Analysis
-
max time kernel
78s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
07/04/2023, 19:17
Static task
static1
Behavioral task
behavioral1
Sample
PCBS RAM Creator-53-4-0-1-1665000372.exe
Resource
win10v2004-20230220-en
General
-
Target
PCBS RAM Creator-53-4-0-1-1665000372.exe
-
Size
6.8MB
-
MD5
9702892a0fe9c1faca6560dbc1796159
-
SHA1
b35f0e839e07d454647a3713f4e9fd6810bbc2e2
-
SHA256
4dc8c9b2f72e691fcbb5318c24a6716e52dbc1ee30573ff265b96479c9d5c3ec
-
SHA512
c6d54c5dff735a037e6031854e8dbd576f84e85c3da313cf98642b1a1395d0b32f4d0d0650f426c5a41de7da2a703ca1dda779d0e4c340d58f81d3211e49eca6
-
SSDEEP
196608:0Ie+bF8fo0m8vCSzLRzDS6O4Znals5QV/QudKWj:gvoTMLRzD5Hl8v/Qb
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 444 PCBS RAM Creator-53-4-0-1-1665000372.exe -
Obfuscated with Agile.Net obfuscator 32 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule behavioral1/memory/444-150-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-151-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-153-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-155-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-157-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-159-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-161-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-163-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-165-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-167-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-169-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-171-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-173-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-175-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-177-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-179-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-181-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-183-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-185-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-187-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-189-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-191-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-193-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-195-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-197-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-199-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-201-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-203-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-205-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-207-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-209-0x0000000006770000-0x000000000697B000-memory.dmp agile_net behavioral1/memory/444-211-0x0000000006770000-0x000000000697B000-memory.dmp agile_net -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133253759408257276" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4060 chrome.exe 4060 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe -
Suspicious use of AdjustPrivilegeToken 38 IoCs
description pid Process Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4060 wrote to memory of 4664 4060 chrome.exe 97 PID 4060 wrote to memory of 4664 4060 chrome.exe 97 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 5104 4060 chrome.exe 98 PID 4060 wrote to memory of 4700 4060 chrome.exe 99 PID 4060 wrote to memory of 4700 4060 chrome.exe 99 PID 4060 wrote to memory of 4144 4060 chrome.exe 100 PID 4060 wrote to memory of 4144 4060 chrome.exe 100 PID 4060 wrote to memory of 4144 4060 chrome.exe 100 PID 4060 wrote to memory of 4144 4060 chrome.exe 100 PID 4060 wrote to memory of 4144 4060 chrome.exe 100 PID 4060 wrote to memory of 4144 4060 chrome.exe 100 PID 4060 wrote to memory of 4144 4060 chrome.exe 100 PID 4060 wrote to memory of 4144 4060 chrome.exe 100 PID 4060 wrote to memory of 4144 4060 chrome.exe 100 PID 4060 wrote to memory of 4144 4060 chrome.exe 100 PID 4060 wrote to memory of 4144 4060 chrome.exe 100 PID 4060 wrote to memory of 4144 4060 chrome.exe 100 PID 4060 wrote to memory of 4144 4060 chrome.exe 100 PID 4060 wrote to memory of 4144 4060 chrome.exe 100 PID 4060 wrote to memory of 4144 4060 chrome.exe 100 PID 4060 wrote to memory of 4144 4060 chrome.exe 100 PID 4060 wrote to memory of 4144 4060 chrome.exe 100 PID 4060 wrote to memory of 4144 4060 chrome.exe 100 PID 4060 wrote to memory of 4144 4060 chrome.exe 100 PID 4060 wrote to memory of 4144 4060 chrome.exe 100 PID 4060 wrote to memory of 4144 4060 chrome.exe 100 PID 4060 wrote to memory of 4144 4060 chrome.exe 100
Processes
-
C:\Users\Admin\AppData\Local\Temp\PCBS RAM Creator-53-4-0-1-1665000372.exe"C:\Users\Admin\AppData\Local\Temp\PCBS RAM Creator-53-4-0-1-1665000372.exe"1⤵
- Loads dropped DLL
PID:444
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3828
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4060 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeba259758,0x7ffeba259768,0x7ffeba2597782⤵PID:4664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:22⤵PID:5104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:82⤵PID:4700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:82⤵PID:4144
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:12⤵PID:4288
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3272 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:12⤵PID:4948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4524 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:12⤵PID:4992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3832 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:82⤵PID:3620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:82⤵PID:4268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:82⤵PID:3808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5196 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:82⤵PID:3936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3868 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:12⤵PID:2848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5504 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:12⤵PID:2756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5464 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:12⤵PID:2148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5892 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:82⤵PID:1840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6012 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:12⤵PID:4536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6816 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:12⤵PID:4524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6824 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:12⤵PID:2064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6792 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:12⤵PID:2344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6776 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:12⤵PID:4820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6636 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:12⤵PID:4160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6620 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:12⤵PID:652
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6612 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:12⤵PID:5076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6588 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:12⤵PID:3740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6420 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:12⤵PID:3344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6252 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:12⤵PID:428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:82⤵PID:5644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1712,i,15090610888933342990,16459334406584422107,131072 /prefetch:82⤵PID:5636
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3420
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x50c 0x5101⤵PID:1016
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5bf266371a04436c2e5e6b868585b49d9
SHA1d2d49aaca676a4a6ed275d19c6b409aeb2ac1a6f
SHA2563477c21475a2cf4e7975f207b9dc45c8507f435b78ac31a7e356d83058de0ef3
