Analysis
-
max time kernel
71s -
max time network
111s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
25-09-2024 18:15
Static task
static1
Behavioral task
behavioral1
Sample
EFT Remittance_(Laura.hose)CQDM.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
EFT Remittance_(Laura.hose)CQDM.html
Resource
win10v2004-20240802-en
General
-
Target
EFT Remittance_(Laura.hose)CQDM.html
-
Size
1KB
-
MD5
5c20655a9ba6f99339d1adc3f42dc522
-
SHA1
e0c7eed94cc94de4f52cdb5133081c2bdc2e4a9c
-
SHA256
e9adeb5ce89039ced9c8c75364cbb91083b5cbb6b66f4b06265b544f20bca773
-
SHA512
beae5248be92ec6ef420bd50d5c95bfa25fd8b642f638338c6b9e13c60f814ff1049f0e85ac7a0b1129b5743eb59817ba5b222c9b0a30b8b304b5c5b5cbfda88
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f00000000020000000000106600000001000020000000e3b5793340a2c07f81427bfc209e49d571e728973f75719e6eab3171fd788244000000000e800000000200002000000023da341bed6e7531091b19ea49d95e801c2d1a34f71719659e2e771ba843b033900000006ba62c12132f7ceea827efc9498f5b72b71f7b8dd055937f9e78dffb3514d9ced8cc0627d03130d208cfcb0ddc6d24e1133a64b63878a6eb697f805218d76809ddddf8fe84c62807a7dd849c72e32d28d3fb93cc631bcd16c86ad9a63296f9268c7f8c5b77394980cdb85476927b48cc8aab8e04fee766f97b40046a301a5979230dc54411dbc3c347dc27284de2fb9b4000000087f3d93f943ab31bcbbb153c3a7ac4f36bbb955f1d765cdd4781ca2487a4dbd460a5dd27d4f4fbad706e682738125a0565e12650a1f94911d29b8c3cf5ea246c iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TypedURLs\url1 = "file:///C:/Users/Admin/AppData/Local/Temp/EFT%20Remittance_(Laura.hose)CQDM.html" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url2 = 0000000000000000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TypedURLs\url3 = "https://login.aliexpress.com/" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TypedURLs\url4 = "https://signin.ebay.com/ws/ebayisapi.dll" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TypedURLs iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TypedURLs\url5 = "https://login.live.com/" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url4 = 0000000000000000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TypedURLs\url2 = "https://www.facebook.com/" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url3 = 0000000000000000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url6 = 0000000000000000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0b9b7ed760fdb01 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f000000000200000000001066000000010000200000003bea2a7bac4dd02768ae91c12b0d03a8e2c1ede14e03f1c994e092023eb28da3000000000e8000000002000020000000a7b789092a6663412eac29e32c8b2902f4f88752ac2b30c37a382d9a9970d23d200000005ceffd095db494813f15bde42fac35fb156066cb3cbdb60222967640507cf01c40000000f3dc988474d2d744716d7ff1c8671dba4b9072dd9c4de1e00adc9e42524b861d3a25ce12dbd548798ea295df61e83e92df901b250b4a705837896973cb2a98e3 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url1 = 20d717fc760fdb01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url5 = 0000000000000000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TypedURLs\url6 = "https://twitter.com/" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433449979" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{19503F31-7B6A-11EF-B578-7A9F8CACAEA3} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TypedURLsTime iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2960 chrome.exe 2960 chrome.exe -
Suspicious use of AdjustPrivilegeToken 22 IoCs
description pid Process Token: SeShutdownPrivilege 2960 chrome.exe Token: SeShutdownPrivilege 2960 chrome.exe Token: SeShutdownPrivilege 2960 chrome.exe Token: SeShutdownPrivilege 2960 chrome.exe Token: SeShutdownPrivilege 2960 chrome.exe Token: SeShutdownPrivilege 2960 chrome.exe Token: SeShutdownPrivilege 2960 chrome.exe Token: SeShutdownPrivilege 2960 chrome.exe Token: SeShutdownPrivilege 2960 chrome.exe Token: SeShutdownPrivilege 2960 chrome.exe Token: SeShutdownPrivilege 2960 chrome.exe Token: SeShutdownPrivilege 2960 chrome.exe Token: SeShutdownPrivilege 2960 chrome.exe Token: SeShutdownPrivilege 2960 chrome.exe Token: SeShutdownPrivilege 2960 chrome.exe Token: SeShutdownPrivilege 2960 chrome.exe Token: SeShutdownPrivilege 2960 chrome.exe Token: SeShutdownPrivilege 2960 chrome.exe Token: SeShutdownPrivilege 2960 chrome.exe Token: SeShutdownPrivilege 2960 chrome.exe Token: SeShutdownPrivilege 2960 chrome.exe Token: SeShutdownPrivilege 2960 chrome.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
pid Process 2112 iexplore.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe 2960 chrome.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2112 iexplore.exe 2112 iexplore.exe 2376 IEXPLORE.EXE 2376 IEXPLORE.EXE 2376 IEXPLORE.EXE 2376 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2112 wrote to memory of 2376 2112 iexplore.exe 30 PID 2112 wrote to memory of 2376 2112 iexplore.exe 30 PID 2112 wrote to memory of 2376 2112 iexplore.exe 30 PID 2112 wrote to memory of 2376 2112 iexplore.exe 30 PID 2960 wrote to memory of 2452 2960 chrome.exe 34 PID 2960 wrote to memory of 2452 2960 chrome.exe 34 PID 2960 wrote to memory of 2452 2960 chrome.exe 34 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1820 2960 chrome.exe 36 PID 2960 wrote to memory of 1388 2960 chrome.exe 37 PID 2960 wrote to memory of 1388 2960 chrome.exe 37 PID 2960 wrote to memory of 1388 2960 chrome.exe 37 PID 2960 wrote to memory of 968 2960 chrome.exe 38 PID 2960 wrote to memory of 968 2960 chrome.exe 38 PID 2960 wrote to memory of 968 2960 chrome.exe 38 PID 2960 wrote to memory of 968 2960 chrome.exe 38 PID 2960 wrote to memory of 968 2960 chrome.exe 38 PID 2960 wrote to memory of 968 2960 chrome.exe 38 PID 2960 wrote to memory of 968 2960 chrome.exe 38 PID 2960 wrote to memory of 968 2960 chrome.exe 38 PID 2960 wrote to memory of 968 2960 chrome.exe 38 PID 2960 wrote to memory of 968 2960 chrome.exe 38 PID 2960 wrote to memory of 968 2960 chrome.exe 38 PID 2960 wrote to memory of 968 2960 chrome.exe 38 PID 2960 wrote to memory of 968 2960 chrome.exe 38 PID 2960 wrote to memory of 968 2960 chrome.exe 38 PID 2960 wrote to memory of 968 2960 chrome.exe 38
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\EFT Remittance_(Laura.hose)CQDM.html"1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2112 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2960 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6799758,0x7fef6799768,0x7fef67997782⤵PID:2452
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1364,i,13743615359348095398,8344348429689872896,131072 /prefetch:22⤵PID:1820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1364,i,13743615359348095398,8344348429689872896,131072 /prefetch:82⤵PID:1388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1364,i,13743615359348095398,8344348429689872896,131072 /prefetch:82⤵PID:968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2256 --field-trial-handle=1364,i,13743615359348095398,8344348429689872896,131072 /prefetch:12⤵PID:956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1364,i,13743615359348095398,8344348429689872896,131072 /prefetch:12⤵PID:756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1464 --field-trial-handle=1364,i,13743615359348095398,8344348429689872896,131072 /prefetch:22⤵PID:2784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1456 --field-trial-handle=1364,i,13743615359348095398,8344348429689872896,131072 /prefetch:12⤵PID:2224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3436 --field-trial-handle=1364,i,13743615359348095398,8344348429689872896,131072 /prefetch:82⤵PID:1528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3556 --field-trial-handle=1364,i,13743615359348095398,8344348429689872896,131072 /prefetch:82⤵PID:2436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3672 --field-trial-handle=1364,i,13743615359348095398,8344348429689872896,131072 /prefetch:82⤵PID:2440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3644 --field-trial-handle=1364,i,13743615359348095398,8344348429689872896,131072 /prefetch:82⤵PID:1752
