bb01fab12d3e52eecadacaf9f9aa21b0f7a588dcb3a4c2122651556fa790e2a8

Resubmissions

29/09/2024, 23:08

240929-24lnysvdpn 3

29/09/2024, 23:07

240929-235qfavdmn 3

Analysis

max time kernel
37s
max time network
37s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
29/09/2024, 23:07

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

edit.html
Size

317KB
MD5

61ac708750ab84d814bece18f38abbcb
SHA1

d5ee8c128be0b9cc0d2f2a927e40848a4c0e6d54
SHA256

bb01fab12d3e52eecadacaf9f9aa21b0f7a588dcb3a4c2122651556fa790e2a8
SHA512

15fb8902fa343f3a8d02c2d5a2878082c8f68c40a201217eeea6104038a75df84f7a8bc8e50d4ed5bb0e48e61e6a903ad60c245b4f1ada8ad9bf2a6a41256f57
SSDEEP

1536:16mLJeSBwCLJgIrj8G1hyARxzptmG0RbSEVecG0Z92F5fhvEGZNsR2t4/f/gC5/D:164Je6phZxoXqh8GrDKO8+sx9BQql

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0f7896dc412db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb00000000000200000000001066000000010000200000006fdbdc308594de5ba3fa036ebda07d10917fa40bbf9c66eafc9e84e2bd92c789000000000e8000000002000020000000b47b7e713dfa3f9e095b35e8ae5b19a514e9f45a6f352a3b899af5fafea5c088900000009f41ff35813527704ca9f04b4f26c680e0e9559c89501e1dfd9df3a92640cae6510152bd874491d0fef55d4060fdb28c03a01e78a52756ea8e7eb109a70dcac111387e79e0d949074314e36c367ff576950a8ed90a9eb214e3d4a8e6c2e3cce9e70b99b6ffa67036702b927f48e517dd902137fe3e725fb9c11924e7d4051b1f950a9d8755a5d9be1b695539fa8a6a19400000001afe006821f50b3b043d2f1b83c258e877abcbee7f1c51a90f3577cc9761a365b0b79f41ce49d64385908716e8075eeeacd48a1852634ea31823e45debc8f6b9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000c66808f9b20738ede784040662c1d8e659e66277b40c1e8c84a871e0d0a395e5000000000e8000000002000020000000f797afbc4bbfcf768cdd7e81da9f1bfc333003c3bb6e22db8648687fcb81e9f420000000a98cd1f785cc619e6be75ba2fa94271a42076386b6cefece8b6b3f32b9ced52e40000000dd9db31419b616d3a9b65f109fed0601f0ebf59cf5e0074d7d6558beb68c1b746ea72a764e6911d5d769f0f43980a5ab36cee74b20d2ab76668c791df08d356b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{98614081-7EB7-11EF-9AE5-CA26F3F7E98A} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1160	chrome.exe
1160	chrome.exe

Suspicious use of AdjustPrivilegeToken 40 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: 33	1064	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1064	AUDIODG.EXE
Token: 33	1064	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1064	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1332	iexplore.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1332	iexplore.exe
1332	iexplore.exe
2408	IEXPLORE.EXE
2408	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 2408	1332	iexplore.exe	30
PID 1332 wrote to memory of 2408	1332	iexplore.exe	30
PID 1332 wrote to memory of 2408	1332	iexplore.exe	30
PID 1332 wrote to memory of 2408	1332	iexplore.exe	30
PID 1160 wrote to memory of 3056	1160	chrome.exe	33
PID 1160 wrote to memory of 3056	1160	chrome.exe	33
PID 1160 wrote to memory of 3056	1160	chrome.exe	33
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 2628	1160	chrome.exe	35
PID 1160 wrote to memory of 1744	1160	chrome.exe	36
PID 1160 wrote to memory of 1744	1160	chrome.exe	36
PID 1160 wrote to memory of 1744	1160	chrome.exe	36
PID 1160 wrote to memory of 1728	1160	chrome.exe	37
PID 1160 wrote to memory of 1728	1160	chrome.exe	37
PID 1160 wrote to memory of 1728	1160	chrome.exe	37
PID 1160 wrote to memory of 1728	1160	chrome.exe	37
PID 1160 wrote to memory of 1728	1160	chrome.exe	37
PID 1160 wrote to memory of 1728	1160	chrome.exe	37
PID 1160 wrote to memory of 1728	1160	chrome.exe	37
PID 1160 wrote to memory of 1728	1160	chrome.exe	37
PID 1160 wrote to memory of 1728	1160	chrome.exe	37
PID 1160 wrote to memory of 1728	1160	chrome.exe	37
PID 1160 wrote to memory of 1728	1160	chrome.exe	37
PID 1160 wrote to memory of 1728	1160	chrome.exe	37
PID 1160 wrote to memory of 1728	1160	chrome.exe	37
PID 1160 wrote to memory of 1728	1160	chrome.exe	37
PID 1160 wrote to memory of 1728	1160	chrome.exe	37

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1332 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7809758,0x7fef7809768,0x7fef7809778
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1188,i,13073306099456212015,14450530816882915316,131072 /prefetch:2
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1188,i,13073306099456212015,14450530816882915316,131072 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1188,i,13073306099456212015,14450530816882915316,131072 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2104 --field-trial-handle=1188,i,13073306099456212015,14450530816882915316,131072 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2112 --field-trial-handle=1188,i,13073306099456212015,14450530816882915316,131072 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=284 --field-trial-handle=1188,i,13073306099456212015,14450530816882915316,131072 /prefetch:2
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1328 --field-trial-handle=1188,i,13073306099456212015,14450530816882915316,131072 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3452 --field-trial-handle=1188,i,13073306099456212015,14450530816882915316,131072 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3396 --field-trial-handle=1188,i,13073306099456212015,14450530816882915316,131072 /prefetch:8
  2⤵
  PID:2248

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2996

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:2384

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x590
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1064

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
f9774925e9b8a1fb207fbb22bc5bfd29

SHA1
a3348f41df93f1013b3ec40e2f29bb14db81f181

SHA256
4f17fa6d016068159b37566b6121e9c8ffd7d93ea58f4254d627cee8fe712fa1

SHA512
1e8f3fb38d94d4a9753ed0900480065b44fbabf10252a501979be9eaf7cd95b49fca46ef52feb95d8eeb7143497ea6d197a9e54f67f75063a23094d740ddf510

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_5F1852D5D9C529A084FAED01CC7948DC

Filesize
471B

MD5
6697ce03fbf6ebc4b5911c3d70407703

SHA1
e34bcc9657880caef6297e852682439c7d5724c7

SHA256
e8a02f0324198eb2f974f128a4f8b6b47d35380059b62dcb7cfe02642e3c1007

SHA512
d059125b819cf2a9b359c30d3c1d5ba78a45d1ec975c5f213e8635c5465d50d7441fd76e76c6c1772397b4b077e8f287ae9441e8960cc859ee7eb31b166644d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_64D0E789CB701290BBA99483C478F9FE

Filesize
471B

MD5
63b09bb1e8df01b7945e46d27f5ebb7f

SHA1
232eb08914f423cdd76b0495192c693cbaa50af2

SHA256
bcc140837775b687c00ee2db88ca68a4c95330bf38e7e5d2cde8225150a17867

SHA512
7029eec2921f9070da01ef6fff475d5e49d49923810dfd0de43c700aa57d85ce9640cf4dc1264d6ee5de4d12ac76554d41c5bef12a807d9cdfd79fd7de6027d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_436A12A0FAEB3EB0641FAEC097954DBE

Filesize
472B

MD5
00cd5141e171045b541e0afe9bef099f

SHA1
d98ecdf0cd929c533bb53c9b301b001fc9217cf8

SHA256
88b919805a8b2e603cb141d0f0303c8b67b6704f721315911d73d4440c0b1948

SHA512
b90f5ddfd8ff7527e191b74778b0ffb3fc4d2128eb6c7418c028c79bedf05300da62c1b7b84fe4d3fb546cc0eb3b172fddb083efc76f8c196b1ecea8b3fb0172

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
b3241916c6be06b993841b9589c662bf

SHA1
4e92a3a37ece5507b9bd52e2ea006f510c9e948d

SHA256
dcbf76c6d1225dd01caf4b834b6582e6cb56ad0b92572ab990f3dc0d9fa44d21

SHA512
086bd55b37d53a76b32a412247cd2b10ac2dbec891f4023f0e3759fc821add8c11060161d4f3c0e2fc570bc4c30afa1e3f38d1d716e28a8f4658a91a24b157ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
b4dd0f1db5d811a86502623ea7f0c4c2

SHA1
3615f70162be464e51dcf06998ba8bf2d3fe1f74

SHA256
b95d7e68750a92c9a6e6bab06c32ab02a8c00b5dbb2fd844bfd3f3a1ca31ad11

SHA512
54c7c64d1eae9c28e43dd7b25b22dec2522653d8f8dde7f4d208c66cc6338c4fa27dc57cbd4879c8e2852957b9652d18d7682b3bf31bd3dd1594b5c8fa7e3a3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
072727b7ed872fdfad59f65424b56bd1

SHA1
a605e6555cd8a82b10425b89c0d2daa019505ce0

SHA256
6d1f4190db900416cae0b078e3976fa56900e22cbead17334d1697c422235865

SHA512
bce27d178c5b47236379a6646ece5c21eaf4fdb8a1447d2dd40596ffc2c5e46f33d96e8077c4dd303a7f5d805251566f3faed7e8f3f0979a105f08bc452fbe9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
d07e92884be6a2f168a00fbf7192774f

SHA1
98185845b1aa5d523df27af2226317ad1771eb02

SHA256
a8d594dcac1614a72a0639c1ca5a7024dfa235225ed9005af0d507cd46ea3ac6

SHA512
afd2289a51b689802c11e56c58c4f9c546f4ff4fce586dff2f732b21001ba8cccd456e63adfeb4f21e2d38c3e39d5738e7c163c8caf9e3bf63a8f20257d68dbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6DA548C7E5915679F87E910D6581DEF1_5F1852D5D9C529A084FAED01CC7948DC

Filesize
406B

MD5
e4f3cd7d33bd2407fd8655b75f75383c

SHA1
d0ec2d60281e7eede57de4732cbe411fb28b99a7

SHA256
099c4e078eb8e7ff6386c3e8f78f5697e4e783881dcc72cf2ae3baddd997ce52

SHA512
4e63b8b585cadd020fdd57fb75b8216bfb1680cde78d99cd3d3c97855153ed46775166e8e1519ac8bd04d18b7f2249d550e4cbd1f46469648865d594d5a359ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6DA548C7E5915679F87E910D6581DEF1_64D0E789CB701290BBA99483C478F9FE

Filesize
406B

MD5
bbb488a3948da33741e45ae9ac625122

SHA1
38a1aac70feedb3123cbae5682975dba319c5570

SHA256
eb53bb06c7c389d7df2c8acda7f042c0e9f071f21d245a075ecfdc63a46823ba

SHA512
f5dd7eaab895a71ffd244d183e23ee00ca6c6365c2c3c67ed85a584bf7cc1fd8e3e33db375693c34c8b2f64745e64c6937f408f53d6470d7375f89b5507b4f75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c78f5a006bfec9e751df3ee5ef00c382

SHA1
4861e8eab810d38a67c4b5b4da3ad0423f57d0d1

SHA256
0744cc6263b188b35e1836d8d349920b572e364d870fa6ed6ac10196d9b829c5

SHA512
7d6733e27655ce28c8d362045a36be87f243ab9be42318da75f17fdd6d7987ca3e54375643a9ce00739aa952a760f376f9307722cdc635462506730aa06c4fb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8da7fc1623acabb53209b9a2e7205f90

SHA1
0ab54dac20a08cc5c2e732c1d31316ce7640263f

SHA256
d3eaf5318a6e937fabc823bcd0246303702558f997d1e84a1fd292a5d751b1e4

SHA512
b12ab47a13c0d2935fc5a6899eee04ba645b7dd180c6f05237319aa3d7ff90ca3177a998b46ed21bb6afd5116336047c68ec712ffa59f1e21b223d7d408eb44f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c0f72195fed10144c25a759fb6c71bb

SHA1
087b668b4a7c209f602f5a5f0e58f7451a794a45

SHA256
3a7bb98978424eddea8ebfc3efdd98890a8f43daffdc24b3039e92eabeb14afa

SHA512
47fc427d794b57c0fdc01d2ecdaa462267a18dd2244b523a6017022af39ae6f6ee65195a61feea29f3b35a3f152926fd3393be06a58d90d1acc22b22e41aa796

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea1e0bdf3973750e17228bf411297aac

SHA1
383114b2d66e3ba02f9dc9283d99b18fc0ad56cd

SHA256
60fc3634390ecde4fcc083aa6518dd923b14a8d81b1db1d7e8a8aad62c9ccdd8

SHA512
1894c2980541d748465f2102bc12d495561fc0955f4bea606f9ac7b58a92867d34c3d4ac45168137b5825efb36645dd555e1cdeecf572ab91b7677535df1b875

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6a7cf13acfabe767fd81a03737a2ef5

SHA1
08c554c76afd95ad33c96e2700db6450d9e4a8fa

SHA256
0b8ded54039ec512e2d99c9fba699d35707cc1362b2d04f3e47dd9f3f9a651b6

SHA512
518c993e6f0738ac6b83dae7333eded7be7eb3a4caecea75ea7a7698a93911a1a1a8d27cb3c0c17d7ce75398f40ce79356caee9870dfd6af4399f91d9e7c237b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6ee02b35fc426a3e3119a214cedc47f

SHA1
12f31a02f786ff60647b8e1ecf7b632299f327a9

SHA256
82ac58d3cb4395fe5e71dc49f008ec8be41513a6eedd1618958fb62076f3aa29

SHA512
9761cc8c21e01cc133f182b5137a777f3e27a9f4d2e6f8ba5c4f09145f86d91224fc8620f63970ce83fb6f639bbf4d207c12874d7c638fad4000e1a8e0ccee6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d641f8cbd529e7a3a78fede5029e9ba

SHA1
384f1eda94da4c1683dd2ea73a80cab7450e3488

SHA256
0a760e5da8e74b54966ed4796d5d667b8dd8b5fdc98d8a89ebacba700b2c0e80

SHA512
8b45663e6d53940d60b1962dac6e93f27098adae41caaaf5b490d01778023ee425858ac9e1368f8fc9ec88402e7310caa1d744a9bda34153682d8e0efae3a7b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7d46c67f5eeb13964db51db80ef5b8d

SHA1
4eb38cd8050631be2ac7985c2311633973f98ce9

SHA256
f99e2745b33c03d9d39e62e990e40c54e60bf65c9487f026decffb470fda7306

SHA512
0239f2f755cf23de70632cec76a9f9e821741c3c6cc74a644126d34511b5505699a3bae42ea60fca7168476c9e951e36de87488b948aae7617b183331ae8d9ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c60e760afed4cf4c74200b38aed17ddb

SHA1
ba4b9b12543ba257b083c4d2121b794905a6adde

SHA256
0144caa4dfa6e296fd1714ac3363cce22082bd7b3f9e4d452132fad8bfca692b

SHA512
1140d0f4f8520e9d2f2135ae04ce0e8b0796a0a4d6987bdbfffe3efa4e33956c889f32729746ba0eada33de490297e87b59e9e3edf3ffe38bd92aeb17c369108

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b5535cd59d7933510ae21f4b6bf8d47

SHA1
a5de94808ab7cc64a9176d1bec85fcb77d6d4731

SHA256
88d96904a59a82adc79ba977cb9cbeba035f7255bd486781ad417afd52457506

SHA512
80eadc696dae3affde6ecacc067ced34d93fbad96680510b65a64da891517891bccea3226284fa0df4e6a38832edde482cb3989c1a64f2bdbb494da294b2857b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_436A12A0FAEB3EB0641FAEC097954DBE

Filesize
414B

MD5
7266493b7b673498272417f82ed0257e

SHA1
a4f25702d4ab0381aae9fcdca83cbd52a5fbda2f

SHA256
2d0cd9e26c79eccbbf46e249e98b7b4849971bca9b754952ef9e7217c52db695

SHA512
aa0752c8bd6d94fc3b540817bb0b62c9eb3c8b01d49ed8e24382e56a4ace5d1eba3c98ade7ef9a49fefbd20288df27f8a8f7273d1d6dbf53ab4106b966fafc07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c4d1eb929c691c2467e65636b35c5915

SHA1
0926dfbd68e904bc218f9f723956bf8a4328dbf1

SHA256
063ad0c8a2395e4d48da6d76a228d70a2eff3034e4e5fec40d0c38d62f7bd2f4

SHA512
203756dc748468172ca155dce7d866c17b1aa88a2f523674aef8bf3e0b2c57dcd821209a9603128271f418cce6d6d3f2bccce4b83fe75415fe1a5fb05e57fe0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
328KB

MD5
86acdd765ad245c81e301cb0269e2e4a

SHA1
2b746fc2003cd2e186187cda0f78ef2fc09f98d7

SHA256
acbd49906ba97ed3778763b44f34d3893c4856887b2495b40e35eaaf101a6a68

SHA512
315d435363c626cd10430d2913019de32b4791526e3f428b4c19b14ab33db86b566fe7c0e4ebbf9746ead70712fa1ae1870e40998192973fd6d615bb5a80ab24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ad92675b-8b37-4c19-899d-412b37649d5c.tmp

Filesize
328KB

MD5
5d4798de479dd374583be3f26d2a40d1

SHA1
6d37890570f484610b2e615bc359e61e854e56ba

SHA256
dc80faee23cb9a39e1006a4cff12d4911b8513d49683aeef7819b1225ff2ff8c

SHA512
5bc5a741220d19aa643d8c50420be8a87de09102083012f54292c8ae4532e434c3938fc6f02deb78e54e3f3ef80ecd57e407cf1fdcf5c93031d2ec852ee74a05

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBB93.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD220.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1492-684-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/2384-683-0x0000000002E10000-0x0000000002E11000-memory.dmp

Filesize
4KB

Download