Analysis
-
max time kernel
103s -
max time network
305s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
31/05/2024, 15:47
Static task
static1
Behavioral task
behavioral1
Sample
Dominios SPAM.txt
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Dominios SPAM.txt
Resource
win10v2004-20240226-en
General
-
Target
Dominios SPAM.txt
-
Size
404B
-
MD5
535403107d55d62430b489e3940b5554
-
SHA1
da276f4d80d76bfb003b2707e576e51da93e9dbe
-
SHA256
3203d4e4c83c28e405e23523d7075cf0c89be92579dc4cc3bbd6846136bd6b2e
-
SHA512
261a43908516ae40a31b5ba135c2195c46281d94ab0b19f8358290fada74b180c7b966f17b2153906e035484bdc74205959ae0556dd0b7427e47be11b3c67d95
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2688 chrome.exe 2688 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe Token: SeShutdownPrivilege 2688 chrome.exe -
Suspicious use of FindShellTrayWindow 42 IoCs
pid Process 1664 NOTEPAD.EXE 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe 2688 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2688 wrote to memory of 3024 2688 chrome.exe 29 PID 2688 wrote to memory of 3024 2688 chrome.exe 29 PID 2688 wrote to memory of 3024 2688 chrome.exe 29 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 1212 2688 chrome.exe 31 PID 2688 wrote to memory of 2568 2688 chrome.exe 32 PID 2688 wrote to memory of 2568 2688 chrome.exe 32 PID 2688 wrote to memory of 2568 2688 chrome.exe 32 PID 2688 wrote to memory of 2364 2688 chrome.exe 33 PID 2688 wrote to memory of 2364 2688 chrome.exe 33 PID 2688 wrote to memory of 2364 2688 chrome.exe 33 PID 2688 wrote to memory of 2364 2688 chrome.exe 33 PID 2688 wrote to memory of 2364 2688 chrome.exe 33 PID 2688 wrote to memory of 2364 2688 chrome.exe 33 PID 2688 wrote to memory of 2364 2688 chrome.exe 33 PID 2688 wrote to memory of 2364 2688 chrome.exe 33 PID 2688 wrote to memory of 2364 2688 chrome.exe 33 PID 2688 wrote to memory of 2364 2688 chrome.exe 33 PID 2688 wrote to memory of 2364 2688 chrome.exe 33 PID 2688 wrote to memory of 2364 2688 chrome.exe 33 PID 2688 wrote to memory of 2364 2688 chrome.exe 33 PID 2688 wrote to memory of 2364 2688 chrome.exe 33 PID 2688 wrote to memory of 2364 2688 chrome.exe 33 PID 2688 wrote to memory of 2364 2688 chrome.exe 33 PID 2688 wrote to memory of 2364 2688 chrome.exe 33 PID 2688 wrote to memory of 2364 2688 chrome.exe 33 PID 2688 wrote to memory of 2364 2688 chrome.exe 33 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Dominios SPAM.txt"1⤵
- Suspicious use of FindShellTrayWindow
PID:1664
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2688 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7129758,0x7fef7129768,0x7fef71297782⤵PID:3024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:22⤵PID:1212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:82⤵PID:2568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1420 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:82⤵PID:2364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2260 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:12⤵PID:1236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:12⤵PID:1760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1676 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:22⤵PID:1732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1392 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:12⤵PID:372
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3444 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:82⤵PID:3016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3580 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:82⤵PID:1148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:82⤵PID:2908
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4000 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:12⤵PID:2696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3016 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:12⤵PID:2756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1040 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:12⤵PID:832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2720 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:82⤵PID:2800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:82⤵PID:2260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2496 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:12⤵PID:552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2744 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:12⤵PID:2196
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --pdf-renderer --disable-gpu-compositing --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3660 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:12⤵PID:1196
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4212 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:12⤵PID:2168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3876 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:12⤵PID:488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3824 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:82⤵PID:2056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2736 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:12⤵PID:2728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1040 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:12⤵PID:2148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2284 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:12⤵PID:2996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=584 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:12⤵PID:1752
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1148 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:82⤵PID:824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4388 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:82⤵PID:2172
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4436 --field-trial-handle=1184,i,7582026313368908634,912460812575170062,131072 /prefetch:12⤵PID:2516
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:832
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD593d2abe3ec835bfe321a561f8bb9cccc
SHA1039de6fe37572fe2df61e13f00cdd97c20906318
SHA2563654b01971885fbd36126c1070b123a1942011ce82bb1e0b44eb9fa882a71b40
SHA5124f44d09ba0a86afd285257d9ed8dd89fe7197ef06c66cc551b724b16d43caf4f31553736f6f941ffcb5b09fcd3388eb05c75ca5c98ab7164669ebbc1eaee7437
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d7767b08327368aee8c586dd3caff7d1
SHA1347f2c839ccd5d56d6b239a4e5213d5ee540c2c3
SHA2568ba2c374e1b8eae12df998e98f549f6030684a090d30bfccd351457a79fbf9bb
SHA512210c13ca1a85ef9b3a05226b38d99a5c62713e0fd7791be39468a4c86d20b54b9852eab898722a476900c7a591619ba973347c35b8c51f04df9b28008dc85a65
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0e0ec312-0f4b-4b34-97f6-05e85b726f71.tmp
Filesize5KB
MD50fb6128d959435fa8ef45c9407702f17
SHA183a278d12de17ee38b914d6fb79ac16009d349d0
SHA2565ab1a565684cfc56c37a667556c03793cbb50597721f7464eb5ae41f97278f66
SHA5128b1f372a69b30d7900f137c5e7bc4f4c7fbb730226853aa80d46e29e50bbb413d868e2df474ae3b272e68c1a62f9a756a8c8cd7b0f8552d5f88aec3a003be6e6
-
Filesize
168B
MD5e1756ce5bd039ab3d0672d5669e0b333
SHA188c4c0da216db1d412c929265b731859b1210f2e
SHA25654262dfa4ade20685bc017118997fd46e4be92458e8e409a54da2659906b1be8
SHA51255a5483de28bfec5bd9ae731d0aa1514f57744cb9e31cfe77f2edd633b5245dfaba7a93dce4f0b01cef129008d510efbcaa7b39534b3e75e0a569dd40559a3a1
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
1KB
MD593d85b318baf538d7261ad4eb88e10dc
SHA1f47f0f9b80b77cf136dcbcb3cdb3ecdd8b1c232c
SHA2567a8fb6aa5bf567b9a5554a9a29965b592260e46cb4d5942bc2cc7703987e05fe
SHA512681dbeaa70828ce339bc0eafc64a941da895bae8fbdbd04d407304b22b4026b42a641477318e4f97d8edb54118a369c08b57766f231b6070c0fe239197dd9bfb
-
Filesize
2KB
MD55ed2303def7a9476df64149ec664fdb1
SHA172380bad033fdf063d37917ab611bd75f3dfbb23
SHA25688e955e9033ffef1631c490de2a78572f7ef9b65ca67e570e063df7e35c5525a
SHA512d3c8721104fe26496cd2c3be3f366aaf7cd81379b135edbc52021744292c6e094f5c786979a2316ba01d0d956e7359df2758ff63b6673559663dd56b8f5d57c5
-
Filesize
4KB
MD573e460a201e6375911fe2e157c66858d
SHA118a0def91b65ff0ad1b57a43bc46a5dc7ad8c3bd
SHA256a4ba4156b2db9a08c6af5a739d30797a554c382f45882f1baad4ad4b1093e91d
SHA512e063a7e3669623dcb33e782d2413a95a941570a6f168ce118519930c5fe6f0daec801e77fd07a0df4910b19bd32c02310996081e3a42f1b07fce21e52d40fdd2
-
Filesize
4KB
MD533a6f207b7d1d7d4affd045b94c9bfc1
SHA19fc8d54f11323ceb23b36afafb80ef79dd138a0b
SHA25633ddf3c41f9b74dc160e6ff8319b55eb1fa8e929c2b30c4cb5dc12f616e0943c
SHA512917e0427261d536e5cada7e66922a04b9c71260ee0f24e37089412f4e2731b7b22e1a741f5e6d92780127fe452c4657d1bf71523a5d96056c8495b030809fcc8
-
Filesize
5KB
MD530da39cb90270f4761ecba713f614bf4
SHA145d6e88cddd1aa32f117f00fbb1f641f12348581
SHA2565c8e6790f307a57068fdf1c104c1a67efd31a431c521ff0bca176476e10d4706
SHA512074988176f276167f8212db46e7015bd67a9e2dcba767fa605c96fdf1e5eef4b0fff9764529217468772c3f05200005765d0e212a94ee718f642ec0883f36dcc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
271KB
MD5df8d0ef556a0807115dadd6e1bb0bc45
SHA11a36549f7194da8bb880dc512a0aa6765aa02cee
SHA2563a48a44e2caa3753b514b92115740c82da2282797ae52114593edafcc3fb9c78
SHA512f546c6097429658c7f43ff2e7a691fb54f73457fc479e6d4753c261a53b7b8484b55942d7117024aeba89091b3e2950c0503be566b576dc9afd22f424805ebca
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
288KB
MD5db1f910590626bdd372321f88ac9968e
SHA1d220013570f834afa084a8cb21a39115d41b5e57
SHA2569610beb5716bc03620bfb283d2f41bc0bc262f7af30ac477c8ecf559bda863e5
SHA512d6e7b39e2dfba1ae61f31ef3334657a47cebbf6ed3863c33510c47bb87f7ec21c5aad6d7685cda35a641f2bb75f3b266c8e27fe20bf765c46b4b38b5bb6671b0