Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
20/12/2023, 14:26
Behavioral task
behavioral1
Sample
main.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
main.exe
Resource
win10v2004-20231215-en
General
-
Target
main.exe
-
Size
15.7MB
-
MD5
d0d62b3ecd07d722edadf1b17afa9a07
-
SHA1
af01f1ed64d130c262f29ef3e8438e86bfe0a1c1
-
SHA256
c7f1ed371709751d8bb50943670a1dd35a70a19d68bc37c7cbcc53835d0c89f9
-
SHA512
25f51be2f53dcbc8a84b77ed5e597c66946bff8c70d506a5222281c6b6e0dbde188504bb0a5712d19d4c3c51be823bb2095a45c7b33a731d0fc944d644d53bf4
-
SSDEEP
393216:rLFXlr5QpDOEfrGaJgml5jvEI4PiLLQq:fFXN5QoGhl5IRi/Z
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2560 main.exe -
resource yara_rule behavioral1/files/0x0006000000018b52-67.dat upx behavioral1/memory/2560-69-0x000007FEF5A90000-0x000007FEF5EFE000-memory.dmp upx -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2932 chrome.exe 2932 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe -
Suspicious use of FindShellTrayWindow 51 IoCs
pid Process 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe -
Suspicious use of SendNotifyMessage 48 IoCs
pid Process 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3024 wrote to memory of 2560 3024 main.exe 28 PID 3024 wrote to memory of 2560 3024 main.exe 28 PID 3024 wrote to memory of 2560 3024 main.exe 28 PID 2932 wrote to memory of 2896 2932 chrome.exe 30 PID 2932 wrote to memory of 2896 2932 chrome.exe 30 PID 2932 wrote to memory of 2896 2932 chrome.exe 30 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 1992 2932 chrome.exe 32 PID 2932 wrote to memory of 812 2932 chrome.exe 34 PID 2932 wrote to memory of 812 2932 chrome.exe 34 PID 2932 wrote to memory of 812 2932 chrome.exe 34 PID 2932 wrote to memory of 2488 2932 chrome.exe 33 PID 2932 wrote to memory of 2488 2932 chrome.exe 33 PID 2932 wrote to memory of 2488 2932 chrome.exe 33 PID 2932 wrote to memory of 2488 2932 chrome.exe 33 PID 2932 wrote to memory of 2488 2932 chrome.exe 33 PID 2932 wrote to memory of 2488 2932 chrome.exe 33 PID 2932 wrote to memory of 2488 2932 chrome.exe 33 PID 2932 wrote to memory of 2488 2932 chrome.exe 33 PID 2932 wrote to memory of 2488 2932 chrome.exe 33 PID 2932 wrote to memory of 2488 2932 chrome.exe 33 PID 2932 wrote to memory of 2488 2932 chrome.exe 33 PID 2932 wrote to memory of 2488 2932 chrome.exe 33 PID 2932 wrote to memory of 2488 2932 chrome.exe 33 PID 2932 wrote to memory of 2488 2932 chrome.exe 33 PID 2932 wrote to memory of 2488 2932 chrome.exe 33 PID 2932 wrote to memory of 2488 2932 chrome.exe 33
Processes
-
C:\Users\Admin\AppData\Local\Temp\main.exe"C:\Users\Admin\AppData\Local\Temp\main.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3024 -
C:\Users\Admin\AppData\Local\Temp\main.exe"C:\Users\Admin\AppData\Local\Temp\main.exe"2⤵
- Loads dropped DLL
PID:2560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2932 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6749758,0x7fef6749768,0x7fef67497782⤵PID:2896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:22⤵PID:1992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1540 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:82⤵PID:2488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:82⤵PID:812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:12⤵PID:1628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:12⤵PID:2316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3176 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:22⤵PID:932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3220 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:82⤵PID:1308
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3216 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:12⤵PID:1940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3332 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:82⤵PID:2964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3580 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:82⤵PID:2212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3640 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:82⤵PID:1820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4004 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:12⤵PID:2792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2272 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:12⤵PID:976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4464 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:12⤵PID:2644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4624 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:12⤵PID:1044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4500 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:12⤵PID:3068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4392 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:82⤵PID:2940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4992 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:82⤵PID:896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4444 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:82⤵PID:2020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3336 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:82⤵PID:2516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4808 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:12⤵PID:2704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3492 