Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
07-04-2023 06:42
General
-
Target
139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe
-
Size
1.4MB
-
MD5
4ea1779438a698926ca67bb63a8ebfc1
-
SHA1
7b1d01ddc1c8be2601d592ffb7ee0f74a99a8785
-
SHA256
139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183
-
SHA512
d23109a77888980361f251cc6f74fb348f034b881dc80934bafc99142e13a8d90ec5d9da102ec80a31ae5504d6f259eee8bb3bea163d39a2145ecfcaaab1df30
-
SSDEEP
24576:dGU0HpRGUYHKaPUM0Hqy69NgA+iVvRuPpND5TqJ6y5eXt7dRvv5h/ST:ApEUIvU0N9jkpjweXt7735lm
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Drops file in Program Files directory 10 IoCs
Processes:
139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exedescription ioc process File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe File opened for modification C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Kills process with taskkill 1 IoCs
Processes:
taskkill.exepid process 2940 taskkill.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133253305471252420" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
chrome.exechrome.exepid process 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 1868 chrome.exe 1868 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
chrome.exepid process 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exetaskkill.exechrome.exedescription pid process Token: SeCreateTokenPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeAssignPrimaryTokenPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeLockMemoryPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeIncreaseQuotaPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeMachineAccountPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeTcbPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeSecurityPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeTakeOwnershipPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeLoadDriverPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeSystemProfilePrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeSystemtimePrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeProfSingleProcessPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeIncBasePriorityPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeCreatePagefilePrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeCreatePermanentPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeBackupPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeRestorePrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeShutdownPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeDebugPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeAuditPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeSystemEnvironmentPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeChangeNotifyPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeRemoteShutdownPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeUndockPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeSyncAgentPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeEnableDelegationPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeManageVolumePrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeImpersonatePrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeCreateGlobalPrivilege 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: 31 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: 32 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: 33 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: 34 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: 35 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe Token: SeDebugPrivilege 2940 taskkill.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.execmd.exechrome.exedescription pid process target process PID 3336 wrote to memory of 2040 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe cmd.exe PID 3336 wrote to memory of 2040 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe cmd.exe PID 3336 wrote to memory of 2040 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe cmd.exe PID 2040 wrote to memory of 2940 2040 cmd.exe taskkill.exe PID 2040 wrote to memory of 2940 2040 cmd.exe taskkill.exe PID 2040 wrote to memory of 2940 2040 cmd.exe taskkill.exe PID 3336 wrote to memory of 4664 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe chrome.exe PID 3336 wrote to memory of 4664 3336 139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe chrome.exe PID 4664 wrote to memory of 4940 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 4940 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 1604 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 4688 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 4688 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 388 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 388 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 388 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 388 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 388 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 388 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 388 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 388 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 388 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 388 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 388 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 388 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 388 4664 chrome.exe chrome.exe PID 4664 wrote to memory of 388 4664 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe"C:\Users\Admin\AppData\Local\Temp\139f9bf459122ddc85645cd3528a68d3afaab47502c2ec32595d7f21ac1fc183.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3336 -
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im chrome.exe2⤵
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im chrome.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2940 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4664 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffc3e439758,0x7ffc3e439768,0x7ffc3e4397783⤵PID:4940
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1832,i,10102581132479328819,6617001768047310955,131072 /prefetch:23⤵PID:1604
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1832,i,10102581132479328819,6617001768047310955,131072 /prefetch:83⤵PID:4688
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1832,i,10102581132479328819,6617001768047310955,131072 /prefetch:83⤵PID:388
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3212 --field-trial-handle=1832,i,10102581132479328819,6617001768047310955,131072 /prefetch:13⤵PID:3936
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3344 --field-trial-handle=1832,i,10102581132479328819,6617001768047310955,131072 /prefetch:13⤵PID:2812
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3948 --field-trial-handle=1832,i,10102581132479328819,6617001768047310955,131072 /prefetch:13⤵PID:4364
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4792 --field-trial-handle=1832,i,10102581132479328819,6617001768047310955,131072 /prefetch:13⤵PID:1332
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1832,i,10102581132479328819,6617001768047310955,131072 /prefetch:83⤵PID:2028
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5268 --field-trial-handle=1832,i,10102581132479328819,6617001768047310955,131072 /prefetch:83⤵PID:5044
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5140 --field-trial-handle=1832,i,10102581132479328819,6617001768047310955,131072 /prefetch:83⤵PID:5048
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 --field-trial-handle=1832,i,10102581132479328819,6617001768047310955,131072 /prefetch:83⤵PID:3360
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 --field-trial-handle=1832,i,10102581132479328819,6617001768047310955,131072 /prefetch:83⤵PID:1928
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1832,i,10102581132479328819,6617001768047310955,131072 /prefetch:83⤵PID:1776
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1832,i,10102581132479328819,6617001768047310955,131072 /prefetch:83⤵PID:180
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5328 --field-trial-handle=1832,i,10102581132479328819,6617001768047310955,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:1868
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1308
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
786B
MD59ffe618d587a0685d80e9f8bb7d89d39
SHA18e9cae42c911027aafae56f9b1a16eb8dd7a739c
SHA256a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e
SHA512a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12
-
Filesize
6KB
MD5362695f3dd9c02c83039898198484188
SHA185dcacc66a106feca7a94a42fc43e08c806a0322
SHA25640cfea52dbc50a8a5c250c63d825dcaad3f76e9588f474b3e035b587c912f4ca
SHA512a04dc31a6ffc3bb5d56ba0fb03ecf93a88adc7193a384313d2955701bd99441ddf507aa0ddfc61dfc94f10a7e571b3d6a35980e61b06f98dd9eee424dc594a6f
-
Filesize
13KB
MD54ff108e4584780dce15d610c142c3e62
SHA177e4519962e2f6a9fc93342137dbb31c33b76b04
SHA256fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a
SHA512d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2
-
Filesize
20KB
MD5fa735d71ddfcc8d7ba4f7ac72205061f
SHA1c64c170c2a084c1c6c4580a50614df86c5e70e0c
SHA256d8988d320a1283e982e49a647086311868c51ecca4da86e8a5b702e97343c116
SHA5124a0eb4530cd5832f1581d71687100b9a37803b2bb2f2f33732c0698639ad949d84ec3b8c4e07ba398c1213ec480da2829a870c794c1d531e14c368d22123c03c
-
Filesize
3KB
MD5c31f14d9b1b840e4b9c851cbe843fc8f
SHA1205e3a99dc6c0af0e2f4450ebaa49ebde8e76bb4
SHA25603601415885fd5d8967c407f7320d53f4c9ca2ec33bbe767d73a1589c5e36c54
SHA5122c3d7ed5384712a0013a2ebbc526e762f257e32199651192742282a9641946b6aea6235d848b1e8cb3b0f916f85d3708a14717a69cbcf081145bc634d11d75aa
-
Filesize
84KB
MD5a09e13ee94d51c524b7e2a728c7d4039
SHA10dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
SHA256160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
SHA512f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a
-
Filesize
604B
MD523231681d1c6f85fa32e725d6d63b19b
SHA1f69315530b49ac743b0e012652a3a5efaed94f17
SHA25603164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a
SHA51236860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2
-
Filesize
268B
MD50f26002ee3b4b4440e5949a969ea7503
SHA131fc518828fe4894e8077ec5686dce7b1ed281d7
SHA256282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d
SHA5124290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11
-
Filesize
1KB
MD505bfb082915ee2b59a7f32fa3cc79432
SHA1c1acd799ae271bcdde50f30082d25af31c1208c3
SHA25604392a223cc358bc79fcd306504e8e834d6febbff0f3496f2eb8451797d28aa1
SHA5126feea1c8112ac33d117aef3f272b1cc42ec24731c51886ed6f8bc2257b91e4d80089e8ca7ce292cc2f39100a7f662bcc5c37e5622a786f8dc8ea46b8127152f3
-
Filesize
1KB
MD52a6c629d2602a9b4128d176b4821d1ad
SHA1f44c009296f852d4f1e4d403a78740d7a628887d
SHA25643afa1bdf43ff48e04651f5303460e4235c45a09dd5cc32bf2f8ddb5710693a8
SHA5123af6496ec36233a95faef65363a3f3a3e2473ef07c5d923c8acac9a502474335b0cdadb5161fa20aca594cbdb95b3becbb81e0781a72f493bf275c6fa5bbc6f1
-
Filesize
874B
MD522f0b669b05af4ea157ffcf308b55e9b
SHA115fb5e1688ccd806e8ef1f66d5f8f53056497707
SHA256daa30649fac8a06edb3f92957e87f2d217fa9fbcc21444903eec787ef99f917f
SHA5124d8477247aaeea6bbf6694bef080b2b423b125a7d0b1165e36665a9c1722eea2cc2a14fce9e14133d29a7d1e520f22cdf843cc9eb76931d0a07d6959fd3781ac
-
Filesize
868B
MD54057c2c1de639c22e99e1f5c237f88b8
SHA187b95992e0748856f0face40f027aeeda873d668
SHA256ba7f43addc457a745a060ed5de1c0db9b8a31d6dfd51ab424cf85bbb303fbb31
SHA5120016abecc9d79a836c6b9858cb6fce10cea43ec27f1bd79f5cb8d09c7a3202d862c63373e6d3b11d8cdf18d4f8f6ddd7eb2efff19299eb35a27e39a8de4f669f
-
Filesize
874B
MD57f8223ea7f185e511d9c6e2f2d99ad3b
SHA1a01ec7332770e909098132e6a796f13fa1b85393
SHA2563f1935088f9c94ea7bd7b4b007afe2009c66b3092ace6a16cd685c0c72e7c7fc
SHA512bfe8e9eaba41b43d23c122aefb77e296e1ca19cf5f29a12829de7e811d94cfda0bdadb7c00681701f4be565ae064ba303c10a697d5ebe09732867a4be09c5fb3
-
Filesize
874B
MD56e881cb17de2d8f577607ac1ef421bc9
SHA13b64c425b1d07ba6a2f6af44794a06bbe96ce38a
SHA256b9dfc087382b276b04f0b098e53fa13b2cef03d8787e600b953140072f6a5c38
SHA512de0f0d7bf8cffbd985a7c0836ea43e6cd9a6002c413c9e2f5b31d5ba00c9f4695464660cb30c7dddd42e4eedee5c101d1ac711689f7c9bc74a0dacaeeff1b2e2
-
Filesize
6KB
MD5bd5609e02430bc9c28334e801fe47f28
SHA14219d2407df5cadb3af929c3a980db10ae34c6b2
SHA256ae1d71446ac29314c7004f082b836a1443e4d58f8c42c414e62ebfa5cc653732
SHA512628a7c9d066c368d0a6c0ff7b2d4d91a9aabaaa860fa3e4d8bdba313c871414f15222fed25bc7edf290eef0f8e1c22ffe6181b2713b7c8e338107e3b8e15852f
-
Filesize
6KB
MD570dc4463b624ac5ca3039e0ee589ef64
SHA143c6d3d9b782cb32a307c583db103a2926a103b1
SHA256e3599207af0b2def25f488f34b3c58158978862713b92a4dab96ed3f8d68dfad
SHA51257930d09b99805a99b1739ba6558844ebf0cfce97d426e077a5ba83d48e648c3396d0d38d424515b2649d0fb42d9f3b9295c3adfdfa5fa89ffdbbb844888d552
-
Filesize
16KB
MD51cb8a8299921d6e0c6aebf0d6d422bda
SHA184772e39f1361d103801faaeea9ba09a66d0ed2a
SHA2566130dcd359cad8069de8f4b0dbfcccc8489af3e4be81cfa1862f6276e4172e33
SHA51262069d87faf3568de4efff4512b088b9b9bc35816818d44c205ac95d6142102be664fd3fe929960548c420940c05b68bf238dadd8ac123b6334a2cb378e560f1
-
Filesize
16KB
MD5d296b711305bb080986ee66d9df8bc22
SHA11c9e598c1c397ea7bf2d101f33ddc0a654ae0d8f
SHA25661c594aff6be5a9eacea9eac9b434f2fe8b3be94e4b8a6497f558e630236af79
SHA512049c18391efd25bd8e81ba63ec4af3e4f0609615bb546f326159bff7edfa4088b5d19b204a583b48095567500b818f01e912713d5195f964f8d3a88a804585cc
-
Filesize
202KB
MD5fdd590eb72aee2e7b409cd8d1cb2486c
SHA1c75e272dd3a49c4dc402a1c6cbb44b3a39308c09
SHA256607d20ace953b78432fd677e96eb7d0ebb12bcb99ed360b594e42fc454dba982
SHA5129f3da85ad147f783b1c08ad15e1b5b9c99fbcdf3766f6533b58e72dad4b877a6fef9be5fefe61bd709b6433ca63a8ddc5d84df281f5088418c3afe69dfc9f379
-
Filesize
72KB
MD583f9a274537b3a59fe497b6eb8f7bfb0
SHA1245ff269c7ff2d626d6f40c46cece3d29d627181
SHA25639be904f2c3ffc55b48323dabdfd25deaa3e3c5bbc2bd6f69f3d248545230256
SHA512ce29a8a58dff99fa567532f539d06fdddbf1f919c2d89c37f9f0afc4c3be745f86341583a3fe07c9a55d477565bb3bea7cdbe3c27eb629a3e627a47bea01d2eb
-
Filesize
201KB
MD57fc64ec0fad773f9b3799f4fb2857d1c
SHA1ab04b241a98adac87a422a1a95d6a92ae8f3bb01
SHA256cfd55f009375e8f0013043e21eb17ec419e71098280f4b4fa4c2edecd59ba1d8
SHA512ff0209f84345f2b15ae5a8a86bafc429146dc14c78ef0f6b35a906eb9bd8a38721108e6f602604f980cc644e7859686340e1ae4a95f9d31085f76191c789cf23
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e