Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
59s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
12/02/2024, 21:37
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://clickproxy.retailrocket.net/?url=https://blackblackofficial.com/beds/benda/dgedsd/am1jZ3VpcmVAamVmZnJleWdyb3VwLmNvbQ==
Resource
win10v2004-20231215-en
General
-
Target
https://clickproxy.retailrocket.net/?url=https://blackblackofficial.com/beds/benda/dgedsd/am1jZ3VpcmVAamVmZnJleWdyb3VwLmNvbQ==
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133522474846425779" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Modifies registry class 3 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4016 msedge.exe 4016 msedge.exe 1428 msedge.exe 1428 msedge.exe 4632 identity_helper.exe 4632 identity_helper.exe 3740 chrome.exe 3740 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
pid Process 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe -
Suspicious use of AdjustPrivilegeToken 48 IoCs
description pid Process Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe -
Suspicious use of FindShellTrayWindow 51 IoCs
pid Process 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe -
Suspicious use of SendNotifyMessage 48 IoCs
pid Process 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe -
Suspicious use of SetWindowsHookEx 16 IoCs
pid Process 4956 OpenWith.exe 2040 OpenWith.exe 4956 OpenWith.exe 4956 OpenWith.exe 2040 OpenWith.exe 2040 OpenWith.exe 2040 OpenWith.exe 2040 OpenWith.exe 2040 OpenWith.exe 2040 OpenWith.exe 2040 OpenWith.exe 2040 OpenWith.exe 2040 OpenWith.exe 2040 OpenWith.exe 2040 OpenWith.exe 2040 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1428 wrote to memory of 5044 1428 msedge.exe 84 PID 1428 wrote to memory of 5044 1428 msedge.exe 84 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4540 1428 msedge.exe 86 PID 1428 wrote to memory of 4016 1428 msedge.exe 85 PID 1428 wrote to memory of 4016 1428 msedge.exe 85 PID 1428 wrote to memory of 4960 1428 msedge.exe 87 PID 1428 wrote to memory of 4960 1428 msedge.exe 87 PID 1428 wrote to memory of 4960 1428 msedge.exe 87 PID 1428 wrote to memory of 4960 1428 msedge.exe 87 PID 1428 wrote to memory of 4960 1428 msedge.exe 87 PID 1428 wrote to memory of 4960 1428 msedge.exe 87 PID 1428 wrote to memory of 4960 1428 msedge.exe 87 PID 1428 wrote to memory of 4960 1428 msedge.exe 87 PID 1428 wrote to memory of 4960 1428 msedge.exe 87 PID 1428 wrote to memory of 4960 1428 msedge.exe 87 PID 1428 wrote to memory of 4960 1428 msedge.exe 87 PID 1428 wrote to memory of 4960 1428 msedge.exe 87 PID 1428 wrote to memory of 4960 1428 msedge.exe 87 PID 1428 wrote to memory of 4960 1428 msedge.exe 87 PID 1428 wrote to memory of 4960 1428 msedge.exe 87 PID 1428 wrote to memory of 4960 1428 msedge.exe 87 PID 1428 wrote to memory of 4960 1428 msedge.exe 87 PID 1428 wrote to memory of 4960 1428 msedge.exe 87 PID 1428 wrote to memory of 4960 1428 msedge.exe 87 PID 1428 wrote to memory of 4960 1428 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://clickproxy.retailrocket.net/?url=https://blackblackofficial.com/beds/benda/dgedsd/am1jZ3VpcmVAamVmZnJleWdyb3VwLmNvbQ==1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1428 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbab0646f8,0x7ffbab064708,0x7ffbab0647182⤵PID:5044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,16879919194736117929,13298208446593965006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,16879919194736117929,13298208446593965006,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:22⤵PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,16879919194736117929,13298208446593965006,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:82⤵PID:4960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16879919194736117929,13298208446593965006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:2444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16879919194736117929,13298208446593965006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16879919194736117929,13298208446593965006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1996 /prefetch:12⤵PID:3696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,16879919194736117929,13298208446593965006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:82⤵PID:2436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,16879919194736117929,13298208446593965006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16879919194736117929,13298208446593965006,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:12⤵PID:3568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16879919194736117929,13298208446593965006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:12⤵PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16879919194736117929,13298208446593965006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵PID:1208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16879919194736117929,13298208446593965006,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:12⤵PID:4376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16879919194736117929,13298208446593965006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:12⤵PID:2900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16879919194736117929,13298208446593965006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:12⤵PID:3416
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1684
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1792
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4956
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2040 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument mailto:[email protected]2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3740 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb97eb9758,0x7ffb97eb9768,0x7ffb97eb97783⤵PID:3876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1880 --field-trial-handle=1968,i,10868008796258831329,16364217244933072360,131072 /prefetch:83⤵PID:2448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1968,i,10868008796258831329,16364217244933072360,131072 /prefetch:23⤵PID:4592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1968,i,10868008796258831329,16364217244933072360,131072 /prefetch:83⤵PID:1680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1968,i,10868008796258831329,16364217244933072360,131072 /prefetch:13⤵PID:2040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1968,i,10868008796258831329,16364217244933072360,131072 /prefetch:13⤵PID:2508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4668 --field-trial-handle=1968,i,10868008796258831329,16364217244933072360,131072 /prefetch:13⤵PID:5376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1968,i,10868008796258831329,16364217244933072360,131072 /prefetch:83⤵PID:5480
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5264 --field-trial-handle=1968,i,10868008796258831329,16364217244933072360,131072 /prefetch:83⤵PID:5516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1968,i,10868008796258831329,16364217244933072360,131072 /prefetch:83⤵PID:5596
-
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3068
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
371B
MD50051889294f9f4e3f58dc21fef248092
SHA19bedad5ec4aa04ede024ff40a5ae154b574880af
SHA256ebcd696acd117c4a9e7d0a7b5cc162c9720047d3ed568f9a22ee78cff800f3b4
SHA51286ced7eb6e578b5a8b8d166e4a8ad2a3c0ddc02a69d553efdb74bb903feadb30669d8e5a2ed6b4183780622689a736c8461c9f9cf5fdb761a5452d05e83d4d94
-
Filesize
6KB
MD5416647207c4afc6d1e01b8ac9363ce0b
SHA13ceada706612940c300be438c05c21c845eba857
SHA256a79ac237354478b749a3af950ade2a0e64f5172ff655e415b51e7c567d7a4e16
SHA512f496ec6e13326e7b1e0856d3cbd9abb61a51bd8cd067ffadec480fafc9cdd2fd2c632df7d4d9db8a8ba09fe6a31a3bc9b0920d84e8f9fcbc04a9e1414a6252b2
-
Filesize
15KB
MD5a25d4ec9f574fb6224cb0fc86a15bff5
SHA1d1e44128a91c4277cc0ced0a2c3186f0a0cdba08
SHA256d1fc71ac09f788e6fc5f8b327a1e1a413231756da87e85c5dab6a68597806c23
SHA512c91385d5a67ddc84205247ab21711cda9afb6949ca243825c133338da4b48cfa8eb789b8278a6e56f927c8d9076a1790f7efd2e96c42480b46668712c57fd9ad
-
Filesize
238KB
MD5dd9e977634cda0210d8273470b0de367
SHA1e3a0909ec8a175f04c1d5c189a6dec16fb81549b
SHA25601108ff579bef0c2f52b23d8b18cec066d370ff52751f0f09fc9097431e7cf08
SHA512d19213cc13c466348408a6051674e23315daf406d3cc2cd196749dc75ba19bfa80bc6d63cc859ddfac740f4714ec4b23cabf2490e4839e7a897d36a8f3d7dd79
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
152B
MD584381d71cf667d9a138ea03b3283aea5
SHA133dfc8a32806beaaafaec25850b217c856ce6c7b
SHA25632dd52cc3142b6e758bd60adead81925515b31581437472d1f61bdeda24d5424
SHA512469bfac06152c8b0a82de28e01f7ed36dc27427205830100b1416b7cd8d481f5c4369e2ba89ef1fdd932aaf17289a8e4ede303393feab25afc1158cb931d23a3
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5cc62fca690e274ff429d3d65e092c890
SHA1d7bfdabd73cd28a5995fbc043e7a96d34a821113
SHA256120e1f918d8e7a304a589fddffab6dcd6dce11214684a8707b5e76d900cbb10e
SHA512c9012bb808e90b565e5db29693486012df4d96d99bb2794001b51290c942e9b9cd7ecd430f871bd1a1238d5c547cf278a197e549ea4b1df5e81c384c447b660d
-
Filesize
5KB
MD5ddccbf29956a9bebc63632250bdd13d6
SHA128afbfc71e9f619efcdea37664b9357a9d045027
SHA256e8e711839a28d1f38bb4fa475ee9706af6eb91f1bc88a646386a65f532ba5293
SHA512c17e5cf81451bd4db8b2dda49092f540f57dd965bd531ef7c4790a75a3705788dd512a94de8bbd452252bd78fe9a7ba83079a2ee6d9cb20ea9c6e69f68b26528
-
Filesize
24KB
MD535f77ec6332f541cd8469e0d77af0959
SHA1abaec73284cee460025c6fcbe3b4d9b6c00f628c
SHA256f0be4c5c99b216083bd9ee878f355e1aa508f94feb14aeebcfba4648d85563a7
SHA512e0497dbe48503ebbf6a3c9d188b9637f80bccf9611a9e663d9e4493912d398c6b2a9eab3f506e5b524b3dabbca7bb5a88f882a117b03a3b39f43f291b59870c8
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD51b85b1aa361ec5d229099530761d2678
SHA15e1f7aab3c4b60582fadf8f389344f9184b323f7
SHA256cf5b2e775aa91a59f05411e57c85293966813edb178829b8af947d4d470193c0
SHA5127a8b6b6d224921904b4aca4c54bb6664107b7496685631e7458d4d980516edcdcc49a03f1f1581e5a1faf9dc329384f8db52c4c59348e4526073994179a42df0
-
Filesize
10KB
MD5ac0bc18a6bc7f2994af66229ccff271a
SHA1c34867c133cb87c473d20bd6ee507314326722dd
SHA25697234f101e43e717f307af8943660b1d8773f1fbdfb00fcb5133d15ed8e41fe3
SHA51266d247d4458598d2fc04e696d609d2b3a2f30564ea308ad4bb3217b5f012a227ea95c58f0d935a5605103a3ba662869f6f8db3290c65bbeeee91205097e69893
-
Filesize
10KB
MD5dcd78583fd3afed3f31b3a2bebdc69cf
SHA14bb95df472d07e79312728e5e951044f1652a890
SHA2565f4a8d690db2e2f92c18dbb8ca7a2bac759079a87e5f05bd78ff1b90b4c98a1e
SHA5129eb945f93e6f9fb56eb3e753e4b499819ef478e7f07c9cefcf2aeac2348ea60455710a3458f5c763e6e4d8800ec279c8052a3302bceb88adbc768e2bce315cc0