87df9375087d55904d53ac7a15cd174770442f9b3d47fac1816fe455b71535e7

Analysis

max time kernel
877s
max time network
1088s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10/10/2024, 11:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fggUHLTL.html
Size

2KB
MD5

202c05eae3dabf1206805385e1c1fc0a
SHA1

a78deee7a41a0130dbef7287573aceab802aa7cb
SHA256

87df9375087d55904d53ac7a15cd174770442f9b3d47fac1816fe455b71535e7
SHA512

dd9fcba8ab38b1c2b2be9537fbbddb3b6d561f997978b478a4deb83885cc61bf3cd7ee2d7356a46502f22a0a526a5047d81a75f15c9d194c04381ed51a5f390b

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000fffe73a6fbb58abda719e607c40c23493d25aed71bcaccfc04f8426cc5c7dc6a000000000e8000000002000020000000d517585292cf046c2979b0fecde85ed5fe4c3f00833462f184527b8e22f6363020000000222531aafc8a4a06de03c01bccd2a74febf4de862eb9f1a871742959b0bf4f5440000000005328e0cbff7860adcc3fa853367908c7116439a5155d6886aa7684beaec86bc340ced94dfa0e1b325ca16313df14a3805245ec07de871071b7bf97e9a08237	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000c16f877fdd6b18b9de78416a8a501ae3057d26199dc3f7bbe27416b4937890f3000000000e8000000002000020000000c8b7d9a8f6a41cc631f97c6f2920fd86b5704c8e4f51c2dc29c887162001db1190000000faa9cdabbca4f14c2dac5bb0e4cfe9b677555d099a4baa15e69a842b9692aec51980352f30cc841b53cb7b35f024113b455537d3a809dc9e5b5d4910005f08685a112f0e5579882b7805fe279d39456567887e3c1562a5c297934ccc10d164de37c5402791e4ff6e814f1aaa84a9fe344b373940b376d71808634489eed0f75cbe76401cf250316e6a08b40fbe3bacdd400000002981f0cdbaf8e29beffc487eec875fbe7c867284fc421d91861b25bccd7e9f8167622189d9376dfd36c7ba4462ca4e4d2db1605aba93e43b6d76fbdbc261e9e8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434722954"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FB4C6371-86FD-11EF-8318-F2DF7204BD4F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0cccccf0a1bdb01	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2984	iexplore.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2984	iexplore.exe
2984	iexplore.exe
2812	IEXPLORE.EXE
2812	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 2812	2984	iexplore.exe	30
PID 2984 wrote to memory of 2812	2984	iexplore.exe	30
PID 2984 wrote to memory of 2812	2984	iexplore.exe	30
PID 2984 wrote to memory of 2812	2984	iexplore.exe	30
PID 2740 wrote to memory of 2792	2740	chrome.exe	32
PID 2740 wrote to memory of 2792	2740	chrome.exe	32
PID 2740 wrote to memory of 2792	2740	chrome.exe	32
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 1528	2740	chrome.exe	34
PID 2740 wrote to memory of 2168	2740	chrome.exe	35
PID 2740 wrote to memory of 2168	2740	chrome.exe	35
PID 2740 wrote to memory of 2168	2740	chrome.exe	35
PID 2740 wrote to memory of 1576	2740	chrome.exe	36
PID 2740 wrote to memory of 1576	2740	chrome.exe	36
PID 2740 wrote to memory of 1576	2740	chrome.exe	36
PID 2740 wrote to memory of 1576	2740	chrome.exe	36
PID 2740 wrote to memory of 1576	2740	chrome.exe	36
PID 2740 wrote to memory of 1576	2740	chrome.exe	36
PID 2740 wrote to memory of 1576	2740	chrome.exe	36
PID 2740 wrote to memory of 1576	2740	chrome.exe	36
PID 2740 wrote to memory of 1576	2740	chrome.exe	36
PID 2740 wrote to memory of 1576	2740	chrome.exe	36
PID 2740 wrote to memory of 1576	2740	chrome.exe	36
PID 2740 wrote to memory of 1576	2740	chrome.exe	36
PID 2740 wrote to memory of 1576	2740	chrome.exe	36
PID 2740 wrote to memory of 1576	2740	chrome.exe	36
PID 2740 wrote to memory of 1576	2740	chrome.exe	36

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fggUHLTL.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2984 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6879758,0x7fef6879768,0x7fef6879778
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1184,i,3896187169527774777,11983370771703621648,131072 /prefetch:2
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1184,i,3896187169527774777,11983370771703621648,131072 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1184,i,3896187169527774777,11983370771703621648,131072 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1184,i,3896187169527774777,11983370771703621648,131072 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1184,i,3896187169527774777,11983370771703621648,131072 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1268 --field-trial-handle=1184,i,3896187169527774777,11983370771703621648,131072 /prefetch:2
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2144 --field-trial-handle=1184,i,3896187169527774777,11983370771703621648,131072 /prefetch:2
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3196 --field-trial-handle=1184,i,3896187169527774777,11983370771703621648,131072 /prefetch:1
  2⤵
  PID:352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3432 --field-trial-handle=1184,i,3896187169527774777,11983370771703621648,131072 /prefetch:8
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3552 --field-trial-handle=1184,i,3896187169527774777,11983370771703621648,131072 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3804 --field-trial-handle=1184,i,3896187169527774777,11983370771703621648,131072 /prefetch:8
  2⤵
  PID:524

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a831c45e0170314e9a057cbf1fa8defe

SHA1
918d1c5eafc9d3f3b785ffd58cee627c6f41adbb

SHA256
c61161d3cabd935580641dd7c2ddadcf4d956422a4f499435887aa1d333a1f2e

SHA512
d05fc01a8701014c512c1d99d98bbfe0c8982f6c4ee5ea0ba7b6d01cc93a0d65b6b0a3b2680b2b2d8a66e926bdcb463cffdb1a2390b7ba647acc97c2bb5b19d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
731105c790c72daf803335a52ea8eb2e

SHA1
5bf4f5b875d30a89edcad1b9d913dda44fd3e02f

SHA256
821f9f1808d78244d5bc31f5f17ea0a7e2150da3da2707e951eb8009d878099a

SHA512
2ee51eca7440b66dfa6046ca34c420fd1f182a949e6f2f1b8c82b4cc08a4389d23e31788dbc2f54ac50ab9522267449a6e3bc96c85eeee844d6506c17929fdfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c54e707a97499b71ca5720468ce1eb90

SHA1
25af0771c91e5434cb0babcd77c0aeb2fb7fbdf5

SHA256
6675497f380b4e2241e61006395e24248cf29407980fdc6792e26627c8de2032

SHA512
3132e655502f16d8a82ba120cc13935df77cd4a872ff4f817c978c522deeee57655721234839b54ace5ae15892010ea5fe692e5a19f1b520b19b0bc83539b472

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af843dcef4257c9b11328161b7ea69a3

SHA1
7a220ccda6bf8a488fc0b641a35b371dc783d434

SHA256
097632a83e3902185d09eaa8da17b2bc62aabaf43a0c145c3bb94b2d743bf571

SHA512
396573bd7bc9135ee253d77a82e8d895bf203fdbffc3463ea543566b60f56cd80ec77510657090725fcbf2ffd57ba1a86e0edea026c6f3c592679163bbc3ed07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5d8a7a0f3f28b3c55ffee16ee974990

SHA1
3000fe1b6e11501b99cd6443392c67f4b4718359

SHA256
4c477b158d6d81c48bf21c9bfb96d38a413d0433c36bfbf44e5fc06796b59585

SHA512
9088effbfe209addb49e344ff0b70f2dc9634ac56acb4332c2a1d77443196ba90fe1615a7dcc1ea938708f96323d996c918a259e304233859a2bcf2a01fde2b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3139f0bba2327154f3d02e6fe4e5a7f8

SHA1
59ba1c6bcdc8977e6f0a081ba5640b9106809f9d

SHA256
506008f6cd7bed598ecd241be3d3916f322c40dd44cc11fa5a3066a732f1e3b4

SHA512
6f3dba09a5c077a54a03e28bf3086158b1c5930f7fe4519c1384a94fa4f386196e202383274d472bb900fbd933695dd6100123ee4cd5b111199b5ac1a3d9c528

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b59c03659eba4f0473e83dc13178522

SHA1
18869a887d891385388c86dab65c891b96300749

SHA256
5781a5d05a1d7d03eb5ca4f0ee5380f34390921b6455b080d858a4619eb2ee08

SHA512
39f2adefd75feb8467dd77d0a2eedfe658980c783c2b9951fc9b81d61974d3a37402b8df1e082d0dceae007e79e48b7737f2d93d6373a1ba258c57e16797f499

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee4ec909c8896bb4f0af9b23a90573e9

SHA1
a78245fac5f0cfbc8afcfec4e3b8733332a6bb42

SHA256
e0c01f82ddd9675be05e5c7c3635d1b3eaeb76a91a62c521d339b7b691fdb316

SHA512
6574bef41938d13ffac4994b7afb67ac32c023beb5d782365981e00733137cb017f72f1ab08134959937617fd5d012cb3e33046a5321d147af8ac0b44205cce6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
acd33e873cbd42c57f66f0aa82f021e6

SHA1
905a094d94e4d76ab95c10c62aaefed07a26a3e0

SHA256
251831a984aecdc80145d6bee43ac024491227e075b2840498359b029efb2d0c

SHA512
ea530aa00cb9591136eb8fe91269486cc387d3a13759bf1dc34268c773510e875e937b35791cc484a6f3c8dfc5d7688c14f4fe6e0723fa7e2c1748a10b9e418d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49c46430830b363fc7c6785364a0d50b

SHA1
530ba0cd7f8622d76095c1b588121645aa5add64

SHA256
dcf4b270f29bc792bc22c103433c46c186c8b24a8830ec6d0a5b98885dd9c5a1

SHA512
75113f0bf8db8d950a8fbdaa2d31ca6e6d5557207561d52436d2bf7adaf73103db483be82313a267e742a63333921902dc728768160b6cfb7d248772518cd0b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
483d3cfdec1e00f1ca69cc6e6593b74c

SHA1
9d40441ce90d3662acf1610cec63992ae31026e6

SHA256
53b4ee11c469698fe4a8304069f1e35bcbb3792e064142a78dafa41ff16d0dcc

SHA512
5e4771d98e996ea766cf4b3eb3b7ec180856ad1b4ed910616a6e809484ae989eade654b31c478a3324ad6793d43a93e804579a74b693c55ab70a2c6a6fcae020

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b88040ac45b89363356ff2dad3e87e2f

SHA1
d2332c5ae387025e22bc0c619e745ae90380f972

SHA256
bc75073ceca1108af23bbcfc1da9cd3852662330c0592ca7b9f073cf3b1660a2

SHA512
e72a816e5d33d7c3780359467d05e0d8e15539e0fea85bb63432aedcaa7fd51298fe5390c8d59b180d870641b3c48e9c622bf39a02213001a0e2f0be50a6940b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
abb9d4d6e8c77d4a6a8addcbac2f9534

SHA1
8227e3ff10d0bd62db98bf61261f63482a451145

SHA256
36689ee78acb3b89380a5a5244aaee56425caa18333658cdcd3717c12e88a2ba

SHA512
7f99640b3360eacc86619d4c7b7c060104b154ddef77bdb3f69e48dd94760756e30ab4b6cc35d6105cc9c349a073b2fc384b6af1ba86eaaaef96f3e8bf33f10f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a44e033f1ed245618648712d73dc348d

SHA1
da32ab0900bf621fda1cfd221f703cf38778f9d0

SHA256
bfd21e71b663b334abf64dca9a15b5757b0842b2e5558023cd929ebcf601aa12

SHA512
ad02ede45eb50c06357e0c03fc41c7fef4fdf2ac484af1aa9dd81deda2447d795b88205250e83caceaf54903a91e4f99ad0153f82fcba6e56d7cbfd2db0dbc60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a770c47aeacd86abcc167b3cc362717

SHA1
023a0c48e5e5a3cc6ec73e0d82062c2424e508d3

SHA256
fbd4946d8ca60fbd56d1983c6cc42b459b516a6c56e13a7fbf8260aa2ee47cfa

SHA512
5c6facfccf15ceb8ec5b30b38a8e151b5f8f7e4fe202671cac1eb4c11b55080d47dfc19661b090995bdf150923da7f19ed28cc9e9ed6f55b45b0c1cb6844aec7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e666c626228b08105e562c64b7240c0

SHA1
6fc3d7dedd8d77859f2f90377e8ea5489ce0b8a7

SHA256
91c788f90c34a63faaebadda2f4846bab9f9889ade26ce287782aca5ea0a4332

SHA512
41d86bca38ee48c735269dab409fe0ecfa95b6dfbffe1805b0125d26323eea69c674add49a685f7ee68b47c681a47076970c4910f5fa73c4719b422b35e2d78d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0baac73e16baae824ccb7bab55808f8d

SHA1
0f38484bf841b31d4a76c7b90608b4bf08727ab1

SHA256
4cb84c1eac7240072ae80cb786250247ec1d75f2915b9842acb3a392e3364c69

SHA512
e8d8c2914146d9c9a901dfe9fd3b6cdc1bc5a54d95ab2e7544a841d871ed14b4c01715fa6c4b25fb24cf6f3e4d622cd5b5b5a00edeb01ede9dd46170bd2028f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aaaf06b4cd285a8e6889317801a74055

SHA1
9c0ae16e236244699740a1e6f8a67fb622877a5d

SHA256
03641078593597a339116a22c474cd35f4d88af20411f912ec2cf88a97352e55

SHA512
e072fc9eb09653c9d64ca90d9adb9fa36768ddd2dd91dbb3fb856029edc35f6bc32dcee0431d30a8293533bfa998273773eb6af5031c7bd92c29dd2241600573

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
573bd68ef644d3a4ca18cbae9ff1ac11

SHA1
8d76852a151c0fa44f0b7b5620c383cae71734c5

SHA256
e1cc0d2a71868f73d6e396dfd512dc2d4b62f2bcd94976aee02646acac619d9a

SHA512
5ce5a81b7372c30d6d89c4fe1d1c681bc34c7fcd984cd9d05e647591e1f661e0aecc5d3febc1c535588d8de31f6e0714afd0bf5a6539aa5c7c4138ab39d93d49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c3a539c53883c5c509cffc75cf632366

SHA1
df0d7047b7c55210f39475cf39517a4527e14b09

SHA256
086c170ca98a24e077b948003b3d03d93a6a62dc732b701a9860d967e99594ff

SHA512
32441ba19d0b2ba0375ff6d5e605889e1dd64d6e561e510ee5c3d9b46d109aef16dea6771585a194f2c6139a580eec89f978933239a864d33f26a6f3c5e651a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a4f73236854693f14da5be7b78da7244

SHA1
0ec67a564d974dca78d246a17f53d0139ffaa58c

SHA256
b7aacd83124000dd373115b74887b48ae7947f401c0eb85fb2d226ff3093ab27

SHA512
5e22ce5a7ba787c0b5e811f0077c4167dcbd226cfe0d393d446f9eca3197d05efd040055f1df087918338738284d641ecb1369a36822b4b42ed10c816199155e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8BDE.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8C3F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit