Overview
overview
7Static
static
4python-Mid...er.zip
windows10-1703-x64
1python-Mid...er.zip
windows10-2004-x64
1python-Mid...ignore
windows10-1703-x64
3python-Mid...ignore
windows10-2004-x64
3python-Mid...me.mid
windows10-1703-x64
1python-Mid...me.mid
windows10-2004-x64
1python-Mid...NS.pdf
windows10-1703-x64
1python-Mid...NS.pdf
windows10-2004-x64
1python-Mid...DME.md
windows10-1703-x64
3python-Mid...DME.md
windows10-2004-x64
3python-Mid...ong.py
windows10-1703-x64
3python-Mid...ong.py
windows10-2004-x64
3python-Mid...IDI.py
windows10-1703-x64
3python-Mid...IDI.py
windows10-2004-x64
3python-Mid...ch.mid
windows10-1703-x64
1python-Mid...ch.mid
windows10-2004-x64
1python-Mid...ng.exe
windows10-1703-x64
7python-Mid...ng.exe
windows10-2004-x64
7playSong.pyc
windows10-1703-x64
3playSong.pyc
windows10-2004-x64
3python-Mid...DI.exe
windows10-1703-x64
7python-Mid...DI.exe
windows10-2004-x64
7pyMIDI.pyc
windows10-1703-x64
3pyMIDI.pyc
windows10-2004-x64
3Analysis
-
max time kernel
59s -
max time network
61s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26/06/2024, 16:39
Behavioral task
behavioral1
Sample
python-MidiToVirtualPianoMacro-master.zip
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
python-MidiToVirtualPianoMacro-master.zip
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
python-MidiToVirtualPianoMacro-master/.gitignore
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
python-MidiToVirtualPianoMacro-master/.gitignore
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
python-MidiToVirtualPianoMacro-master/CorridorsOfTime.mid
Resource
win10-20240611-en
Behavioral task
behavioral6
Sample
python-MidiToVirtualPianoMacro-master/CorridorsOfTime.mid
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
python-MidiToVirtualPianoMacro-master/INSTRUCTIONS.pdf
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
python-MidiToVirtualPianoMacro-master/INSTRUCTIONS.pdf
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
python-MidiToVirtualPianoMacro-master/README.md
Resource
win10-20240404-en
Behavioral task
behavioral10
Sample
python-MidiToVirtualPianoMacro-master/README.md
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
python-MidiToVirtualPianoMacro-master/Source/playSong.py
Resource
win10-20240404-en
Behavioral task
behavioral12
Sample
python-MidiToVirtualPianoMacro-master/Source/playSong.py
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
python-MidiToVirtualPianoMacro-master/Source/pyMIDI.py
Resource
win10-20240404-en
Behavioral task
behavioral14
Sample
python-MidiToVirtualPianoMacro-master/Source/pyMIDI.py
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
python-MidiToVirtualPianoMacro-master/bach.mid
Resource
win10-20240404-en
Behavioral task
behavioral16
Sample
python-MidiToVirtualPianoMacro-master/bach.mid
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
python-MidiToVirtualPianoMacro-master/playSong.exe
Resource
win10-20240611-en
Behavioral task
behavioral18
Sample
python-MidiToVirtualPianoMacro-master/playSong.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
playSong.pyc
Resource
win10-20240404-en
Behavioral task
behavioral20
Sample
playSong.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
python-MidiToVirtualPianoMacro-master/pyMIDI.exe
Resource
win10-20240404-en
Behavioral task
behavioral22
Sample
python-MidiToVirtualPianoMacro-master/pyMIDI.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
pyMIDI.pyc
Resource
win10-20240404-en
Behavioral task
behavioral24
Sample
pyMIDI.pyc
Resource
win10v2004-20240508-en
General
-
Target
playSong.pyc
-
Size
3KB
-
MD5
6e7f536ad672b85beda75deceb3a0e73
-
SHA1
82c9b882266f0c3cf1c31baae5783f8995377b82
-
SHA256
86ad561d94af28754f354a5131c7ccc43a29db3264b80f7c51437ea2ff5256d6
-
SHA512
644e1bc70573b8e1402989a0d5b935b8c80321ec8e72fc1cc7e59ddbbb18428d2a83adef566b8e30be8a3963c45721b1d555f8fa993a1464be7639b4f7acae75
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133638936459946646" chrome.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2404 chrome.exe 2404 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4144 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2404 wrote to memory of 1708 2404 chrome.exe 103 PID 2404 wrote to memory of 1708 2404 chrome.exe 103 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 4204 2404 chrome.exe 104 PID 2404 wrote to memory of 1064 2404 chrome.exe 105 PID 2404 wrote to memory of 1064 2404 chrome.exe 105 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106 PID 2404 wrote to memory of 3304 2404 chrome.exe 106
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\playSong.pyc1⤵
- Modifies registry class
PID:3128
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4144
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4296,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=3756 /prefetch:81⤵PID:2160
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2548
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2404 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8427fab58,0x7ff8427fab68,0x7ff8427fab782⤵PID:1708
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:22⤵PID:4204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:82⤵PID:1064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:82⤵PID:3304
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2228 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:12⤵PID:4856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:12⤵PID:3416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4292 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:12⤵PID:4480
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4496 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:82⤵PID:4932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:82⤵PID:4136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:82⤵PID:1488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4204 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:82⤵PID:2528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:82⤵PID:4932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5012 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:12⤵PID:1652
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4448 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:12⤵PID:856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5004 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:12⤵PID:5108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3272 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:12⤵PID:3364
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:5020
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD58e823d05ae750e75394aaae803f2ea10
SHA17bb90597040a4d589f6e6a34ab975ef191408176
SHA256a03b9554c194d538b41f5937dc41d2c2aae2e195c29dfdf3dcf8cbb119838735
SHA5123e9382c2bc83929884c50c10a88a1e610e6add7d9312bf6014aff9aec7a6ce2a7fed10b77aa6d3a1b1c7a701670832fd80ac28d12e0c740dfe85f8bbd690ea19
-
Filesize
206KB
MD59fa4b574b5c7167b90a91546b0269786
SHA10320824e542f225bad1a5d511a7480ed73f42e8c
SHA25650f74556b182109f6266bdd1bc5f9024c2b9b7c4bb05d94c08a76fa9bd2bf460
SHA5127a542ea89ff1dc2b5c6353a664859f07f3e1804c2c14e094f4652791e0f85531e211a24211d3f9627705936a2264f50dc33f42695f01c6e2c0a55fd0c89c03d6
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD5a9227caeec998e6baf0fd5a40bea05e9
SHA1fd38e38f0f266353c007f2d8b2e6bafe70bbe63d
SHA256e5b69ce0fa4ae0837fea5b9f9022d8f872dc10856679cb2166037cdb32cbff14
SHA5126a9ad9b48de6eea501166f504abcbb4b79749781aedcb644c87d754b5dc73a79fe06d4b8810fd75bcc7d7ab6db17d5f89695d35939068f21149b3787c2cde65b
-
Filesize
356B
MD5935138cc4c524547730f86579e3d7549
SHA17732ced8bfdc863aa68d8f72d7f0fab3bbe84bc0
SHA25673ce2f12d08e88d1ab2d428e86933dda28a0aae8cb5a37ca8bd56a700cfb5e5d
SHA51222a2d6d5c6d55a466ffd6c9298a05e71a890ca2447095d4683bdfe61f04d1ce57886e3f5f79f1c25765011016d59817c63f8f013e1aa72ff98dc614478bdef16
-
Filesize
1KB
MD536e675208097599e39d9d70b9dff60ff
SHA119e6d193c29e950affece68cd24dabe8685ebe42
SHA25626bb05f39edb818a2d79399ea023a32e5434d6e05a8a81adf2490adcb00a3337
SHA512eae00742b255fa02546e98ef74fe2ca16c0005231b5fc199535266befb9e8b1c2567def9511eef8d476186003fdab730b2d0331e5e8c94b468cb0db39e621f04
-
Filesize
7KB
MD5860dd20e78bbd8b40e5756cdfb7579b9
SHA15e1ea5e116bd8494e17992cb2574ac9a87277b2c
SHA25667e49e0f368855f8fab4750d857e72e6d904f62036b8071b313ca91b857a066a
SHA512f9ff9fe9fad8864d17758455e45151ba428b87dbb838a8124a3b54e45b726237dde7db3919ede08af9225627e03df8b9da741502a802a7c6a1300663622f3f52
-
Filesize
7KB
MD56822eea11768868540f953ea66cc497e
SHA178afa8830f52960bc3cd8430e5f9a87a0b2acf6d
SHA25633c3bfc57446c34a222bf2d785a55ceb9f5db7cb1b9626f65c7c24f1833259c6
SHA5129ad97b2e320b82265372433eb6dc44f021212e831949df4ee1c37a0bfa2bfe4c67d4766b2ea9418f2bd4ad89a90380e933c9f68d0b0dd3679f955955c934aec6
-
Filesize
7KB
MD5aba2619a4a181db55e5f523562261f23
SHA1bd35e7cac33bca5e8a7e1d5069ffe1435f32b153
SHA256e17f4e40967f2423d6e30864c0729c72f65a0cd5026d962f512df2cb0f4a13fe
SHA51227bdf71a1fd925382fe56a6717041cc727d61ae23c24b6e1b0287dab503dc0a2601d28161347d49644d8879a4d9aa65f14f041abe693f659afb5e95b2bdcbb61
-
Filesize
16KB
MD52fb2667d9cfd12fcb48b909789d7c200
SHA1b4a1cf461387530fd748df6e74201126fba26a45
SHA2565e188dafdc8618d99f197ee136087776d6644cec23231471039443fca2d6be61
SHA51248ea9a2442c0e382c04215f7a36dcb4bf1362d54c24d0634dfc9fa234e7717a2518dc5c45ef562fb8967db48c4553e8736a9f03910f8d0b60a7e8c0f6a3fb993
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize56B
MD5ae1bccd6831ebfe5ad03b482ee266e4f
SHA101f4179f48f1af383b275d7ee338dd160b6f558a
SHA2561b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize120B
MD50f89e2d5b3333700950a4133899c1486
SHA1bc13ad7bad72bc5ae91358648c8b4155963e8e6a
SHA2566dfd38a8a60b12a33ffc8040746b3b7edc81630cfc562ba323f59823f71048ee
SHA5123bfb343e8c27f798f17b9244d4cfd7fa78e83745f7bab3fa5a34a1efc583c39f193d750dc2e22fc495dabfbb9b8b074c63c8705ca81e8f419b80adb03b1c4b2a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe589640.TMP
Filesize120B
MD557b2afb23f35a67165d2327bd0822daa
SHA17eccce840e2f5f7a0cc72122df23938c865d705b
SHA2563848f4e5f3709c5389bdadcc214b5410068c25d40cc108d65345d749242563dc
SHA512b7b9755b324636501b63c1dd52faf26e5e7aaf5b36983212627db1447332ad0f90b485150c116e37243a0237f847aabad9b79af887d9f290c2a50c09e4d050b0
-
Filesize
272KB
MD5105301a078165dd330feec57a8fabf91
SHA1d97087e714733a8b83fed6d221bd867a6aee5e52
SHA256a1ce5baf29848c0536ab3f764002750ecdc8c31d8338195187ba65cdfb763cf7
SHA512d76037f8783f64aea789615a645e0accb204394424d6944412d704b1fd8ad50d8d60cb31716fe038a0feacc7148ce99acdf98931b0fbe99512f7a1d3a0a91fa6