Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
02-02-2024 14:08
Static task
static1
Behavioral task
behavioral1
Sample
eicar_com.zip
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
eicar_com.zip
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
eicar.com
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
eicar.com
Resource
win10v2004-20231215-en
General
-
Target
eicar_com.zip
-
Size
184B
-
MD5
6ce6f415d8475545be5ba114f208b0ff
-
SHA1
d27265074c9eac2e2122ed69294dbc4d7cce9141
-
SHA256
2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad
-
SHA512
d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133513565935304334" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1340 chrome.exe 1340 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
pid Process 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1340 wrote to memory of 2988 1340 chrome.exe 98 PID 1340 wrote to memory of 2988 1340 chrome.exe 98 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 436 1340 chrome.exe 100 PID 1340 wrote to memory of 4484 1340 chrome.exe 99 PID 1340 wrote to memory of 4484 1340 chrome.exe 99 PID 1340 wrote to memory of 4976 1340 chrome.exe 101 PID 1340 wrote to memory of 4976 1340 chrome.exe 101 PID 1340 wrote to memory of 4976 1340 chrome.exe 101 PID 1340 wrote to memory of 4976 1340 chrome.exe 101 PID 1340 wrote to memory of 4976 1340 chrome.exe 101 PID 1340 wrote to memory of 4976 1340 chrome.exe 101 PID 1340 wrote to memory of 4976 1340 chrome.exe 101 PID 1340 wrote to memory of 4976 1340 chrome.exe 101 PID 1340 wrote to memory of 4976 1340 chrome.exe 101 PID 1340 wrote to memory of 4976 1340 chrome.exe 101 PID 1340 wrote to memory of 4976 1340 chrome.exe 101 PID 1340 wrote to memory of 4976 1340 chrome.exe 101 PID 1340 wrote to memory of 4976 1340 chrome.exe 101 PID 1340 wrote to memory of 4976 1340 chrome.exe 101 PID 1340 wrote to memory of 4976 1340 chrome.exe 101 PID 1340 wrote to memory of 4976 1340 chrome.exe 101 PID 1340 wrote to memory of 4976 1340 chrome.exe 101 PID 1340 wrote to memory of 4976 1340 chrome.exe 101 PID 1340 wrote to memory of 4976 1340 chrome.exe 101 PID 1340 wrote to memory of 4976 1340 chrome.exe 101 PID 1340 wrote to memory of 4976 1340 chrome.exe 101 PID 1340 wrote to memory of 4976 1340 chrome.exe 101
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\eicar_com.zip1⤵PID:740
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1760
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1340 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9772d9758,0x7ff9772d9768,0x7ff9772d97782⤵PID:2988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:82⤵PID:4484
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:22⤵PID:436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:82⤵PID:4976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:12⤵PID:4696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:12⤵PID:2232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4588 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:12⤵PID:4732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4856 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:82⤵PID:4728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4728 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:82⤵PID:3044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:82⤵PID:1728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:82⤵PID:2832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5376 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:12⤵PID:1860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:82⤵PID:2464
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2876 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:12⤵PID:1428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4484 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:12⤵PID:2464
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6116 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:12⤵PID:3440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6104 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:12⤵PID:1960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3100 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:12⤵PID:3460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5840 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:12⤵PID:1588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5960 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:12⤵PID:2456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6368 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:12⤵PID:3944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6436 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:12⤵PID:3048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6936 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:12⤵PID:1208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6960 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:12⤵PID:220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6612 --field-trial-handle=1872,i,12999985714597274506,13825379764066514038,131072 /prefetch:82⤵PID:4800
