Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
03/08/2024, 02:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
launcher.exe
Resource
win7-20240705-en
windows7-x64
12 signatures
150 seconds
Behavioral task
behavioral2
Sample
launcher.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral3
Sample
minty.dll
Resource
win7-20240704-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral4
Sample
minty.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
launcher.exe
-
Size
319KB
-
MD5
672f8d89f56d3a59737962c24bbc841f
-
SHA1
91ab1fa7773786081493801495a8ebce6aaeae3f
-
SHA256
a5d2c2fc2c56ded7f36b739bca60144d90854cce483cfa9a7ebc4300483e3e71
-
SHA512
bff57bf225ecccc621ecfd0b3e0bc3332ad68ed35363c128661142d88b72c124edb3b5140e8448c250d6263c5aee982e8958a895a1fb1c4eece81e04523378fa
-
SSDEEP
6144:dgvhO/NbL6Z+MNiuRHHaVbNW/a1sGJMXsCid9uBWcj:2s6Z+ujyyOj2X0DuI
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Saved Games\Microsoft Games\desktop.ini minesweeper.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies registry class 39 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell launcher.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU launcher.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 launcher.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff launcher.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff launcher.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_TopViewVersion = "0" launcher.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg launcher.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\LogicalViewMode = "1" launcher.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows minesweeper.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\GameUX\GameStats\{89FE5CB3-11CB-489C-AC0D-0C0B6707E1F6}\LastPlayed = "0" minesweeper.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_Classes\Local Settings launcher.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 launcher.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" launcher.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 launcher.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings minesweeper.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software minesweeper.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\GameUX\GameStats minesweeper.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f4225481e03947bc34db131e946b44c8dd50000 launcher.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 launcher.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 launcher.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}" launcher.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC} launcher.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\IconSize = "16" launcher.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Sort = 000000000000000000000000000000000200000030f125b7ef471a10a5f102608c9eebac0a0000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff launcher.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 9e0000001a00eebbfe23000010007db10d7bd29c934a973346cc89022e7c00002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbe7e47b3fbe4c93b4ba2bad3f5d3cd46f98207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000 launcher.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff launcher.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1092616257" launcher.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders launcher.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft minesweeper.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots launcher.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_FolderType = "{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}" launcher.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\GameUX minesweeper.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9} launcher.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\GameUX\GameStats\{89FE5CB3-11CB-489C-AC0D-0C0B6707E1F6} minesweeper.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff launcher.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg launcher.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags launcher.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "4" launcher.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1" launcher.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2780 chrome.exe 2780 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 864 minesweeper.exe -
Suspicious use of AdjustPrivilegeToken 32 IoCs
description pid Process Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe Token: SeShutdownPrivilege 2780 chrome.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
pid Process 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe 2780 chrome.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1424 launcher.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2780 wrote to memory of 2884 2780 chrome.exe 33 PID 2780 wrote to memory of 2884 2780 chrome.exe 33 PID 2780 wrote to memory of 2884 2780 chrome.exe 33 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2888 2780 chrome.exe 35 PID 2780 wrote to memory of 2836 2780 chrome.exe 36 PID 2780 wrote to memory of 2836 2780 chrome.exe 36 PID 2780 wrote to memory of 2836 2780 chrome.exe 36 PID 2780 wrote to memory of 2852 2780 chrome.exe 37 PID 2780 wrote to memory of 2852 2780 chrome.exe 37 PID 2780 wrote to memory of 2852 2780 chrome.exe 37 PID 2780 wrote to memory of 2852 2780 chrome.exe 37 PID 2780 wrote to memory of 2852 2780 chrome.exe 37 PID 2780 wrote to memory of 2852 2780 chrome.exe 37 PID 2780 wrote to memory of 2852 2780 chrome.exe 37 PID 2780 wrote to memory of 2852 2780 chrome.exe 37 PID 2780 wrote to memory of 2852 2780 chrome.exe 37 PID 2780 wrote to memory of 2852 2780 chrome.exe 37 PID 2780 wrote to memory of 2852 2780 chrome.exe 37 PID 2780 wrote to memory of 2852 2780 chrome.exe 37 PID 2780 wrote to memory of 2852 2780 chrome.exe 37 PID 2780 wrote to memory of 2852 2780 chrome.exe 37 PID 2780 wrote to memory of 2852 2780 chrome.exe 37 PID 2780 wrote to memory of 2852 2780 chrome.exe 37 PID 2780 wrote to memory of 2852 2780 chrome.exe 37 PID 2780 wrote to memory of 2852 2780 chrome.exe 37 PID 2780 wrote to memory of 2852 2780 chrome.exe 37
Processes
-
C:\Users\Admin\AppData\Local\Temp\launcher.exe"C:\Users\Admin\AppData\Local\Temp\launcher.exe"1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1424
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2780 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7989758,0x7fef7989768,0x7fef79897782⤵PID:2884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1476,i,8135113792352305101,2502813638915752926,131072 /prefetch:22⤵PID:2888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1412 --field-trial-handle=1476,i,8135113792352305101,2502813638915752926,131072 /prefetch:82⤵PID:2836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1476,i,8135113792352305101,2502813638915752926,131072 /prefetch:82⤵PID:2852
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2140 --field-trial-handle=1476,i,8135113792352305101,2502813638915752926,131072 /prefetch:12⤵PID:2608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2152 --field-trial-handle=1476,i,8135113792352305101,2502813638915752926,131072 /prefetch:12⤵PID:2284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1644 --field-trial-handle=1476,i,8135113792352305101,2502813638915752926,131072 /prefetch:22⤵PID:2216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1500 --field-trial-handle=1476,i,8135113792352305101,2502813638915752926,131072 /prefetch:12⤵PID:2432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3620 --field-trial-handle=1476,i,8135113792352305101,2502813638915752926,131072 /prefetch:82⤵PID:2356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3720 --field-trial-handle=1476,i,8135113792352305101,2502813638915752926,131072 /prefetch:12⤵PID:2272
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2052
-
C:\Program Files\Microsoft Games\minesweeper\minesweeper.exe"C:\Program Files\Microsoft Games\minesweeper\minesweeper.exe"1⤵
- Drops desktop.ini file(s)
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:864
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
311KB
MD56debfa1e739b68b3e737b2edb10fa3ea
SHA1834d4457c6636b0be293d25ecbf3c64911c883a3
SHA256986fa457b9813f0db76f0ed70e8dc7fb085e5eec0309cd87d7001e542f018ffc
SHA512a7b7d2d75a8c3232ec0e2f9ccaaade7d1f7bfc25f15ad0cef7522e3f8a97b03ab301714fbd6973853238fdc44c98691b3944d06ff8146d601937e8cfdda96f48
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
5KB
MD5329f8d8cc600d78860ed56b62d0108ca
SHA1233e7b6e30586eb13b1c23277e3b5029db6af25f
SHA256a1bf1e6c156fd74216a5da3c362e15981418953a4857662a9d404ca35df4e7af
SHA51253b74c722a48119fcf2062e4de6649de4abcf3c2c7928faedc23eb6a50551f1328224b8782f82d910a7eed0cc1e1e232e01ae8c9b2ea60066440f2e98e8ff46a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
311KB
MD5cd1342768adb984176d9a387ab7cc974
SHA1ee30d1013a420093bca053bba7c21b731c345fd0
SHA256ee0188f28b1a8bf29de779499c6712be2a9f7abb024a247ed2b56b4f404239ff
SHA512400d6adf9e10321f4ce545d50aedcc229e8fa58ece38c12f60f8ec1b28bb992bba85240cddacbb44d9a697bc4c8c6b6a1f9576b827a49dd5c1bc289664d8d3bf
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{89FE5CB3-11CB-489C-AC0D-0C0B6707E1F6}\{89FE5CB3-11CB-489C-AC0D-0C0B6707E1F6}.gamestats
Filesize3KB
MD511b1cb66abbbe81e007ddd2959f6b068
SHA1f87a67ffe354b00cbb2f492701b6429762e9c87f
SHA256cb5314886a9d885e9d9df33497476223bd30ead81d8cd8ddb7a977bf15675184
SHA512efcba4aaddaea5e60c120811bf8e04664fea877b4fdf3559aac086a68ad679a8561d43b53a76ee6bef5d5ca8b4bd452a22082ed8a68a78ead7bde02b106230bb