579bf873590af56142934f258cf8b67e978c5ab88c3587728bcbe5d1eb01b27f

Analysis

max time kernel
149s
max time network
152s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
08-02-2023 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WES.png
Size

610KB
MD5

10b6555ed6ddf419aba45135cf161531
SHA1

ee8285354275ba53404f5fe6c3de09208474874f
SHA256

579bf873590af56142934f258cf8b67e978c5ab88c3587728bcbe5d1eb01b27f
SHA512

35677447af0f3709389ca05fbf1de84230be337e64b7b0e30e588dc1ae7ecb1272c6c8b870ce1f6edbbd766f67d6b3a13a8baca04d9e3f39519dbba6397b2cbe
SSDEEP

12288:ufy+e+rcJ+0pOJLBXDi86XcQHpXgRq3pukYDbdNhbiNSF0z/n:uf6+0pOJLBl6XcQJL+dLJ2zn

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
284	chrome.exe
1096	chrome.exe
1096	chrome.exe
2540	chrome.exe
2532	chrome.exe
2844	chrome.exe
1096	chrome.exe
2920	chrome.exe
1096	chrome.exe
1096	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1992	rundll32.exe
1992	rundll32.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 1484	1096	chrome.exe	29
PID 1096 wrote to memory of 1484	1096	chrome.exe	29
PID 1096 wrote to memory of 1484	1096	chrome.exe	29
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 296	1096	chrome.exe	30
PID 1096 wrote to memory of 284	1096	chrome.exe	31
PID 1096 wrote to memory of 284	1096	chrome.exe	31
PID 1096 wrote to memory of 284	1096	chrome.exe	31
PID 1096 wrote to memory of 1860	1096	chrome.exe	32
PID 1096 wrote to memory of 1860	1096	chrome.exe	32
PID 1096 wrote to memory of 1860	1096	chrome.exe	32
PID 1096 wrote to memory of 1860	1096	chrome.exe	32
PID 1096 wrote to memory of 1860	1096	chrome.exe	32
PID 1096 wrote to memory of 1860	1096	chrome.exe	32
PID 1096 wrote to memory of 1860	1096	chrome.exe	32
PID 1096 wrote to memory of 1860	1096	chrome.exe	32
PID 1096 wrote to memory of 1860	1096	chrome.exe	32
PID 1096 wrote to memory of 1860	1096	chrome.exe	32
PID 1096 wrote to memory of 1860	1096	chrome.exe	32
PID 1096 wrote to memory of 1860	1096	chrome.exe	32
PID 1096 wrote to memory of 1860	1096	chrome.exe	32
PID 1096 wrote to memory of 1860	1096	chrome.exe	32
PID 1096 wrote to memory of 1860	1096	chrome.exe	32
PID 1096 wrote to memory of 1860	1096	chrome.exe	32
PID 1096 wrote to memory of 1860	1096	chrome.exe	32

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\WES.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:1992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7234f50,0x7fef7234f60,0x7fef7234f70
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1100 /prefetch:2
  2⤵
  PID:296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1720 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2132 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3264 /prefetch:2
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3512 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3620 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3884 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3900 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3928 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4208 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4180 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4192 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4256 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4272 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4236 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1112 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2716
- - C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x13c,0x140,0x144,0x110,0x148,0x13fa0a890,0x13fa0a8a0,0x13fa0a8b0
    3⤵
    PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1732 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4548 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1092,18255002196237612809,16801112840478605853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1488 /prefetch:8
  2⤵
  PID:3040

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\SetupMetrics\20230208044442.pma

Filesize
488B

MD5
6d971ce11af4a6a93a4311841da1a178

SHA1
cbfdbc9b184f340cbad764abc4d8a31b9c250176

SHA256
338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

SHA512
c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

Download Submit
memory/1992-54-0x000007FEFC361000-0x000007FEFC363000-memory.dmp

Filesize
8KB

Download
memory/2716-56-0x0000000000000000-mapping.dmp

Download
memory/2776-57-0x0000000000000000-mapping.dmp

Download