32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

Analysis

max time kernel
36s
max time network
44s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-09-2024 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

146B
MD5

9fe3cb2b7313dc79bb477bc8fde184a7
SHA1

4d7b3cb41e90618358d0ee066c45c76227a13747
SHA256

32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
SHA512

c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

29 discord.com
30 discord.com
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

IEXPLORE.EXE

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE

flow	ioc
29	discord.com
30	discord.com

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A3318CE1-6D55-11EF-B0DA-FA59FB4FA467} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b0000000002000000000010660000000100002000000060318061780f13e7d6fdd54270a291be445c431cf5d07828e770d26782592759000000000e8000000002000020000000327329926a9aeab16d946566b2c04168cfba1c8b9dd71099f551e8adf0e852ac20000000d7557a465088caae08a93f8afaf0335f0e19be72fe379f7ec75b9b8ae6e1375140000000ab8f9a5a1178135227daddc95addb21a5a82605bdec249c78e2debcb5504212c43e1a586a94ab99cf1988a4cd7728f34b828ba44d58da3da3e19efc0b474429e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000c76f7996f99f79fb34259c5185f287fea7d9f8844a06d98ec409352949128a86000000000e8000000002000020000000c5b78064bc576521305af502e99454fc6719f974152858660b54e1bfd01cddea9000000090ea122926daf8d44453c16a78226d7d259bf833ee5f425df0fc976d09713bf452d7beaf322aea7838cd310290d71f5758e85010d8c77b43bd7327b8f510058122a4d3119a96fff8fd2f42fa81ca468220ac4d7aca0a5a1eceb800db6bc2618403814b7ad1582b34f36d45b7a7e4fc0971c10e98a425247f76070cfafbad1bd1b8ace84a896ce2a1791c27131b25c71d4000000005f169fb63a48ac346169dee631be0a05ef362652b48fbb88039a680abbb5510317c89944f4b6153b9079a0aafaeb0a7898ff74db2f1994bf039f79f323c9772	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a03f35786201db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2904 chrome.exe
2904 chrome.exe

Suspicious use of AdjustPrivilegeToken 58 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

iexplore.exechrome.exe

pid	process
2052	iexplore.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2052 iexplore.exe
2052 iexplore.exe
1188 IEXPLORE.EXE
1188 IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exechrome.exe

description	pid	process	target process
PID 2052 wrote to memory of 1188	2052	iexplore.exe	IEXPLORE.EXE
PID 2052 wrote to memory of 1188	2052	iexplore.exe	IEXPLORE.EXE
PID 2052 wrote to memory of 1188	2052	iexplore.exe	IEXPLORE.EXE
PID 2052 wrote to memory of 1188	2052	iexplore.exe	IEXPLORE.EXE
PID 2904 wrote to memory of 2824	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2824	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2824	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2404	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 1940	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 1940	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 1940	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2972	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2972	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2972	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2972	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2972	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2972	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2972	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2972	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2972	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2972	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2972	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2972	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2972	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2972	2904	chrome.exe	chrome.exe
PID 2904 wrote to memory of 2972	2904	chrome.exe	chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2052

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2052 CREDAT:275457 /prefetch:2
2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7b39758,0x7fef7b39768,0x7fef7b39778
2⤵
PID:2824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1212,i,4076769716796840003,6383211968811377854,131072 /prefetch:2
2⤵
PID:2404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1212,i,4076769716796840003,6383211968811377854,131072 /prefetch:8
2⤵
PID:1940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1212,i,4076769716796840003,6383211968811377854,131072 /prefetch:8
2⤵
PID:2972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2236 --field-trial-handle=1212,i,4076769716796840003,6383211968811377854,131072 /prefetch:1
2⤵
PID:432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2244 --field-trial-handle=1212,i,4076769716796840003,6383211968811377854,131072 /prefetch:1
2⤵
PID:676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1428 --field-trial-handle=1212,i,4076769716796840003,6383211968811377854,131072 /prefetch:2
2⤵
PID:3020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1432 --field-trial-handle=1212,i,4076769716796840003,6383211968811377854,131072 /prefetch:1
2⤵
PID:2860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3932 --field-trial-handle=1212,i,4076769716796840003,6383211968811377854,131072 /prefetch:8
2⤵
PID:1500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3848 --field-trial-handle=1212,i,4076769716796840003,6383211968811377854,131072 /prefetch:1
2⤵
PID:2856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3184 --field-trial-handle=1212,i,4076769716796840003,6383211968811377854,131072 /prefetch:1
2⤵
PID:2692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2252 --field-trial-handle=1212,i,4076769716796840003,6383211968811377854,131072 /prefetch:1
2⤵
PID:2304