SHA512137a57b72c2d498210317146f413054f750b3c05572a1d725d2f48f03589c05a98a1685a7ece4ff86263b72fa864deac5c167f5e15ff3e9d9591ff3201f70cdf
-
Filesize
9KB
MD59663b0fadbd376e197e2ab1510895bf6
SHA1dc5205270d4101b9c72c002dc4dcc57f2199a9d7
SHA2566be56568f4168c975f569513da9b6b1a9e7f73dba1f00d4cc8a03d2211b739b1
SHA512be15be0e5d0b271c869aaf710e414e973e74fac2f28c86f6af3d05679f0ae17673025ba053916a0561a08d570e2e393b3d425b94a5b2bfc87b402903945903d9
-
Filesize
2KB
MD57a06f0a5144ed9d901d14e1030bcbf9f
SHA1b376ea2417f96303721cb6438384fc8bdb5a6556
SHA256e1a3035225baebd345cdf510e8a307b10132adb6ebe3a44c9fec696b44d2628a
SHA5122c3d6b77581e160c2ef7806b7801e15e1ea1334d552846d3df2b20c02c70eada08f52cb26a5a57067bcae29633d37c91ef9a202635b6cb5db0ed66c4ec5d7128
-
Filesize
371B
MD58299f7745f65ac88ffdf41f144fa8660
SHA16dccaf71c94eb6a6c3fc306e3ca5f8de77b58729
SHA256df6420ce9b0a7b868e41e33c76aae6389eb0cddabdd5cbd0dec1c779c386b903
SHA5121ad37f57ed528cf60aad1244ccc3b97f9d848da8d74db20460e28b2ce5b09c05ad40f980df7f7f297391c72496ed97a64b69e1c99c31e65f3bd08beb5bf05e72
-
Filesize
3KB
MD586804d94c1ed80a29d3f1a2005878118
SHA1ada63169765362b21720d97c0fe6c6c91bf6aed0
SHA256c684168fbed19f8dedb2f4257340a87b974ae603acef11a8f09586451524840f
SHA512ef054595eef76a45e6f9c4f79d553913455cbb147bd683648bf7ee501cfefb2e6d00776244efd196ed9a464a296df84da359d886b9e23d1ec5e4112a1a9e7f02
-
Filesize
6KB
MD56673571ee05c732e6b665299bf6f1fb8
SHA14d22950571dbe87c81eaedad2099af276d1f9fd6
SHA256fc057fb5319e0fb5e0a5bf4adebadba745b92db34535b0bd3358dd80dd26cb64
SHA512b8a8dddaf5e3014834f2a25fff593d2a11486f16e16aa0b68193cd313aa4d21b45f326e0246e1e33295bf33554a9663878016c896ef330eebc702250b3400d98
-
Filesize
6KB
MD5c307f9869fe693a691a26378d6fd7c54
SHA1a2196c0ffcb9125f8aa8610aea021f355924c880
SHA256be02106326f617c3a3d38945ad0eb2c68342212562b1cf075a4b998b30a7f3ed
SHA512f7d5ec47a9952bf73c996663c5a6d7d73def07b61a731592f4d6f33cff09eda7ae6935c8eecb2bcc26a1bfb86b047d3fb5a27cab3bad150df9e8c51cb11db218
-
Filesize
6KB
MD5bb63cbe5dc505128c99e04212181e3bb
SHA1413be3f4de6ba77e93d28160b1b71bb79c9896ca
SHA2562f82e04524554eae10df1f89a7fc5c98d527c23d1541c22ff6e024799c2d6a4c
SHA5126936d20f33f1c2bb958598391ab78ff5596c4d062a866e0ef6f24324e8ca7f59a5795ba23cf8de63685866ca5ae67cb6658a44e373000dabec55b9069249b76c
-
Filesize
15KB
MD52daf1133d555313bb1341635e9d8c696
SHA1b70fde7688449380cd6ae52f99aa30ae8af367c5
SHA2563198b16391106f02ad2d94324c321df019d252eb07575e87c1ba07aa533aa67c
SHA51255426b5f5d149101b3faa09ec7ae0764ba53b02ec06e47da19107d66c58ac5004a2bc0ff248bc58d94c1834bcbc7710c77f3be2b145af2e740281c3dddb12806
-
Filesize
201KB
MD5b6f884eba2253de4e4f9aa5cc525bc20
SHA146bfa3601abd77c6e17c923a0c606b76fe7eaac3
SHA25613c51b7befd03fa4f06c084172f7d620d9721d5a011eb44d8b31d5174bb81133
SHA5125ba817090a92ffedfa26367115a44fe66900547f1c4830db56a1b0bd55ef183566e704a902d1d7a87d7f68245523d38c00975dc6afa52ab3ae1d01814da13dee
-
Filesize
201KB
MD5a3d9675b0c69d1c08aa5ccacdff10924
SHA1cf9db9eb7e8613ad6ece0450bfd3a4a10784efb4
SHA256cc2bbb27542a4db73528e2c8dd7c320f563a3d71e2bb7d8c8cb42bee9ac64f61
SHA512061325af5d878ff1605ec1dc84902baf433814136e6c0c6ad5263239d5f9c828f48e8dde1c4703ba22c3e6d2eaea4a79f080ae39878726cf6e12c9cba8764912
-
Filesize
201KB
MD54b231db15c10de718fabc9b52081b296
SHA17ab0d1858f72277ee1d339636e4df287188be814
SHA256457d610ff4665897d1d16e5a0f0294b8ca38ac2ead1d427d706cb0b5747de2cb
SHA5126291cbd9a9a34458be2e4cef73c49aa3b8eedfdafcf65eef15ef73f530a4422a32978b29a4dd52768ca272aa41f5179e657eee4bc57caa7de3f066b03d54991a
-
Filesize
72KB
MD5e0cd01e33c02832c3f5f71bd780d580d
SHA14c7a7fbb6021c60be99b37c84cd27c6991022eaa
SHA256d0664a29aa0d851d636c263bb06f27418a2b9a8b73808a942a433414b639ff58
SHA5124a9f883362ca285a33a7dc79474e4c95a0064278c4d6d2caed04cca218453e26095b9debb9951509baa696977601e95f3beabd066e0d10f1611af3fc6855d10e
-
Filesize
94KB
MD514ff402962ad21b78ae0b4c43cd1f194
SHA1f8a510eb26666e875a5bdd1cadad40602763ad72
SHA256fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b
SHA512daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b
-
Filesize
94KB
MD514ff402962ad21b78ae0b4c43cd1f194
SHA1f8a510eb26666e875a5bdd1cadad40602763ad72
SHA256fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b
SHA512daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b