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3548 --field-trial-handle=1364,i,13743615359348095398,8344348429689872896,131072 /prefetch:82⤵PID:2896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3848 --field-trial-handle=1364,i,13743615359348095398,8344348429689872896,131072 /prefetch:12⤵PID:2004
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2312
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57e2dd447da52bc80d9774e86800518af
SHA1ee0c11d39e7a191cfbd20b129d03b4b9e3fb6712
SHA2565c4c73c917cea5a0e1b6f6612ef99fa3710c1df30b7ff5c0d426461997d9430d
SHA51211c18b80e46ba7def0d67dbafe3044f0c42130c2d3639bac7e6bb2a4b6ab6537b13c88936b506e61ea1dbf7491a84525f1173f35eafb307e22c9cb39536d656b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e031584be332d73a2bcf372562956421
SHA1e4534a53cb3fde221573f079179f48635839afc3
SHA256dc869fe5ee4870972a41f11f872f3b0c4ba5c01cd2bd56db74d7fe2b0d0e11cc
SHA5128ce396d76229337fad5076e0dbc2b18b2cfff2da1d61b8949489925b0660e8a744c9ffd9c158d1dcba822cfc530436011530915be6c210b2104226c65a106de8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cf873e52e6650082102e7d50180ce364
SHA1f49ebf0b7c13f4ca3ab88323037ff1c5cdd0d97c
SHA2560f9d1664ad51a378228e9a2465cb7c32e2c2e017afd5590df9b149c4789b070c
SHA51246b8c41e206ffddbc025485f3bdd7c858c8806340f5b73ed2d95f98a2de6c112be8bec30acb42a63c50917cd25b9e09ace9c201ca5a672d03143a2fc44aaa2e1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD522aa058833c19afd65b8b765a204a46b
SHA144236a532feb6792e6a097f8d1c877ca27ebfd5a
SHA2567666ef0372ad4fd091fb69836ca8f78fe3ba283af33f6b8a93dc802cb66eacca
SHA5128acb57c6fb4bddd7114aa94951081d458a5bb4f10b97c31bcc176b878d8c3305d32c4a26a5acd50d923684f766b02ed1e6d83ca394d7cfb128e6fdb0c84993ef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52f04b92fe2e3713c81d902856b53d95c
SHA1ecad35cdeae1a9bbca128ec0af75f81feb89405b
SHA256531c24fe5d27bc2d8a60ff4e4187f447487ceda3b1caf6884be23ba653e1704d
SHA512c7c3ca46d673e10f16ad7e81c2129e73c2de8896a629b192ff0cb97857022df5eed6a3f2fff7d4ddbda294f5ba08353e8c47894336bbf495d1b17f58efb8fb42
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD545ce2c66a0a6ab73f253c21fe687f852
SHA13cab47656b0267cdd414e0a0f1a79a5248f45475
SHA256806a335a862c16d81c0aa34edfb5a428d0456e5a4f6ff7b3c8e37b0de14f0929
SHA5128297c535515b133e000a786fad818b63b3d36753f274f4e97123baec12aeb03376d48ac16832d3d354c11365e19f50a71c6a4aac46e9256bf4a8adcba130eccd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5313bacccf86d5141b90289c98ca6b76d
SHA1ea544104eb77d72a2df9f91c577400bc55dd529b
SHA256934ba8fc1614bcc180fa8407a8ed4d8bb9fe0ee53a338db423b70d325b89eab5
SHA5127d957a68eefa57c4e52f036dc4e5c120d8b6506c4bd4a3b17d0e4f10156e78c355aa1ecdaf6a7ad8d38844ca4045c76c6e29d23a8143c0d143a14eb5e94570af
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b8571ef80fe437831c74a68948d9bdd8
SHA14c016abe13592dec57f9fe8c2e2ebaaf4a0aeb5d
SHA2565704dfd57923b179c0897490412c6c042644df9feee2db4ac94fbde8339b2f01
SHA5129ccffb0f2fae33ceeb99d0f5d5c24bbefdd74e46cb22acf237c6bd073b1df42557565fc1f9e3ea78c4095675d384637c7337eb4edd43d2a35b1896c05e61f3d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD519ead50f78cc4faade0011ff94447c1b
SHA12cc6024c269656f3b54db5a64f05e4acc2bdf213
SHA256dce3636c12f49967023a71041e5c746a4eae88570a8a72b11b5f11fb9da9d797
SHA512b7fe3676fcfb2f1d4c62457fa0a94fb26012fd4aac9846f085a861e2f69e60309bd374bf6fbd5ba1d6cd2e514081b8cc86c55096b5eb16dab0ede6a238355e62
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD520a80d1854519cf15f546526401f3a17
SHA11901d2e5d07f99237ef9aaca459049d36f8ee598
SHA25608edd78a984223d11ecf7e17811b5c63a64058bc2e4e71b7cc8a314ad9dd7eb4
SHA5122568515597d5c6b01e813873a2cad28fdc84becefab2994d808cd7b44709c1f0a95f16272efb893fffa256c8e2a3583a269a0403eccb9f83971f5f67864c54a7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58d0e4ecc7feabc4f2ecc39038ccdee5d
SHA101ea6fc4943c1279e909a53011bb7ad02be7b5fa
SHA256674c78d052fe4c1463de6faebc8fed2514f8202b73ac808351d8fcf6acfedd13
