Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
3Static
static
1PhishMaile...er.zip
windows7-x64
1PhishMaile...er.zip
windows10-2004-x64
1PhishMaile...39.pyc
windows7-x64
3PhishMaile...39.pyc
windows10-2004-x64
3PhishMaile...39.pyc
windows7-x64
3PhishMaile...39.pyc
windows10-2004-x64
3PhishMaile...39.pyc
windows7-x64
3PhishMaile...39.pyc
windows10-2004-x64
3PhishMaile...ian.py
windows7-x64
3PhishMaile...ian.py
windows10-2004-x64
3PhishMaile...ian.py
windows7-x64
3PhishMaile...ian.py
windows10-2004-x64
3PhishMaile...ish.py
windows7-x64
3PhishMaile...ish.py
windows10-2004-x64
3PhishMaile...elp.py
windows7-x64
3PhishMaile...elp.py
windows10-2004-x64
3PhishMaile...ain.py
windows7-x64
3PhishMaile...ain.py
windows10-2004-x64
3PhishMaile...37.pyc
windows7-x64
3PhishMaile...37.pyc
windows10-2004-x64
3PhishMaile...37.pyc
windows7-x64
3PhishMaile...37.pyc
windows10-2004-x64
3PhishMaile...39.pyc
windows7-x64
3PhishMaile...39.pyc
windows10-2004-x64
3PhishMaile...39.pyc
windows7-x64
3PhishMaile...39.pyc
windows10-2004-x64
3PhishMaile...37.pyc
windows7-x64
3PhishMaile...37.pyc
windows10-2004-x64
3PhishMaile...39.pyc
windows7-x64
3PhishMaile...39.pyc
windows10-2004-x64
3PhishMaile...37.pyc
windows7-x64
3PhishMaile...37.pyc
windows10-2004-x64
3Analysis
-
max time kernel
149s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
13/05/2024, 20:45
Static task
static1
Behavioral task
behavioral1
Sample
PhishMailer-master.zip
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
PhishMailer-master.zip
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
PhishMailer-master/Core/Languages/__pycache__/italian.cpython-39.pyc
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral4
Sample
PhishMailer-master/Core/Languages/__pycache__/italian.cpython-39.pyc
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
PhishMailer-master/Core/Languages/__pycache__/russian.cpython-39.pyc
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
PhishMailer-master/Core/Languages/__pycache__/russian.cpython-39.pyc
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
PhishMailer-master/Core/Languages/__pycache__/spanish.cpython-39.pyc
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
PhishMailer-master/Core/Languages/__pycache__/spanish.cpython-39.pyc
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
PhishMailer-master/Core/Languages/italian.py
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral10
Sample
PhishMailer-master/Core/Languages/italian.py
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
PhishMailer-master/Core/Languages/russian.py
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral12
Sample
PhishMailer-master/Core/Languages/russian.py
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
PhishMailer-master/Core/Languages/spanish.py
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral14
Sample
PhishMailer-master/Core/Languages/spanish.py
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
PhishMailer-master/Core/Mailer/MailHelp.py
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral16
Sample
PhishMailer-master/Core/Mailer/MailHelp.py
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
PhishMailer-master/Core/Mailer/MailerMain.py
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral18
Sample
PhishMailer-master/Core/Mailer/MailerMain.py
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
PhishMailer-master/Core/Mailer/__pycache__/Internet_Check.cpython-37.pyc
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
PhishMailer-master/Core/Mailer/__pycache__/Internet_Check.cpython-37.pyc
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
PhishMailer-master/Core/Mailer/__pycache__/MailHelp.cpython-37.pyc
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral22
Sample
PhishMailer-master/Core/Mailer/__pycache__/MailHelp.cpython-37.pyc
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
PhishMailer-master/Core/Mailer/__pycache__/MailHelp.cpython-39.pyc
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral24
Sample
PhishMailer-master/Core/Mailer/__pycache__/MailHelp.cpython-39.pyc
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
PhishMailer-master/Core/Mailer/__pycache__/MailerMain.cpython-39.pyc
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral26
Sample
PhishMailer-master/Core/Mailer/__pycache__/MailerMain.cpython-39.pyc
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
PhishMailer-master/Core/Mailer/__pycache__/accountsaver.cpython-37.pyc
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral28
Sample
PhishMailer-master/Core/Mailer/__pycache__/accountsaver.cpython-37.pyc
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
PhishMailer-master/Core/Mailer/__pycache__/accountsaver.cpython-39.pyc
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral30
Sample
PhishMailer-master/Core/Mailer/__pycache__/accountsaver.cpython-39.pyc
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
PhishMailer-master/Core/Mailer/__pycache__/color.cpython-37.pyc
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral32
Sample
PhishMailer-master/Core/Mailer/__pycache__/color.cpython-37.pyc
Resource
win10v2004-20240426-en
windows10-2004-x64
General
-
Target
PhishMailer-master/Core/Languages/italian.py
-
Size
43KB
-
MD5
2fa9eadf6fd565417c7859f9955bd853
-
SHA1
96a94af3b3c33d836df2690fe5c2935e2dd4151c
-
SHA256
b5608ccae5df82538a91e42bc698367f5037b80c540d543d11421ee617aeb8d4
-
SHA512
c2d71615915846fd325dd15cca7cd1977545be55bf4aea0f374e5d07ef64ca2f2923cdba3ecc1be16b7e019d08d29586e47dbd2ff8adbc3f1a97121946da7d47
-
SSDEEP
384:Z6LaCVmLI2DGCnYu/yv7yp5y+6LTPCJsnc5IZ+gF6+M+Sevj+2M+Sz+j+l4+pdjR:Z6hmXYbv2pE+2cwxFEFln2oKYre8MY3
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133601068300019363" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings cmd.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2880 chrome.exe 2880 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe Token: SeShutdownPrivilege 2880 chrome.exe Token: SeCreatePagefilePrivilege 2880 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe 2880 chrome.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3624 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2880 wrote to memory of 684 2880 chrome.exe 104 PID 2880 wrote to memory of 684 2880 chrome.exe 104 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 1248 2880 chrome.exe 105 PID 2880 wrote to memory of 696 2880 chrome.exe 106 PID 2880 wrote to memory of 696 2880 chrome.exe 106 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107 PID 2880 wrote to memory of 2580 2880 chrome.exe 107
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\PhishMailer-master\Core\Languages\italian.py1⤵
- Modifies registry class
PID:2024
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3624
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2880 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc7116ab58,0x7ffc7116ab68,0x7ffc7116ab782⤵PID:684
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1820,i,14133539473863901102,8238243117250379159,131072 /prefetch:22⤵PID:1248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1820,i,14133539473863901102,8238243117250379159,131072 /prefetch:82⤵PID:696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=1820,i,14133539473863901102,8238243117250379159,131072 /prefetch:82⤵PID:2580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1820,i,14133539473863901102,8238243117250379159,131072 /prefetch:12⤵PID:3492
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1820,i,14133539473863901102,8238243117250379159,131072 /prefetch:12⤵PID:3304
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4036 --field-trial-handle=1820,i,14133539473863901102,8238243117250379159,131072 /prefetch:12⤵PID:4668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3656 --field-trial-handle=1820,i,14133539473863901102,8238243117250379159,131072 /prefetch:82⤵PID:4336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1820,i,14133539473863901102,8238243117250379159,131072 /prefetch:82⤵PID:1820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1820,i,14133539473863901102,8238243117250379159,131072 /prefetch:82⤵PID:2064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1820,i,14133539473863901102,8238243117250379159,131072 /prefetch:82⤵PID:3456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 --field-trial-handle=1820,i,14133539473863901102,8238243117250379159,131072 /prefetch:82⤵PID:2496
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level2⤵PID:892
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff6dfe9ae48,0x7ff6dfe9ae58,0x7ff6dfe9ae683⤵PID:2300
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4548 --field-trial-handle=1820,i,14133539473863901102,8238243117250379159,131072 /prefetch:12⤵PID:3084
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4900
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
288B
MD50de0dda7ffabd9540ba1de5cc090b67c
SHA105ea6d4e3cbe38f8b627975b3d346ec2cdca5abf
SHA25615b7480f5ae33e8719b95b4362d625f6210519d83889dff795a31e27837f12a2
SHA51230041cd5143d1e3a898ca0af163081296260c512557eec2b0ae6d3c16666658a902eeab598b6835e92ce1d3d30756657b11c7396dab933ffeec4799c2ba171e8
-
Filesize
1KB
MD58d10ff93986f719d58bb9e114daea085
SHA1990a73ce8765428156ec09f007477a1d6a27ee28
SHA256902d1ee002e967e67f5f25ce4a2ed39ead46af6e9dff6d94f4be192f001bda23
SHA5123e343806b714b4def13420288571fd7cae9cf65afae53469322be2ee9e8cc7344514b4f1abc58e3ced39952862f0c74fff32d3c111dd8c1a80c00f841544bbe5
-
Filesize
2KB
MD53ae949e45b7d55b5000c960f4e223b88
SHA1b509d1abdeb3ec7d746cce5ebd1aa872140f5948
SHA25668a8726d2e82578a80b955b220077e934cc260f17e713078d7e5903e00c67b61
SHA512b415f7bac5b2e3e559346fb4dc173777bee84dd8cd74637bf12209027ea9528fdb4cbc25db6df8d039ec1923968027b8addbf673ab7bd853e5b6d1ec164c56c8
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
354B
MD5ed11609af47b58b7a206585a69a2475e
SHA1e4a8b18b1230b7c742c8948c3578d04d9ffebf8e
SHA2569ee6c20776d6cb278482c4705894c6e90689665815e6abd1fb5348f45e04a3a2
SHA5123b7c6c95ad5aad7b449fa1422e62ca496275e3a5446121d0cd0c574e2a23c9332b6cba4c8a409c8540e2910cf2ca920eb54a936783f63e7f1524da57e375fd22
-
Filesize
7KB
MD5c69a0f65b4b2fcbda1c07d0e8d2c3020
SHA1a207f92d55f13cb24fa5011a214e3551a08eb5d9
SHA256e5c15e2a6011248f6b7ba11d1ed1439f035c9435bac17719778a1b5350b3dd89
SHA512384a571f9a37eaaa60ba2a47721b6105887c60c2156fb4076bea1ae1c7e828baea5f7a9809bf001ecdd91ace2df29035cadb6baef4624ba449e5a585844612ca
-
Filesize
16KB
MD596dba306687108f9e943fc1d343bbef8
SHA1aaaf8d6c307f32c16cb34f631531fdc54bf5c322
SHA2562cb9899d10bce6ecb381c1b7b149c27739b027b1cf267c55b48c63f68f13e697
SHA5127eb118d7310a612c9f2f23b70251461af24bfd164759d3c6cc0b5cc0e778811a85acef86ae83fcad419cf16a15d6fafac5ce5ef2b6a732546aada78686a7a411
-
Filesize
256KB
MD5b0ad042886ae6e56159088bcaaf4ff1e
SHA17669c97febcffd87def2310373577b31917c66cf
SHA2569a0c853baa9ce13f095a1ac1c42f0a6689150c9d53d8b60e39ff0ab7ac70bdf3
SHA512ec610e50700fe98e73f24abd882ac1faf219c36e4d8ef47c388fada6e902a6e13b84e8e643b6c0c5e7cf1605428804df6a5b0c673ed7c5f543863e16766848e0