Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
25s -
max time network
26s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
20/11/2024, 19:02
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://phisher-parts-production-eu-west-1.s3.eu-west-1.amazonaws.com/331f1185-2a2d-4d80-a09c-a778676cd6f5/2024-11-20/q9oi8qpoth64ktmknp52if65sg2qkrq9tnc4gtg1/3126c148375955c0c5a32b9f7d9652536c6a61f10bf63606b69ac9f3928956e9?response-content-disposition=attachment%3B%20filename%3D%22Transaction_Verification_aaron.baines_UK6MKP9O91.html%22%3B%20filename%2A%3DUTF-8%27%27Transaction_Verification_aaron.baines_UK6MKP9O91.html&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QKEYVJBV6%2F20241120%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Date=20241120T190159Z&X-Amz-Expires=18283&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPr%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCWV1LXdlc3QtMSJHMEUCIDxXdHmNUrTqWJ2PVrID83y%2BRh7h3OL7Zl0PLlw1fi3eAiEA9ZOtCfIl94tFK9jFYq1oUzuncQLgt4MmxC4Xg%2ByD6OMqiAQIk%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw4MjMxOTMyNjU4MjQiDIUIPJ6%2Bsnq4FYiXEyrcAwTtaSi8%2FxEp8hMkm1DP6%2BsJoG2UT%2FCOsDf5lRVoZqmLWJh7zdQmppsZ2Tcf2TYeNg1NxdKKNdCz4DQJtTcXyInM4RxwmkyM0%2FzSCeETNEsdpXX79RIgCOFcz6GpjC%2BHcM7LuDCDndbI3qSfER1WOKXuf0hxOw6zfHpgpWTC2mJ6n5ja4MtF%2B2%2FWyMHgPdm5ebt4qzIKJLokd%2F7rmFTG0NrGfIYueJDAbEKaW6UHyRaKjkQlsDb5Bhp%2FKK%2FK991LhnMyFAP1TFKoarg5gk7YAmBXT%2FnZEq%2Fdo3OhXOv%2BiYSJoivCAh6vqnAG7De%2BBkS9G1mJ3ZbrOFxDpFG%2Bmg3vNR69tbDCJCsuZqcLXooxID7Gr8XYcbMf%2B8uoZS0lCBkvxxmk6u%2F5wzFal%2Bxhx1w5TOPc0W4cu4ppFuiA6fJtUpOQCKQwNMUS%2BKhKTb1PIkLiU0SxTxwvs4lcFP5GozSXbPKsQjLb6iMlr%2FCK%2FRVZu%2F2YJpOT%2BcJ95%2BXlq7G4rPnXl5EqM93y1T7hyriK2jQ6OkgPxWxn6eT0mQrrnRI7HhRIpzdO9GKT%2FBfBt0XBLEVVs4XvZa6e5TKuzJhtLBDSjONzIb80iEFwjy3FO%2Fyefl6pkH6lj2kXbnQWE%2FHeMLLK%2BLkGOqUB64AZuD8iG%2Fg%2FI0ut4P101IQbHTmodxpSQ%2FwChTG4ZZ5PnJwX1dMGHUsLaB%2BR8Kq8ZbXVjezObDnKIxgASXj7a9Qs1fsKVf8puaq9ycn%2FcKIpsm1SeTEYY%2Fsg%2F1Few8Cel4ANImBkrGak8GtpfuhWHoeWEA55G6uBuMONADdaAAHVUw3dumohXZ6wVYpDV3RWqXxggyBoi3%2Fxl%2BaTObjp1kqwI2Kq&X-Amz-SignedHeaders=host&X-Amz-Signature=6b352456250e371702a919335fee11c356e204fa07c264ac1c04ceaf411c9214
Resource
win10v2004-20241007-en
General
-
Target
https://phisher-parts-production-eu-west-1.s3.eu-west-1.amazonaws.com/331f1185-2a2d-4d80-a09c-a778676cd6f5/2024-11-20/q9oi8qpoth64ktmknp52if65sg2qkrq9tnc4gtg1/3126c148375955c0c5a32b9f7d9652536c6a61f10bf63606b69ac9f3928956e9?response-content-disposition=attachment%3B%20filename%3D%22Transaction_Verification_aaron.baines_UK6MKP9O91.html%22%3B%20filename%2A%3DUTF-8%27%27Transaction_Verification_aaron.baines_UK6MKP9O91.html&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QKEYVJBV6%2F20241120%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Date=20241120T190159Z&X-Amz-Expires=18283&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPr%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCWV1LXdlc3QtMSJHMEUCIDxXdHmNUrTqWJ2PVrID83y%2BRh7h3OL7Zl0PLlw1fi3eAiEA9ZOtCfIl94tFK9jFYq1oUzuncQLgt4MmxC4Xg%2ByD6OMqiAQIk%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw4MjMxOTMyNjU4MjQiDIUIPJ6%2Bsnq4FYiXEyrcAwTtaSi8%2FxEp8hMkm1DP6%2BsJoG2UT%2FCOsDf5lRVoZqmLWJh7zdQmppsZ2Tcf2TYeNg1NxdKKNdCz4DQJtTcXyInM4RxwmkyM0%2FzSCeETNEsdpXX79RIgCOFcz6GpjC%2BHcM7LuDCDndbI3qSfER1WOKXuf0hxOw6zfHpgpWTC2mJ6n5ja4MtF%2B2%2FWyMHgPdm5ebt4qzIKJLokd%2F7rmFTG0NrGfIYueJDAbEKaW6UHyRaKjkQlsDb5Bhp%2FKK%2FK991LhnMyFAP1TFKoarg5gk7YAmBXT%2FnZEq%2Fdo3OhXOv%2BiYSJoivCAh6vqnAG7De%2BBkS9G1mJ3ZbrOFxDpFG%2Bmg3vNR69tbDCJCsuZqcLXooxID7Gr8XYcbMf%2B8uoZS0lCBkvxxmk6u%2F5wzFal%2Bxhx1w5TOPc0W4cu4ppFuiA6fJtUpOQCKQwNMUS%2BKhKTb1PIkLiU0SxTxwvs4lcFP5GozSXbPKsQjLb6iMlr%2FCK%2FRVZu%2F2YJpOT%2BcJ95%2BXlq7G4rPnXl5EqM93y1T7hyriK2jQ6OkgPxWxn6eT0mQrrnRI7HhRIpzdO9GKT%2FBfBt0XBLEVVs4XvZa6e5TKuzJhtLBDSjONzIb80iEFwjy3FO%2Fyefl6pkH6lj2kXbnQWE%2FHeMLLK%2BLkGOqUB64AZuD8iG%2Fg%2FI0ut4P101IQbHTmodxpSQ%2FwChTG4ZZ5PnJwX1dMGHUsLaB%2BR8Kq8ZbXVjezObDnKIxgASXj7a9Qs1fsKVf8puaq9ycn%2FcKIpsm1SeTEYY%2Fsg%2F1Few8Cel4ANImBkrGak8GtpfuhWHoeWEA55G6uBuMONADdaAAHVUw3dumohXZ6wVYpDV3RWqXxggyBoi3%2Fxl%2BaTObjp1kqwI2Kq&X-Amz-SignedHeaders=host&X-Amz-Signature=6b352456250e371702a919335fee11c356e204fa07c264ac1c04ceaf411c9214
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133766029541882573" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3204 chrome.exe 3204 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe -
Suspicious use of AdjustPrivilegeToken 50 IoCs
description pid Process Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe Token: SeShutdownPrivilege 3204 chrome.exe Token: SeCreatePagefilePrivilege 3204 chrome.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe 3204 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3204 wrote to memory of 1788 3204 chrome.exe 83 PID 3204 wrote to memory of 1788 3204 chrome.exe 83 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3780 3204 chrome.exe 84 PID 3204 wrote to memory of 3448 3204 chrome.exe 85 PID 3204 wrote to memory of 3448 3204 chrome.exe 85 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86 PID 3204 wrote to memory of 2164 3204 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://phisher-parts-production-eu-west-1.s3.eu-west-1.amazonaws.com/331f1185-2a2d-4d80-a09c-a778676cd6f5/2024-11-20/q9oi8qpoth64ktmknp52if65sg2qkrq9tnc4gtg1/3126c148375955c0c5a32b9f7d9652536c6a61f10bf63606b69ac9f3928956e9?response-content-disposition=attachment%3B%20filename%3D%22Transaction_Verification_aaron.baines_UK6MKP9O91.html%22%3B%20filename%2A%3DUTF-8%27%27Transaction_Verification_aaron.baines_UK6MKP9O91.html&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QKEYVJBV6%2F20241120%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Date=20241120T190159Z&X-Amz-Expires=18283&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPr%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCWV1LXdlc3QtMSJHMEUCIDxXdHmNUrTqWJ2PVrID83y%2BRh7h3OL7Zl0PLlw1fi3eAiEA9ZOtCfIl94tFK9jFYq1oUzuncQLgt4MmxC4Xg%2ByD6OMqiAQIk%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw4MjMxOTMyNjU4MjQiDIUIPJ6%2Bsnq4FYiXEyrcAwTtaSi8%2FxEp8hMkm1DP6%2BsJoG2UT%2FCOsDf5lRVoZqmLWJh7zdQmppsZ2Tcf2TYeNg1NxdKKNdCz4DQJtTcXyInM4RxwmkyM0%2FzSCeETNEsdpXX79RIgCOFcz6GpjC%2BHcM7LuDCDndbI3qSfER1WOKXuf0hxOw6zfHpgpWTC2mJ6n5ja4MtF%2B2%2FWyMHgPdm5ebt4qzIKJLokd%2F7rmFTG0NrGfIYueJDAbEKaW6UHyRaKjkQlsDb5Bhp%2FKK%2FK991LhnMyFAP1TFKoarg5gk7YAmBXT%2FnZEq%2Fdo3OhXOv%2BiYSJoivCAh6vqnAG7De%2BBkS9G1mJ3ZbrOFxDpFG%2Bmg3vNR69tbDCJCsuZqcLXooxID7Gr8XYcbMf%2B8uoZS0lCBkvxxmk6u%2F5wzFal%2Bxhx1w5TOPc0W4cu4ppFuiA6fJtUpOQCKQwNMUS%2BKhKTb1PIkLiU0SxTxwvs4lcFP5GozSXbPKsQjLb6iMlr%2FCK%2FRVZu%2F2YJpOT%2BcJ95%2BXlq7G4rPnXl5EqM93y1T7hyriK2jQ6OkgPxWxn6eT0mQrrnRI7HhRIpzdO9GKT%2FBfBt0XBLEVVs4XvZa6e5TKuzJhtLBDSjONzIb80iEFwjy3FO%2Fyefl6pkH6lj2kXbnQWE%2FHeMLLK%2BLkGOqUB64AZuD8iG%2Fg%2FI0ut4P101IQbHTmodxpSQ%2FwChTG4ZZ5PnJwX1dMGHUsLaB%2BR8Kq8ZbXVjezObDnKIxgASXj7a9Qs1fsKVf8puaq9ycn%2FcKIpsm1SeTEYY%2Fsg%2F1Few8Cel4ANImBkrGak8GtpfuhWHoeWEA55G6uBuMONADdaAAHVUw3dumohXZ6wVYpDV3RWqXxggyBoi3%2Fxl%2BaTObjp1kqwI2Kq&X-Amz-SignedHeaders=host&X-Amz-Signature=6b352456250e371702a919335fee11c356e204fa07c264ac1c04ceaf411c92141⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3204 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffad178cc40,0x7ffad178cc4c,0x7ffad178cc582⤵PID:1788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,14832185830017987267,10257345060800647351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1924 /prefetch:22⤵PID:3780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,14832185830017987267,10257345060800647351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2188 /prefetch:32⤵PID:3448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,14832185830017987267,10257345060800647351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2240 /prefetch:82⤵PID:2164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,14832185830017987267,10257345060800647351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:12⤵PID:4252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,14832185830017987267,10257345060800647351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:1240
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4716,i,14832185830017987267,10257345060800647351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4728 /prefetch:82⤵PID:2296
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5004,i,14832185830017987267,10257345060800647351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5016 /prefetch:82⤵PID:5112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5012,i,14832185830017987267,10257345060800647351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5164 /prefetch:12⤵PID:4340
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4328,i,14832185830017987267,10257345060800647351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4436 /prefetch:12⤵PID:3404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5436,i,14832185830017987267,10257345060800647351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5408 /prefetch:12⤵PID:2820
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:4828
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:3444
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5536ad991d9b9c4805d4ef6adb124a781
SHA1641fdab28eaad0c3a6fb458049b19ecb056753f6
SHA2564dafa0a63bb6029f6d0bf3adc3f703adaa5277c4b9aaafb096b0f3083edfee0f
SHA5123a2b2737765220e37f3df1b5d2e1e246563fb45f8f35d6a49517b7e6066a8406dbb35e7e152f3d88636ddeb1189045240185ff9ed3e530c16b4733d8ea6e89e9
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
691B
MD598a48e9c9665a43dcf30cc9a622d2063
SHA185ae15b85dabba891a97f59d38cb1795976bbd16
SHA256caab03452fd51c863e532e1784441606c40d0d23109ff11ec9848b2b5ab9de5e
SHA512cff034184d353324b70e77f618ac7c93125c76f64df588cf89a801dd844fbe62b38ca59ea0ad002d3e9591417899d842a49afd36565e45cd957eba431c707a1f
-
Filesize
9KB
MD5cee0f73127cc58a6b910db9cfa3655c4
SHA15e13206f2d9319f9b10a10dd79dbf02cc7b4fa25
SHA256f9b02b67c0058a32572b615b573d0d75b40068f410173275937506e958a9d3fc
SHA51244d2c92537335dbe9e819e8fcca5ea5a34b891969ec622e430f7bd344639964bf14462c778d751b0a7ace40f1d386aef31782c2b7c690f8273b85d18e242a204
-
Filesize
12KB
MD54c957886710690f34dfc99848b524306
SHA181de8d591dc8133191f9a0b31700b28f4ba6ba4b
SHA2561fbad98ff3459bccac0d4c903d5cf87e1e3ef3a03571ab8c9535c64438b3ee8c
SHA512d2c029631fb6583c6e3c11ece205712a0b48999c0f2fe78e445d9abb2091381ba42524687ee193b6b2e05f002ac4a6f511e825b561d7dc05e54f605a37a4f257
-
Filesize
116KB
MD5599cc7dcec9055d7f24b88f2e9111e22
SHA131378314c8ae7861873b534614fe87a1ce048e89
SHA256728a8d255ecebe3cc14a5c04e9703833de7d906a02591972cd0117b000e1508e
SHA512f75965a48fe13bb48cf75eff36ef16599a60f1d92627e25a661702bc13aa8bad9e926741af0c14c2ec2f0b1d694a2a3942ca9f7db3d23ec95bd2358cc268f31d