SHA512affeee1af99819e43366a06cc0718f8f68258ff43e85a96feb3781a73ec61851aae44742cbfec510b215b6e544513e97c00f654881f4ca6202c51f4ca9ec92cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57517152e16bda55761a5f837b7fc8c59
SHA1cd17c9c926e051ab60ccef98bfd33c53c3ce18e8
SHA2564808ab7a53971bb5e9b07f5ee0e67bc10d9c8225b0ff0297c8d06f0f086dd2b7
SHA512471c3117f5d62bb4bb1c9b463adff33bb00626ac637fce2699bd2d626aead70a94abf3eaf767be84742e0d5492635bea98009cb4e509b529d69641cde2c60105
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5173aa5bf35c48bf01d5d0545c4ff3f95
SHA1a042f428811e58a14f266a5c1d03d1e3700f64d3
SHA256a8eb4d411f36e07c4db88bf729f5caac1c64061954493fb4d9ec5751bab6b77c
SHA51267bd49788ed63e2b35770f333057f16d2dbfbae03f5d1527f76a3f34c7433e745ca33a84599e6c0b83a2bed16cb441b0af85a702d89600b859de4a9312564b2e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54548e0170754e294d7141a3fdfa678d0
SHA17f4ee71cbfb097107c838580f2910cafe915eb53
SHA25673dac49d70460c0016733d6d733e9ba58d994b5b5b01e9199e99f1e6e2555220
SHA5128ae59ef5d58c5eab28dc96d5fc71e642ad73af78cfd9215dc79a7b48380c0897acbac37136f96c959df90f9f74a3560f28c0d75cabbd4752a306e41a9ff57e96
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f2ae693ee35fac32250001c123e1b915
SHA18703eac4062d196ba3e79d3e1bff8c312005352b
SHA256622115dbaaf2d566d213664d5f3abb94a7532df5ed4cc970e4282a3f8542805b
SHA5128534398f35841193b1f08db548b0c87f7283c9ae7aabf3f5edc6ddd6934336455b1bf57ef901162adaf8031debf363fed295e6f8f060ba53dbfbf6a50a631077
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59bf031a24506a86c5ef4580030bd5882
SHA124310326aa3da26e1bce33769e357d946e3d5b81
SHA2569d2bf118f0207598dce9caebcaedf57875d04c5e165c26b482a28d0f661f925d
SHA51292777ec448585ca6e0f3410a51529239aac57fbeb7dde72118946f51e0bcd2d65bf0d49990ed67172c4158338ef18a521ee4ed0ddcc87bb701fb2c87d02b3824
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f8322a4ebb48c46403f1e9f70d8a0bdf
SHA1f7626c3c419877c5049bc38322d7bf123670b9e7
SHA2565d9763b6da4073bdb422ed4a9686bc48d53b790cb15483879f6bd5156fe962c7
SHA512382c23c44d2a7a0269dbed33f54a4021525aa3cfc10bc71bffbde31e1c40feece463eed9a635baf7dee310d9da5de8853acd21aebde00ef9ec02cc6182f2e5e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54f97e7eaab8c416e546497fbfcdf848a
SHA1ede5a409a932e4bcab29e3c1779eb55b7e72f714
SHA2563495318484e685ab946669933d245cdbaa384d9577bce38649b5e8571a0916fa
SHA512031ad68ebe6e0ccce9de8ef09af5ab8fc6bb50a764a111a3787850a9a7365ed3d309ec3aa33dcb4b4931152c3b81fe1171dc64bfbcad54b0d02808de29bd12d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e604daccfa9dbfb10487fd6f235edb9e
SHA104502938c7ef91d430547645813ecd58ff8e9a8a
SHA256e42fc63df2f1ab234efc160d26a801ed4ef0602fb7518ac6572a5de162e2e78e
SHA512dbc4a95ded66641dd54c55204d38a7a548cf7dddfeb20998f42d169f6181a30e575893da5cbe8ff01fa752da6dd87d1390eb34ab2a2921a44143cf4c49f9fa98
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5541ac71e42aad67f4fe2a892ce2c6c1e
SHA1a0e58b52afbad2a04a650a4831dc54dff4f08a88
SHA2563629c84af22dd6b286d69c94f5655b41a9081330171eea2f80071abe0984a138
SHA5122ee710019f053240155dba4c4fc3b29d7786a4d0eeab669cb246894ae7c4afe9bc3e132dc9044ea7cac1de8124ef15b25ae66350a21a838766b2998412d071b0
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
523B
MD50ac8ca2c0bb441f1aab21952833e7c1c
SHA1a4a98083efcb90e7621d248cf02622a650146aed
SHA25652724693aa655326e8463ec99f53b7e2cdd5e7b016eb10518ad4d02c3ecaed3f
SHA5128d91fe933e0f97e9c589dd054316d21a87f64217fe8e469263f16360d2e9f7da5ca7413da8e3f5e39155fa01d4dc0c1af300fdb83fc297e9fd19c2c45e34cf04
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ed79daf1-0594-4634-b1f2-dd9ce12ffb55.tmp
Filesize5KB
MD5110da46acd748741b3728c0c7b617b5d
SHA112262b98f35acac74508426c38e853d6aee45d2f
SHA256de6d83e60558ae83491f6f5ccbd0d1485acf92ac89f1872896ac31f7618da683
SHA5129ea22d8bd2029725e7a29acb35923b169579f7620320c0c22519b82cfed196b9a64a41fed9f80699da519e0f1f516645401ee35e9e2d715e2593469ecf7b127a
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b