Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
31/05/2023, 06:12
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://HackForums.net
Resource
win10v2004-20230220-en
windows10-2004-x64
10 signatures
150 seconds
General
-
Target
http://HackForums.net
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3237199918" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "392285740" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002789b0cc6303a543bae6d5b1b6ae01020000000002000000000010660000000100002000000056686477580582d1953551c956ce973c183b697938dc1222c865e5895fd49d3f000000000e800000000200002000000005110f0e3e6930f7ee5e6d39a890b86feca751c394518a67c4bc0de81b20fdad20000000a44d01e149f01f34b758ff5381252c437e44c04a4fb57976c62aab13c73db7404000000002c502cef1d66af97be52ba8f48b96e795e0adc98fa1ef5c2ae9353b0f2307f56f8fcadc6503425d249fe51985cfb1bc4c176642f5915a69973b4b3b497cda19 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002789b0cc6303a543bae6d5b1b6ae010200000000020000000000106600000001000020000000da2070f01694ead8f7f7f6057eda6b6b1eed072136668c55e9149f945abfa30c000000000e80000000020000200000002613ff452dfd49646ec30b4299e91b3d30d54ad0d073e57006c79490eeeaa89e200000003dae07538fbdad68e1be52bec75977e8cf301ebd8929de465cc6dece8bd1ba31400000005ca81dc351063109690a2ebaf24f5dc52e5894e4fa7080cda5400caed9cb37c64797e81725edd763fe95802ca9dc43cb68a052bd3e99191859a3ee87775b6777 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E8351808-FF8A-11ED-BDA1-FA48AF8140A7} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3237199918" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50f554c39793d901 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20a539c39793d901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31036311" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31036311" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133299944025136337" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4504 chrome.exe 4504 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe Token: SeShutdownPrivilege 4504 chrome.exe Token: SeCreatePagefilePrivilege 4504 chrome.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 3200 iexplore.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe 4504 chrome.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 3200 iexplore.exe 3200 iexplore.exe 5060 IEXPLORE.EXE 5060 IEXPLORE.EXE 5060 IEXPLORE.EXE 5060 IEXPLORE.EXE 5060 IEXPLORE.EXE 5060 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3200 wrote to memory of 5060 3200 iexplore.exe 83 PID 3200 wrote to memory of 5060 3200 iexplore.exe 83 PID 3200 wrote to memory of 5060 3200 iexplore.exe 83 PID 4504 wrote to memory of 3692 4504 chrome.exe 88 PID 4504 wrote to memory of 3692 4504 chrome.exe 88 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 4048 4504 chrome.exe 92 PID 4504 wrote to memory of 3284 4504 chrome.exe 93 PID 4504 wrote to memory of 3284 4504 chrome.exe 93 PID 4504 wrote to memory of 2060 4504 chrome.exe 94 PID 4504 wrote to memory of 2060 4504 chrome.exe 94 PID 4504 wrote to memory of 2060 4504 chrome.exe 94 PID 4504 wrote to memory of 2060 4504 chrome.exe 94 PID 4504 wrote to memory of 2060 4504 chrome.exe 94 PID 4504 wrote to memory of 2060 4504 chrome.exe 94 PID 4504 wrote to memory of 2060 4504 chrome.exe 94 PID 4504 wrote to memory of 2060 4504 chrome.exe 94 PID 4504 wrote to memory of 2060 4504 chrome.exe 94 PID 4504 wrote to memory of 2060 4504 chrome.exe 94 PID 4504 wrote to memory of 2060 4504 chrome.exe 94 PID 4504 wrote to memory of 2060 4504 chrome.exe 94 PID 4504 wrote to memory of 2060 4504 chrome.exe 94 PID 4504 wrote to memory of 2060 4504 chrome.exe 94 PID 4504 wrote to memory of 2060 4504 chrome.exe 94 PID 4504 wrote to memory of 2060 4504 chrome.exe 94 PID 4504 wrote to memory of 2060 4504 chrome.exe 94 PID 4504 wrote to memory of 2060 4504 chrome.exe 94 PID 4504 wrote to memory of 2060 4504 chrome.exe 94
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://HackForums.net1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3200 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3200 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4504 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad81f9758,0x7ffad81f9768,0x7ffad81f97782⤵PID:3692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1352 --field-trial-handle=1784,i,5705290452527526567,171634143508757489,131072 /prefetch:22⤵PID:4048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1784,i,5705290452527526567,171634143508757489,131072 /prefetch:82⤵PID:3284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1784,i,5705290452527526567,171634143508757489,131072 /prefetch:82⤵PID:2060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1784,i,5705290452527526567,171634143508757489,131072 /prefetch:12⤵PID:3328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3272 --field-trial-handle=1784,i,5705290452527526567,171634143508757489,131072 /prefetch:12⤵PID:3896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4448 --field-trial-handle=1784,i,5705290452527526567,171634143508757489,131072 /prefetch:12⤵PID:4216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1784,i,5705290452527526567,171634143508757489,131072 /prefetch:82⤵PID:4140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1784,i,5705290452527526567,171634143508757489,131072 /prefetch:82⤵PID:3376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4712 --field-trial-handle=1784,i,5705290452527526567,171634143508757489,131072 /prefetch:12⤵PID:2772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4780 --field-trial-handle=1784,i,5705290452527526567,171634143508757489,131072 /prefetch:12⤵PID:4368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4676 --field-trial-handle=1784,i,5705290452527526567,171634143508757489,131072 /prefetch:12⤵PID:3252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3440 --field-trial-handle=1784,i,5705290452527526567,171634143508757489,131072 /prefetch:12⤵PID:1840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 --field-trial-handle=1784,i,5705290452527526567,171634143508757489,131072 /prefetch:82⤵PID:3928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1784,i,5705290452527526567,171634143508757489,131072 /prefetch:82⤵PID:4428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4696 --field-trial-handle=1784,i,5705290452527526567,171634143508757489,131072 /prefetch:12⤵PID:1436
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4480
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
Filesize1KB
MD5ad88916fef718f064cfc14bd61230c4a
SHA172584d1f57a688746f1b85b207e9f48c6036143c
SHA256ba2a85daac3838e4e08489d96b5e35606c710a11463695e90f885b8f1722e824
SHA5123e467045935a6b7d27b22704abd078412b1bbea913fdd8992ef2d79e055909d385fd0579beb1d2c77e869c682d32320182ec2c85945334f6c92b6f48c96ae73e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
Filesize408B
MD5a32bf68578668057bee31019acee796d
SHA1d9c1a1d9fceb6490abf106f1534fd7f80db256f8
SHA256e307279801ece866cc224809b51389ea5531f3c8baa79403752167186fd62d9f
SHA512ff33e57c98284b9d53fd138a00125cf877ab1a2e74f47943c5fac340f5bb6ccb1be797d28a716f58aa06d9f70a56ec8fcf38e584ee05d9397f935c5551ffcecb
-
Filesize
432B
MD5169006b76cdc52a9ca2c04fc201e4c00
SHA13fe490fcedd3d0c666d8532dfe239cbd4f7f1bf5
SHA256d056afc7ed7a30b1d32c12cf28e8abded43925605dec4a1f5baeb21c2c0abb48
SHA51219caee9aae25c64b7f26ecc34f31bb06bcbfeda7ca814aea070cf538264e3cede591e9b45dd338803716fe490495dde08b7aae41ec91ed4aa614055fb987c761
-
Filesize
2KB
MD5a1486acd51b406f5a14edc9cdfd1d812
SHA1c9afa67f4a8740f2a10ced61b80b408248db2edd
SHA256f348bbbaac6c4a4d7479bc8de2e2398ee5ba462d8e60ec36b5475b6d7daab358
SHA512f53a10db2ec19d2939f12acf7401abb4bd91822a2e0bf780c0bbbca4aecf9d687c5f222a1fa2b2be2e7ab8c73c37e29f02319c2e6bf614b76a05e2b5ead2aa40
-
Filesize
706B
MD5f1463a3a4591bd06ebc5e3c664b343f0
SHA1c05e0c949eb25e3bfd72a7a8801a27550418f88d
SHA25645bbb3001364c8783ccb2aae631a82c63fff7e7e0daf11512b62a784d7a013b6
SHA512bb0101368ae749539d437438ff863c91ef4602fcbb9029781a2895b86cc2eda624e0b53c52bcc97ffdf84fce43979983035b2efa26c8f7572b45021496525f11
-
Filesize
706B
MD5a32f5583ce279e716dd734b74d8cbe6d
SHA120f0a56323a6b3634efbcdbd390ed3b2ffe8982a
SHA2565d90218548026bd68844e37a7f2e69143f4e954c81befa8e39d358cb293e7551
SHA5124323a3282cf6743ca845dd2c01761888ed5afbe3f0b5f5d2a7002a249deb30882cb6c3731991e719fd6a24031c328c0abcf86e2a35ca28e2377c1d0907d28be4
-
Filesize
4KB
MD5f3b39f5bb6689d2e12b3c90a9d5404b0
SHA1003e43fda48f0a4e6ba0e09c2cdc74e74332bf8b
SHA25670e4e2f27f53562ea153a41c57050d03a19e5e7606d23ed57a330b359471cce9
SHA512560aba5cecf6aaaef98de59927fcba418d9f45f066d6805845d4941cff89dfb0902fbfaf0f95f5966b871b22732c3e4b238f2b7f52ce5f45978ab14937ba7c17
-
Filesize
4KB
MD51d450aeafc527373c01107c1bfb087a3
SHA182fafa6154a1e41a7d0604c10092bca73c8d0e7a
SHA256a8b921bb883326a1f3196cb1ee383c4f9ce19a0f941c61505f7bd5cf99915a4d
SHA5126255cc07ce3b34986d45c821feb2a5dfc0777367a54331492bd5e0a9b40d8f7e24e9af1b70fd7a383dcd4fd66469f13e578e85b9afe8df8136055a2dcc90765a
-
Filesize
4KB
MD59e183546b675fdfd856b3d9b520a80df
SHA108ddc44da45ca2d3b3150cc957fc98f41c35bfbb
SHA256d357dabd752f9fb1b04d5380a1fdc38e4941794463ac1499d3c6c355f52e39a4
SHA5126e5a5eef963fd8bede6ed17f19a949ddfed3e61a1b7f639ffd952a6fa507740ff703b948171d0fe7ad58c835c22b7b5d2563bdcb1456ad3aea08d50384dce3d2
-
Filesize
154KB
MD5727db0234d79aa7c2b909396f3b7fd4f
SHA17f76960999513661872221f9fa6eb3b4da332f4f
SHA256313ef79b4f25c93ebb97c5c3565b91fa6c352f69ef51027d4f66ec5ebf3b453b
SHA51252c2ec5ae14913ce04f15dac04a7c0424b0375f7ebe756cec2c0fc119f1255edbdd2a7b86c621b7fac40bdc8fd688918d2f11f55e35155613464ff7e0ff68ea7
-
Filesize
15KB
MD51a545d0052b581fbb2ab4c52133846bc
SHA162f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee