Analysis
-
max time kernel
114s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
28-03-2023 18:03
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://exeinfo.pe.hu
Resource
win10v2004-20230220-en
General
-
Target
http://exeinfo.pe.hu
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133245074312456455" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 384 chrome.exe 384 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
pid Process 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe -
Suspicious use of FindShellTrayWindow 32 IoCs
pid Process 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 384 wrote to memory of 4240 384 chrome.exe 84 PID 384 wrote to memory of 4240 384 chrome.exe 84 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 1720 384 chrome.exe 85 PID 384 wrote to memory of 3736 384 chrome.exe 86 PID 384 wrote to memory of 3736 384 chrome.exe 86 PID 384 wrote to memory of 4036 384 chrome.exe 87 PID 384 wrote to memory of 4036 384 chrome.exe 87 PID 384 wrote to memory of 4036 384 chrome.exe 87 PID 384 wrote to memory of 4036 384 chrome.exe 87 PID 384 wrote to memory of 4036 384 chrome.exe 87 PID 384 wrote to memory of 4036 384 chrome.exe 87 PID 384 wrote to memory of 4036 384 chrome.exe 87 PID 384 wrote to memory of 4036 384 chrome.exe 87 PID 384 wrote to memory of 4036 384 chrome.exe 87 PID 384 wrote to memory of 4036 384 chrome.exe 87 PID 384 wrote to memory of 4036 384 chrome.exe 87 PID 384 wrote to memory of 4036 384 chrome.exe 87 PID 384 wrote to memory of 4036 384 chrome.exe 87 PID 384 wrote to memory of 4036 384 chrome.exe 87 PID 384 wrote to memory of 4036 384 chrome.exe 87 PID 384 wrote to memory of 4036 384 chrome.exe 87 PID 384 wrote to memory of 4036 384 chrome.exe 87 PID 384 wrote to memory of 4036 384 chrome.exe 87 PID 384 wrote to memory of 4036 384 chrome.exe 87 PID 384 wrote to memory of 4036 384 chrome.exe 87 PID 384 wrote to memory of 4036 384 chrome.exe 87 PID 384 wrote to memory of 4036 384 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://exeinfo.pe.hu1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:384 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2bb39758,0x7ffa2bb39768,0x7ffa2bb397782⤵PID:4240
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:22⤵PID:1720
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:82⤵PID:3736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:82⤵PID:4036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:12⤵PID:3292
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:12⤵PID:1884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:12⤵PID:4468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3404 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:12⤵PID:1916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4848 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:82⤵PID:1376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:82⤵PID:4424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:82⤵PID:4196
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5084 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:12⤵PID:4372
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4580 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:12⤵PID:4632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3360 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:12⤵PID:1036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5460 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:82⤵PID:1388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5004 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:82⤵PID:2684
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4664 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:82⤵PID:1692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3384 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:82⤵PID:4468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5548 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:12⤵PID:2880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5256 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:12⤵PID:4116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:82⤵PID:2568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:82⤵PID:2560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4504 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:12⤵PID:1460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4660 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:12⤵PID:3320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=952 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:12⤵PID:1408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5176 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:12⤵PID:4764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3324 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:12⤵PID:4072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4924 --field-trial-handle=1796,i,11270212317252854356,1026171112003419074,131072 /prefetch:12⤵PID:1856
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3400
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
144KB
MD59385d7c3ffdbab069ebda6ef1502c395
SHA128adffd85243e0e632b4f01d9f4efe926be9796b
SHA2561730df83b84d955053a772aa9a8089b6faf9725cc7884f9ea905011e2c07d03f
SHA512dd4165f7bb02980ada5fd3fe73c23cab944629af97cf1466d702f5e78610491a49bfb948364eceffb8dba1146a8c2b7f63691a54c8ccec644363a062c7e68af5
-
Filesize
40B
MD5b6b1c6f86742f7346412dd6d4940f02a
SHA15dfef7ef71df9870055998f6cfa417ef1b08fe8c
SHA256b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719
SHA5121aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7985fe80-56d4-4d45-b989-1caf7b842849.tmp
Filesize7KB
MD596b34a5f65a24fc9a9d82dabdd8fe6eb
SHA1d7cddd9a1f890d0e51a6e0f648f789174f4498c4
SHA256ae704b8cc4f9e26902c1caaf31447eac739735aa12e51717800c4b4c91009459
SHA512397b42862841a9d7c0d80a7f51e248ad462451778325d911cf899be473d35908da065e44d89661c3b967c536d680a18aa6d52a4cf9751796e0f0d10808b49f52
-
Filesize
19KB
MD5ca7fbbfd120e3e329633044190bbf134
SHA1d17f81e03dd827554ddd207ea081fb46b3415445
SHA256847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
SHA512ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f
-
Filesize
194KB
MD5cc8a92a921cce7f6a366db76639b4ee0
SHA1a1ca8409a78057af345dec37fe6cb570e94c0007
SHA2568f3077c7f7cbc114bfc663122a46b8ec40f84ad029728fc420787fa0455b015e
SHA512f53c976db4401be858cdcb11714ac525865aa8035b7406cd254375dc158c716f00256df280fbb6210b0a7aa50c184d56bb63005086be9d06b7c5af69f9e28567
-
Filesize
162KB
MD54043af37a3392a9db521ff9ab62d9608
SHA183828688e7a2259ed2f77345851a16122383b422
SHA256ee076822f35390ee382cda71759a2eec8f4db2bc18e4e3acd586173c29dab321
SHA51297a9d37ec02796cbca922559f384e1632c249d9955022578c14e046f2bfd9f84db113cf55899cfcf63fd318fbee050f483d04ae3156220ff2f0d364f989e680a
-
Filesize
3KB
MD5538005451d3ceb63902d8aa7ce9384ae
SHA12ad7abd90c0f9446c9a8d602f821ad12d80f9451
SHA2563b332e5031f6c4f3c86ab9c6987cb6778ce583177635dc7e00414eb9ce28f59f
SHA5122bae4460a0978e0b1db1e6fbe40b6da6f4d43befa2dc4648de232177618db020fae90f9c12da861826dccc0581c366167cf8b62d53068e6b0b3c2264752768b1
-
Filesize
1KB
MD583a1e06017b0b2abbc9d7312c64b24cc
SHA1e362478933863b3d63efae9e8ce8314b98ab593f
SHA256c56e1d17174f4c6a850734769bd0e815f9b0ad19884c1ac9dcfb81a3847cc09f
SHA5125955e2494053e775f6329fbb60a5d4c764e48538e9abc91c860a68b6607fb307ceadf7d6ac9c89bfd573eaf9d0feb9af9434e9b430b23af8158a15a303523787
-
Filesize
874B
MD5fd634269245333b36dbbad6c92aae138
SHA11f7c7412dbd64b96e1a09e93b04a872e0204cf2e
SHA256857f5d35c92a1d412162bd91014b7568864408ef4c4dde53e7d4df3a063a7d9b
SHA512af5f008e2429cd2f3f57af024ac30c5610293e8938a09bce8e1abb2a263e52d34fa0064a061b60e6f28694bec7048fc2c0e2f57d674ea18869e087e7e0847d40
-
Filesize
1KB
MD5eed2ff3786d87c24b8631e6b73a3460c
SHA1d94c4ca51aaa48e106ebfe2fe40c86cd735f1d89
SHA25622be9b1ba762ac553a3df3f387b728c1c923e4df08a75110a51e3c460821a6d5
SHA512de9efecfd01bb3b689435a68abcae4355fd5e69e92bcc27210333b01366ef308c012671331a846db82a6058391df5f239c7745a59fd775c34e9b5b4d5af9a39c
-
Filesize
1KB
MD5bc8a61d508de0097aed5d6d996375d4d
SHA19f9127bfb0abe034a89d6a7e63c0ded2fc7c9411
SHA256d0d30634e30596cd25c40786d1681d0d9de37dc03afcb031c3860eca1a3bbf28
SHA512a124b5199c59700d764d2090b165d6639f8a985fe125291a03a130ba1e0394d003a6144011c45cfdeed5dff6378907f111521fa507872c2e5f9a99c9a0b4c819
