Analysis
-
max time kernel
387s -
max time network
407s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
05-10-2022 22:16
General
-
Target
https://www.anycodings.com/1questions/4780935/how-to-display-image-in-ios-push-notification
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 50 IoCs
-
Suspicious behavior: EnumeratesProcesses 7 IoCs
-
Suspicious use of FindShellTrayWindow 35 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.anycodings.com/1questions/4780935/how-to-display-image-in-ios-push-notification1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1944 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef70e4f50,0x7fef70e4f60,0x7fef70e4f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1164 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1256 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1692 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2136 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3348 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3616 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3780 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1936 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=544 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3308 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2696 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2132 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4060 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1044 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5068 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6760 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4084 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6828 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5188 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4300 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=544 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2280 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1201475804394597698,9409198918573335266,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x15c1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751Filesize
717B
MD5ec8ff3b1ded0246437b1472c69dd1811
SHA1d813e874c2524e3a7da6c466c67854ad16800326
SHA256e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab
SHA512e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61Filesize
300B
MD5bf034518c3427206cc85465dc2e296e5
SHA1ef3d8f548ad3c26e08fa41f2a74e68707cfc3d3a
SHA256e5da797df9533a2fcae7a6aa79f2b9872c8f227dd1c901c91014c7a9fa82ff7e
SHA512c307eaf605bd02e03f25b58fa38ff8e59f4fb5672ef6cb5270c8bdb004bca56e47450777bfb7662797ffb18ab409cde66df4536510bc5a435cc945e662bddb78
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAFilesize
1KB
MD54fe07d38b801099750472306097085f4
SHA1fafaba82f0ea76283f51812fdb727dadff069278
SHA256ee3bd4c4e64ab7defba453e939a37b406b7655736c997f51688a6f1f49ca8f6f
SHA512005c0038443876c43f837b696dd742a8514bdeaed2c7bd737ee3d68d1caaa6146b014faa80358614a5070d064a2a386e514937081ba7fe971e3d44419321e32c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\53D83D5BBCC57E2FE4AAC709850C6A8DFilesize
503B
MD5cd8cb57ca99b885ae5848485e9fdad44
SHA11a3b29b0b35272b2d6aeb1ba912a6f5f4b9ac659
SHA256dc3883c8daacca274d7e3c49e659ae673e767ffa8bbdaad7eae30ba3797883c9