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4960
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD5ec2bfc16e483948897a52426239727b6
SHA10cef9033697f2ca24c1b788f26ee9805ec436894
SHA256b44f75073723ce00761bf7179f3d460c9431054be157a120f4a66784d5e0744e
SHA512e42e1fcfc45a3ca52226bab0648144c87ee7dfcf1f4b44a024415a1b750b5d602ff845e37dea8de05cd080f81fa97d0c2b95ad485f8c7157cbf92d4621bb27d9
-
Filesize
3KB
MD5033bb27c2aed71a3853128773ef50b05
SHA1618039728443eeeee1f97c11129069fecd1f2dfa
SHA256c4df8b513923301c09c039611eb0093139dac991571c6b04c23050af8eabc8ba
SHA5121b5146c50b530cf96102d6f5fbd859553a76c0c97b79b83da349719dde6ff24ee06e3f60ffae9da6b2ade181872bdad471fb221ccaf05853b0f342e06bd3ec02
-
Filesize
1KB
MD5d16c9e40585c872741fce38742fb5656
SHA136c970386a51f2ec0ca3bae7b4b33054275993d1
SHA25649b70fae487a766093eeef49f964a9368415c6aaf098093fa5ce20e9f2a2a690
SHA512c47e2f4c8f93f5f6ae9b2218f8202c7c8cfde4c83c0132039be13e577148457bc16d3370b64190f8c91d98ba198f3ddec7d63887d5b94dc7f8b13dfd29e8a532
-
Filesize
4KB
MD51a85c3a55c26f3346d4373dd7883f4d7
SHA10f3625d8886a4b458f88bd61bdfc48efaa246809
SHA256a6eef1cc611f069e5adb79220f9f3bd0ddee427b941d44283497adfa8198f3c1
SHA512e9d13f178b1e34205e1ef8de097eab9aa11b7d5c3dc69a065a873910e713595442c74ac0ad6497b590e4d7dd258b9eed027b55bd843a35103f75cf6b5f6050f6
-
Filesize
369B
MD561ac1d96fd5537952a8bf65e38a72f16
SHA154d101757764c83a2610743f6af6f9a2b9996dbc
SHA25677e1934e03d020ba8aab04385f3ac1fcf0742073f3a67cc315757146a6d8ae0d
SHA5123f70de9baf32a417337e290c8b951f1860a40d76183c358b4f6fe7ca183a42352f260fa7a675d7e518a9517991bcf1f8895f65b51335d573e8fccf7698e15c40
-
Filesize
2KB
MD553951af4cb901aceecdbab835c4c5834
SHA1114cc8f430ffd2be663ce30cb22bdff4f7a5171a
SHA2563262a2d80aa0e017da549bef246327f3338e46ec2c75f8e043207a617f9cb69a
SHA5127615fabcd4a1d541d9ec1ed9043e37c51ca7319b4f41d83dcb565eaed092aff51aa47fc12c67622d03be8517634163a1168e5acc0841182b4f64f182b953b0af
-
Filesize
6KB
MD539aca84748c55c89efb2473d6fdbfbc4
SHA1d9dd7a007e39e6937c6d3c478af2d537f8ffbc74
SHA2566aa0bdf1fe6f96fe39090d5e2583314b0b8f88e0a8d49518c3021be865f736c7
SHA512885e15045564a7d8775cbbbc5b11c124939de6be05f6925edf88c4e11f0a1bfd12d5e02f7ec8026c986e30e232eee4d5fef00998908c63aac714786a3ef879e6
-
Filesize
6KB
MD5161e12e0a11a6b372a33b2d795ae9206
SHA13c02c29c5755a1ebef5ef12afea1c365e14873f6
SHA25642a378f3993fab2d13e76571f068483978065ff3c98b8d9045fc95bf136e5787
SHA512654138657f3ce6c08965726faa35e7a2a9003771ecc96ba406b5496e2d78620ca7c811ed55705afd80dc0924951f1f32f86a38bc635fe1e6649200ecab33736a
-
Filesize
5KB
MD5462e865369910f94c44f963c25229bed
SHA1c27e4ab3c5c28cbecaa9bbad592d1fab2439f0cf
SHA25684d8f999e46fe14bc5588716326b66d4943cf0df3363da4b6ee0b93d72037fd8
SHA512c085a6f8f6f40995f616a2f982756b7404fe9522e258075288c2a2627246cff5c0355a290e091ad4347d92528c4a1998b9f75160e92220b7863f16837f89db6f
-
Filesize
5KB
MD56a85ac3be414b9bbf4373db65957e29c
SHA196f6c78def264d59d7d13fc71ede97a7c9d299fd
SHA256e153ce3ced82d8ed1bf62f7ca8034386fba7a15370cb7a177f357f17228dc1a8
SHA51296c4853326a760784f2eaaa7670f85a611e45beff186bc0c5046c39068472e0afe8e4510db5b14b699322174ba75b86e5816e4aa1f1ac458568637649a5c9126
-
Filesize
232KB
MD517971a74f33be53727a91dd4d12a7601
SHA17debb3d7ae5ad4523b7909220c10c5e6086e8fb7
SHA256d84a11c6245c3502ae9888ac611850e31f760b4590e0eacaeec7a9a61e441716
SHA5120c2fc64cc930b8aa153dde58c5a3a6b7bf7d1483b82d173c101af2d9c58a7aa69bb9816fa1ac425c8f6a8079fba911c1d42428c3d715c4aa78ea43a7813bb65a
-
Filesize
104KB
MD5072128bd5c1bfaefcc482968e35a8ecc
SHA12d8b5dcfada9099603db6c143251ae0b98223463
SHA256303f7bc4448db8476c55757aded7c798fc26533cfd8dabdab322e36346b999ca
SHA512f77310ad4f468e6f459b6978e7558fada54b6220ceaab3b3ce8e674ad1eb36fc408981a10626e7d3e2ff9fd71d0af07cfcf4f0fd344a82c56b2b786e273c7017
-
Filesize
101KB
MD5894e710f2cc312eb1caa9bdfa9f7f0b7
SHA118fbfb6e3eb5ab06c09c723d6b96b3a7c0737876
SHA2564e443614bf3f6c4526aad29d3b7e851f557a0fe012e5dc640dac4e7d1c8ad2f2
SHA51254f3b88f7b96502aa507b82421e33d68dd13dc8728f09fdbebcc7c4222a1a916f756f24c014b355007c0f946e5faf05cd66ef3734db2db6a701416b5a0b48d41
-
Filesize
98KB
MD58670f2db72fcfb1291b00e92d8b0ddca
SHA1c57e635b62fa72ca851d37f2fcf316e99b40174f
SHA256bbae6efaef08f310da80704c67aa92ed6b2ef5300a89c219f823fb3044849f6d
SHA5123a77914235c47b150136adc8187edf99ca6db29aa948d4eb00c4f18a42a5d4db65751f69300667353f6612af0d89def7db69ed9544941002b708e1938d11a0d2
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd