31
PID 2748 wrote to memory of 2816	2748	iexplore.exe	31
PID 2748 wrote to memory of 2816	2748	iexplore.exe	31
PID 2148 wrote to memory of 1564	2148	iexplore.exe	37
PID 2148 wrote to memory of 1564	2148	iexplore.exe	37
PID 2148 wrote to memory of 1564	2148	iexplore.exe	37
PID 2148 wrote to memory of 1564	2148	iexplore.exe	37
PID 1584 wrote to memory of 1096	1584	chrome.exe	39
PID 1584 wrote to memory of 1096	1584	chrome.exe	39
PID 1584 wrote to memory of 1096	1584	chrome.exe	39
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1376	1584	chrome.exe	41
PID 1584 wrote to memory of 1244	1584	chrome.exe	42
PID 1584 wrote to memory of 1244	1584	chrome.exe	42
PID 1584 wrote to memory of 1244	1584	chrome.exe	42
PID 1584 wrote to memory of 1780	1584	chrome.exe	43
PID 1584 wrote to memory of 1780	1584	chrome.exe	43
PID 1584 wrote to memory of 1780	1584	chrome.exe	43
PID 1584 wrote to memory of 1780	1584	chrome.exe	43
PID 1584 wrote to memory of 1780	1584	chrome.exe	43
PID 1584 wrote to memory of 1780	1584	chrome.exe	43
PID 1584 wrote to memory of 1780	1584	chrome.exe	43
PID 1584 wrote to memory of 1780	1584	chrome.exe	43
PID 1584 wrote to memory of 1780	1584	chrome.exe	43
PID 1584 wrote to memory of 1780	1584	chrome.exe	43
PID 1584 wrote to memory of 1780	1584	chrome.exe	43

C:\Users\Admin\AppData\Local\Temp\ExxxxSet_up.exe
"C:\Users\Admin\AppData\Local\Temp\ExxxxSet_up.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2644

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2748 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2816

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2616

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde
1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef54e9758,0x7fef54e9768,0x7fef54e9778
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1752,i,16814163249851867315,4981822039684014714,131072 /prefetch:2
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1380 --field-trial-handle=1752,i,16814163249851867315,4981822039684014714,131072 /prefetch:8
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1456 --field-trial-handle=1752,i,16814163249851867315,4981822039684014714,131072 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2240 --field-trial-handle=1752,i,16814163249851867315,4981822039684014714,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2248 --field-trial-handle=1752,i,16814163249851867315,4981822039684014714,131072 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2020 --field-trial-handle=1752,i,16814163249851867315,4981822039684014714,131072 /prefetch:2
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1332 --field-trial-handle=1752,i,16814163249851867315,4981822039684014714,131072 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3852 --field-trial-handle=1752,i,16814163249851867315,4981822039684014714,131072 /prefetch:8
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3932 --field-trial-handle=1752,i,16814163249851867315,4981822039684014714,131072 /prefetch:1
  2⤵
  PID:692

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef64d905049f4402a4cee5811e123680

SHA1
5ab37010c398bf862c5f8957292646ec47507a00

SHA256
c0e39dc1e80a0bd9f5b1d0a60c8d316d22c15839d5bf0563c947fcf8842ad77e

SHA512
47bfb4ef72949a3ad676c4ccf27714dc11186609d9af148a999e03a9d6508f18a59256b210382a9f27858ae0dab294fa148c1a1912372cbec3b3a0ac1b487778

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a1539c021ac78ff045d04d580036276

SHA1
d98e62638e75fb840f12cfe1da840f4ab1f0f45e

SHA256
70528b1acb2ce8bec34c13d4b8153295085981626209adec6f903388617485b9

SHA512
0978566ded8683f5bf6ffa148e38231f82c3f01eab79651f3a5ab947977b2e1df6a98607d7a463292a09a2ba5b566932d8a598ce1f1647cd0f8224d3b69e251a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53a7393db2a90f6f884d57e788d2124d

SHA1
6de67e21a6fd5fa7fa3aedbfcc90388a1e2bcf8f

SHA256
def06fc435933edba8e9aa5af333ce142f4bd07406023fa24efe5b45e0df52aa

SHA512
7dd56d40b607fdb85811447b750cf3134a79d9071643a86b485365081f86af2853c29b044473c1bb8e258d8fa09447c7ac6ba6a8d4bb04b939c4f512f1238f0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c4108393550c81591a9d79e9a61bf67

SHA1
bb87ed478060ee33120dbae8914233978bb0b6a8

SHA256
d73aa6e432ce6c18dc5c58cff97f243083afeea17ab03821a21e00ed932000bb

SHA512
ebcfb7b571328bb440d198f794d96827c3e133beace493a5ff467928201c09302e447d534e536090e6f2f7b8041943bb4002a9e78bbb265aa6125100b7b5853a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad3953e59b81b81d3c15fe6287c6bef1

SHA1
b59f9f84d90477883e3d4c6789f30a39adcd83ab

SHA256
83cf142faeb68a9b8bd1204427ff80f01fbd61d4e5c7e79d73c66c2a65535304

SHA512
b96aa09b028221a4847050d4785a59df2f4314b633eb40ff6f45b48b66c610fb980ef27723ec67dcc3fc34e315ca1cbc0136f93df9d3c356bf9acdd29685b7a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ecf83271b11f3edf1b1e88506bcd30d3

SHA1
98b6eb28c034dc3fc80a18b1822c42dfba557cab

SHA256
17662053a0cf4b1645d07c068253357dcf3c4acfc23bd98a6eec7c24648d8eb3

SHA512
74f0e8aa442a1ab2c14de0fa70c439ca43ddb812b29cff26551a335e483bcd0561221abf38974e55d77b5318e02c7ffb8ce9ef3653bc6cf6d3de2e68c94632dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de400eaec0a389e5ec8536b731b89dfc

SHA1
d06968ecbf86467250030d67c746d916838aeb44

SHA256
8ad6378e9032c9226204fd0f99ba38baf6800e1b547ee70a09f193e2b383f49e

SHA512
d575b331fe1f7f4b252bbb2f3021a37f0c3d0a1cb4beaecb3a53c019cac1af0005360d887ef7f1d777de193ce3f786765350373b928f655198cc6e2ee883fbe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c584aced32fe2a673c1938c1c02324c

SHA1
401608c713aaf1502f90f3f209b58eae5482c95c

SHA256
563bf47c0c8605186d85dabacc729d719ac089e75e4b78d296f4c1e1d5edc5a7

SHA512
7bd54cb0382d63d1499230ae87a325a04b04450cacbe3d1d71ea5a6196f2fde847d4302ee15eb1c7639f43a2431908c70d760ade875f6958b4d09decb0c58041

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9d5f8910cf1cdc3ff6ce76858441043

SHA1
de8d0e2a8c5a4bdb3a08058ae403b8a01e104616

SHA256
f8151ebc5cb9c0f86b6372d4e57fdc914b2e974a63b9a271243fbcc86fecf4fe

SHA512
a4602d169b2d25ab8ecbda8fc94da73f180d9558cac626b7ea6f0e428e01f5fe22a67d1d085fabcbf60e64de30e443e3121a5032556e1e728599be9d46f99e68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
2dee510701a26f10a5d964a39f359b16

SHA1
999f8bba403e09ebb16f4d3ae29dc3b794c30282

SHA256
54e46c9f88a9546b9cf7bbe0938b99c99450959654f3beafbd855dce99943bba

SHA512
08e9f1b128c55ddee571b912feb4e2e7bbd901ade65e3444c1baac3762723951a302e52b8a75083fe454bb0201d1fc89d4537f370d0b22a84e39f1f9aac935a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7d07f11a55967b6436680e70a60de777

SHA1
45c11e43f75019d23fa31d96be7fd4a213b74edd

SHA256
5ffc9d8ac9fefce48683877bda4fbd4dd025471d958db9a6008c8be3dd2f4ae9

SHA512
b3f24e925c62d19ca47e8e1e3fafccb1366d76cc830d26db2490bcb59de9da5270777fe660a67a9bf4f97822206edc93fc463950272580b574f1466e1d0d0f4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6d8308bed10b88a4612a779d2d53b923

SHA1
92a5e1e079c26b1d424a5b8e12b8d2e1b83c1cc4

SHA256
94b61e6999fec6b45276b122c7d0e20bd9e03d0dba3b1027deedb482c028b668

SHA512
16ebeda836c06f62e074157af10f69ac28a246f27100eb76a2bc27b8ce416ce5872d03ee5c279bfa66b8ebb6a1069ef779c130839219308434c840cf4e7868e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7b9366b7822fd2de18503a72487052f2

SHA1
4c09095c71e053706423f15b054a76c85bdd3356

SHA256
79b24ee367d6612fe913a1f42791a8c51419e644e17f8a7d6ee9a3a69590e8e0

SHA512
27107e71ba8a8e3c4fac385a6f690b67f7e54e839147daf3d4651c73b650ea3fcf76a66f3558950d35414deaa053d0e495b21f6f84b704f6ec6da8260197264b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
973c5997dc0eeb725fe8a9cd23e870ff

SHA1
be41fa43d4f8e94d709e9bb71c0b55902dca2572

SHA256
3ab312982f65e39542be4f6571b7b6f625d508b00599674c705855c940e9a39b

SHA512
e6cbcaf5b65738355b0b3cb55f89d736ac9e67bb35d127ef6b14f6de2fd48ccd90543150dfe04a6f7bfcabec6f7e5454c23c5eb8095379d9dff20304233f41ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f3118a0e517a9d2ea505e180e6f7297b

SHA1
6eb693a117d76b61560832bcd388029efc619e69

SHA256
60edb0927f2b05ed88dd8fffb78e3f0afa0053c4a72022ebaf6c90c74550fa51

SHA512
0768ed160e12bb73733ac05f5472298af32676b7d9a17523dd36f4c484f45d2e94c028b43e2243378135850f2640fb10075d6177a9df9455ba402302c977774e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
321KB

MD5
0d6482cb4d34531310fc5e2668715bf0

SHA1
fba46eaa1c554e83ca5328345c0da8e96f9b3d89

SHA256
733ac334eb9e0287e06d0b89053f6ab98949670182151a3f30955a2ad5979615

SHA512
239b6162c3834238ab6d8ce74929405096392199c9ce6b865d53dd02f64938d5ffe0c9376d4d0835d6f3f6df5090db8bbf1636f1e17e509dd5d575eaf0b73077

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e1176364-9703-40f7-a38f-e6de742934c7.tmp

Filesize
321KB

MD5
894eb7cc0de17a6a96e9e9b59a52427d

SHA1
42d30263dbcf4293bcacd7313039f17bc4269008

SHA256
33e670085f9556334335314feda73ac0f054356bae3b8658fe6376df5862ce78

SHA512
b4080aaa9b7d455ea98695da0b250313fab10799285d46c2607fa4a90fbe29a18414ba2251e6ff4510cffbc2f6531abcdf9cf5b213930926c153df98ec6f5810

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab49C0.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7B00.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1648-11-0x00000000722AD000-0x00000000722B8000-memory.dmp

Filesize
44KB

Download
memory/1648-10-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1648-23-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1648-24-0x00000000722AD000-0x00000000722B8000-memory.dmp

Filesize
44KB

Download