hxxps://internet-explorer-9[.]en[.]softonic[.]com/download

Resubmissions

28/03/2025, 18:32

250328-w6kxjs1px8 8

28/03/2025, 18:29

250328-w4xtbs1pw7 3

28/03/2025, 17:58

250328-wj59zay1fx 3

Analysis

max time kernel
54s
max time network
148s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
28/03/2025, 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://internet-explorer-9.en.softonic.com/download

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8F6CD6A1-0C02-11F0-9567-D244F45D826F} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000596298383b88f045b768ac3737055a040000000002000000000010660000000100002000000049e0b3d110f5a413ef35c28b19f4e33376e1e83cbc4cd9fa26e24c0efc52082d000000000e8000000002000020000000d07c1d9a895a75a78b008418cc0c0c718f2272b3248c4171ed445efd4e166f362000000030ad39b1c6010bc2e920ce6d47738186ee36f2277c087649ab46b9289ceb52654000000069795a58e3226b0b72f1087da22fc23ea024a08889cfb087f8699ad5af5caa9fa1816602b0b4baa1f28479c8c8d8dadb3ec39e650ade1f43acd3e8b54eefc0ef	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000596298383b88f045b768ac3737055a0400000000020000000000106600000001000020000000788055022781c430bc93a2f3e6e3253056babae569d510572745e9d3ff10d20c000000000e8000000002000020000000022653cafb9101e22dc47f52f9aa34f4f7609d56413b3cf7f728f7c1743f8649900000001e415312f0818c9a4e94faa5bd70bdb36c2e02a9d18efc4218390e3cf32a867719bc2ef1903eb189151b61c9e8b4715f3800491fbff32f5322dee2c29f5ef3f950a5cad5cd696c5ee54416cc6fa311e65ee81b4f04c49fa21fdf63cb7e1da6718fc141797cbd9780d989d5c7fa4a1504e8b958d3e59f7f645ee09c2f831fc7fbf4547b378a44d6c6a43247e9e8e1ac0940000000bba7b5651c199a21cb35466dd4810edbeb393d8025faa7b386074bb675e705fe862069d19577d90bed293c506a7d2703cee173100d35f8fd7675bb9179132b86	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d078c4650fa0db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1084	chrome.exe
1084	chrome.exe

Suspicious use of AdjustPrivilegeToken 58 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1636	iexplore.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1636	iexplore.exe
1636	iexplore.exe
2104	IEXPLORE.EXE
2104	IEXPLORE.EXE
2104	IEXPLORE.EXE
2104	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 1636	2584	explorer.exe	31
PID 2584 wrote to memory of 1636	2584	explorer.exe	31
PID 2584 wrote to memory of 1636	2584	explorer.exe	31
PID 1636 wrote to memory of 2104	1636	iexplore.exe	32
PID 1636 wrote to memory of 2104	1636	iexplore.exe	32
PID 1636 wrote to memory of 2104	1636	iexplore.exe	32
PID 1636 wrote to memory of 2104	1636	iexplore.exe	32
PID 1084 wrote to memory of 1344	1084	chrome.exe	36
PID 1084 wrote to memory of 1344	1084	chrome.exe	36
PID 1084 wrote to memory of 1344	1084	chrome.exe	36
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 2480	1084	chrome.exe	38
PID 1084 wrote to memory of 1464	1084	chrome.exe	39
PID 1084 wrote to memory of 1464	1084	chrome.exe	39
PID 1084 wrote to memory of 1464	1084	chrome.exe	39
PID 1084 wrote to memory of 2036	1084	chrome.exe	40
PID 1084 wrote to memory of 2036	1084	chrome.exe	40
PID 1084 wrote to memory of 2036	1084	chrome.exe	40
PID 1084 wrote to memory of 2036	1084	chrome.exe	40
PID 1084 wrote to memory of 2036	1084	chrome.exe	40
PID 1084 wrote to memory of 2036	1084	chrome.exe	40
PID 1084 wrote to memory of 2036	1084	chrome.exe	40
PID 1084 wrote to memory of 2036	1084	chrome.exe	40
PID 1084 wrote to memory of 2036	1084	chrome.exe	40
PID 1084 wrote to memory of 2036	1084	chrome.exe	40
PID 1084 wrote to memory of 2036	1084	chrome.exe	40
PID 1084 wrote to memory of 2036	1084	chrome.exe	40

C:\Windows\explorer.exe
explorer https://internet-explorer-9.en.softonic.com/download
1⤵
PID:1996

