Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
03-03-2023 15:30
Behavioral task
behavioral1
Sample
18669b21194b03105d0a9145635a1ce6.exe
Resource
win7-20230220-en
General
-
Target
18669b21194b03105d0a9145635a1ce6.exe
-
Size
1.4MB
-
MD5
18669b21194b03105d0a9145635a1ce6
-
SHA1
59d361b172cfb610aeef1e0ab6e2546b40aaf1f4
-
SHA256
d9d2ad004f71ee5e3dc5f0170b74a961fc5df4e187ea03a11788ed30a1a8230a
-
SHA512
0dff9b45ddbd0a80e05d3194f645a5f38c165ab904e01eb566a1406823c80c78ba0e39e7e81975299951d482ec31cf7514a3c2afd997b2bc656f6cd846be69d8
-
SSDEEP
24576:PGU0HpRGUYHKaPUM0Hqy69NgA+iVvRuPpND5TqJ6y5eXt7dRfj5h6SY:OpEUIvU0N9jkpjweXt77L5MF
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in Program Files directory 10 IoCs
Processes:
18669b21194b03105d0a9145635a1ce6.exedescription ioc Process File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js 18669b21194b03105d0a9145635a1ce6.exe File opened for modification C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js 18669b21194b03105d0a9145635a1ce6.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html 18669b21194b03105d0a9145635a1ce6.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png 18669b21194b03105d0a9145635a1ce6.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js 18669b21194b03105d0a9145635a1ce6.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js 18669b21194b03105d0a9145635a1ce6.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js 18669b21194b03105d0a9145635a1ce6.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js 18669b21194b03105d0a9145635a1ce6.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js 18669b21194b03105d0a9145635a1ce6.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json 18669b21194b03105d0a9145635a1ce6.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Kills process with taskkill 1 IoCs
Processes:
taskkill.exepid Process 1908 taskkill.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133223346304169651" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
chrome.exechrome.exepid Process 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 3344 chrome.exe 3344 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
chrome.exepid Process 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
18669b21194b03105d0a9145635a1ce6.exetaskkill.exechrome.exedescription pid Process Token: SeCreateTokenPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeAssignPrimaryTokenPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeLockMemoryPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeIncreaseQuotaPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeMachineAccountPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeTcbPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeSecurityPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeTakeOwnershipPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeLoadDriverPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeSystemProfilePrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeSystemtimePrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeProfSingleProcessPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeIncBasePriorityPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeCreatePagefilePrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeCreatePermanentPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeBackupPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeRestorePrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeShutdownPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeDebugPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeAuditPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeSystemEnvironmentPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeChangeNotifyPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeRemoteShutdownPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeUndockPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeSyncAgentPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeEnableDelegationPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeManageVolumePrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeImpersonatePrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeCreateGlobalPrivilege 1376 18669b21194b03105d0a9145635a1ce6.exe Token: 31 1376 18669b21194b03105d0a9145635a1ce6.exe Token: 32 1376 18669b21194b03105d0a9145635a1ce6.exe Token: 33 1376 18669b21194b03105d0a9145635a1ce6.exe Token: 34 1376 18669b21194b03105d0a9145635a1ce6.exe Token: 35 1376 18669b21194b03105d0a9145635a1ce6.exe Token: SeDebugPrivilege 1908 taskkill.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid Process 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid Process 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
18669b21194b03105d0a9145635a1ce6.execmd.exechrome.exedescription pid Process procid_target PID 1376 wrote to memory of 4040 1376 18669b21194b03105d0a9145635a1ce6.exe 86 PID 1376 wrote to memory of 4040 1376 18669b21194b03105d0a9145635a1ce6.exe 86 PID 1376 wrote to memory of 4040 1376 18669b21194b03105d0a9145635a1ce6.exe 86 PID 4040 wrote to memory of 1908 4040 cmd.exe 88 PID 4040 wrote to memory of 1908 4040 cmd.exe 88 PID 4040 wrote to memory of 1908 4040 cmd.exe 88 PID 1376 wrote to memory of 5112 1376 18669b21194b03105d0a9145635a1ce6.exe 92 PID 1376 wrote to memory of 5112 1376 18669b21194b03105d0a9145635a1ce6.exe 92 PID 5112 wrote to memory of 3440 5112 chrome.exe 94 PID 5112 wrote to memory of 3440 5112 chrome.exe 94 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 1564 5112 chrome.exe 95 PID 5112 wrote to memory of 4516 5112 chrome.exe 96 PID 5112 wrote to memory of 4516 5112 chrome.exe 96 PID 5112 wrote to memory of 2356 5112 chrome.exe 97 PID 5112 wrote to memory of 2356 5112 chrome.exe 97 PID 5112 wrote to memory of 2356 5112 chrome.exe 97 PID 5112 wrote to memory of 2356 5112 chrome.exe 97 PID 5112 wrote to memory of 2356 5112 chrome.exe 97 PID 5112 wrote to memory of 2356 5112 chrome.exe 97 PID 5112 wrote to memory of 2356 5112 chrome.exe 97 PID 5112 wrote to memory of 2356 5112 chrome.exe 97 PID 5112 wrote to memory of 2356 5112 chrome.exe 97 PID 5112 wrote to memory of 2356 5112 chrome.exe 97 PID 5112 wrote to memory of 2356 5112 chrome.exe 97 PID 5112 wrote to memory of 2356 5112 chrome.exe 97 PID 5112 wrote to memory of 2356 5112 chrome.exe 97 PID 5112 wrote to memory of 2356 5112 chrome.exe 97
Processes
-
C:\Users\Admin\AppData\Local\Temp\18669b21194b03105d0a9145635a1ce6.exe"C:\Users\Admin\AppData\Local\Temp\18669b21194b03105d0a9145635a1ce6.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1376 -
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im chrome.exe2⤵
- Suspicious use of WriteProcessMemory
PID:4040 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im chrome.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1908
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5112 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c35f9758,0x7ff9c35f9768,0x7ff9c35f97783⤵PID:3440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:23⤵PID:1564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:83⤵PID:4516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1796 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:83⤵PID:2356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3192 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:13⤵PID:4688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3220 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:13⤵PID:1688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3820 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:13⤵PID:4240
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4952 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:13⤵PID:5028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5172 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:83⤵PID:3892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5328 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:83⤵PID:2672
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4816 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:83⤵PID:1424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:83⤵PID:2248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:83⤵PID:2328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:83⤵PID:2248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:83⤵PID:2780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:3344
-
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4216
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
786B
MD59ffe618d587a0685d80e9f8bb7d89d39
SHA18e9cae42c911027aafae56f9b1a16eb8dd7a739c
SHA256a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e
SHA512a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12
-
Filesize
6KB
MD5362695f3dd9c02c83039898198484188
SHA185dcacc66a106feca7a94a42fc43e08c806a0322
SHA25640cfea52dbc50a8a5c250c63d825dcaad3f76e9588f474b3e035b587c912f4ca
SHA512a04dc31a6ffc3bb5d56ba0fb03ecf93a88adc7193a384313d2955701bd99441ddf507aa0ddfc61dfc94f10a7e571b3d6a35980e61b06f98dd9eee424dc594a6f
-
Filesize
13KB
MD54ff108e4584780dce15d610c142c3e62
SHA177e4519962e2f6a9fc93342137dbb31c33b76b04
SHA256fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a
SHA512d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2
-
Filesize
20KB
MD55808438679a312920a780a7dabe84442
SHA1aa9947a2bdd00ebe503c5444bdd5cb3938c2f0fc
SHA256eb4c53d4c6b9202e02e5c89a8f82b791c0a99e0e648070f500c0b2e2a0227924
SHA512cd4cb9c01cb3eac557c5436cdd7a8c454990ce2c724fd973fa8885e38dd221b0bcfb179587c9f1c7ecc414cc94a7a858528f580d1e8af3684f530764fc6074c1
-
Filesize
3KB
MD5c31f14d9b1b840e4b9c851cbe843fc8f
SHA1205e3a99dc6c0af0e2f4450ebaa49ebde8e76bb4
SHA25603601415885fd5d8967c407f7320d53f4c9ca2ec33bbe767d73a1589c5e36c54
SHA5122c3d7ed5384712a0013a2ebbc526e762f257e32199651192742282a9641946b6aea6235d848b1e8cb3b0f916f85d3708a14717a69cbcf081145bc634d11d75aa
-
Filesize
84KB
MD5a09e13ee94d51c524b7e2a728c7d4039
SHA10dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
SHA256160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
SHA512f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a
-
Filesize
604B
MD523231681d1c6f85fa32e725d6d63b19b
SHA1f69315530b49ac743b0e012652a3a5efaed94f17
SHA25603164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a
SHA51236860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2
-
Filesize
268B
MD50f26002ee3b4b4440e5949a969ea7503
SHA131fc518828fe4894e8077ec5686dce7b1ed281d7
SHA256282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d
SHA5124290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11
-
Filesize
1KB
MD505bfb082915ee2b59a7f32fa3cc79432
SHA1c1acd799ae271bcdde50f30082d25af31c1208c3
SHA25604392a223cc358bc79fcd306504e8e834d6febbff0f3496f2eb8451797d28aa1
SHA5126feea1c8112ac33d117aef3f272b1cc42ec24731c51886ed6f8bc2257b91e4d80089e8ca7ce292cc2f39100a7f662bcc5c37e5622a786f8dc8ea46b8127152f3
-
Filesize
2KB
MD52a84351267d11d034504245817898df0
SHA1aa9a5493811b03f2b1b2afdcba11cc866ac0b7f6
SHA256a1fb0910f46a11d25cd0e4c0cde0ff8a7501d982b42fc00312149df1026ca5bc
SHA5122c0ec928d5d8b31cbf842e067c8a929720a220796d203806f6a6e8560dbfb8762abd7062fc3d43cebaa86aced0ff6599739accb420221df381606b5c3d9aa867
-
Filesize
2KB
MD51ea4ca4555e9d222621c64cf9413b47d
SHA1c232371b2cfcda6f0afd2ecb5872c7de6d402f36
SHA256d0ee830fcb66f58ebb5242e77c660cbb00ef1c448bde0a1ae147c9585bdd4e3b
