Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
299s -
max time network
263s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
27/04/2024, 15:03
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://hackertyper.net/
Resource
win10v2004-20240419-en
General
-
Target
https://hackertyper.net/
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 taskmgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString taskmgr.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587038775908897" chrome.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4892 msedge.exe 4892 msedge.exe 3900 msedge.exe 3900 msedge.exe 1736 identity_helper.exe 1736 identity_helper.exe 3896 chrome.exe 3896 chrome.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2436 taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeDebugPrivilege 2436 taskmgr.exe Token: SeSystemProfilePrivilege 2436 taskmgr.exe Token: SeCreateGlobalPrivilege 2436 taskmgr.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe Token: SeCreatePagefilePrivilege 3896 chrome.exe Token: SeShutdownPrivilege 3896 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 3896 chrome.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe 2436 taskmgr.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3900 wrote to memory of 2164 3900 msedge.exe 84 PID 3900 wrote to memory of 2164 3900 msedge.exe 84 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 1148 3900 msedge.exe 85 PID 3900 wrote to memory of 4892 3900 msedge.exe 86 PID 3900 wrote to memory of 4892 3900 msedge.exe 86 PID 3900 wrote to memory of 2132 3900 msedge.exe 87 PID 3900 wrote to memory of 2132 3900 msedge.exe 87 PID 3900 wrote to memory of 2132 3900 msedge.exe 87 PID 3900 wrote to memory of 2132 3900 msedge.exe 87 PID 3900 wrote to memory of 2132 3900 msedge.exe 87 PID 3900 wrote to memory of 2132 3900 msedge.exe 87 PID 3900 wrote to memory of 2132 3900 msedge.exe 87 PID 3900 wrote to memory of 2132 3900 msedge.exe 87 PID 3900 wrote to memory of 2132 3900 msedge.exe 87 PID 3900 wrote to memory of 2132 3900 msedge.exe 87 PID 3900 wrote to memory of 2132 3900 msedge.exe 87 PID 3900 wrote to memory of 2132 3900 msedge.exe 87 PID 3900 wrote to memory of 2132 3900 msedge.exe 87 PID 3900 wrote to memory of 2132 3900 msedge.exe 87 PID 3900 wrote to memory of 2132 3900 msedge.exe 87 PID 3900 wrote to memory of 2132 3900 msedge.exe 87 PID 3900 wrote to memory of 2132 3900 msedge.exe 87 PID 3900 wrote to memory of 2132 3900 msedge.exe 87 PID 3900 wrote to memory of 2132 3900 msedge.exe 87 PID 3900 wrote to memory of 2132 3900 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hackertyper.net/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3900 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2f8b46f8,0x7ffb2f8b4708,0x7ffb2f8b47182⤵PID:2164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:1148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:82⤵PID:2132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵PID:4796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:2672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 /prefetch:82⤵PID:4440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:12⤵PID:2332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:12⤵PID:3680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:5028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵PID:2844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:12⤵PID:4680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,9894270363392837976,14835770594270534345,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6060 /prefetch:82⤵PID:1896
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3084
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4588
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3896 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb2f37cc40,0x7ffb2f37cc4c,0x7ffb2f37cc582⤵PID:2372
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2020,i,6811753474554836890,8188529552191923609,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2016 /prefetch:22⤵PID:2920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1880,i,6811753474554836890,8188529552191923609,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2276 /prefetch:32⤵PID:4772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,6811753474554836890,8188529552191923609,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2596 /prefetch:82⤵PID:4640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,6811753474554836890,8188529552191923609,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3116 /prefetch:12⤵PID:1476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,6811753474554836890,8188529552191923609,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:1528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,6811753474554836890,8188529552191923609,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4324 /prefetch:12⤵PID:2184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4712,i,6811753474554836890,8188529552191923609,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4724 /prefetch:82⤵PID:2028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4884,i,6811753474554836890,8188529552191923609,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5024 /prefetch:82⤵
- Drops file in System32 directory
PID:1756
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:3696
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:5016
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2436
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5834add466f7fea70a02cd0e1101189fe
SHA107e25f34f2f76b2874ba29a484c2e3ea78147235
SHA256d070b01924c8cf99b0283e8a0c6e392213722f1149e6fbc855bd99916ec8403d
SHA512f40d056dd847970fa4de88f28ca7e4fb8bea28f68b978f1cba531829ecf18f79e83c18fb0a164a33e548e3d08c804f8409db269926e053659a045e0a0449627f
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
9KB
MD510fade5fc6729878ddb81384b33fcdbd
SHA10d54c7a883795eaba9083b8fbd86bffe1189e4e9
SHA25667212d72d0b8cc3ab1d8e10dd362d15e65066f10ad7538b14f7b8fb26b0da0d3
SHA5127f33d5c5c6283e3ca1a677310a69d529f10d08b9cd3c1253762db72d09289383c40c69d65c2b1e0a1070fd3555860500acf9ca484ce9872b88543efb6726185a
-
Filesize
9KB
MD57ded250fffb3eb3585954ae86bdc57e3
SHA184966bf684c06fea6d22ccb302e066786b60c6ac
SHA2569568c04779bd446355cb98201044e66eaf47be9f3ccec27dd14a1e2ef9ab964b
SHA512ac552b9ab73c2c8078d62a4998cf150d4da87ee179ce6b41eb96f0bb0415aeb26a7357d9764c3be49be7b1896764a744a25863b2a398bb18ba71c3b32378dede
-
Filesize
8KB
MD57d5881eb30d92be21dd509f69bf26e7e
SHA14e787165d2861673a251c1758e68e53376459046
SHA2563670f9d621145c7afda2dbd7f257e984713fd636c9d495b2d55c911678dbcab1
SHA512a570b643d1bf1a77601420146d7f4712ac35ea0ef0303a1b6a143aedadcae2bc210818f948c874fb25e366262cbce5b17082f86b1c77503748aabd865697dc92
-
Filesize
8KB
MD512a95789389166acdd323d25dd7a4f0c
SHA1adffa1f07f916da8a3d91fdb4629b4b370c074c0
SHA2564989d17954dc362500a05b4aba0f6ebc70041e5159d51beaec457ff5b280ae64
SHA5127b545b83bf9bbb014690fe93fad83e72049e8c9252af14dca542ae6d08077f19e41ca9adf720faba5208e6ff6171ded1773440f6b8c87839869aa0a9f94e50b7
-
Filesize
9KB
MD501206cad3a73b50e0cfd75f16ed48218
SHA1959eda496a466d121bab0ecec2b29db980d1a45a
SHA256e38af6017c148e83bc86d52bd62b25d15ba46145241403dbabfdac8f00ef599e
SHA512f2395bc96797effeef2326791c06691e2d97a08c80e0c30e127842e82892435a111480f67eb1976e1233c0db6152e86684fa7eaeed88eca771377bc592e88a33
-
Filesize
9KB
MD5386599d20cbc80a80192683485712531
SHA16c3ea6dc8013ded5bf43a133b1a7f8f2b6aaf1ba
SHA25676470c2325ed922fe1f6d95126b4a3959e608685d32f389665ecbca49ea74d74
SHA512abfe662a31f60a6c454e0a540c80cd52149d23048d7829e8285340d3c2e83fdca302f4a6b6e6d953421202af247babc92f498163154bd707aa0f839e31518dd1
-
Filesize
9KB
MD546d33dbf4fbe54c938cf45e3587a4351
SHA10126291b942186ddb755ce99eacfdfbe3870f112
SHA256bf06064556fb695134f52a9536b9cb8cebab0faff9b37a1af75e0960a583fbfa
SHA5121ffe5f1dbed0926b1d73ac5585e8618bdf52389dcd3ea93e05e41b3ed512a731e7d5f6e666ca8c09b06c33dac80fcc181741722570058c99c507ab1cb8436e68
-
Filesize
9KB
MD5a78077a4566a8e7c73846c5e0cf4c43c
SHA1ba575ba7def8792a4335c3697d157523dc240837
SHA256c80c474fbae217a575330da17be94dc2affac726fcc50a86edad8ab5fc25f58a
SHA5120a54bb3f626cc466cdb1f299325656d1a9dbc5343f4c0ac4daa4fc364e49e066999d332fb38fc88d09b56cebb14c64a4bbedd7da0e6441c8307be03757362011
-
Filesize
9KB
MD594ce3ea2071cf02f65a31dfa4000cbda
SHA168dca877288bec61cc3c32f9d25e3cee547a011e
SHA25630910e03c861f084501e6206b3dfdf2a354abe1260adb98b5e50c21a56520436
SHA5124ac5c17d42fcf25f53005cba3403e1c29a164416472125d47f97991e3befeaa5171af9681d48522d233fd0744a2076fd9c0817641649c4876789f777ce635ba2
-
Filesize
9KB
MD57789c50a5d9f6c3455213ef7d9745aa4
SHA16120d3d506dad6bf69bad966d378f44430b1143b
SHA2564ed4050d26c6d247a1e7e76b1abf3578bff930da2591f1fc16d2d84ddc7f5019
SHA512cf81cd6ea84551146d99d00671e7a3e97a578a961007a573722f799330f3d997a78e07507ab4e56576244fed967f01efe8a06b9e144b0b5d2988f5fd2aa38a52
-
Filesize
9KB
MD52d3277ccfc599aac55cf93d52a9bba25
SHA1b9ff343c1c6dd3c76ba2df39675c4d5cce936b4b
SHA2561f56d89809b82f0bded113e335271cc0c3db351e1c142086aca96f3603c229e2
SHA512d5590a74a9ebbf2035cdf412f3aa8aecb6bd7ed9f78deeda59e64167bc0fedb32f31fe818913967946f753c95cc7c11ecaa59827b54ec2dd706ee29e95161093
-
Filesize
9KB
MD53c6a85a28c5cd718eec802c27e706cdb
SHA10147f063369aa424b1af69049cacc02ed6fcdd59
SHA256b6a643b35ffda8c949e804c8be4b2ce7e3b736587f82d437a0bf4be10a1ce34b
SHA5123017d566d52982ac3fc24fd8ac8d9237dc7e0daf6fc20b31e8b3bde1495e1b0b9b238700e02f7a43c6179544f8d4b2bf2a1c7da8c9160cc191d16bbf2091b7e6
-
Filesize
9KB
MD53a67e5d1e2577d2280710a33b364429d
SHA1a2f2eaba38a5b28ffce70f27317184b1dbaea628
SHA256eefb040fb02fab2a67e4aab6faaff67549ad2dfd800a4ae989096b096ae0d858
SHA512315999f25fe0192637b956fd700cc502689888ca7c2f8f6a8d88ce88d613b59b3d48ee4cebe5c4fbabcf56731fdd3c37f3f130cb4f9143f5fdfe1a58ce8ca00a
-
Filesize
9KB
MD5fca8e56f02cddf0a79f5d128cb7cabdf
SHA1606ec41e1545ff332eb3f1cb5765108d10f1f581
SHA256499660b210129eca18370e33dc275eb07b9754e4143e69a1286c81cb084f0c4f
SHA51274f714d62ea7d8b5f0580962a0495c4555d33ca3262f942dac54d3068852b6226f7ed4be79fc5d1ac02c5df2a3ffe5b49a32b94f6a9c3bb0fe3fae5b4a2a458e
-
Filesize
77KB
MD5f695396b203600eedda4a0e0b0074071
SHA1d6c894565e5503d4a87d307f1ca80a01bbd638fe
SHA256848035e060d990c6ded1bbfadc0cc5bb647e79ce234274ae838fce970e414f45
SHA51260a057f54d99db716f25ff52bff2e77fbb6d70c1802517e9757c2add2dd80a90041f21f6df6afdb0fb50575cc15d93be52a2bac243525789725a33c73fadeb88
-
Filesize
77KB
MD52abb645aa9eebb4c3158cfc46f77dbe2
SHA1471736ed4e1c3c0387444836e69ae9a3e3c16f55
SHA256ebe2dcfa25133bebfd8d7743677e275de8f8ba22fc0bef53b0aec9a20402c643
SHA512dffbe503a2c4623465a516e446c27549e83b31a26860959743a48ef28703953690ee2858c293164d2b41edc427163d70f713a03aad8d986f823c3e3cbc581d0a
-
Filesize
152B
MD59dc60aef38e7832217e7fa02d6f0d9f6
SHA14f8539dc7d5739b36fe976a932338f459d066db6
SHA2568a0ee0b6fafabb256571b691c2faf77c7244945faa749c72124d5eb43a197a32
SHA51218371541811910992c2b84a8eae7e997e8627640bdb60b9e82751389e50931db9b3e206d31f4d9d2dc3ca25ea3a82c0be413ecb0ef3ac227a14e54f406eaa7e7
-
Filesize
152B
MD57ac03b15b68af2d5cb5c8063057cc83e
SHA19b2d4db737f57322ff5c4bbddd765b3177f930ab
SHA256b90d7596301470b389842eecb46bd3a8e614260b0d374d5c35a36afb9c71a700
SHA512a5e9f40dd9040803046b0218fab6b058d49e5e2a3ada315e161fe9fc80ebb8d6d4442ccc1c98d19e561fc7c61bcf43d662fe2231cacacb447876a2113c2e3732
-
Filesize
6KB
MD5445cda2efc3a5ffb7d1e05cc3c195b3f
SHA137d50a61ed3ec1a793a45d0e74e56148817ebfca
SHA25642c3e0d4e53f04eab82c8ebcdc17f360513523d4db02ede482dbb3346f244058
SHA51283372878b6e510dbc7d17be2a2ec61c4d13cc0a790d9c937fbe096f7066a2132dc66e5f4d00fd55a62cdda888571fc07ed5f0425885b7ae0ed03a3cd2c3b7815
-
Filesize
6KB
MD528fe816e4e4a55f0d4a93b1c59f4ac0f
SHA18899859f8d27c53e117c3c1f160ce05021fa192f
SHA256d84f35ba130a67f058c7790982583f4fa78d4e4bf233e9b6bb1903f0042448b4
SHA5124efe2a9208e203b8267f6e42464b3ba10bab501944779070fa0b0d260243009db9ee8382e488837fd213ae58eac0944ef62e1e5c2b68e10cbff066eecfadbd78
-
Filesize
6KB
MD5af7a2cba23d28c9cb7a1dabe4875c539
SHA1c676587bbd513db3baea7b7208af12b0449ee03d
SHA25677c90ff21923621e78698fe3459016e096f05e0307e16265b88565374ef467c5
SHA5127e25e74be9ace30a2f6dfdc9d33f44ccd5ea46a4f5d3e23afc8ff6ada740f1fb5891b12af5bcb618204ba7489f978895aedf4469a1274edc5f5415ef5bbe168b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD5e5a578234c47705127f67c440b6ae97a
SHA12920b692991d5f7be37fb68b52e6f5a3a3c7e0f6
SHA256e5c22380fd983f5ceac5e066348b4f31bce54b8c2a8094be4dd2e9d8b5c77c46
SHA512748ed72544a22fdfcda91a2691b2aed214354c4409bb2baa51f512ec03d0eaace10a54866051a28c75e030668adf4f45a9ead21869f35993558f8924bf29db3d
-
Filesize
8KB
MD5c95e1c32229fd32798b3fc521874a8ba
SHA18a3e79f6af17f8fd22811b6673af6747d1903baf
SHA256f22e2c7a3297227dfa33c3fdc97634d85cd1fefd86aeb91709db8b9153f6a8d7
SHA512848fc681ec2616e392960798e79f578c8d978e1918f8bc179b2c78212d5e013b337e6a578b86264227b58968ac7bd0f672d7b12461454f5cfe73a8242cb301f0
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58