Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
02-03-2023 06:12
General
-
Target
fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe
-
Size
1.4MB
-
MD5
2dafde8db9931b339d3c4e02211d1510
-
SHA1
de7784c8b122b3a0cede985a4f016c8d1dd2a291
-
SHA256
fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1
-
SHA512
66bfa9c229f5a83f21f8b94bd5403317991a25a1b4691445bf8fbeb73a0846a8ca51b9bb2e8b708f82c6c346ab8e00f5cbd347da984086433b2137f14e6cc920
-
SSDEEP
24576:qGU0HpRGUYHKaPUM0Hqy69NgA+iVvRuPpND5TqJ6y5eXt7dRXj5hjSU:ppEUIvU0N9jkpjweXt77z5td
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Drops file in Program Files directory 10 IoCs
Processes:
fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exedescription ioc Process File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe File opened for modification C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Kills process with taskkill 1 IoCs
Processes:
taskkill.exepid Process 4856 taskkill.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133222147826372357" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid Process 4212 chrome.exe 4212 chrome.exe 2008 chrome.exe 2008 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
chrome.exepid Process 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exetaskkill.exechrome.exedescription pid Process Token: SeCreateTokenPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeAssignPrimaryTokenPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeLockMemoryPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeIncreaseQuotaPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeMachineAccountPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeTcbPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeSecurityPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeTakeOwnershipPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeLoadDriverPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeSystemProfilePrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeSystemtimePrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeProfSingleProcessPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeIncBasePriorityPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeCreatePagefilePrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeCreatePermanentPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeBackupPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeRestorePrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeShutdownPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeDebugPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeAuditPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeSystemEnvironmentPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeChangeNotifyPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeRemoteShutdownPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeUndockPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeSyncAgentPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeEnableDelegationPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeManageVolumePrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeImpersonatePrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeCreateGlobalPrivilege 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: 31 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: 32 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: 33 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: 34 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: 35 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe Token: SeDebugPrivilege 4856 taskkill.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid Process 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid Process 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.execmd.exechrome.exedescription pid Process procid_target PID 4508 wrote to memory of 4840 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe 86 PID 4508 wrote to memory of 4840 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe 86 PID 4508 wrote to memory of 4840 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe 86 PID 4840 wrote to memory of 4856 4840 cmd.exe 88 PID 4840 wrote to memory of 4856 4840 cmd.exe 88 PID 4840 wrote to memory of 4856 4840 cmd.exe 88 PID 4508 wrote to memory of 4212 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe 98 PID 4508 wrote to memory of 4212 4508 fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe 98 PID 4212 wrote to memory of 2640 4212 chrome.exe 99 PID 4212 wrote to