Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3Stremio+4.4.168.exe
windows11-21h2-x64
QtQuick/Co...in.dll
windows11-21h2-x64
1QtQuick/Co...in.dll
windows11-21h2-x64
1QtQuick/Co...in.dll
windows11-21h2-x64
QtQuick/Co...dar.js
windows11-21h2-x64
QtQuick/Co...Box.js
windows11-21h2-x64
3QtQuick/Co...enu.js
windows11-21h2-x64
3QtQuick/Co...Bar.js
windows11-21h2-x64
3QtQuick/Co...iew.js
windows11-21h2-x64
QtQuick/Co...del.js
windows11-21h2-x64
3QtQuick/Co...ils.js
windows11-21h2-x64
3QtQuick/Co...ent.js
windows11-21h2-x64
3QtQuick/Co...tem.js
windows11-21h2-x64
3QtQuick/Co...nu.vbs
windows11-21h2-x64
1QtQuick/Co...se.vbs
windows11-21h2-x64
1QtQuick/Co...low.js
windows11-21h2-x64
3QtQuick/Co...tem.js
windows11-21h2-x64
3QtQuick/Co...ior.js
windows11-21h2-x64
3QtQuick/Co...Bar.js
windows11-21h2-x64
3QtQuick/Co...Bar.js
windows11-21h2-x64
3QtQuick/Co...ion.js
windows11-21h2-x64
3QtQuick/Co...dle.js
windows11-21h2-x64
3QtQuick/Co...les.js
windows11-21h2-x64
3QtQuick/Co...der.js
windows11-21h2-x64
QtQuick/Co...w.qmlc
windows11-21h2-x64
3QtQuick/Co...ox.qml
windows11-21h2-x64
3QtQuick/Co...w.qmlc
windows11-21h2-x64
3QtQuick/Co...on.qml
windows11-21h2-x64
3QtQuick/Co...le.qml
windows11-21h2-x64
3QtQuick/Co...le.qml
windows11-21h2-x64
3QtQuick/Co...yle.js
windows11-21h2-x64
3QtQuick/Co...yle.js
windows11-21h2-x64
Analysis
-
max time kernel
619s -
max time network
630s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
24/06/2024, 11:03
Static task
static1
Behavioral task
behavioral1
Sample
Stremio+4.4.168.exe
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral2
Sample
QtQuick/Controls.2/Fusion/qtquickcontrols2fusionstyleplugin.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
QtQuick/Controls.2/Imagine/qtquickcontrols2imaginestyleplugin.dll
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
QtQuick/Controls.2/qtquickcontrols2plugin.dll
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
QtQuick/Controls/Calendar.js
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
QtQuick/Controls/ComboBox.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
QtQuick/Controls/Menu.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral8
Sample
QtQuick/Controls/MenuBar.js
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
QtQuick/Controls/Private/BasicTableView.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
QtQuick/Controls/Private/CalendarHeaderModel.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
QtQuick/Controls/Private/CalendarUtils.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral12
Sample
QtQuick/Controls/Private/ColumnMenuContent.js
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
QtQuick/Controls/Private/ContentItem.js
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral14
Sample
QtQuick/Controls/Private/EditMenu.vbs
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
QtQuick/Controls/Private/EditMenu_base.vbs
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral16
Sample
QtQuick/Controls/Private/FastGlow.js
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
QtQuick/Controls/Private/MenuContentItem.js
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral18
Sample
QtQuick/Controls/Private/ModalPopupBehavior.js
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
QtQuick/Controls/Private/ScrollBar.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral20
Sample
QtQuick/Controls/Private/TabBar.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
QtQuick/Controls/Private/TableViewSelection.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral22
Sample
QtQuick/Controls/Private/TextHandle.js
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral23
Sample
QtQuick/Controls/Private/TextInputWithHandles.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral24
Sample
QtQuick/Controls/Private/TreeViewItemDelegateLoader.js
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
QtQuick/Controls/ScrollView.qmlc
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral26
Sample
QtQuick/Controls/SpinBox.qml
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral27
Sample
QtQuick/Controls/StackView.qmlc
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral28
Sample
QtQuick/Controls/StackViewTransition.qml
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral29
Sample
QtQuick/Controls/Styles/Base/ApplicationWindowStyle.qml
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral30
Sample
QtQuick/Controls/Styles/Base/BusyIndicatorStyle.qml
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral31
Sample
QtQuick/Controls/Styles/Base/CircularButtonStyle.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral32
Sample
QtQuick/Controls/Styles/Base/CircularGaugeStyle.js
Resource
win11-20240611-en
windows11-21h2-x64
Errors
General
-
Target
QtQuick/Controls/Private/BasicTableView.js
-
Size
32KB
-
MD5
2a6ff6d69c3c8aebac0577ec495914ab
-
SHA1
1f53aa8e32f836d8ee37e9f93ea8c10bebda0ca0
-
SHA256
d1c6f040cddc78498d5fc7e2ee3b2a8ae94f1772f04af77e2349f60baf189329
-
SHA512
e2ec07742a91fe3e2b4a9133c1fe2b6975975d315f7450a1d87b08d12a6eb092bd6dcce19daa04b809a1a7a1983c8e02725b7e19502f74984c0f989f451027b5
-
SSDEEP
384:RGX+HVCDtXjiS0NAiPKBwH5JwGJBZJI0UITLfnNJyXyTHwL5sP:RGX+uYtCLgLTw0
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 17 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133637012509577371" chrome.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "191" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe -
Runs ping.exe 1 TTPs 4 IoCs
pid Process 4116 PING.EXE 4788 PING.EXE 2812 PING.EXE 3920 PING.EXE -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1128 chrome.exe 1128 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe -
Suspicious use of AdjustPrivilegeToken 52 IoCs
description pid Process Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe Token: SeShutdownPrivilege 1128 chrome.exe Token: SeCreatePagefilePrivilege 1128 chrome.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe 1128 chrome.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1204 LogonUI.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1128 wrote to memory of 2336 1128 chrome.exe 84 PID 1128 wrote to memory of 2336 1128 chrome.exe 84 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 4496 1128 chrome.exe 85 PID 1128 wrote to memory of 2088 1128 chrome.exe 86 PID 1128 wrote to memory of 2088 1128 chrome.exe 86 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87 PID 1128 wrote to memory of 3256 1128 chrome.exe 87
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\QtQuick\Controls\Private\BasicTableView.js1⤵PID:3752
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:556
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1128 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff885b4ab58,0x7ff885b4ab68,0x7ff885b4ab782⤵PID:2336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1856,i,11836891346334875152,6494103456500887822,131072 /prefetch:22⤵PID:4496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1856,i,11836891346334875152,6494103456500887822,131072 /prefetch:82⤵PID:2088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1856,i,11836891346334875152,6494103456500887822,131072 /prefetch:82⤵PID:3256
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1856,i,11836891346334875152,6494103456500887822,131072 /prefetch:12⤵PID:3748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1856,i,11836891346334875152,6494103456500887822,131072 /prefetch:12⤵PID:228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4212 --field-trial-handle=1856,i,11836891346334875152,6494103456500887822,131072 /prefetch:12⤵PID:2660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4092 --field-trial-handle=1856,i,11836891346334875152,6494103456500887822,131072 /prefetch:82⤵PID:3132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1856,i,11836891346334875152,6494103456500887822,131072 /prefetch:82⤵PID:1464
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4816 --field-trial-handle=1856,i,11836891346334875152,6494103456500887822,131072 /prefetch:12⤵PID:416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4072 --field-trial-handle=1856,i,11836891346334875152,6494103456500887822,131072 /prefetch:12⤵PID:3896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4968 --field-trial-handle=1856,i,11836891346334875152,6494103456500887822,131072 /prefetch:12⤵PID:3004
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1156
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵PID:3184
-
C:\Windows\system32\PING.EXEping google,pt2⤵
- Runs ping.exe
PID:4116
-
-
C:\Windows\system32\PING.EXEping google.pt2⤵
- Runs ping.exe
PID:4788
-
-
C:\Windows\system32\PING.EXEping 127.0.0.12⤵
- Runs ping.exe
PID:2812
-
-
C:\Windows\system32\PING.EXEping tria.ge2⤵
- Runs ping.exe
PID:3920
-
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3a20055 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1204
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
129KB
MD50db050c1f0413cd82c7d9a0214dbf965
SHA1eca63112ba966029a6bfe3ce47c4dcfb3d3d70a7
SHA25628686036da818fe045087a6ddc9b42f0c1e808fa96fbde7d0ac245e14053f9e2
SHA5122bb668d81a11d0d6aba900b9ecf9ab611b7f17450bfcde42404f8d1f0842ff026a2691c2f310230eeff395c2a101724925c7ab07b7f0de2f5f7cf67708f6ef21
-
Filesize
811B
MD5a07282d1474cf77e171b795c2e241f5b
SHA145d3910d7f0790a554146e93910bb03941b3f405
SHA2569e5c39ee190069c6dea6e952329928503bfed3bf8b7a9b9fc89e8fa695c36a56
SHA512fee9020395da3134b71449408fa69e232d3c66467dc07b9e5820891a03452b08366be585f2e976fd681ea39a4c1b68c3fdf6e8acbfad81f7b6ad43126b5178ec
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD5ab449f9e831832fab9f34bc7f2993048
SHA1b223269003e7caf287feefa9b2fe89d801c9135a
SHA25632e598044d225f4f5d7f5820866137caba6b4821a05c6a45c37bfcd48475603d
SHA5121a22d865b89db90550c8de6e164ab16f6776c2c6bbc37be1f58023dda2c207a2008727f5acae90543ec164a6ec00aec4ec2e81a2ff30fee819cee261e689f9fe
-
Filesize
7KB
MD57b7e97fb4e1d377793b487e0a6a20dd9
SHA147b902f8e418245541b8770781738d5d9505ded5
SHA2565968715365cfcd01f72871ba151020c369dc596abae12ffafcfe89f973158d06
SHA512842c16f45c25b3cbd4aa7b4cdfc44cc5686dd4f896f3aba6143655c5983b5dc1b54c8ecb0d4722d3bfa06f93e3d423f65b0255c873185bbfe539f784a3aeabe1
-
Filesize
129KB
MD573268d9c3184f9fbc3150b07265e1ab1
SHA140a425310e75cb460ee2e183de39b19726c829a5
SHA25694448cdfdadf9aa66cc31b3bdc132bee2d4163ed1031a01f2d1f16f14bae11de
SHA512792cbdfd7d5b2569b1a3449d45c7a4eaf9d0c77d76b2b5c2bcd51eb49fbb630b38908c6ea46f7bc5a7f9e53ca39d484f3ebd863916dd7d3ae33702575aa39e3c
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58