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1292

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

System Location Discovery

T1614

System Language Discovery

T1614.001

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e6bf877ecd0c7498df8c4241c7074e5f

SHA1
bb40d6d5b42d8d26bba84264e0d1e0a66cd352f3

SHA256
7734f448ff4beaf41ead9b5b8c6f6d143a6626065be0a531af7d4a577c1ef11a

SHA512
94461927e6798bbd1904eeccb0337bd729e5441b08605d329c0a332bc02ebc5b2c16f1ba3c106f7a4dce08d4ebfd55e3e20b6e1f4a98d51a27b4881087b34bbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
3605b07b4daa4f4f54e2034401e2c150

SHA1
1b81ca0deabcedbfc1f49cd63cb31fc8d3fc3f0b

SHA256
5d4ccc56c5315617a86bc7b9621c47a42ac69f0953c59880fc4015bbc84896da

SHA512
55d6b06358b825c1a9f86191b03f4d546febf4a591a7fdab10c85c4e77b5d65fa14a2ab541ce18112e3396511b8498c2aab259dbc9c80bf7eac55a8d1074c210

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
c404a8b4b0fede7b7e10952866854c59

SHA1
5316821c873a4f855f9ec5a61d884cea12652c5a

SHA256
d27b730394f8880ae38ed00a39c519942ead1c9f0f3f759b724c7b6923023691

SHA512
0b0b2b405aab9a0b97c6560ec929dfbdf51cb1a7d17e755c23bba5161d82a305e94e4e957223817a56578e1dd759923c7779c15342f81ed179f60b770cdf9d11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
6d4e6499f155a3937c781a77b601f402

SHA1
8e09ab8582aa03aeb3097c02082e98aa143f5df4

SHA256
178328942e038d6f5ef7bffbca8bb8eb6707e9360c05c13851865d66d9b9265d

SHA512
9c7ceb1951e385b7318f7bca14d9abb16c3de9bbff30668af3e9ac2110f927816a10c38266e03c06450ef451e4e45c318f3c3bd4a580b739181e15de4bb486a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
8e07f5ba6ee88df180883f7b2de04c63

SHA1
a048fbdeec463306c9634dc7b149e2e9ee2e79d5

SHA256
888e31f1fb7412bcaa9758b1122dc9f8d97efff9a2c0ca81af7ba78452795518

SHA512
85d233834fd90828291b811c1bdf0265b10287960cfff0bd0fb7494247b1f1de7f38b5e1fbb30e84541e9af4531085b3bfb57cf023689c9180b52c23e3e4bcc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
14597e23bc949b93b9af9766c7463289

SHA1
e63cd4742f714f2f92699dadeb191c44a3f0d4ab

SHA256
74046d746ab929a2906eeff8323e41c2375f3dd8b9ef7ca5fb331dea378e56e7

SHA512
c540879a6c6099aa64d2e8d82fc2517b13b2a6fafe4dea1c99c643a680aa66985afc337f02d1385f3a51bf21f37217f3b321dd4b3ce842c095814375eb6c62f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
4f0ca58c78e07290c39aaa9dd3bdddd0

SHA1
63db80c7cb84f35844550001a8a9f4dabccf736b

SHA256
9bd2c3618de2c19ebe49856219752aea8c002cfded2269b51d317bce0612bd86

SHA512
4118381e0118803549e4fbf3c65525b85c0be774c2f4af5e86773f33f78c51aff9a88cb511e51c1dd5fd1962385e7a082990b4aeb066c65596933a0e6ad1b498

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
769557f740d930cc4acaea4615c6acee

SHA1
a08d989709e7a8f8c5739e7f387bb6bf9e72c314

SHA256
6159bdee8dbfba49621ca60792092a22b5f8b37e2d7e3e0833287d621d68d61d

SHA512
ca37ade2ece8596559d45ed2d6c61dbbf96b7377e6453ebfb1ee66e38dbd8e1667d0fbe7a6dcab40e73cba08629bb4861883c1a36f686378b95742bb86efc98d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
8cfd8fa1b67b024b2c07705e0447293c

SHA1
3089ce4038668660675ef5d4992a242928541aae

SHA256
0b13b87c634ff1ed2396e9d50cc3f9c14b83d852e1d6f7290b120ee4f737e3e0

SHA512
d742c2ece8107a89ae4cca079c41bc9465f4fd58d5f2fc304c9767e4a5bbeb56a8489bf76b577ba1dffb439b912893fddb36cbed16f837291fad2bad26e9499a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
a256e5d247c9f1630b32243b05737a0b

SHA1
51fdd4a93d21c666a707450c0a077d6e00f80b22

SHA256
d5ebe6ef609d0c4b05681df391d4ce9e1eed59928630667a01cfa0a27dfd90ba

SHA512
28ff3564216f66cc321b581a89e8dfac0b8ac34e1cbf35aae4dbdf17f1900e2f4f06546f4fa864b1b01d49b4c520e162ab34b0d9e9d7b0e6382d29041dc25b9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
0e4a573cf0bb81eb1bd54c378185e0eb

SHA1
36cc701fccdb25e143ac10166b8e0d77c81000c5

SHA256
6588a67b04cd7ae1fcd3d5da091cf5f3f2aecf1a6c600c007806feead77c446b

SHA512
5c3224123c6b0eb3e64c79cb6d425cbb275149d1361b600a7f492419b640bdd82ce32c12e61929c7eb2ca36d1d02cb7f8d3759674ff576ef5b3284c3757d0025

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\69a49914-f4b3-4be7-b038-38d506f4cd21.tmp
Filesize
335KB

MD5
99e430eeb926e32d6d2af2f836a85f83

SHA1
83871a3d1fdaf5a5e8943a8f07df3fe1746f132b

SHA256
7896a3a4c362d16884e3769bb16043b202d34b3fccd4e0b5903f2bd210be3414

SHA512
c1261eabb1748d8a056f24afdb0d95645b2283c0f8440c4efbd7bca2d7d396630410e5ced3aeafde0582917b60333563b6b9777539f3addc38ad382fa3b58bc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
987B

MD5
0095e01218c2231d91cd637385dfbc5c

SHA1
56ab7803de6f9dc5986a2872bf73ff32016527fa

SHA256
b99101f388d02f67b03d64d8b9f068521e044e4084c16ba8e967adcbbb89d852

SHA512
36f26d39ca2fcfbec34c59753521a380773367fb31c109507ca8e86aa4ca9ffc038376b1f7300cb2b9116e38bb6e03a03c29e3317b03102bb1827ee122ffd1e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
363B

MD5
18117cfb0295f1aef622fd2c49aedb60

SHA1
0bfe0d260eca89281b3732b43ad39ecefe6787a7

SHA256
6c85d1a94c41958acbbb7a387e02086eb393e342564b5084b7ec7986eb48ecd8

SHA512
cca21a608033d4c4ad6cdf840a78392207536612fe0925e618ef53d16e35bc57f0c432ec6ca97fb2975320dfa649cfd320b432891205c978a79b824d9bbe9e53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
e0731d995013693b4276b7f315edaea5

SHA1
597fd43b6f96ff0481506d1ec0126c986098e8e4

SHA256
044e58d5712e8879fa0b785031b40d442f58dcf250c6e0cc8b5ef7252c9fd899

SHA512
2f438538ab541bd85dca3187287cbe4309f0c291b9e55794d076a4ce2565fa36a26a49d49ed768303b24704a7b7631a250fc29acaf86dc5c52292903f602c0f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
335KB

MD5
9142094578ac09dff75730c9ae9e2b18

SHA1
4ada4dcb256be0ed1e732927ba7c290eedf60f29

SHA256
8fb1a43566e17d7e01743c0b8ebaadc6b70d50081de224c4f23093c20962c28b

SHA512
5db4729e52ea70624302e830105cad61d649653842a3b9c26b8db397e095006d7b7d538b7ea750c7d2311d3ad1655601ead2157d08c171b80e90bc59103c155c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8F28.tmp
Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9237.tmp
Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\??\pipe\crashpad_2904_DQYRRBJGANMPGYES
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit