Analysis
-
max time kernel
358s -
max time network
358s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
19-07-2023 05:07
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://thefocalpoint.co
Resource
win10v2004-20230703-en
General
-
Target
http://thefocalpoint.co
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133342168997599238" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1596 chrome.exe 1596 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
pid Process 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe Token: SeShutdownPrivilege 1100 chrome.exe Token: SeCreatePagefilePrivilege 1100 chrome.exe -
Suspicious use of FindShellTrayWindow 28 IoCs
pid Process 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe -
Suspicious use of SendNotifyMessage 26 IoCs
pid Process 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe 1100 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1100 wrote to memory of 4180 1100 chrome.exe 54 PID 1100 wrote to memory of 4180 1100 chrome.exe 54 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1816 1100 chrome.exe 87 PID 1100 wrote to memory of 1576 1100 chrome.exe 88 PID 1100 wrote to memory of 1576 1100 chrome.exe 88 PID 1100 wrote to memory of 4756 1100 chrome.exe 89 PID 1100 wrote to memory of 4756 1100 chrome.exe 89 PID 1100 wrote to memory of 4756 1100 chrome.exe 89 PID 1100 wrote to memory of 4756 1100 chrome.exe 89 PID 1100 wrote to memory of 4756 1100 chrome.exe 89 PID 1100 wrote to memory of 4756 1100 chrome.exe 89 PID 1100 wrote to memory of 4756 1100 chrome.exe 89 PID 1100 wrote to memory of 4756 1100 chrome.exe 89 PID 1100 wrote to memory of 4756 1100 chrome.exe 89 PID 1100 wrote to memory of 4756 1100 chrome.exe 89 PID 1100 wrote to memory of 4756 1100 chrome.exe 89 PID 1100 wrote to memory of 4756 1100 chrome.exe 89 PID 1100 wrote to memory of 4756 1100 chrome.exe 89 PID 1100 wrote to memory of 4756 1100 chrome.exe 89 PID 1100 wrote to memory of 4756 1100 chrome.exe 89 PID 1100 wrote to memory of 4756 1100 chrome.exe 89 PID 1100 wrote to memory of 4756 1100 chrome.exe 89 PID 1100 wrote to memory of 4756 1100 chrome.exe 89 PID 1100 wrote to memory of 4756 1100 chrome.exe 89 PID 1100 wrote to memory of 4756 1100 chrome.exe 89 PID 1100 wrote to memory of 4756 1100 chrome.exe 89 PID 1100 wrote to memory of 4756 1100 chrome.exe 89
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://thefocalpoint.co1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1100 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba1069758,0x7ffba1069768,0x7ffba10697782⤵PID:4180
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:22⤵PID:1816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:82⤵PID:1576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:82⤵PID:4756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:12⤵PID:4668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:12⤵PID:5096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3916 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:12⤵PID:4336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:82⤵PID:264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:82⤵PID:2744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:82⤵PID:3356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3836 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:82⤵PID:3548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5932 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:82⤵PID:452