-
Filesize
371B
MD5ef646a7595c4b84a38fd8247db003be1
SHA1dd94a901e8d3cc5dcdb7546db8fea1ecf4829a3f
SHA256b0b7c3687540c791e86a6dadb54642d8ca39f4dd23e9826354fe23867993835a
SHA51233a0072b4527a9b6ddbc83a5a2a471907b28799857edddd2062e67c58de41761ede511552a82456335266880e830811acb1c60572bcf82cf4df565031fb9fc74
-
Filesize
6KB
MD512119159dfce00f33b2937eddc7e6b99
SHA15f5d11b3005c2bb943c48b10c609389e98f35adc
SHA256e86e72ca6a9b4e6d7b62d1c6404434cdf4e298439c208a530eaf7f3d687978ec
SHA51253ab535d0104ece8d7c288e7e5c2aa254b854136ef7d8be9c67325abcb036fdb6e9911a66e50c7eaec20e662fe44d61bc38ff5006a4348aeb6a88429040f7650
-
Filesize
7KB
MD56b1e30e34fc6ab27c6cd19dcca4b0441
SHA1f400702c8372f6de127d99bc8fa155ba875bfc32
SHA2562c801ada3305cf0519057ef9edfafa6e6a101d73c9140adef77a9d1428d44cff
SHA51208937ae0f331dbfc758e805c9b5fc321e12d673dbc38ecd59858c71cc2ab4cdbc22e5be20ccdcefb29d952350a35c85390cd1fea8b52853b81b7f4169e3e5d3a
-
Filesize
6KB
MD5c2d3195cd56c83c6696b63f6c0948f8a
SHA1522ab9a0bf50779b267cb82e6832757588396d24
SHA2566b0ac2b67d2d478c9c3fb9558f4ce0ff23d5deee70c602ea7dffde88a1ea5dca
SHA512e29191dc73812e32fc14431bd5c21ac94de6d1af9c2f5df8c5d568146dfc17b48f556d7873606c510b3944fb0d2264f6d55b25393f533bd7be7f32c5de25469f
-
Filesize
7KB
MD57fa977f1c6b244c85a6dcfe6250f6784
SHA1632b04da7ce144f521f9744aed72b3890f580e9f
SHA2568e3cdeaa556b02ddc592aa242ad85f02b08245da4f234d858f0776bb51e0dff3
SHA5128a1786e3629adfb3dfa20d891f13d2c4eeff8bbac3114ad6d10fe5752ef00ea6fe823318abd24d2739cb52d48e5b62812991ce056eab07d2d180b616726e8688
-
Filesize
6KB
MD5126f75a6cb27735b585930c671d7cdc6
SHA13e86c37a8963e8abd1b8853628f2d225f983f9ec
SHA25607792bfb7b13f4d53ff94ab791fde16225431b866269dd85c4cdbc27da85092e
SHA51202a1188548b2014e7ebc356b48f17cf20c6d71aebd6a4fb809c9c25cc164f242e152c6d74b4f38d86292e5b27cbaddab37f4d40b8f3e26236835a64c25ee31ef
-
Filesize
15KB
MD5b413a46eb7b218eab9b27f444fbc0461
SHA162523fad89e981d306717fcdf398da6252d3eb45
SHA25686e04421cff3caad61a8c9e2d35e3488d29785a8e7635c9945f3a9a5efe57712
SHA512dbd7b826409bebbeb2ec5ff3e978e4dd9c6ae18429df94fe6b6bbf7f41b4bb350648de6d100b24c63a02a6711086a45e451418cb895e0101ade5e31c0051d6ba
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bc70486f-bef7-483d-a524-20f725214fd6.tmp
Filesize6KB
MD5d67622fddd7d4cbd8c3d69525c9a5668
SHA1114a0b1faa65bdb0357a42d6449acd0485371085
SHA256eb7a3d213f8ebe83f6fa42c650c5a81bff4c644f3fe0ab3efbd2f0c886adeca5
SHA5127435c9b55d401bb32fc937b3cb81fa2c51739eaddbcab6b05a1bf8091823cd10ab225030c0cc196c179e5b6bf9680c8bca7d0f6e09d26d1441c213cf260fe1ab
-
Filesize
144KB
MD5e5014ba3e17b229b902024663ab47e68
SHA1e6fe93c2e6d8f117ee7c942c3a6bc9b5df95464e
SHA2564dc5ca6f037d56ff59ef1293c0b946cc75640006282bd85ad86fe7dce0f2e7c3
SHA5126d8f57b449424cfcd0031be87ab9da305deea4995d069bf3701ef4b0ff25a2f103b6c9727bfeed10fa04b1e149ce7541a8c2ad59a156981948903cf398f80de2
-
Filesize
144KB
MD5ed28de8e62d12cb6e47ac17ac9768340
SHA13accaa9c3e470b353c523b4b884f081c030e84ac
SHA2561978d781e23369c8bdc5b73f40da93a2d847bcab1844d06ed086855003a79441
SHA51229559c3313ee46217ee273b27affa3c067a6437f91dc69920e7b5bcd2699c0b406117ef2e4bb53193183c001eafe4b8df3343ce2916cd5816f008b757a2f8eae
-
Filesize
144KB
MD57dff63183fea9311d2d2b419237d358a
SHA138436e7010a8694b5cba08f219ab4a5c0c47a057
SHA25696c53a3a5b1eac4eba7974a7484764f95b52857df03f0b04b48670aa0baef582
SHA512cb6dc7049deb3b1ee600964edb45e981b164537ab3cea42ea29d98370f91f82b175a9edc2d4f5c4f9036b4b3a2cbd3c271a7e03e77ebffbeb476e236c1679c57
-
Filesize
103KB
MD5aec468cc22f54bf92cf3e934ffbaeaa7
SHA1a3d69a24e5632fec82b60ee78d07ebe7435e5ee2
SHA2566d3c32370c987cea513d6e6e9420b585fa5f322f11342b65eb19e45e8e3cfeaf
SHA51287686da1c68e8aabdde3d852b356d3e89240540e71f0f7ea1b874107337bb1a9d070bd229e22b8195bbef56b58866a6291104dc38b4c94c8de195b68bcc4bb9e
-
Filesize
97KB
MD5dd383606227701bcca6550d23383b597
SHA1e62ef646c9320b20052b7abb243feba2f09e16b1
SHA256e90b5ce80c1daa85ffc1f33f3cc78309a90cb84be1d17b8df2b77e72d463d367
SHA512aa0a204f08040c0fa6c42963999926567d420ca3a324a275c2dbbb9f0e637b1e9a392b5295f1f5b3e97a2f5796024dd5467dcc7a5fc1c02da9ec6bb7968193fb
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd