Analysis
-
max time kernel
1788s -
max time network
1691s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
22/03/2022, 19:10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://t.co/lPjCcUvP0z
Resource
win10-20220223-en
Behavioral task
behavioral2
Sample
https://t.co/lPjCcUvP0z
Resource
win10v2004-en-20220113
General
-
Target
https://t.co/lPjCcUvP0z
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
pid Process 2136 chrome.exe 2136 chrome.exe 432 chrome.exe 432 chrome.exe 3988 chrome.exe 3988 chrome.exe 4048 chrome.exe 4048 chrome.exe 1232 chrome.exe 1232 chrome.exe 3804 chrome.exe 3804 chrome.exe 2700 chrome.exe 2700 chrome.exe 2700 chrome.exe 2700 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe 432 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 432 wrote to memory of 2924 432 chrome.exe 79 PID 432 wrote to memory of 2924 432 chrome.exe 79 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2028 432 chrome.exe 80 PID 432 wrote to memory of 2136 432 chrome.exe 81 PID 432 wrote to memory of 2136 432 chrome.exe 81 PID 432 wrote to memory of 2376 432 chrome.exe 82 PID 432 wrote to memory of 2376 432 chrome.exe 82 PID 432 wrote to memory of 2376 432 chrome.exe 82 PID 432 wrote to memory of 2376 432 chrome.exe 82 PID 432 wrote to memory of 2376 432 chrome.exe 82 PID 432 wrote to memory of 2376 432 chrome.exe 82 PID 432 wrote to memory of 2376 432 chrome.exe 82 PID 432 wrote to memory of 2376 432 chrome.exe 82 PID 432 wrote to memory of 2376 432 chrome.exe 82 PID 432 wrote to memory of 2376 432 chrome.exe 82 PID 432 wrote to memory of 2376 432 chrome.exe 82 PID 432 wrote to memory of 2376 432 chrome.exe 82 PID 432 wrote to memory of 2376 432 chrome.exe 82 PID 432 wrote to memory of 2376 432 chrome.exe 82 PID 432 wrote to memory of 2376 432 chrome.exe 82 PID 432 wrote to memory of 2376 432 chrome.exe 82 PID 432 wrote to memory of 2376 432 chrome.exe 82 PID 432 wrote to memory of 2376 432 chrome.exe 82 PID 432 wrote to memory of 2376 432 chrome.exe 82 PID 432 wrote to memory of 2376 432 chrome.exe 82
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://t.co/lPjCcUvP0z1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:432 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a9624f50,0x7ff9a9624f60,0x7ff9a9624f702⤵PID:2924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1684 /prefetch:22⤵PID:2028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2016 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2276 /prefetch:82⤵PID:2376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:12⤵PID:4816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:12⤵PID:1084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4644 /prefetch:82⤵PID:1764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:12⤵PID:2324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4776 /prefetch:82⤵PID:4552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3732 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3300 /prefetch:82⤵PID:4808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4640 /prefetch:82⤵PID:2704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5316 /prefetch:82⤵PID:3212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5500 /prefetch:82⤵PID:204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3944 /prefetch:82⤵PID:376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5464 /prefetch:82⤵PID:4056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5608 /prefetch:82⤵PID:4524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:12⤵PID:4336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:12⤵PID:2252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵PID:4928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵PID:3556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:3476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3820 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:82⤵PID:3100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2760 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3804
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:82⤵PID:4608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3900 /prefetch:82⤵PID:3076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:82⤵PID:4532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5104 /prefetch:82⤵PID:1812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2732 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1128 /prefetch:82⤵PID:3944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3848 /prefetch:82⤵PID:3668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1432 /prefetch:82⤵PID:3608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6080 /prefetch:82⤵PID:4500
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1128 /prefetch:82⤵PID:2496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5716 /prefetch:82⤵PID:396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1128 /prefetch:82⤵PID:1652
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5536 /prefetch:82⤵PID:4412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6236 /prefetch:82⤵PID:2248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=904 /prefetch:82⤵PID:4008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,6220016050853786827,5459697259301401459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6172 /prefetch:82⤵PID:4896
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4752
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s BITS1⤵PID:4908
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\chrome_BITS_432_1216923266\hfnkpimlhhgieaddgfemjhofmfblmnib_7230_all_du5namelytysqd7kah5vangp2y.crx3
Filesize24KB
MD5c2e86e94fc2051249d32fb870b07ad35
SHA1e2b54ff586e074131a011ac2c3150408c24aac21
SHA256112df575b57676b792c441ae4c1625e8c9eb92aac616707991c176ee2ddafd20
SHA512297e26480db75a9a68e40fe6a65d03431be04b371f8daea37c1e232dd7408ad2d15982b75e6a07d8346e4ba7958b26fb989302142d55d81d7e687f36c2184811
-
Filesize
3KB
MD55e2ec48715685943e1d278ead69f5ec9
SHA1a96964084338ebcd2a0375f81777dea88ed2d8d0
SHA25670497f45af368f6d591eb9b93a097b7b56821b0770ee00f04b2f5901487a0421
SHA5126deaf5fd5456d0493cf8731a97e664bad1e7b00ffc73c099fc0df346e9468d450453d3baf10b18e4061a81b7d1f87cac12425ba7b18160a61c8d0318dc1d0122
-
C:\Users\Admin\AppData\Local\Temp\chrome_BITS_432_1435831279\gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.34.0_all_acb7qksdc2wjznjioir7p6lt3dwq.crx3
Filesize37KB
MD5c919be360bcc277412b08aaf36831db4
SHA17c33e8f1f9b245aec0e0e4168a54350615f52d9d
SHA25693823a4e71e764b932ee22dfcf84c24429867a440c5e480e55be527ac30de1ae
SHA512aa82748a902db51d80c6b4c0395d108e1067693d3ef031f599be6f7567bb80d2e76d66932c2e85a6708533e6d1fbbe45c514275be98069fbe887039037038a2c
-
C:\Users\Admin\AppData\Local\Temp\chrome_BITS_432_1749204798\jflookgnkcckhobaglndicnbbgbonegd_2787_all_acgnvv6n3hacb3n4e4czianutfka.crx3
Filesize26KB
MD5fe78c6753cc2bdb3613881d5f32e2b62
SHA1aad2684de63a8a923163082ddfe8d5dd02e94ed2
SHA256a9316b83adecfbb08b86a942afa6a9dd27ac46decf77d0301482e99166d139c0
SHA512613dae6d1a5ce2e77d342f5c450ddffa74e60bd57feac5c49c1fddd622dea351771f64c152030916a5ff1f0125bfd3a49e3a04f998af6330cd283099a6060da5
-
Filesize
111KB
MD5d7d63288830d5930f435d6841de6de5a
SHA1a2afc39ac8fd17fa88030ba8b48d9d8ee93c24d5
SHA256c64c9c1008f3ba5f6e18b3ca524bc98dcd8acfae0a2720a8f1f3ef0f8d643d05
SHA512d4d85fd16a291474f99a6fa9cc76d5432f5865fa0d76e4185ff5ab775045122cdab771e88da8fc317a059ab901373644b2e7251d31c4fa2c389d9b7584351e20
-
C:\Users\Admin\AppData\Local\Temp\chrome_BITS_432_835957932\ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.3.14.1147_all_adu2ewrzm5fugsecmuxlx655fijq.crx3
Filesize9KB
MD5c7709a43f101c22828967a56a0d3a1de
SHA19165a4b834d3cf833187850684f3959bc1fec871
SHA256bfa1a6198e6ca1d70da66818e4de60ea78606520ef33ece1433eb5a3402560e9
SHA51234d4b303f27e7e80e21e9bc361fa682b25e3fcfe0145aba3cef1b1a2df3c7c0d36fa301d17cf73a1bb51cf734d7ee2e88a1b1643f6de83997916d20b159d9312