Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
08/05/2024, 12:59
Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
11 signatures
150 seconds
Behavioral task
behavioral2
Sample
a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
Resource
win11-20240419-en
windows11-21h2-x64
11 signatures
150 seconds
General
-
Target
a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe
-
Size
1.1MB
-
MD5
e5ac1cd3611039e9a9fdcd1b0e867ccb
-
SHA1
345a4c6d7130d010ec5cedde5da8ed7c36901a86
-
SHA256
a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d
-
SHA512
06972592bd26951c1850269ac3039099c3dcc5e8a9291daed72030e7fa96ea4a3d19b249674b96bf6ff48f3d7ce00cf2d2c0c25be9c71862aa26baca7021092c
-
SSDEEP
24576:tqDEvCTbMWu7rQYlBQcBiT6rprG8auv2+b+HdiJUX:tTvC/MTQYxsWR7auv2+b+HoJU
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133596467648162469" chrome.exe -
Suspicious behavior: EnumeratesProcesses 7 IoCs
pid Process 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 3528 chrome.exe 3528 chrome.exe 3528 chrome.exe 3528 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4880 chrome.exe 4880 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe Token: SeShutdownPrivilege 4880 chrome.exe Token: SeCreatePagefilePrivilege 4880 chrome.exe -
Suspicious use of FindShellTrayWindow 63 IoCs
pid Process 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4880 chrome.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe -
Suspicious use of SendNotifyMessage 60 IoCs
pid Process 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4808 wrote to memory of 4880 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 84 PID 4808 wrote to memory of 4880 4808 a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe 84 PID 4880 wrote to memory of 4276 4880 chrome.exe 86 PID 4880 wrote to memory of 4276 4880 chrome.exe 86 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 3204 4880 chrome.exe 87 PID 4880 wrote to memory of 768 4880 chrome.exe 88 PID 4880 wrote to memory of 768 4880 chrome.exe 88 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89 PID 4880 wrote to memory of 336 4880 chrome.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe"C:\Users\Admin\AppData\Local\Temp\a2f9493f5620c1a5d4fdb2f6a9445fbeac8c908b031112cd63d864a54ac4d17d.exe"1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4808 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4880 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffbdbacc40,0x7fffbdbacc4c,0x7fffbdbacc583⤵PID:4276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,6442851432364531629,6888028280162990194,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1976 /prefetch:23⤵PID:3204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1908,i,6442851432364531629,6888028280162990194,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2020 /prefetch:33⤵PID:768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,6442851432364531629,6888028280162990194,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2272 /prefetch:83⤵PID:336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,6442851432364531629,6888028280162990194,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3156 /prefetch:13⤵PID:5112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,6442851432364531629,6888028280162990194,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3288 /prefetch:13⤵PID:2300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4632,i,6442851432364531629,6888028280162990194,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4640 /prefetch:83⤵PID:2432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4636,i,6442851432364531629,6888028280162990194,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4716 /prefetch:83⤵PID:4592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4700,i,6442851432364531629,6888028280162990194,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4736 /prefetch:83⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:3528
-
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:2120
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:3256
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5a1d49e8de44b4be3e2e5c31751fe24fb
SHA1749f88d8d7aeb5932d965a4214390f1c9c9c500c
SHA2567042104e67b000f056ab78479abcada6dcb68f3279d444265d0ad2acbcb59ed9
SHA512a44e9af3ad8c6b35548eac270cecc6d5e935948b2d00a03a512d22316bbd65fca56355f4c3dada86ba3a3117f9045b52da9cbaf177067696d7eb3df5b9f05082
-
Filesize
264B
MD503ebd3b825c58287d2b7a5c230514819
SHA159f33e53250c205564556849117eaefbc5d4fb4d
SHA256e8db805a56dfc7abd956294eb05448db05f05a2a12d54c976e171380cf61ca5e
SHA512cc499eeae1e83574a68840beb08c9542b2f32914fa7b2023a9a65a6c525cec4e55df2241bbb7154881d1ac6351987909d038cc0c962f85397bc0870fca9c69a2
-
Filesize
3KB
MD5002da3d452a1c1fbf86ea9e59463225d
SHA1cf76d76b63f2fbc4b40f04e9497e66b2c27417a8
SHA2566fb7b7569d4c6f7867763b92b86fd9b4362751310dc865dc470eba22b4b43ea8
SHA512b5f0d0b872ff41fd5ee141728b952e14019b4db2c5184bcda4c7499f57a0b458a150388d212e2412fd362ce5258899adb47c4c33e732fca5eed859bff78ea4ff
-
Filesize
3KB
MD5486f598bbc1210880eb68aa8f3947c3a
SHA17868a7a36359b6f14eb7cae8e2a7c23c9d311a46
SHA25632b3ed9dfd801f1038e8c5ff3791f7131963e744b9cacad8c7ac053d2ed5f179
SHA512d3bfeb61338712b0581c4af04005b75f5e097451ae5bbcd055fdf26d92ef82d499f8d3b835cb4786d14fa40b5babfc7198853ad1cca394c41eb9a820d2c88e54
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
688B
MD58e278b4d1d281b2aa7b306084555c221
SHA1c6c4377e512aa59a04b79223ae899ac3f6d28971
SHA25616eba42cee9c3d9c8d9f483d1389ccd0248a6a522dfc7bee4bd685c0b10579a7
SHA512e43ec576b6ee6ae1876bd9be2f36c704a57029e82c07857c73df7f6e7c948502ee45b84fa96414e2b8e54572ba604d05dceef9a9a5c7577c92173997d6e01310
-
Filesize
9KB
MD57bc102f4fd194f190787893da12c4487
SHA1cdea1fa92a9089750273a43326d6ebc6321bf52b
SHA256e5288a93646870776e90336b90c2fa6e4549027981caaca020279e039adc478a
SHA51215f6924cc78a048b0130f7cd3b2ae902d2450e77d15b5a41374cadc3c1b2f4fcdce43ab4d5df1caff23939e1a2b52f1535dca501519ed27f28358e527b2e0215
-
Filesize
9KB
MD5a8ae52ff9b1bbbce2482f35656b30744
SHA1cb854f8178d224c878094bcbae34d5d83906d62b
SHA256c717ef3ae3f92261bbada5365b0d7b6ce1ca6ec156d136c612778b832f94bf9b
SHA51243f6d433ef434b67da18a240a754b72cc2c3574cb86407d44404133239cc74c90f105d86517cd774c3f0fd66b7470c895e9c24a56609b964b00fa7256cb1cf5a
-
Filesize
9KB
MD5742b81f4a78925bf62e448babfaba10b
SHA1534541791c306fd8fbf68e71fe27c2e4b48ea61d
SHA256f90e7b1ff4ffc653589a76f434b3448a3ff4fec5d02fad5f570807f94775257e
SHA51280768b5a5598440a409fb4360729e63e26183d14794da62375b1750a27fc2e0786d938ba03137df26e31e6f8e35b122e807d1666fa70d3aa80e0bd68033ad864
-
Filesize
9KB
MD51295cbef5b004166f721ce1ec6e8a9e9
SHA1303880f639b9b2c25326d7040151191e345c62c3
SHA2569bc05a9ed2426248f1432c25e307b209fda1d69d697e63273bb8519e2043e50e
SHA512df3a2fd26cc038a23b11e96812fcf46269bccdbfbcd1b8597d2018ed93e9828c1c6674232bad75aabc27193570da78700826cbc70d5ce30e06a46969599d9df1
-
Filesize
9KB
MD520bccacf4f726fea0787e08bc03027d2
SHA179f4d24d436f461065cedfe9f3143bd7c8c9a671
SHA25683e6647143b8a9f89956756775ec26f0a6b9d90f6df8f2606fea554833969261
SHA512e34eccffabf8ce948f48004d223834afc17c4f00c422a91b01a5ff059b761a5661f9a64a7bb0b6b6151d03e8c2c8d3e0f94e82b98c15d386b3ee02ac749a4d1d
-
Filesize
15KB
MD50ab54d62a5deb196b58affb79b95b9dd
SHA10a69cda903468c1360a219c1ddadb2d216593034
SHA256ffb511c01c8b3ac0b0ec8d7ecba205b3430f84eb92c6426b5043441b7bb5ed25
SHA512ddf1f8b2d876876a0dd0d4905372c9dd1f6e5045a1ff520d145f97918691dbf3d62443652f03e9eb226b19aeb2fe3446af8b41d72372c19fb34595b6a75cc24a
-
Filesize
152KB
MD5f36d47a9999fa90042a43c02df0f3f90
SHA16c7cde9757721d2ff6ec3aa30a5aad1c27a550cc
SHA256c8da94ac715662c4bd47f63a914455d38dc3882f70ad58077d4f94aa04e19248
SHA512584d41de7720a0b8fa35cc13c6c17fa0d469e59ef72b74fac711ef38175ec2aae6185236c49a4a44ab45e96c5da21bd3605f5fb15b58f39ff45c77a220e2c28f
-
Filesize
152KB
MD5757111912b4f8a6e245355b17317f7aa
SHA11a4a8109c4b2cfe476d6ccdce89b53a6b7bb2312
SHA25671087b2a34464cf6732b16ea963226740d4e7385d76e2045930c75e926cf2ae0
SHA5123ab28051dc2e2883f25d8a1aaba26cb8b1507d34829822ee43eb3866687369deff0635ac1cb40a1ec95ac5f73f4fe95ab9a923a8e132bc3316e43fcc16666545