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:82⤵PID:2796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4576 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:12⤵PID:2400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3404 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:82⤵PID:2000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4056 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:12⤵PID:2024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4444 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:82⤵PID:1548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2368 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:82⤵PID:1608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3264 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:82⤵PID:2116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4208 --field-trial-handle=1308,i,14807167739898854447,15454234480643619937,131072 /prefetch:12⤵PID:1760
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2400
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:1852
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e6f51115d580cd9b4e93ba5b9059e8d1
SHA1489cdc1d94d2cd5f81ae8a45be806a2c62a67a5f
SHA256358031a04460ff1271af7e9845baeceefb3258d008b87fc7faf5b07fb49351f3
SHA512ef95346e3baad5ea298f76a07bc9bc70381ecb72b09cb2dee881e7011d41845626c8d463f583c2d362857649dff775db843198f963252bdf968c305523d89711
-
Filesize
224KB
MD53ec2b7164eb8adc300e8353fc020ef3c
SHA16e8c28752032f624ba6b10ef7dde41c1e19f4a7e
SHA2568ff94fafd63efdae985a140a456967e8b60c7e77c09b8cdd44ec2ef8e8cf88ea
SHA512ec0dba5cbd98db8d1d6a8f66ae373a3efe2c4c4e0ba618817ba42282b1aa8171dbaf5f494ad1f520f8eb137685b25e66ada6b98aea83c9ffdaeae8035a76a572
-
Filesize
768B
MD5d88b171f8e423478fcf7c4ff961dc47d
SHA1d387902a1f58b72799d01f0e0648bd70d45a8a46
SHA25625fed867da91eb52f2860ee248b670fa393911b6aa0bb50c7446979305734a91
SHA51209f0633752448507076c33162530b70857685c0118f84eb7e0eff24f4f9dfa751bd6dc82e00c1eb36807f8c34880071cf14ce87a3fef2222f15724a9796e5d41
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
527B
MD545b4bc66fb8eed3d0fd0b1d4b47839b6
SHA1b949f2dd281807841adce80f29087090da8ce692
SHA256ee5d127c13c53ce31a30c1090a5e83668c217f9855572403b6d4182ac00e5c8c
SHA512ad097ca29a7844d3d698d47719251b917ac9305ad2f12efeb573337a4521760459401302be2d0e8df49e662994ecb25efc277d88fad05f5a86be81e74512b837
-
Filesize
363B
MD5a7c08eaf5cfcb3d71bc5199755910abb
SHA1f33097e6f298483a5381039e31c656943eec84d9
SHA2568452d80575f581523bb02f260215b993644776cdadecba06c742dbbd79d46be0
SHA51235d02dd588e7563bd841c9c08bb52478d6ee871e5ee7790810f52d3a0ba6d3a9a5886086446faed27e9e68dd2b0ae39dd32577c1ac84efdff138be35a6d12ee0
-
Filesize
363B
MD5644b4a39b372b7c8209f7bad3ebe7a0a
SHA1f9d8c653fcfc0ba051376ca645849656dac85cbe
SHA256b29616867510ded8151c53650f34440d18293428c622a3a9e827f1e351edbc21
SHA51278a8589ca08c85738a7f81113ee803011951f12e40e32a080b30649c8bedc865178027c3df2f00a7052f3a413bbbad52a760d02101a324038ee53291017026b0
-
Filesize
5KB
MD57a55550448ebb5fd5f25167764476c2e
SHA10b3cdd66e8962513606ac071a3bff839020736d3
SHA256a53309544c2fd00d98d178e190174c3e457f3751a3858f2bef0c8ae26b4c81ca
SHA5121145e2d4a22be2be9e2eb4e2f4f7c36fa44f7593042aee505f39c5f6820af0bcd0d05bfbdb5bf68657be5e1e51534a8bfbd91b10605cdd93dc5f0c4fdde4f888
-
Filesize
5KB
MD590f741a5d0fcba2d1aebf35bd5e8a436
SHA1c1182644f4cc1c9ca73e2065daf6d37ed622a310
SHA2568d3b5b9de0b5e9261df8c5e76ff1ea560fb15cb8737a6edc9d1c61f59922f6ec
SHA51201598c7285374481b35f80e003252077956cfa05a0feb1dfe7cd58df750ab0bde390af5a32a1cc301391ff948ddddb439762f813ca053c47d7afd13a266bea6d
-
Filesize
5KB
MD530a69fb6a7f97c893b149e6f7c737bb9
SHA122726ca5941e4b2439ae909cd638450c94c92d14
SHA256ab2498eaab98fc6d0c5abe344ae28020a2b39131f84f701a9e9b3332d069a653
SHA51286cbeca6da6350185addc87157715dd6753e02f467a11a0be7e0ce99a0042163ec234b23fcb5db71c9ea0786b5bce73c73009eed5a6c3761fad072ef4e079698
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d70230fc-09ed-40fd-8560-c7a48b7da40e.tmp
Filesize5KB
MD5ab8e45e1aa42d377ac913f06b3bcb2eb
SHA11c144519dfba7a6408a55975ca2abb3ebad1aa39
SHA2563cb9c55ab6d2de906011bd1af277b11ab37a516c21851eaa8259f5581295cd94
SHA512f4bd4a5af4284705cca1f1e602b5a631c593f03c833e4e1a6619dfd3701997c493025e4e022fad11a8af0902350e6359fc9e9b48e794c2e80c43c05367ea3889
-
Filesize
224KB
MD58124647f9b039c733a83158f398189fd
SHA1a17d57c0fcc184a33ab349e7027a3770d29fb752
SHA2563559c0cf6e4684af2d6eb9d5100eab203c45e19bab8225c6b76d4b5491be2834
SHA5129a7ab84cb802e6c7d1863413311344638039fa0e7286f7ebb9013f2544b60fabfb1280ada9fde46a4026f43a7519cd460f43acf15c9475feee9c93c0d741a910
-
Filesize
224KB
MD5b2c139af200f709f54c191519dead9b4
SHA1c868d612a58c6a5b4f07c510ee2e8330461f8e5f
SHA25676fb8eb9563e736e6b1869162796853ee40b02cea1796a302512ff8ce22d23e3
SHA51223783bb03b45b1200b3c571d0c5b84f9c9690342d9721cea545988b1c62285ec06100c7590f70964b27485c90998c1756069b2ec51e1e87c6b5cb2d6f9a4daeb
-
Filesize
224KB
MD5d43e648ac8954fd84adff460022a3787
SHA13272b869e94a9d95c086f1f642726cd6ecb4bd5e
SHA25666b974b6294c8325abed43493ede187991acb880feb2eb3f3d858176902568e7
SHA51276fc54663bc74fc2caa1ba7c655dfb06c15bbb01562a27c782336f3d9cefaef5d02d0b4f265c44192723a452cdc9552940f15398430fc6e07f84372c394fd1e0
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
Filesize
1.4MB
MD569d4f13fbaeee9b551c2d9a4a94d4458
SHA169540d8dfc0ee299a7ff6585018c7db0662aa629
SHA256801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046
SHA5128e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378