Analysis
-
max time kernel
209s -
max time network
208s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
12-08-2024 16:49
Static task
static1
Behavioral task
behavioral1
Sample
eicar_com.zip
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
eicar_com.zip
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
eicar.com
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
eicar.com
Resource
win10v2004-20240802-en
General
-
Target
eicar_com.zip
-
Size
184B
-
MD5
6ce6f415d8475545be5ba114f208b0ff
-
SHA1
d27265074c9eac2e2122ed69294dbc4d7cce9141
-
SHA256
2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad
-
SHA512
d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133679550204539891" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 3172 chrome.exe 3172 chrome.exe 3120 chrome.exe 3120 chrome.exe 3120 chrome.exe 3120 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3172 wrote to memory of 4004 3172 chrome.exe 98 PID 3172 wrote to memory of 4004 3172 chrome.exe 98 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 2712 3172 chrome.exe 99 PID 3172 wrote to memory of 4140 3172 chrome.exe 100 PID 3172 wrote to memory of 4140 3172 chrome.exe 100 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101 PID 3172 wrote to memory of 388 3172 chrome.exe 101
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\eicar_com.zip1⤵PID:4864
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3172 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb602ecc40,0x7ffb602ecc4c,0x7ffb602ecc582⤵PID:4004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,11545842832974086088,1522774452927125598,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1844 /prefetch:22⤵PID:2712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2184,i,11545842832974086088,1522774452927125598,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2328 /prefetch:32⤵PID:4140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,11545842832974086088,1522774452927125598,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2548 /prefetch:82⤵PID:388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,11545842832974086088,1522774452927125598,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:12⤵PID:5000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3284,i,11545842832974086088,1522774452927125598,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:1476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4572,i,11545842832974086088,1522774452927125598,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3736 /prefetch:12⤵PID:2756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4732,i,11545842832974086088,1522774452927125598,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3832 /prefetch:82⤵PID:1468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5060,i,11545842832974086088,1522774452927125598,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4720 /prefetch:82⤵PID:3948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4396,i,11545842832974086088,1522774452927125598,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4712 /prefetch:12⤵PID:3524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3396,i,11545842832974086088,1522774452927125598,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:1804
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3304,i,11545842832974086088,1522774452927125598,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3516 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:3120
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4568,i,11545842832974086088,1522774452927125598,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3492 /prefetch:12⤵PID:2400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1136,i,11545842832974086088,1522774452927125598,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4916 /prefetch:82⤵PID:1396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5556,i,11545842832974086088,1522774452927125598,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:5116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5688,i,11545842832974086088,1522774452927125598,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:1680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5148,i,11545842832974086088,1522774452927125598,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5416 /prefetch:82⤵PID:2172
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5764,i,11545842832974086088,1522774452927125598,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5792 /prefetch:12⤵PID:3604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5724,i,11545842832974086088,1522774452927125598,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5536 /prefetch:12⤵PID:3304
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3196,i,11545842832974086088,1522774452927125598,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6080 /prefetch:12⤵PID:3352
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:4104
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4072
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4660
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\34fa6789-77ae-4807-a9d6-8091eb34d649.tmp
Filesize9KB
MD536cf2978022cf98b9c6c512c49ee09a0
SHA1f39fcb7b61a749eaefd107b707a7e34fe13af559
SHA2560e4e1ef3b989bfb7b5014a00e02fe9c543be74028bef060e6c1276f05d7ba177
SHA512d9df5081e8b62f29732276774f20e4ef5c941b2e55d724feef9bb21aa78e40faa0b7980bb8893901033f9dca39032cb23a7cf64633e217f2b2f4526aa1e627cc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6e9509c8-22d0-4f7d-89cf-451dcf509b2f.tmp
Filesize11KB
MD57fec375719b9d0f5c019abb115a25031
SHA1e6fbe72714cafd89b10a61d747a8dca5c233461d
SHA25659e2da565273935a8fe0134a0aea29adb0f8987a8c946316975b0d7a30f10dd1
SHA5128c826098adedcafc2968ca82aee1906ce922fa82f7a7568ac5a97de9d05eb2b9dbbaada8d12a0c6308dda68a80fa6e95d2fcba5f4da502da9faf5bc92c28e109
-
Filesize
649B
MD5538e2cb82b264fe9e25191cbdfc66d66
SHA1305d642b4419676bc8a4018f9bd2c872473d0997
SHA256810c1e7da077ab31f6fdd640617674aa6cd4c6dcdebf906b93032cd882bdd58c
SHA5124d63cf7d194ecb0d7e3a6496108e6c7c648456b0b4ad8c7b3ade971ab8b507814936e27e882fa6308278fe42c483c88f9f7a2f547f69c17489b5a654d44f93a8
-
Filesize
210KB
MD548d2860dd3168b6f06a4f27c6791bcaa
SHA1f5f803efed91cd45a36c3d6acdffaaf0e863bf8c
SHA25604d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77
SHA512172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e
-
Filesize
24KB
MD5c594a826934b9505d591d0f7a7df80b7
SHA1c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA51204a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961
-
Filesize
216B
MD594dbe5975113305e7a1e8f56ef0cd1c5
SHA1881d7bc3dffcb00e3fa1e3c8166d6a4055509ab3
SHA2566d6f299ccf4ac735fdf8aa38f007546c281029dce5b7f0a382b16f911e9cf603
SHA5127f6ca50c09b124cfafc1fd83c4c4d0163b8581d17690b6dc97b82f1fd1bf79dd346a7c04499cc4ff6a706eb5d913737b871c05d81697d42dfef246e0fad61b33
-
Filesize
1KB
MD51b9676bcf0ee38a6d02b4303eb3508b8
SHA19111f455255f952c34c66de2607c0a166968bec5
SHA256647fe0ddbaef966b5a92c1bb106bca6492467add782374e706a9cdd354619ee5
SHA512dec8e86aae5b65350278d882ceb45dea4b85803a1f5c462ad6c20d712902df56ba826e45f51e2c4f3fff5c19cc8809af300b8d54a11f9f759b385f643715e197
-
Filesize
216B
MD5d90241618d449f893581b87987a62bb5
SHA1653560661d0c088f94b4897a6df0d63d8cd18a20
SHA256283d0171bc485a4a0b7aae843464673dfb97254750288b93fa260dfc956311aa
SHA5123ce4bd94291e5355fadc34d7ec2240ffc1fb2a561e01c79383834fc6356d70f87f0cb79f0ec193590d3e93a58f09ca9ee9a2ce23d3d20d094a8f8635b36e3f5b
-
Filesize
3KB
MD5a0e13192f6284541b9c76e1b699779d5
SHA106f2ce9c1a1a8e6ed55c962e6a6304a21a5afb5e
SHA2564ef13538634c02a1c035675478e3826efce7c122bebfceb24423a0e8027943fa
SHA5128617723a96cc1cf48c80434c58994dfb98f66a98e4630eadf7290ae88b648b640ce968743efec54a7f27928c2cd599b0e88f54df5f1fb72ff419331ebda37ed4
-
Filesize
2KB
MD55358da10a0563f4a9ae40b065b107c37
SHA127b7fda8728ae28be26aa62c66e3bc35c36a46a0
SHA2561479ab4a53d5094e09c6fa2b2797fa663077386c5c3574830b73dfbae2ee73bd
SHA5129a21e57d1f674dae9cd72984a9aabd8f0b65858e11a56862408b3d9955afb5e5bfaeb05505f0401e9a0d3d302e965884f7a3dd1088fb70fd6766d5d8931f6bff
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD5bb77be1ffc3041ec63f4256422ed64a7
SHA1444f7297d03d34a619b47018082ad42db490bfa2
SHA256cf3b0c1e523801d4bc4bad0443886b25e87da11bab923829ab2f11b45c12ca5a
SHA512e55d4f514ea2dd7d8c8ae4ad813215365d23cf7a277a3aa79403138a6aaa12ee1055336f569173637d6b841281b1fd6736b781930d6a65290fba748f80fbe9d6
-
Filesize
356B
MD54496ac20996167fad39edf0dcd66e4fb
SHA1191c74cf117385576ab776b28ccc415ff1d19ce7
SHA256e195e736df75ad2dbe27bef8948131edab6fe81a7df4683b38111c899c67c75d
SHA512c78e6cbc7fa71b7c1d48b029556c5ef8f6b87c2039cccc138db17ec43722458d0d329da4df4a5424269a22a3d77f373a71e1fe698e229cf49477d4752d6fc07a
-
Filesize
1KB
MD5e7087cf6bd667a1ee5b11a0f2b64c0dd
SHA154994f58e56e3a3ac513eda1826d7115daf0e5a5
SHA2569a9061aa4d51d03c2d12dd57de392a4fb1b21e26d61f0dcf0c76b00a55cd474f
SHA512044f8ec8e1bea7c82cd3ab2af740f3903631245976f0730464fa6e5dd0aba6b451645dbe56f6d848aa14492d47594452fd6db42ececacc3aaf31b987965b31b8
-
Filesize
688B
MD5b0e49aaf98a7c82f1265291c630ef0c0
SHA15947977edd084f576202b1b925ba5b9e7801e953
SHA256d852020fd015e39943e90ec70caa8aa5bdfb7b5dda6db602ae2595565e131c77
SHA512f740e4f124d2c8628a0c2d0081c598acde2ba4f7e4bac70746f6a8ed7008aba815e6219fbe83184ee8f1bd8382768a67e934d41d08741bf25e80f32dfe0c0797
-
Filesize
1KB
MD57d874c67da9e7ed2147670a48545ad2a
SHA1c0f61ea31d3aad7d6f567fe73470e9388d2b229d
SHA25652ffc560a19645e1edec94a2fb4d547c1f50ad96c3f8d81c35ed232fe2dbf19d
SHA5129022ff4aaf300390829e068601335fda3c97567cae163e9b9a03ef61284a07821d23a8d8f5b1c00b4ec17932e5eaf56503b25e63b6de3ae5e04f78c12941d861
-
Filesize
692B
MD5f4156b345e74fb79f36c3427b36585ae
SHA1a3c37c3ee30e5bcf5dab259b9ff099f2c714c9b8
SHA25608c0ad47f96d8d633ab59676df7c4f6efeefaa10c5462a18f1b013e50c2d6f47
SHA512b33be01aad668201d6d8d71077e69dcb306e3d83470fe1181539dea069bf23ebba21ae33499e364496239c329af9b78e9f8a85ee8f0aa5ebbddeced010665bf2
-
Filesize
9KB
MD5d96f4078bcd86a2b9586cc932c86e68d
SHA1fb0401581765a2f7cdc6fa73c3a69fbbfc443f89
SHA25614c07aec8ac0f1a073c2142902acdd05e9a832c40f265ebf504eb4fda0149105
SHA51296a4b77d7388f09ef790db31e43533ed9edc8fd5f3d7798611b8dd26271138df84c99673c8e4a6410732fe95b14d1ced39df4a8e4341d4896965786943801f38
-
Filesize
10KB
MD5ab33418be96932e9d4f6df335266209a
SHA1ecfb172694d47f8f6196439bdfab2802bb17aacc
SHA2561311729448b7953f54dd0ef54d38a569ea69feb9fced3d2e68dda9dfbb7bae66
SHA51271ac71718b7b73a44be38884652252bfa01c0a31e89c05ea0827da57058d4552dadc5a24631b670afe4592ee07077f67ae412256738fb1c2099f8162a1100f31
-
Filesize
10KB
MD595cc855aad7fcb90b686cbc02c1d4435
SHA12eed28098939aac93328fd6c69eed0138425d057
SHA25690e682259b1b026444cc6de37a70b2afdf648b4120bd56159dedc0e916d8bc41
SHA51252f4ab4f0fd57ddfe455e25040ddf250415c19072d0d368ee69f930190e292f1cc2742bbe1f76ef69a55cb1b0eab30f08c18df52fad428a69657eec96b766e7b
-
Filesize
10KB
MD5540d16131dc635dc08d619b72b629033
SHA1d00e6e4adcd2987aea9937616eca7a8e49afa885
SHA25618114bdbd341a01c2e7d97c7dfe19bf7330c6d4b6e21e6dd9249bb89246b5778
SHA512dd487a9b99af3121645f784a31f23444843ee1383ba1d2009a3043fe1613966264794862e5d326f10c50d29a1a0bf1514542e1741b2f07560ff4d23022f4dc2c
-
Filesize
11KB
MD5a0ec6d8ab9c0fd338ed7abbadcd9d318
SHA1123d6b857c8cdbc30ed118c8748f48ce7f3294bb
SHA256a9347f0a79fe26d64661574958cf6dc693e27ff462d3b596b909655329049296
SHA51294b0fb5d6ad37b32139ca5a586207ee225aafab93982d81b47b465d51de624b20615ab0f1e9fe87c0e94bb7ca0c994f276dd6cf8c95c2e8bec4bf177f322a9f1
-
Filesize
9KB
MD5b1b9140051a425db89ad30a8bffcad61
SHA1d1670edc17b921da2a7c5dea4edfdcdd019fda97
SHA256c2540e3f477ff340feebfa2766dce320390a2a43671d92409b5179747706c8ae
SHA5129571e601cbff8226ab05d3850371a6b95debcdb868e1c095166840fea06b91bb236dbebce0ed8f84ffc0ce16f3ffecaea026995f18b251aa077a9ff05369a27d
-
Filesize
9KB
MD5b9f0c86592f459b138a458460e73f34c
SHA10a11b00e02a6e74b7506c473e1602ddfca0cf822
SHA2566794e03036523ddde1f0b0b0f9d208c961204d7bfbcfb14256f5818b293c1a97
SHA5128aa0232c892f10ccb7e4bb77d9c58843b8edb1dd6f30f631ae9c73afdee31ad29ee6bdc4ac8de15d1c25192fe1d5ffcc5240f87a800d5503658ed65bc36a68df
-
Filesize
9KB
MD56bed93ec7df651ffe4ea811ac3425b27
SHA137904231eecb0d34ba5239f534029f24d792dd5b
SHA256dca1946709fa2e02a3c54fb2deadc2b7813b6945e2dd559953c8f94c37765e8d
SHA512e1ff34c6164985dfd9deddb6a4c12ae1c693d0485856d527a869eb09d3d9563efe79fd0b6dd7ab5ac5c471fdbd15bb7f0c099adf542290ed7604594032e0a1a9
-
Filesize
9KB
MD523c8ac7ccb1c35f198778bb0aebc1f57
SHA1a8e47ce913087d2511f43113f5a2818194550686
SHA256fd752cdfaa18081f9e4f4b30d503bf1bc4afb2574e6f80cbcb8305211c38b2b6
SHA512a71518656c0c3b7b90c6a353b89b0fa06d2cc0631b0cbe1884abc7afd8167d3e63f95788d9909086ab408f7ef3a052fb8359d1bdfccafc04d659ef6e26644be3
-
Filesize
9KB
MD50f34dce1968da85dd13e343d2bcb5fbc
SHA17668057870b75e60ce17b24e97e2ce674937a08d
SHA256a0d5627217ab17815695993e7aa13aa47f0b23d0c71c7d60a5fa3290f72dd70e
SHA512f7e4a8505a09e839c263eadb585bc35dfeb7c591ba11e132eddd7eb2cca5768ec54aa89a715e75c2e9f30c03ddf96485005f5b4863b409df3f1ab0eb292aa96b
-
Filesize
15KB
MD55e048a6a7d23978bcf81819b280600fc
SHA19d704971196a380d97f4021b490c50bfdd58b4fb
SHA256aab3aa1ea6ba7f080e57700b35f8d98b0c7716bd3a05b97c5e879414e9373e46
SHA51203c8cc38c1c51f494b40ca5195059b80e536a9e0194fcaf6358ee71d7f5c48f2087c7f8db5d6afe5d890acda779a0e773044f64b4a681f8a94b2cd8d8bea36fc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize96B
MD5ec046219ff7831a562ac808f75f1b3d9
SHA19d444a6bb960a02e72631978c91d07b30d7d8a14
SHA25638f369b71960bc2c19ddd935893359664f07d8693698309648072553f0954332
SHA512bbd08f8c7d29bc417e3cfc66c3986e263dc7dc558b913c58122ec436a9166a8e4f6d35c02e731a6a55f8e0176da3c6afb696632312265efcf2f37bc0d8b14a5a
-
Filesize
193KB
MD5330905f78b0ccda786f6e2572ab70927
SHA1d4c8528306c35991039d35445cf23b36559d361c
SHA2567a6a5ffe8164af8afe1b15315a1fad2eb26d4fe68c2a3c08851012706f572b25
SHA512a6a30c5dcccd8367f13be88440cb5e22d59564251d09618a466e27484cfac628009d45ef11080e89e80386e0235e7366cbaecb7ed28aabf26605a2ac296c16cb
-
Filesize
193KB
MD588924c4bfd15feef60ac8e5d1a65f73a
SHA16839478644bc9fcbcde3664a6dfa38a51881933b
SHA2566bc16671246c148ab7e564b926c8cfedfbff86b5846fcfd11df459dd670d51dc
SHA512fed01489d44eb2cb1357dc2c00b206d81202269b11f040b673b52e9ec49fc5dc17fbd533122a8cd66f7aa8699f94122ade8438f3a0e9847cb410308a2e1e24bf
-
Filesize
193KB
MD500409a8a942a960e129fd11a82d45e4d
SHA10e8ea75a39155ea020838a09d4ece05c00325c71
SHA256bcd005bb9a93816e002deb5b787e0deb4d15e5e1391376be53115a30598051b9
SHA51283a41fa4a8b1eaf9823e99164448868219c8aa08c7477c8a69950f8e05a7a24bac8f86dc4ace20a4ea02b00407f30b46078728d4efb736f380794cd99f617301
-
Filesize
193KB
MD58cb414c98f7658122ae7dab850415949
SHA106c97772456b8b4ad752ce76787e5d8cddaecf96
SHA256243412f5bd7c073215f165057333ff06ba263bf5fc45f4ab5fa1f858822e6a0d
SHA51233f1de92803713d18f203c61cf928110a89902ee0fa9ded3d5dd047df55d5cf6bc2ec453a881ea992272a632d7f52326d4498b2ea39b2617836ff5f7c49f750f
-
Filesize
184B
MD56ce6f415d8475545be5ba114f208b0ff
SHA1d27265074c9eac2e2122ed69294dbc4d7cce9141
SHA2562546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad
SHA512d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010