memory of 2640 4212 chrome.exe 99 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 2220 4212 chrome.exe 100 PID 4212 wrote to memory of 3904 4212 chrome.exe 101 PID 4212 wrote to memory of 3904 4212 chrome.exe 101 PID 4212 wrote to memory of 2840 4212 chrome.exe 102 PID 4212 wrote to memory of 2840 4212 chrome.exe 102 PID 4212 wrote to memory of 2840 4212 chrome.exe 102 PID 4212 wrote to memory of 2840 4212 chrome.exe 102 PID 4212 wrote to memory of 2840 4212 chrome.exe 102 PID 4212 wrote to memory of 2840 4212 chrome.exe 102 PID 4212 wrote to memory of 2840 4212 chrome.exe 102 PID 4212 wrote to memory of 2840 4212 chrome.exe 102 PID 4212 wrote to memory of 2840 4212 chrome.exe 102 PID 4212 wrote to memory of 2840 4212 chrome.exe 102 PID 4212 wrote to memory of 2840 4212 chrome.exe 102 PID 4212 wrote to memory of 2840 4212 chrome.exe 102 PID 4212 wrote to memory of 2840 4212 chrome.exe 102 PID 4212 wrote to memory of 2840 4212 chrome.exe 102
Processes
-
C:\Users\Admin\AppData\Local\Temp\fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe"C:\Users\Admin\AppData\Local\Temp\fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4508 -
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im chrome.exe2⤵
- Suspicious use of WriteProcessMemory
PID:4840 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im chrome.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4856
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4212 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2a5b9758,0x7ffa2a5b9768,0x7ffa2a5b97783⤵PID:2640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1828,i,15013634801755267601,9054904459143354493,131072 /prefetch:23⤵PID:2220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1828,i,15013634801755267601,9054904459143354493,131072 /prefetch:83⤵PID:3904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1828,i,15013634801755267601,9054904459143354493,131072 /prefetch:83⤵PID:2840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3172 --field-trial-handle=1828,i,15013634801755267601,9054904459143354493,131072 /prefetch:13⤵PID:4928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3296 --field-trial-handle=1828,i,15013634801755267601,9054904459143354493,131072 /prefetch:13⤵PID:3472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3808 --field-trial-handle=1828,i,15013634801755267601,9054904459143354493,131072 /prefetch:13⤵PID:3632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4780 --field-trial-handle=1828,i,15013634801755267601,9054904459143354493,131072 /prefetch:13⤵PID:4448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4976 --field-trial-handle=1828,i,15013634801755267601,9054904459143354493,131072 /prefetch:83⤵PID:4812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4984 --field-trial-handle=1828,i,15013634801755267601,9054904459143354493,131072 /prefetch:83⤵PID:1696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 --field-trial-handle=1828,i,15013634801755267601,9054904459143354493,131072 /prefetch:83⤵PID:3648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 --field-trial-handle=1828,i,15013634801755267601,9054904459143354493,131072 /prefetch:83⤵PID:4012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 --field-trial-handle=1828,i,15013634801755267601,9054904459143354493,131072 /prefetch:83⤵PID:548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5700 --field-trial-handle=1828,i,15013634801755267601,9054904459143354493,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:2008
-
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4668
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
786B
MD59ffe618d587a0685d80e9f8bb7d89d39
SHA18e9cae42c911027aafae56f9b1a16eb8dd7a739c
SHA256a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e
SHA512a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12
-
Filesize
6KB
MD5362695f3dd9c02c83039898198484188
SHA185dcacc66a106feca7a94a42fc43e08c806a0322
SHA25640cfea52dbc50a8a5c250c63d825dcaad3f76e9588f474b3e035b587c912f4ca
SHA512a04dc31a6ffc3bb5d56ba0fb03ecf93a88adc7193a384313d2955701bd99441ddf507aa0ddfc61dfc94f10a7e571b3d6a35980e61b06f98dd9eee424dc594a6f
-
Filesize
13KB
MD54ff108e4584780dce15d610c142c3e62
SHA177e4519962e2f6a9fc93342137dbb31c33b76b04
SHA256fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a
SHA512d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2
-
Filesize
20KB
MD5e570204fc9216f93ab1c0d9807e5ae3b
SHA15944b1d7da22d12df527d8a709a50a170bebc10d
SHA2561cb7da258fb5d7929cff698a8dacd3902137de715065dbf0c1f1cb9865d61351
SHA512ecfec5da4d20ff087a613c44a305aca8de4236c2999d32b5dc20b8ea0087a483ee3b3b788d6a3289e63ed88e7ade7804b168b95b6446a166d47258883d326741
-
Filesize
3KB
MD5c31f14d9b1b840e4b9c851cbe843fc8f
SHA1205e3a99dc6c0af0e2f4450ebaa49ebde8e76bb4
SHA25603601415885fd5d8967c407f7320d53f4c9ca2ec33bbe767d73a1589c5e36c54
SHA5122c3d7ed5384712a0013a2ebbc526e762f257e32199651192742282a9641946b6aea6235d848b1e8cb3b0f916f85d3708a14717a69cbcf081145bc634d11d75aa
-
Filesize
84KB
MD5a09e13ee94d51c524b7e2a728c7d4039
SHA10dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
SHA256160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
SHA512f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a
-
Filesize
604B
MD523231681d1c6f85fa32e725d6d63b19b
SHA1f69315530b49ac743b0e012652a3a5efaed94f17
SHA25603164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a
SHA51236860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2
-
Filesize
268B
MD50f26002ee3b4b4440e5949a969ea7503
SHA131fc518828fe4894e8077ec5686dce7b1ed281d7
SHA256282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d
SHA5124290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11
-
Filesize
1KB
MD505bfb082915ee2b59a7f32fa3cc79432
SHA1c1acd799ae271bcdde50f30082d25af31c1208c3
SHA25604392a223cc358bc79fcd306504e8e834d6febbff0f3496f2eb8451797d28aa1
SHA5126feea1c8112ac33d117aef3f272b1cc42ec24731c51886ed6f8bc2257b91e4d80089e8ca7ce292cc2f39100a7f662bcc5c37e5622a786f8dc8ea46b8127152f3
-
Filesize
2KB
MD5d9b9c143277a2086543c7214d25b447a
SHA1ae2d4bd42069231fcbff681a52a4a3eff013554f
SHA256c1698a0b5e9995667cd074659b1c1f3c50a0fbebf189ae64eb9fcd801004c9d3
SHA51250329aa915aed2d156411e193ce6ae3a4d3becf9be7885b74dd077ec944f77e03f9f00647565bcc987c6a727b71b4e0226eb8cac125b96029e68cc3300288063
-
Filesize
872B
MD5dcda08764b9770e547a4a40e26e674fa
SHA11efdcd4d82ccfbb3acfbd27a24c92139baa19d94
SHA256f6afab84ce992f3dff8103cd15742bd63b9fbf57f3bc07a06f88906f1c03ec25
SHA512395e0bcd2c2349f5938609a4980a8ee6cf70af5ecc18f64e36145b4547db4e42781ff103678c7b233bdad3e8a147db8400ed8c57e3f0e49f08162bda7318d483
-
Filesize
866B
MD575bf7b014aeee2cb3e4a604832ec3a0d
SHA10daadb3b20c564f223139165e798e2b74c6a21e6
SHA25661721a8fde0ec65c06c99f83d41be29f8a1ac6d58f20d897700c1e9a3f23a4bc
SHA5127505c07e72e6f376c838d4bca4619c42535eb61f80285eba96c07d8deb713acd595141c457e10c242183226fca65fbb00aca6a6cb33e7c6cc11ea25334670ae2
-
Filesize
872B
MD5d055bf75cabe81b5e25d8df515e7d9f2
SHA15679d53b8d694ccb52a408fc12808848f6330f62
SHA25676c05805fab3a329b50745e45684615657cd3ff3e1288ba631b6db660de0f7b6
SHA512b32722d5412fa35aa12cf436be253490770b583337f021dcc9b498fad6b8f258dce7797d1d285258cae6221e14568c88276b334628522e492123fa4903b63b39
-
Filesize
866B
MD5b53cf9495bedbb0785999410ef794511
SHA122fb58d365a4c05948f4139905e244501a90d7a3
SHA256430abddfee8027039a27d893032a3a344fd395340b5aae5b9bd2c65655430e0b
SHA512fb8ad023ac612790862eee897c6c5f62801ae0aadb2d0a3b55b4a44ebb8c04615497935910a81f392171dffd7ca403b77706ebfc9ae0f3bbd0bb2c4a4d4a218e
-
Filesize
6KB
MD56da695c96c10d6f60a831702580a8496
SHA128aa92f0fa67f3ff975e884e6c90e7f87f64e4c9
SHA2565df7396e63008fca9132971759aa30d969ee8d3424e78e2166d4b6e56419760d
SHA51297390eca3de8e225847749a254b6175b60e8ac20d220418264f4796c42a0f224f81e58b457b8f791d13eed986fd1bc161ab91eec630c1b848052fa865bd03d94
-
Filesize
6KB
MD507de8d23f5b9bfe12f6160194e55c626
SHA1f9bc8bdc41ac6e163d9a646e579b8c58f57fc8a7
SHA2567f774ee15fb9aba8751b837430e924b47e7e4c9874b364c1004db93d516a9c65
SHA5124a6206ae6d48bca950a6c83d677b4e09ff29e1e97a647a0a386cba0bab9e19f80d7c5da923fb54e2e6cba8d68e05edc18416b441831f0164aabd94af9bc6ff5b
-
Filesize
16KB
MD56065f2f2841e056b648742b96f23533c
SHA1ff00abfc1427177624cc4bf0ada3e0d082f02141
SHA25632aba359f1b91e23a972b738c9d8132d001743afc653bda5a0adeab1648ab78a
SHA51287a5d64fdca9cbacb8fdc031db31ac4825e6df7951bdf1652516379404f3aa13ff94578e8887623fd00c358a3c58c81dd0d6d85699482599f7599e05e21fbd76
-
Filesize
16KB
MD54958dd95d1408704fc3e6950cb8f4a90
SHA1bea94744e1a107298f1ebdb890df04ffa84c2a4c
SHA256256b00eedbc48c44282e00410944ce1d074b9088b8402a4ce436056ecf8feba7
SHA512886c6ea3288a10b9f4509781117e72d3ecaa7b5fb9ccd91331631a6e2b0e2fb8703579cee72febf6c64069abd6b6db959473a48c8d9f1f14bdbf94077b8e7815
-
Filesize
142KB
MD565c160736a69efd2e36f79d75c2843fa
SHA19204542014ce744f5e51b58e44e4d46f9566b048
SHA256277b859b0d51b25ddc4f5633da07a5b88518ab9b86c56025b0fa9bd09380fb49
SHA5129e2932a8c11113b9e8178912cdeac8a8e7efc3657b2fb46b757871a79ee6c9f1c4d63f97c240a33691e025e92878196115a5e92136b481615aa3c9da2f3c26e0
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e