SHA512b4ce4ecf5609ceac058c2e2bf37d4ba57cabbe86fb608f743375c9c46771c5e479ad170b8985d29e7b62a6e011fa4adad4e65c306e85a0bb3a07b4ef896892c8
-
Filesize
874B
MD5c5172952680816814eb6d952430b17b6
SHA1affaf4e1873f6eef451197857e0ca00cf306b8f1
SHA256acf266fefd71e8c9077ff671e63aa62e063ae020915300cbc07587dd089d8550
SHA5129f84821e315192b3eac72e108b93a4699eabf78822b48fb9f855755239843f1167b1a171f167a16e34e3c1e6c5ea6313c8e6c6310a82723dcdbf8df4e47fdd75
-
Filesize
874B
MD5477102decebb012b7843a55d186c82e2
SHA1e92b514ffd045caf3ce1ab02cbfd09582c68cfdc
SHA256a624a6e0ba688fdba191d7ea3f68d2fe5d9802460d5a749c4d00b35f9deed4f3
SHA5124a4ccabcf43fb95742d8546139ba07806be4340f4da691e21d13781b3a0da1831e92bb031e0d7d836e003298034093a3e6c93596b69fe57d89d3ff37aed37794
-
Filesize
874B
MD5012fcd374ef751d5b9719b89a7f23605
SHA1a41bbeb6151150698ab1e913ac8315234092c7ed
SHA256977721a53e402d8040027e84a79fb581962cd74c5c5f2094d145fc88e19656e1
SHA5126c53f749e61211bc7303357a6882a18aadfae170e36e62328de5ba0140b9068a8cef1dfb1f126082fc606996c4a90cb57fd2a5f6b16439fee32d5a6babf0c1d9
-
Filesize
874B
MD5cfaa9827c74a250e475d947bcbf4602d
SHA12fc8fae01198d3a7f0201ed10d6328493fa4bca5
SHA256a99fa24dbd03cd26564a0a1b88c92a031e18e1685edb77d4586135dfa738ba3f
SHA51295514de2a0647399a96e30a80bfda065facaec3e74d2dc0090e18b399357ce611060ae085c4fe268a2e3801b89bab3ebcc646c69aaa3632324f5b069c340af4c
-
Filesize
6KB
MD5d43e68c93c3b557d0cb3250205c6b1c9
SHA1e2e51e1522ec96f5b715844d1a006a2639d0e941
SHA2563f0687267440bfbcda495e47b897880f2b14ed98d0ab9a8770871d07ffc36c7e
SHA512f98dcd4abaa47f7a966b88502ac3a82d0a0b3378e16068490d6d1b0abcf3687f98e62ec47fafbf47e7cbc2c38e1fb9443425e4a22c01551a6b871ea955f44f37
-
Filesize
6KB
MD5a8d28b843849ba5e0fec1a15a8e61233
SHA16d9184ace2acb8c4b0249a952d5b82bbadf931da
SHA25611ed6f455185c7f091923bf73aca0f8f3e41fbb40d87e08a7cef118f55c495a3
SHA51210a6d2524b546580f30bd3025a95bb525560f311b11758c1c82b7fa8b5efc3a302a68501eee6726382df2db558aa875fe6b67b191aa478aed7b9a1c165b4917c
-
Filesize
16KB
MD51cb8a8299921d6e0c6aebf0d6d422bda
SHA184772e39f1361d103801faaeea9ba09a66d0ed2a
SHA2566130dcd359cad8069de8f4b0dbfcccc8489af3e4be81cfa1862f6276e4172e33
SHA51262069d87faf3568de4efff4512b088b9b9bc35816818d44c205ac95d6142102be664fd3fe929960548c420940c05b68bf238dadd8ac123b6334a2cb378e560f1
-
Filesize
16KB
MD5de1a50c087a4145153b94d9a64525ea9
SHA1b31dd207dc145767b8e1b6223dd8ff7cb865ffaf
SHA256666ab78a43cb840dae76643598ea96d5c984c4d68b005d323a26c5bbc80ec2f6
SHA51236fdc080f52ea2b69d2578dde1187281c6b79c230d8bb81cb5736085ded88f9e739908fe30d13756a6d67b0c0466fbc92114266e40941f42285e4c11ce6fcd07
-
Filesize
144KB
MD5d443c5bfc7844ba414e3770fb082b086
SHA132f9e1b3196518f0730d0fe96c4399b85f51ad8c
SHA256ce4442171ec2d778ed6ce08933390aa88c619e914ef683c03e988b1f0ae3d143
SHA512923764b2c9b9aa2b8455294878f10fc79068de78ff340570f962bd05e87a7a87c12e44d9db8d8460a3b14726225a912980d96778048e23eda325bcf45a95e834
-
Filesize
72KB
MD5dca3768d1fd90ce7318d7f935a4ec2bf
SHA1ee0c332158c3016ef4a9eae837a98dc629a2d191
SHA256812a31ab7f96dc3430b7f589b8fc5418df82e3f00b2b6871ac0943e9aaebdf45
SHA51239098d0d2d4589f3bf586eebfc229d7ea59399c170a4a1a0819fa34a4f89821169f355118b060ef446dcbe0dec654a12a7e7e2d7b97986655c3f4f0a19c542f1
-
Filesize
144KB
MD531763a4b3ffd76ece11c18bb9e4ed782
SHA18c391e46c7e0882ba191350861ecaae7550ff628
SHA25673d022a65085b7f0d7a4ee4cdd3e4a2241d05812bee642f377d86232b8ad9ae9
SHA512b9f434d3d67c6d3a27d68181a6965c3550b602c966e32adb0cdc0613f0f908e77699d3704a1e9c2c63050828e790d4c3de9698aef2c77b21d1f6f655cbfb231f
-
Filesize
143KB
MD5f37ef021e8dade91ebcd4d6357bd2fd7
SHA14d49fbb377a3936be1864d5a70e562c34c87acec
SHA256b5ff2a0eb109993cc50a048da5448132994d1d346a49d4ca379e4324925c6f9a
SHA5124c414d50d12b3882dcb579fcc648c7964b2ed9b350459217763e8bb7c3f0bd50848b7ba09419bcb3f350ccd4c2ed80d3f81e59db9a3ffa0b6d172768c484e62d
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e