SHA5121de042bb0522c0642f59a422e7b5a1c34eca090a54781bf8282f288ca39f1b5fa6788ee3da1c1d2fa7b42e2a1838e2fe43502dc5e9df01a85174d511c41173f1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27Filesize
1KB
MD5f939fe99c512cae1fda15c610adc67e2
SHA117d7c4b71f6106a660932e6dba44b0040905eb63
SHA2562ceceb8c8873362121cf29bd064d1f6b0865f728498346c64331f3f32136c3e1
SHA512fcec8bc16b95b05c0f51082f9ae55004905cf1409c4c91ccfb4e60a8cf9830630660927e56e1fe365d7899b2267f4e21297f641292de988cf2a5063a11978307
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82E5EFAE5E317F906E87A3199BC409B4Filesize
503B
MD58f4c8bf338da69e4a0674f0a152d564b
SHA112f592f1d8be4c983649d2bdb7f045edf0800161
SHA2564533fce4bb7f79de67bf84e8d2c8cf7663e03986b0657812bf3347a31fb7d206
SHA51248337496bf8d20fa23608cafdfae12b20283ba3108352dc21682bbf9f0553413a56eded71b278c3597c6a136cef89a1867a639cda78f12bd329a4875794d5d31
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015Filesize
60KB
MD5d15aaa7c9be910a9898260767e2490e1
SHA12090c53f8d9fc3fbdbafd3a1e4dc25520eb74388
SHA256f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e
SHA5127e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25Filesize
1KB
MD54b8bce9b0a4f2fff627c7494f214a837
SHA1666ef678a8718bfcf11ba03f89847f41df7e9014
SHA25690c6659f491c9d9df241ba73be1b14b10b0059f6b14987f218e0498139905b18
SHA51238586a05f826d4ce34a2b72a60964b1684a8f4b0cd7789ed0f36dc54350c3fcd6d07839c0d28ea0a42edce3704dbb1f16659dc65a01afe44f5838a355ce83953
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711EFilesize
1KB
MD5b6f52795b677b4e2ad47736ffe3704a5
SHA1945cb962aae5a0986c476650006227debf93b51c
SHA256c8aff1f15506340e6abd76c8a8382e9caeba4fa8e8483254cf7ab9d22c2a57fe
SHA5121e241b4c9bf53a97c980dd09bc73abcaf05ed8ccc641d5b0ad1eadc4502b4c1519b62d9c51f8e38c73898c2eca4a4a2e81777763731bf0f36dc5c04a30ae0450
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8ADDE952171CA2418BDFB67A819935BFilesize
503B
MD5c31fd4feeb67ab08a5fa1f3338da3d94
SHA1ce38730a9323f46989a25daea0434e96964b7e61
SHA256eed85f46462bd5e6cbf5b205b56d66dc6bd7ce19277794d9fc653243767471c4
SHA5121a9dd7b9273a4adafec96be6906594e9ccb71033907fcfba6af9c16ac1f45e28f969a4421cd86f47ece853484d8ff8b27b0efed43d3d4711b300854fdabff7e3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAFilesize
724B
MD55a11c6099b9e5808dfb08c5c9570c92f
SHA1e5dc219641146d1839557973f348037fa589fd18
SHA25691291a5edc4e10a225d3c23265d236ecc74473d9893be5bd07e202d95b3fb172
SHA512c2435b6619464a14c65ab116ab83a6e0568bdf7abc5e5a5e19f3deaf56c70a46360965da8b60e1256e9c8656aef9751adb9e762731bb8dbab145f1c8224ac8f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90Filesize
979B
MD54b4208352528bb1d0f617dc2ddb96b5a
SHA18cd4fab574fba6636d66934d2906d83cccb0941d
SHA2562d9542e40e602006aad5d59bfe9094c249ec6ffd99fda1e61f2314dce9a1e15e
SHA5125e4011d252726656b4113d4b80adc4a5d492bcec6c89d7e0b004506ae70bd7b64f5962ab94af2b8d18896a5910ae26ed9d05f5ab598faac9f25b52a82cdeb896
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E70659A1D28C6A91B5EC15F11F3810EEFilesize
503B
MD51bd00a668d7b93b402d54ad75c069d8e
SHA1292eef5398ea1573c6babf19842b800c0f57d810
SHA256523917eeaef5a289c735213394f3fe5cad38fb27bee52dbc4a1ac62c91b447bb
SHA5120e333cde528b84ddedcca893e691bd5107aa2f76c70c86f39c4129e45a62f2e672600a9d20a41c1915b5a6ba11230d952abfc6f6a2587c7748157ab23f70914f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_C89A7CE86B947A5BDDEC66331470004AFilesize
471B
MD5f763a685d14b05b6ced9792151da30b8
SHA1b25be5359245be857ffa1bddcb197cb771a36a45
SHA256505ad6dc6417d58207f0d68862c4423f4611660ccc6afe165fd3ec2ccb1c893d
SHA512df8483d87d44e791dc497a4c86d8b06e49eaf5f30cae0ca7ff393a2f36fb119403b0a0e41006967332b898585726d3bb6d5a38c3faaad3de25111d778c08acc6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751Filesize
192B
MD51322d98876c1be98b71f1fa499b61296
SHA1f640634f3f5e94478a7af4a9a1ad1eabf1494cda
SHA256673339e444f14405c93d70e12c2dbdaa253adaea5f3bbde9f96e02d242ce7056
SHA512b13ae12a3c7b5f08479663095e61d8414f65ce3040eb92258bf86379cc7b6297172bb3bebd0db28e4afd590ed5e7083c18c07dd087ae45d0da8c9c34d98667df
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61Filesize
192B
MD54a8463f65d545f70cdb45275d0370da6
SHA177aa68e94371486d8d3e269eead94515df986d63
SHA256854849ff287f4fcaf26e47eafc110823be369eeef057c0106cb33e4b6f378818
SHA512bec0ce8f4898060ab11d44f201bbe8d02c9994c899d91d0197a91db3e32f1f88edcdbe861316fb19b442eb000022bff07aea5067a70e679d639b7d154067ea11
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAFilesize
410B
MD5bf99e017152d30a80d3f8c16a5caf115
SHA1dd8bf55ee0fffd817fb8950ced595332863d5fad
SHA2568ebbb2b605dae92c2eef06fd70df5339575d01f583b0dbfe2278aaec3a3112a3
SHA512c61cc065598ca6319626a1626b1e6e9fa3496267c2a45727cfb4669267d60a9689c6a4d4123b4cb76f1c5dacbbfc3aa6b7ad1ce386a5b2584a6406089df25732
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\53D83D5BBCC57E2FE4AAC709850C6A8DFilesize
556B
MD54e9ec89cdf24afbbdcbd69f81f55fe1d
SHA1c8db3c43fb3f2eef0d1c4dc6427bb71b6efd4ca9
SHA25680a4f123229b6c81a80fac416a498824326a52621ef553f241888817290441f5
SHA512e1bc13e305ff99b735f915a13df24a8c37b9e2068279d235ca7495fd47003b518d0e750f517799fb03451dd59f098e75a8211bab77cefa750b48f673c9e1cdc1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27Filesize
408B
MD5bdf2fc237d7d91849dcceac4f177450d
SHA11e2329dd071bb375f55884e26e38a3c425d11367
SHA256ae2ceec72cb761c15aa426f6ed38fd85bbf383c65e201f726f1ddb11302b9b1a
SHA5122c7e71424b74d2a7922aa86067cb9b7a76154af4cfe3e1be84b63642d9e32c586c7e1fc33394119864689fa3916c4996bc5db7b5ea762a136ff49be8a1c6340f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82E5EFAE5E317F906E87A3199BC409B4Filesize
552B
MD54c18b35e39e5619ce0f2619fede7de95
SHA1cb9620ceb6a807358e60ea3fabc987c5a61f00f0
SHA2564224914e524acd16e46372708ff7974faad3ab1562cadac15080a9b54b73e3ae
SHA5124db5f1bed56d51c88a4fc35af9f3af50a8124399c4e177ed34c961d5a66f2e677215bf7ecd8b3040d6c2f5453cc6ccc11a69e07066424f68907577bcd6758772
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD598fbec811b96acbf0e913ea1ea67829f
SHA1ca9d014c2905615ab6328479f91d31f53020b3d1
SHA2561ef1102029313bf16abe4530828931f960b23979c8c30c59198f046e1283ded8
SHA51294af33d510f436fd5a4acb00d2fd3c6ee77a4ff4ffb0e55bf4be92605e7f489982106c4f8985d8eab21aac7b2cb950a316544dbbc4d881469218319bc3a2b540
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD59d57ad3b4ed0a10fbc7ece94d3466e23
SHA11db8049c471a89f9a98d3832d5622dfbdf473be1
SHA2568c94c18a36d49d783a508bc743e041e9099fabf66179bd794157ded07f0af19d
SHA512260d4badfb6e6711fb74cb3740ae03d76d90a40eddcfcb505350afcc7424d33f87751bf2d54d35fca2c6ca8d1333d95d641bc65cc5b87de4a855298039309537
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25Filesize
482B
MD5dc0a9313815ed87d88832c9f64dd764f
SHA17a741d1bddb3d40d8eff4ae3e6439e3eefe5306e
SHA2565666567ef1ab10c4d17ea22ed3cd9f95a1963aae109899b4e34fe2267245381e
SHA51214894e40e1a4b48e4911f7e43d3e7048eea7ce5b4040104d2da1c1251a5579f31a49eba6b3955926bf89fbd84d7815fd2acfa711d8f9d09f5314049f4a2f4c10
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711EFilesize
482B
MD5830b2d2c9ce4432ce88c4918417eb37e
SHA1d5bf42376726eb1e6ae1d15c1dea7a5759cfbc59
SHA256fc93cfb90c9025f250afe68acd8f22141b319d1c6b5e0fee57b9eb304da07952
SHA51283abebadafa03671c3be9c15942b9703e920cdc5d9b3d55467acff35e12b2014b503d41cedf28e530c9500e1b1f407a82c7bafe20a64df79382175e76a268afb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8ADDE952171CA2418BDFB67A819935BFilesize
548B
MD56e5850d549aa8bb4ad54225878333328
SHA1b86a4749e33a4d70027bfd3a5eaf02e0dcb36e86
SHA256e88aa0708b1e09bb797e7b5990449505d226f0c657abff661229460e811ed477
SHA51298644b52174a932189090ec051ee651266eb3424e8df84acff54d47f239a3524aeca151761e88f75b7e9efc5ce47bee46250107a18489e37052b9f5c0a1dfb67
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAFilesize
392B
MD5515dccf5b705b403a8818241d132ac60
SHA1974d6b096993c9ae3f1b0e351c18f24a1249a8a9
SHA2566a4a01c500bcedb51210f2cd62998ae5de7ac1d1b3357e21d943b653d5c7d724
SHA5123c93007437280e208020c83f19af4d31b0c4b476b257480eac34db755b8724756e88ccc45c5f242aa6ba5074ea6ada44bb2668498526c5e854ac962e04a23c57
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90Filesize
480B
MD53f07529a8937d609be62c7c7101d7076
SHA10ca33269f5b481997051d28fdf55e046aac6817f
SHA2561a8a802dc4d49ee428e922a1ea48aef40b86c5dda7d506a410864207afef2990
SHA512895e997841069319f70765f1c022049729ad5e475c2c6a46a91c9dcd2d537923adfbd86816dfb975f52e30151fc035a1a946faa45bb47f47fc17d9fcbc776c3d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E70659A1D28C6A91B5EC15F11F3810EEFilesize
548B
MD568f683798d5a79f9fa58e0951da2f9e3
SHA16ef33946e8dbc8a0e84808c95643a38dace66a62
SHA2562f3e9a05df1163a08911ac4dd41da5a246b61ac348dfb78f6ec46105eb2fd383
SHA5123ce2e6a661279d93c0ee82a47237e470e8a061e021bb305b1b4e7f07d0217ee92654228af5af8021c8d7570ecc561f8a07e2ae80565bd4f3e3d6df4fe01ae661
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357Filesize
242B
MD571debf139a9e3ee61c897ab6c629968d
SHA1e047a2cd1b9b69c857ca6f32c294fc1cabffb00e
SHA2563536dbf1074aa36ed81acdae5d1c2d9ff7080f4312ad4a0ed7c63484aaa7f8d5
SHA51201cd7e64cbaaa763fce2a484e466ca24adca249c93f1b08bc990ad783d461ba6eb0d908c386f4efebc8cd34a1805a8e2ef2da759b277fb6f651221f9aa61cc05
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_C89A7CE86B947A5BDDEC66331470004AFilesize
406B
MD53755b8d507a401334e8363b0fcf984e0
SHA1ce47f101203b8a93e1ceb3824bfa8400bfed02d3
SHA25663401e88e956879654af8a4f2975e6bbed145b994a0466bdc4b9b8ee618d6c92
SHA5125bbf3721797b1d362378aec9a86c9d0046f0ea46f4d3fdf86017cfa5aa930d4b55c5ebc39cd8a41db5a134c9c9661438111899c416e9f10194a526934b6e0586
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\P18BJJ0M.txtFilesize
603B
MD5f10a1ef95b0caa4a89bdc29d25430a73
SHA182874b288ac54a044f30a01cf67a572ab958a557
SHA256041a66d99fbef23a5ca7636ed2635146d2988141a14cab5e1500e0685c08a245
SHA5120788f006570e0a502d9f197ece1dd5e33da03267d9471d34dc834fbf2840d87618a97a74c7f70a790b8fef7dd2d1fac555478daa348e2c8bf175782dc777e165
-
\??\pipe\crashpad_1908_JBVMSTIQNUZALYJUMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e