Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
7Lunar Clie...er.exe
windows7-x64
4Lunar Clie...er.exe
windows10-2004-x64
5$PLUGINSDI...p.html
windows7-x64
3$PLUGINSDI...p.html
windows10-2004-x64
5$PLUGINSDI...x.html
windows7-x64
3$PLUGINSDI...x.html
windows10-2004-x64
5$PLUGINSDI...app.js
windows7-x64
3$PLUGINSDI...app.js
windows10-2004-x64
3$PLUGINSDI...uts.js
windows7-x64
3$PLUGINSDI...uts.js
windows10-2004-x64
3$PLUGINSDI...dle.js
windows7-x64
3$PLUGINSDI...dle.js
windows10-2004-x64
3$PLUGINSDI...min.js
windows7-x64
3$PLUGINSDI...min.js
windows10-2004-x64
3$PLUGINSDI...ons.js
windows7-x64
3$PLUGINSDI...ons.js
windows10-2004-x64
3$PLUGINSDI...ics.js
windows7-x64
3$PLUGINSDI...ics.js
windows10-2004-x64
3$PLUGINSDI...nds.js
windows7-x64
3$PLUGINSDI...nds.js
windows10-2004-x64
3$PLUGINSDI...ies.js
windows7-x64
3$PLUGINSDI...ies.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows7-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...der.js
windows7-x64
3$PLUGINSDI...der.js
windows10-2004-x64
3$PLUGINSDI...ils.js
windows7-x64
3$PLUGINSDI...ils.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows7-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows7-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3Analysis
-
max time kernel
387s -
max time network
384s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
22/08/2024, 05:41
Behavioral task
behavioral1
Sample
Lunar Client - Installer.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Lunar Client - Installer.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/app/cmp.html
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/app/cmp.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/app/index.html
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/app/index.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/app/js/app.js
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/app/js/app.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/app/js/block_inputs.js
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/app/js/block_inputs.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/app/js/libs/cmp.bundle.js
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/app/js/libs/cmp.bundle.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/app/js/libs/jquery-1.10.2.min.js
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/app/js/libs/jquery-1.10.2.min.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/app/js/models/notifications.js
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/app/js/models/notifications.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/app/js/utils/analytics.js
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/app/js/utils/analytics.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/app/js/utils/commands.js
Resource
win7-20240705-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/app/js/utils/commands.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/app/js/utils/cookies.js
Resource
win7-20240704-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/app/js/utils/cookies.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/app/js/utils/modal-events-delegate.js
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/app/js/utils/modal-events-delegate.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/app/js/utils/strings-loader.js
Resource
win7-20240705-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/app/js/utils/strings-loader.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/app/js/utils/utils.js
Resource
win7-20240705-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/app/js/utils/utils.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/app/js/windows/cri/cri-controller.js
Resource
win7-20240704-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/app/js/windows/cri/cri-controller.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/app/js/windows/cri/template.js
Resource
win7-20240705-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/app/js/windows/cri/template.js
Resource
win10v2004-20240802-en
General
-
Target
$PLUGINSDIR/app/index.html
-
Size
20KB
-
MD5
423d2e2f7e21b856cb5f3ee3dcbfa5a0
-
SHA1
eda0e357387913daf57a0c683c34b4b8a5d7baf7
-
SHA256
cd59efa2fe7cbe222d03a946c34eaacdb3761e922763952d7be4555addf8572c
-
SHA512
c403307549af9bf7cfd34295a8b1020e7b7489d104b5fdaf4320b495f85977134796774dbf4f20f8fd0b2d1f2188b881a1cc35cec56aa64a3dc84bf1c2d21b4b
-
SSDEEP
192:DgNb/cVDYmPkhHmY74deqmtRCtmK8WQI9gHcMlxh8Bi9LJFHab4rmgJnc5t/93jp:ENs+XaMr9n2uLy05SN1
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133687789349603442" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4960 chrome.exe 4960 chrome.exe 2240 chrome.exe 2240 chrome.exe 2240 chrome.exe 2240 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4960 chrome.exe 4960 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4960 wrote to memory of 5076 4960 chrome.exe 84 PID 4960 wrote to memory of 5076 4960 chrome.exe 84 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4900 4960 chrome.exe 86 PID 4960 wrote to memory of 4164 4960 chrome.exe 87 PID 4960 wrote to memory of 4164 4960 chrome.exe 87 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88 PID 4960 wrote to memory of 1408 4960 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\index.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4960 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb510ecc40,0x7ffb510ecc4c,0x7ffb510ecc582⤵PID:5076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,4336216056064405832,8050556235264187362,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1912 /prefetch:22⤵PID:4900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1864,i,4336216056064405832,8050556235264187362,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2164 /prefetch:32⤵PID:4164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,4336216056064405832,8050556235264187362,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2416 /prefetch:82⤵PID:1408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,4336216056064405832,8050556235264187362,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:12⤵PID:4524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,4336216056064405832,8050556235264187362,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:2760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4604,i,4336216056064405832,8050556235264187362,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4616 /prefetch:82⤵PID:3440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4820,i,4336216056064405832,8050556235264187362,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4460 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:2240
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:4112
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4764
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5bb3c86f71d0aedc48f885bccc9c555d3
SHA17691ad45b01b155dcb659c2900ba8853bd46f3b9
SHA2568b387871b94023cab6511a4e64507514b4d46f91d1b8ffff67690989daa8c409
SHA5128d45d27c72837d77d5a372dcd4a52d72255060f1ab5e111a2818215b5eec93c53baff092efcb44434ad03f7a75edb84f48525bce7efde904ccc27296c9b6c18b
-
Filesize
1KB
MD5f19beafcfac1e2ba7f86e40729e6d8dc
SHA1fab9aed64400647262c9813cc8c31a9787924e4d
SHA2560e29d2c474dea2e25693352f7e4540dd5cc119d25ac28c36c5b4b79fcec8c94b
SHA512385ff1539e2370db5dfdfd4ce9bc51a5a96a277da0a448050ee0bae859cf151f12f90329d98a0839d1bbe6ba617c8b420f36429dbd1f339d6845b1f4b087c254
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
524B
MD59a8f053de7e655bbb46394bc2e6640a5
SHA1ffb327072fb03490d0d508e1d91d891f5c77415f
SHA256d65cff1dbf77b55b82632d5543f3b11b469ddee051e1aa324a745faf49515184
SHA512d3bf49c34b358fa5f73a65b1e46f84688f27efa87d67788146570baab5244d63d6df58a002b56a9393826c0b99ff51b39a64ae6e8806dcc725c45b2a86cb939d
-
Filesize
8KB
MD555e1694676991ba393dd5c60d3673154
SHA1f838c39a64f0f3cbf97d9cfc537f6e4f0b7c6988
SHA2562cb823aa98fcdbbcd8010a46fdce986438fd89fc7501b750260783a4eaacd180
SHA51229c8321eca0e6bda0c80d9898ac62fed41311478a6ad35da314d08f561675ac80e727dbd7a9c5da0ce2c2201b87f9e0bbaa4963a9ff863698eba50d88bbec955
-
Filesize
9KB
MD552f23785c41bca8c6e4a54e6fbd7753b
SHA15f12624647e65465d07463aa2be0c4391686e8a9
SHA256b9d112e81ca4c19e4c8d556e8a9eed0d7edb9dde157a315300e8f91f6e77f769
SHA51244156c9e28ce59df17596685d2e55eb64148c42aebf6b089e2302cc298a5fae3e54be505355ce06b68f067ff5c07bec74536d81932e2723d5aab9c60c80e9feb
-
Filesize
8KB
MD59792d06f3f5e9b8dc4262e0b331cfcff
SHA1fa499593dd4b240326760bd848686073a9fab937
SHA25697e6c80c0c5ea7a5fb471949b70e252e2947c97076921731fa4a166a08d9ed46
SHA51297c1cb70d8fa21d09d78d750c3035673ceb35c221af39946ea840cf02c675b04d0f8edc52e0d5908c8b0326ecde050be14cabff9b4f4f6de06dd419312860904
-
Filesize
9KB
MD569aeda014e236c0614f007efcba4f479
SHA17f62ae9a22467a630e1b20d59674c01978411ed2
SHA25681d625a1bfdc25d3d4f8b65288b4c543f225effc8cf79d4b96643fc851441daf
SHA5124be8915675a368fe00dc9739634cb8fe0634bdfdfd7617ff25859a7fd862a7de2a1c8ed32958059031357327866c368c9ac7888eba297c7ce650217e7dec4afe
-
Filesize
9KB
MD5430ffc8fa11fff7828c1e7182cffc159
SHA1754b59176d5294fca279bc9540fd859713218e53
SHA2567e41dd4915d91ed7593b200605e0fa73130eb8e46711929e3412c58abceb638c
SHA51229d0ae1a6b8daedc681a4f8d7e33fb3d9fe53bc840087b85260427cb4754505a30d67d94fb8e385df9d0fd219775c6e9356cbeda55222b102a3a80a258bb9fca
-
Filesize
9KB
MD56b3db8489a4d5ea6674feaab7aebeca3
SHA162d2e7d08b57b3ff12c89170d627e989b483b782
SHA25669f536d7d9e19ba0437dcb3e2997907177441fb027a1228ec3e94d9b6df47e58
SHA51261b667b60b190ea7a9e4f7ef472f1abbb733f04dd5658a6dd6a5a4ea2c711bb39d8c01b33e888025da419290484ce528cb7805a544f445c6e1c163a2a98fb957
-
Filesize
9KB
MD551612b915dbce40c1aa710227c0c47fc
SHA1489f060c3b5492c206d36c1deb207d22e7f50482
SHA2567881f3fcc063f6f4cca41eb14d6327ba8d669fb96e7543c890a80a549cb99568
SHA512ecbb81919afca7430875f5df475671b88169a7953ef68158507f2695a0bc129e6f57ccbeb297c6a16034264d2841306fcd704e1b3a4dce7ca3fba1914cdebd0a
-
Filesize
9KB
MD547bcba348627c4f248eab459ab7ace7b
SHA11ebdb3c4dbe4bedc83c8b4fd63af8bacab9f807d
SHA256224b888f64195b50d06cbae67d0411df0d00711b2248babecb5bf999fc6bdbf9
SHA5120236bb051ca826351b4eafecc47468aacc827feaa202430df33e5b6c1cd7c2cf5dbebc304121d2ad58338964e1055ba15b03bc7b1df819ac23ec86acaa185e74
-
Filesize
9KB
MD55af87729a151e6cc397f4b412782a364
SHA19d4929b29ad93024ea9493888c806d8253b668cf
SHA2563ca41d1df00dbefcf30e8dabecf036fcffa70d2cbf31d32f70f4d36a9487c674
SHA51298110de86ef3f41c025cf275889934c213f9bab9757df8472d86723cd94008b46d7ab7bc3762dd1124293882e460b3041e05b1b21422dfb8e4321992fc351c76
-
Filesize
9KB
MD53e8a3c99a3f072985c96976011ac2fe3
SHA1c859d50a095c03feb0ce8d52462b68f4f2b4fd1a
SHA25643ef3a8ad4b8d09a71ca261e72b8ed96a2ea18879523c29c99c6e13ffa270d7a
SHA5124c4a1642444cefe19085dfdfd081fd58be43baba8577ede30a65baa48d28616f505afffa6f6bcfdddb79044246dbfc92d68dbbc26aebacf168a98b421df67e77
-
Filesize
9KB
MD57057bcc38f1cfb77473d0e4994a13841
SHA10c8556fd837de17e2790f675b3d4af3c387b74c4
SHA2565d96ce72d04df9b08d5432e13240eebf8cea0fd177a6151cb91b73644e547e8a
SHA512ef46b10b08d5b6c9ddcca65b6c32bd2fcab9ac1aadc031b79c093249b7caef113a89be3f36721116c1535a25501d8b8ed57523f44e7cc99f6a9773e01640e00c
-
Filesize
9KB
MD57ebf09c0488783efdc7718939880f2d7
SHA11ccb2052075d6f71c335f3e10ce0dce551434f48
SHA25654e88fa095f645b306f98ef4bd2a9e9054ce3c693d970b0abecf6b2773a41265
SHA51282a450030cc00e57d340779fdaf6bc805c85229f0b880adea728e2cda051fc49bf5f694b0ac8a559ecb16a83da128819be2fd956b83cf7a5a908b79f8153a3d6
-
Filesize
9KB
MD5b47362ca11ee2670b1617c5f3824095b
SHA1787e793ee6ef27cd2991659e79439aee6dd72d05
SHA256c29e45bbacc3b8bda862376176fbda0b851b5e85697d1d05671d5024895a822c
SHA512b479bb9dc4d0114b0d4bc2f5b8e0a478572576e6aeb6056504080995b0e26dbbb5ac417709542402f793f00b3a2e488c8fd585ea03e35367bedfbca9dfe6ef2c
-
Filesize
9KB
MD56f3041696139d47e2a045a6c256e6257
SHA17183b32093dd69598d1b48b1376a51ebb8335ce8
SHA2564672a659b89daffb4baa327ec600e8ea7df8d2aca1b3bef15c281a5e154638f8
SHA512b721145e86abd61a2371882d276aded8e439a917dee185a4a631b1b47f6d3989424a8a71ab4d377ba31bd30f1e183ba049c4d6e27ee59e9b6557464b66103d47
-
Filesize
9KB
MD597572ffad8597d0650dc28da2dd2e465
SHA1470eae9b4e520b0c9c8cd8d1c5c40b8ecc54765c
SHA2566445481117627b110c122f1d0aeb6ce6e511352064fc3fbb247adb8c62e9c643
SHA51271e46a3e8a2ecfc6c052726240e5f1bf352983fae848a76057df81721803d355fa7afb0f09ea566c5c3c94b3b37c4c83add7ac848d092d5bb2dd9b1558557551
-
Filesize
9KB
MD55019ef2b70d25ba13442ec2ec8546a3d
SHA1b25ef06440c7445925e4607028b331c79f7ee77f
SHA256fb9273222c5f7395bb59b362a87fb8befbd262e9e99cc763671fba5647851748
SHA51249ecddc1e767e37d76ebf8154edce138a1c2f6db163cb05ae42677d59cf69f3eb8f064f57216913cb981eb5a2ad82ae23ad1d6ce464d7dbc78ed0b10e9c74d82
-
Filesize
99KB
MD575db567651b411ce09e7c20ccb71aec6
SHA163fefe0eea701b5a659abe514f0b8b709783637a
SHA25614336eb42f1ffef0a1e91a513465d9623bfd32ab099ce0d04c54570c8f54c8be
SHA512fc7cfd5fa0a215b07088f6c77eef9c3bcc2a0d69d599f7a1c11c2a195686c5e3b650258059971fa7e903f11fd9f18685355064e56350d4054cf95cdbf74d7080
-
Filesize
99KB
MD59653fddbe24db57d0f5fe4434bb8fc8d
SHA1ed258e978f88d191530cf4e9ab31d0d84b5b5645
SHA2566f328a57d06d06f6954216ed79d78e1e2988f1013ea7949433fd9ae9d739f79a
SHA512f08c58fea451aab6415d7492f4cd41f24f6ce9a520e2085e0b1b7c4002525d33e33ce4845edd4420efdf8a69d4c60a84003868b397ba32247eee2ecac38e1063