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5884 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:12⤵PID:1560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6016 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:12⤵PID:224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2380 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:12⤵PID:864
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4944 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:12⤵PID:4980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4776 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:82⤵PID:1080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1656 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:82⤵PID:3824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4684 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:12⤵PID:4488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1688 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:12⤵PID:3860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5616 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:12⤵PID:4140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3844 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:12⤵PID:2404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4688 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:12⤵PID:2028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4908 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:12⤵PID:2736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5896 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:12⤵PID:1796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 --field-trial-handle=1912,i,6727324398599583903,14180647348734945282,131072 /prefetch:82⤵PID:3736
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1212
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
171KB
MD592f0bb21de86c6c660bb835f40365184
SHA1ee7dfcc9328ad0560e1d9fd6a035b8efdae3d7be
SHA2563eaea657e2d8557cc8e98102697e4fb358abfe10b4d95f8dd5cafd1585a2df82
SHA512f52731ff5972853ab4cf84edb84e18373656f77a3ca1054de48ffffbf452f77e930e5d15e1c6ed0268ffc6bc5651a5c754d237c86f73e40e4848b0f57c91d1c4
-
Filesize
1KB
MD56d884517f58fe0d5cb455fdcf492d645
SHA1fd6801f130eb70f74e9df120ba7c55e4524b9125
SHA256e9d21e87047100530dd45b40fa94f328ba7ebe231e11e9efd04d492e851a75de
SHA512b8c39640847d319fb027a770061ecd32e986ce83607ce14ca0ff530f5bb559fbff48820d0ae5608635e9b0cd15317277245bfa099e06ae1f29b27c628ca1d018
-
Filesize
5KB
MD5df67cf88e21e80bdb85378262509fe55
SHA13b75627af51996ceaa3c39393eccb699c120e2ee
SHA2561fc8aedefc580d01d5a6935423f64a226f04aa0fe83c088bcbe1c51a5c7b7501
SHA5121bc80019303601236280e76714fd9d5629568b511cdfcc2c69804d5a77e7ab2239226d3309e34316bb713238c88bbbc4643af108b65e3612a83e592bfdf16ce9
-
Filesize
1KB
MD585fb570f54fb69ae006bb463519b9b34
SHA14d169f0ba742193b3fe8b35592c45fd4aff541a3
SHA256023882f8d6944016c070e4aec0b4cf266102a8f325d5155890610ba6a677f70f
SHA51265f7d09dca500851e550056f0d087782a2a99e687387a8b8e4fb12fcc25f6d77f80b69ba64b2dc3b8bf03683058b487e33f7f42871b0feed4fcd6c34e3189de3
-
Filesize
371B
MD5ab7e331e66b6d2b65330a39b4f5967c3
SHA1726252be0c56c0251ec5d9d7ad3047f132e3095f
SHA2566f1d49f767b0d9302ed81f31ca69558b6a1cce1aaf9a6594d14cc90d06782d8c
SHA5126bd017400b533d75ea96e8e810608cf919a4a3d0f71c4d01fa4dcfae930c11b66cae70f918d412776d711c8562d55f07ba20df4011bf0fa9fbb5704d424462fe
-
Filesize
1KB
MD5c79cc1189ee433c9806042ce4745d865
SHA1cd4dfd4e0dd51059e35eebb706206d833e7245fe
SHA256672c35e47ff61b363d5a1d94820dae8291b320ab4643e5806baa120ab7b355ec
SHA512a9b2c7b219dcf5bdf05df98ac5f01877e5e4bcebf5f55498b8301d83989129b3b3cceb9eba3ce52882e874ad4675ca23594872298582e8b9d8857b7f3f03da08
-
Filesize
1KB
MD5d98ab8675d485ea9f54d7a61538ce518
SHA1bd7ab964e77c0da87477a0bb86e1b05a98759616
SHA25684dc51c10f25b9928c854ffb4d3dd45b4baf3b95d5129d6aa7729e11c2f8516a
SHA51274f1ede88a733ff9cb88e642839d85b3396ed4dee858aa033dea91fda9f318311b7b5099f83a52a3a80346d30fbad3e8d104d009a63c9a3a1d29b0290023f929
-
Filesize
1KB
MD572b5c37205eb2aaef9c22ea0cb87e22b
SHA1036b75b293860c66eabfcb5a9f2d700199184ba0
SHA256e7d47f6257594aed8cf744cdf4d47461d13c139b632f4242ff37d47ff03710fa
SHA512ccf3b3e9fdcd826284e46c6643b88dd770ab6e1a6fa186c9636fd0dcf402c113d0781b32a24c6abbbbf5fbf342c586ae2f1dfb4ff59f8e3c020f193b21147c40
-
Filesize
6KB
MD5460743bbb48e76395af3138180089844
SHA1cfe94007c5c153f12f81d6513995b5b751163b59
SHA256b8f77f05e24e3e10febd8285fcd05052029319630911c1669647e331eedf9b94
SHA51206f0f113c393a23ea9924489dfdf66935f77a71682a6d5070ab0cd9cb21bb348cd73264d3b0cc808efdae8b1f41ce3b5d2fcda136bbc518b13bf2242f6005df0
-
Filesize
6KB
MD537ad3b9ead02cac8dd924b0987bae495
SHA1bd64acc8d9d2f0bb7b1f14ddb7589a6e9535ed9b
SHA256dd65a12db4d878fb958a84035752eb60e143e48ae7b4f1b27a42084b6b6a5446
SHA5120aa6d42d1b43572700445f248bd1771a88d47a7fbca128955bf132dffce31931e280a03b396728cbb137a634b1a41e0b16dc9c1e48aef586a566e822253337f8
-
Filesize
6KB
MD51017ed2d7ddc908cf59bc9cefd575782
SHA1fabb2c7294ff54b0c7eade952c9c973bc39ecab2
SHA256a803f7a70f05cb4f29e9ccfac6b5a6ea9cf59209341a87071ee2909aae363482
SHA5122d1554135613211c7d6755d7bbed60888b1d5c13b9b0edd28d097e2f6d13b24a8f7600ea38f37f419a8ede85465619bf8fcf0f5325144e4ec4c88dad269f982b
-
Filesize
7KB
MD54725d38e8c6fe264faedcab980248029
SHA1dc3a84f0742f5d6cf6b3dfe444205514d03f188d
SHA256137b5fd338fc516c5b52f0d7ac865a46d4d2f221798d953033faefda2c9e3906
SHA512ed84ad559fbc6cf80b43a9ff7cb4a7c5d6666114558583691b9d15c1f50b6af19d257b002dd826d7da1120c8f44f095db75ae9bd04cb610200eacc4d6d96ce59
-
Filesize
6KB
MD55a2177d873407e19eb27f299e213d5c8
SHA1e73edaf3933554a5c12366bdb98633aa774014c8
SHA256486dc61469a531fec7c5c3d5c61b1be84d95446bc1f3b4ce7f628aa8d66fae3e
SHA5124ef5d95d7d2909bf43c4274e346816783ffb6fcdcd49700d3c778e9467449d53de2bdda50d69702147f12853536499acf6a2ec557f5fce4732c1ddbf510d2b18
-
Filesize
6KB
MD5d32a16fda1d18dea1302f3ebc7bb9b51
SHA1396defb1b3d33616ad2214609a8750f6beb4401f
SHA256fdee4d452032cbafc1b696822e1781943e67ca84861ffe5761dad00ed9e3a113
SHA512631057fc59aa36a1d6b29fbf474abb3437a3c7a585bea8d4e3d010593a7186d84ec4aa27283c1c178e79fbe6c28894f5ab0a2e1142b9642094597414c1130f67
-
Filesize
7KB
MD5b36b7a98120cb2aae1f6cc1b96c1372c
SHA1fa88c9b6747bea60c89d682fbf573e15ac12a8b3
SHA256b62be682b73ccc07867b07c2ca164dd06cb5f7399333c56ea276b9eeaf7e9cb1
SHA512cdd3f989409660b1568aac574d6a836abe94b62011dd47455f2309411a4caf100c2ba55339a9790cc0be3743446ae95b2fcec8167973efd428d9b824bb741837
-
Filesize
6KB
MD5704b070c4e7de701425b4f046eac2784
SHA119e65ebc0c5afe0280bbc9b5c41d60c8c9e0b97f
SHA2562c9a8d4e5a1d359de92de491757e41181135320b8d9306f2c10eb6b08450b37e
SHA512bf3b2c6a7d9504847740ea3db65ba2f5b7f552b1ec6f23ee6d59e23f63c5172d67138e96c0d321bd28118a44cef6e328fe2581b646efddf6e4ffb0a8f84b2227
-
Filesize
6KB
MD5ff13aa661c4eb5d9949c8f9e3e254d1c
SHA10f7ebce8fea5730b92467d6f83887d52aba385f1
SHA2568e741e9810fb257bc83e1eafb6be199a060a7a0e01d989e3f113f79d3e617c3d
SHA51222885fb7b78b11a52c74e0bc77dceee254295a5b3ffcb267d10dc81ab87781b7a0cfc7ad2897f7c2e46a61686fd0da530e555a20b853d1ceabd337d55307b6b8
-
Filesize
6KB
MD5c115724758464e54eb180463e963670d
SHA139a62994715696e918ef10a9c0fad8d5e91e234c
SHA256e34a16efc39101be6fae13628b93047387cfe1aa43d374c86aae465f44503da7
SHA512b54a1d7810cd60c1d2259d3b8cb5dad1d807880c0e6e10fdc3a8b97cc6950ad04c0f60f5d3e52d763e2ab35f732ab02014e398a0e4675b9ed6f5154e71eb719f
-
Filesize
6KB
MD59ad7e1d401f34c0da905124a7a2b3c0a
SHA12c0cea191590b69332818f23c928f49880d3dd7a
SHA256d0dfd7f8b866fd5de634b60ad3e9ffe5b47256d74619614f73b96d825cd6898f
SHA5128e785575607a94af096196e3c4d822ed96b3a491ef47078d58841dcdb1b945eee52a3e8ed58018b79f46759b817af907a73eb33460776ee8b34677910e9bfa91
-
Filesize
8KB
MD521163ff0dae5f422d14609fae7775a34
SHA1b3c96f8be3b78cee2bcf47198421b30229799468
SHA256d8e9ee3cd86f931f54d49849bf0ed71203d5eb6e5704b22ba6adf043499eac9c
SHA512c6b2676db29f5ee35d6efcaf8606036a855747bebc3189fb93030ad7e1735bfb4724f7b36afd5b60345fc0b95c93e9ba46022309b18f886b9b35fd65f5094934
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize56B
MD5ae1bccd6831ebfe5ad03b482ee266e4f
SHA101f4179f48f1af383b275d7ee338dd160b6f558a
SHA2561b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5c7140.TMP
Filesize120B
MD5b7251ccfd5699a7ca2487aeff720560c
SHA1cba41a600bdda8c24c822e8835040f0d7a35740c
SHA2565428e7b51dde36893572c99517596316a286b93b35377b16385fae3f52b69455
SHA5121b12fe48af4162a55110e047a99bf28ca82a0ac42a68c87c9c729f7eb6760164792ebd44d5a38beaf56b6520366d7980187e4626d93b4be2db223af1c24528ef
-
Filesize
89KB
MD502e3a0f69dbafdfde3213519316ea74d
SHA159475909a86bbc4d59b998f64a21adeb10d7bbfc
SHA256843275cad1faa4042f18bf8cf4c59f587cc22beb85615ffec3e375ad7978548b
SHA512f62a8ba9bbadcaf823acebfa290f276d815264f5c51474027036255cf1b22d0e1863d8ef541a53d46735104f511e3155e73b15bbc1eaaf7eb65ed4e09cb7be18
-
Filesize
89KB
MD533a714618ad3c48576ebf311fb8c958d
SHA1f99058d3afa5cab201e270b5cd0d192e8835e3ec
SHA256c8bf80e838a3f5b87b48ea0e6adf6e9e89849e737e65b277b950c011b3a64afe
SHA5129063b3409584ecf3025c4da8fb116b5bd97b806e4dbb37c75e9d39124de969df67626de06f65a1972e722e16257ce19200dcc1dfda901107f48a9c8e8d37e95b
-
Filesize
89KB
MD589d1e20b38abdf3ad30fde8bf7fdd0e2
SHA1de705a21fc27ae928b7398bd4150abd4981928d9
SHA25613bad4a838663de4e32767cdb8a2615b2bffe1a6e8d0cfc86152dcb47776f4a9
SHA5128db626399ffe59c952e3ddf0cacc9dd57201a515d7dc6e46142f56454a7a6b97fae81f241f9f99245e45091e15af27457192822ef47d37c621d50c0d396a0333
-
Filesize
89KB
MD5f0b3d3c226d3ef48b3a4c3b4bc296915
SHA189d6119e0d9ba75ed1f0375d6eba9f356640d177
SHA256aba197b607d30c8a3752f013260fce53a43763739ccbd8854887c4e2bf532721
SHA51259f0e3281a5d2c370fd949dd0424e07990ffcb2be930da2ed6f2752f6a7a4642ab44201db264b3df79f73226275c95f8a63713519eea5ad7f25e7930b791beca
-
Filesize
89KB
MD59cce2b492f70b619a30f0a8754035e94
SHA1106275b04f99fabbd9c151220a97bb4accac5d04
SHA256544864c7370f83233f58e0f68d4a96d9ad07e39fe7b95ab0e893c36aafd1ce36
SHA512b5401180428ea69661e999a0b3d0e8e4d2ce6080b0c76f9169855974ffc74c2c7f57e49566ab21b29fab0cabbc5c4871fb3614f7363019864f25b9059f1704cc
-
Filesize
89KB
MD5e1926c80829598a66d0e164c13d92dce
SHA1b9a20c02784e3850b07d1b36b8fed2bae078ad6c
SHA256e48ae469264d4c36ca1ce620ea81395d2a4fb2f54f769447fb3ee4d5442ac051
SHA5123d0bed31675796878dd5171fdfd5b79ada5aa5bc60ce3d593fca4f52762d462dce39053ac0ff9ed55306f122753a9cdd31c0f92afc431a0909c7b83917194f5a
-
Filesize
89KB
MD58c7a6f716702790e2d427e7eed889e6f
SHA137f4ff8b3b0eaac7957ba56e20c8fb84860c0304
SHA25644e72fc76e3e70accb1144c526c30c353ae58b4c76e2e60ad113ca0325208f59
SHA512a4c2c05689886b5740e3cb9a6cd8c007b08159975d8bf21dbff6de27e8df8cc33d9a66b35f1541961162315b47eb8f48955fcf6c0e53e3c749d2534be503a3d7
-
Filesize
119KB
MD5841841aba8a246067e0e27740a5a11c1
SHA1bd23424a3319cc6b88b3eb476b3b3f6021d99f75
SHA256571e0d1224624697528ebaf23c78393b8a69eddacc419647c95670dda3c30d55
SHA512e61cca21c4d915a5f3bb28f6add933d12eaaa39c979989fc26da3f4506dacb7ac1c6854f64e25e6175c3e5dfb3799bd7f39c2b2cbf7c9d52690991d4370fadc1
-
Filesize
89KB
MD568ce608ae4455494ed00ce521e1b4cb2
SHA1f513845ab629a84a7af3dc45563a25ab762c47af
SHA256f1b20774a7a17860cb0828abcce98509451320b77cfbf21622fd98fccbc53081
SHA512097a93012efa4e84d39006a0d186239aeb00afd0cb37e7c3c89fc7ef6ac59d3821c0bfc58f92b247fd7b3fcc86035940ddfb50fa901e4d61e9ad0edc3b0381da
-
Filesize
89KB
MD562be3ad3ac8293eb46fe83d7700877b8
SHA15deb56b121869b822836f973d2904727e8d01c1a
SHA2565177ab83493ed79365c07026c4e2572a74fe3d017716f34918606f63e121469b
SHA51231d54d1acb400b85654b0f0ea76d016c73cdcea2b89b7126f52f1a364cdc07b1ad85de7f0a74f4800042135956f166cd6c2443173b23f906d18506e51961ade8
-
Filesize
89KB
MD56dde844f599f24349e224276c0751a85
SHA14fe870d0a29e2cc60e2eb220cd31f92bf8aa4141
SHA25667123ff4e05aa07d86fa39d42684f250a19cb316b39a850ea19cda03aed9d240
SHA5125f74f40088e8bcf71502baeffc608fa32d1366e6847fe7c8c94176a070e34c782f6d39edd770d89725c03112360f978f7fbda5ac9fef6f9eb04e9d7ca93034ef
-
Filesize
90KB
MD5fe468aa0145de95483ad1a06573f1634
SHA1253bad6f2de462e7c24631d24d3bbc14c6d0148f
SHA256fac28f6046d388c6533110e23848dc9fa5894b0a964f155f2c04294ff11a4d57
SHA512d4628c0de84cf8a0ea097c3fa15f2690d0c58fd465442f3920d1966796c51170a3a6e45b5dac4a60774d1a665d11952a036a0ff0f65fefd256da5bbf85541e16
-
Filesize
110KB
MD541b6ffac76a1ef65e8f1f7538df5e363
SHA17197f6ef6ba8da09e03143f65649b2994395abdf
SHA2567264b3174942ec5605fb0c9be8a55334170bcf0caa405b7e732b77ffaf34f8fd
SHA512aee985010554b54aee329f497aa35e48a07f67d5a927a2ec58efbda9d11da426335386525ccd50272c64975cef05706501a4fbc81d2fac57599a59e83c855ecb
-
Filesize
107KB
MD5192ca08d78e40a79f3f76a67a7f8694f
SHA1c1fcf59487c5fb1c572e9c8fd4a755e08a354cb4
SHA256b45a38e9dc80567711c5cc033ce5461ce36e1181bc35804910e82f832040fba7
SHA5120187d117e0d4e9b588dfd9f7d7ab6eaf0cc85cb88bf49c92718a5c134420535281945fe8d482ed3e885b6a7ad02ae23adcf138e796d5b51ad5743c258cec622e
-
Filesize
101KB
MD574334ad4616ecc22e938ffec2eb992cb
SHA19b8e8352a7d0c09e7b14b78d83fb0ad1ab8e7e0f
SHA256686b94636d3c5628d700d62f86c914ce6972352a2df558305f7796e35cf27f54
SHA512dc8b72fba749dd31311f8df9558224c017a317702ba74001deb26a7f2b1e5a5720682b2c62d7a0494c020180cb45f7cf567541767b9248b09f7880d0d7067fbb
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84