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://internet-explorer-9.en.softonic.com/download
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1636
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1636 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7349758,0x7fef7349768,0x7fef7349778
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1380,i,4631163665525287707,16947905970479289089,131072 /prefetch:2
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1380,i,4631163665525287707,16947905970479289089,131072 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1556 --field-trial-handle=1380,i,4631163665525287707,16947905970479289089,131072 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2316 --field-trial-handle=1380,i,4631163665525287707,16947905970479289089,131072 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2332 --field-trial-handle=1380,i,4631163665525287707,16947905970479289089,131072 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1396 --field-trial-handle=1380,i,4631163665525287707,16947905970479289089,131072 /prefetch:2
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1332 --field-trial-handle=1380,i,4631163665525287707,16947905970479289089,131072 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3452 --field-trial-handle=1380,i,4631163665525287707,16947905970479289089,131072 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3568 --field-trial-handle=1380,i,4631163665525287707,16947905970479289089,131072 /prefetch:8
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3456 --field-trial-handle=1380,i,4631163665525287707,16947905970479289089,131072 /prefetch:8
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1828 --field-trial-handle=1380,i,4631163665525287707,16947905970479289089,131072 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2368 --field-trial-handle=1380,i,4631163665525287707,16947905970479289089,131072 /prefetch:1
  2⤵
  PID:2932

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b45681b5f0b92bc7b29406dba3556e7e

SHA1
5a7b908f83114f05a92ec6ebb2ee68c13f938363

SHA256
f8ac63ae005f4d14a09f189cd2ac60f91b8a66e110962e6858894d7bc494a820

SHA512
918745f7cc26a729f068d63bef23718a1b56977603e8583f654c45d1783462ed0dedf8f94d91e298f8c405eaaaabf3c6a2d8e8f5deed1bc160d67a80cbcbf3ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c734fdcf2dc05dc5db8586d63747aed2

SHA1
9a1b881039aead787f2208559a8748fc3007dc07

SHA256
373143bdbb1a1723f21dbc8f552713c0a63b8ccd808293566ea1a4501389a1e2

SHA512
e9730f4dfe3056e2940633b6a789b56830758d6516f585a18b150195a4eb037e9223c5d93432e37874b13216020ee01e75701e4d12a71d0504f3ee5cae5279ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7eeb64edde1632b9fd29823aabf6606f

SHA1
e2837ebb2849e22e566dd2724132cacc3af0739f

SHA256
52a6cc8af6ce4acbe187877e8ea14b1a283ae027966d7216dfa8a1e28166a004

SHA512
e247d4d74ec42ca2662c23a8d896024eb5797228a0771297f6ed0cfde1d25f995ece94b75dc08d6cca838773f8d5c51b0988214c0c9198fb7b6b7a793d25b402

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5945cc8f090589ea7d7bd0f32d0937bd

SHA1
25ce171ba23e3d0497d5d34ee4578007d7ccf962

SHA256
61277ddec5ff94679b6c246b14e12f306791360f88c678ab5f76d0c1169161d8

SHA512
a78aaadc9d6259f2fa6e2e5004f8db5e9d7d69714195bb3047eba599f01673ad9a129d3951bd61a2447743110a8569acd211e3cec3f24331e3287e0989b67a06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4644d40ffb3896550b815e40b81837c7

SHA1
ec5cb223fa7ab49b11bc08be81901733f065da35

SHA256
5165c393211ef8cb956ce28fc217bc3bea3c176675170bd719503f439623d459

SHA512
ceb85ada02c89480945984a80573502b58198ccd72633bf0672d5429eff37b0e9bb984c5c28e543fe4cc4f5eb41f73fbe33e85e3bdbba26a41a3cfd1aced15fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df21cfd27a8271f7acde2c825e79862f

SHA1
5d05c24f9f52fb2ada65a557b951947aa8993650

SHA256
0603d880b65da5cf31acb3eadbecd04df72c8c29c2506d9c868e1aa433c968be

SHA512
370e979f0464554cc898b9695a57600fe754cf5ac7f77e20dc320ecc261264482b6aeeb0edcc7a3420e54c9ad4fce43e17fb75c003a785897bdf59e237a1dbbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b83f9d7ef61150c278792ea13db6a8a9

SHA1
de0ef4a2a6e13444d277816aa4108fbf5c0d5762

SHA256
6e92be3a14d97ebd3f838108c83558f98c24acf1760bcea881348e4e36b7ebf0

SHA512
638acbfcc4520c762b390be31513412c2acf89e99420d8eded0a0c085288b199d2fb6de458f3ed4cd2c76af24351b6446fd60dc4718c0d2d50723156113e08ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
39b61b0f384e6f6d80ccc2c77c3db885

SHA1
64e69fb7d6d65d45467c2c42c0c9f106e80ad4bb

SHA256
638380322aaa896f63eebdc23981c752b124898465fb2750e739b100f5707041

SHA512
96a0e6940aa0b70dfb6023f376049da82c50ebdabb2736a79e1a521582639682d92b72d226857e1fe6e7724dd9a76b98c7619c573b8e282fac7e5ed331addb7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41801019511921b06d5407158636611e

SHA1
fe9fbad5fa12526e7ecb43fae47bca44c111deaa

SHA256
a9dfb76c8be18209c960a66d9c29456b6d7625dfb22bb569c339899519507949

SHA512
29db77d1327c5fcd282c3d6e177e146b34d04693e4db47d1096117d7b5b2e37c66b4feb2b0a672922d1e6d9430742ee87bf63d317f463b0132296d24928674fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7feafc3d2defd89750a35583566ccc8e

SHA1
c36bdd24fa524314a888d27b4a0883e65d241431

SHA256
26b30c902c2d323344e63cf84f90469b0a063c9803c8a2f855871d09472eb3be

SHA512
22f1f785460055dc8a2e6a18fc5f975be60c86b331fe3c4cf15eb6ba3c14417999c85d62969f0e1d4c4164e066499635c911a361f4380e6cf8eb2556cc027b56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d762d982d45f897fb17a5fdf9939d34

SHA1
53ea57c067977bc28b5198718b885988a063d207

SHA256
c26c9357a200682ee7d9e0d70c8c5ba5a9ce665c4b691115d5fe0fd25d77829d

SHA512
60862137cf338be6c6d6e54d0b7aabe5a22a0794e822801d9ba0821940d478b88abba6517e116632a5a680b9e88049bc9f6ca4e96442569c945343082dfad1b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9df534a8ae051ba103e07c1d20362724

SHA1
bcb7e1dea0fdc3b2875d605960f8cd6e14f8a297

SHA256
4bbe00c9bee7744a2ee9442ed16e7aea5809d0ccbdcf86a1725bf1cfe1205f1e

SHA512
99111763cf5d6422a32cf3c7d46289277a7af993aee5d763638c0463033cd54970a7d18154994658bf211d33b8c2ba175be4a71cef56dbce1977e9cefe9f6a53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1afcbad2560c8dff3bea3055cc668dca

SHA1
a45b49da1b9d26dd44e67ce9fc87875990935589

SHA256
e4d0577ff97cd1a13c40922da09690edf8d837172ca281a4a586ceab232008f0

SHA512
065550005ff9f33ad38452aef25271aa065cd85322d2febb061d850a4f2eba48cf246c24321f0a57017c22497ac83017cb8cf92e2dfaca34bc29aa77b36cf1c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e08c5f57d0b2b5e21f3d4630a881d1b5

SHA1
7ba0e6876d6ded92c811975dd628bd7c483e52ec

SHA256
852aa12636fec5cb122b3c353aa7709e209b0a20b2d755626dc39eba0331c116

SHA512
d21e9bb51a643a16e8993b9047fa538622e7e68960c8c6a7a6424e5f069b5f29a514cbd86f30d7da05b09ec8a1df7e88fd567b86164ec6c7a2f32f7e0cbc002f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99e3255d0f86ad54fbb897bd47fbe4a1

SHA1
2016db4f2a1f6fe205077a5ae7c7d2b4114e7a6f

SHA256
601347c26dc519590d2fc6ab394d0857bcb4303d0c582a40f1c60e50800cd5d2

SHA512
d11d47129265c31d004457ab2ba6e0b7e5399196a5afa6393fd187b4e05331fda49fa8a81b46ef64299815d157c9ecd799f35f3540fcba193492a3d27d090e83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9a4bace7bf8404b2ea14768c6960464

SHA1
5d2b3c9ba24317f7fc317e8a380ddbcb29869761

SHA256
e3fcf004f19eeb2f0140fb13c2cea7e4d0cb24497d6c1da4afba695100a94a6d

SHA512
1efb94e3d96069e397efd09cf47f1c8e2e813ec86d29c805ac8a7233383a1aef76bc3d0c355150d5c08a284c4307b3354fcd75fcfa9904831d3b2e12fc320298

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21f657a8d94e289ec7194233b598ba7d

SHA1
a3af69dfde7e090973bcd07c5d76e70a4b0ce77a

SHA256
5f14167669657ecc36b4d1bf952834ba6afc4f5685dc325a4dd10e462e14b348

SHA512
4fbb0aa7070575906597f59433c9c63353cf8962d8090ba8c2d05e2c76158361d60517c5011d1a411273a9957ab12e60bee8b8dbc00c95a13c140c94b5d7e4a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31b50fe43151e779685c33a083446ea3

SHA1
42be9f01e8ae4d5d816e052108b50ae2b1a1b624

SHA256
971a335b3db7d3a3d6fd2cd2ef3c28d98b1cf19e786b8c54afda066c89e68350

SHA512
1f85dddb570e65d7f4f52b06da9014b8f3f2ab2a3831f47992cbcbac7fa62a068cc48dfe1552b1a846f12a2cd4d7d8abec62a97fb76611baea8d6273ed437852

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3f577aae160675d55a8c64f18638e1ab

SHA1
985a628f55c3165b37fae3748f14348b55bed796

SHA256
b58a20e410c8a9490da2add94a4210ec06046adf0eb3ad540b07d390d925c192

SHA512
e65f361c4127c66bed5ef5931b39ef4343482fd8827b858fe16c53ab8bb829c9069cb7f51df252b20cef501da6fa182d176247a40da4f93fd5edce6bbb65ef8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7f63345d7088c44c2c645696ae865481

SHA1
97bb5d56d0521c93dada0d9b966bb64481a32eaa

SHA256
a56babea54e42279a87b7ce8c0376806e116b9d407c6f9fa099c601ffa66e34e

SHA512
77090a1ad5e2c3c0fe757b9c60463e43cf1fbc457e15688aa777478c5344d9d135230da4bb2afd32f62b4144473a8c5d4792cfced579d458e02ae23873c4e110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAFD2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB0B0.tmp

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB0D3.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit