Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
10-04-2023 03:12
General
-
Target
6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe
-
Size
1.4MB
-
MD5
c6bc33379cb5b58bfc0efe3a9d337706
-
SHA1
b41efc3af54cd685586c468958fbbbfc1a01ce26
-
SHA256
6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d
-
SHA512
0927d4029c6da2217b2fffdbf36ec0951148fa21dfd8ad2c7aab6454f4d7b3385e765050c25b2b56564d6536c56047a12d2a03775b1c44e3a2cf0dbc2e45c10d
-
SSDEEP
24576:XGU0HpRGUYHKaPUM0Hqy69NgA+iVvRuPpND5TqJ6y5eXt7dRfT5hcSq:GpEUIvU0N9jkpjweXt77L52H
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Drops file in Program Files directory 10 IoCs
Processes:
6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exedescription ioc process File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe File opened for modification C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Kills process with taskkill 1 IoCs
Processes:
taskkill.exepid process 4908 taskkill.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133255771521791941" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 2132 chrome.exe 2132 chrome.exe 2996 chrome.exe 2996 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
chrome.exepid process 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exetaskkill.exechrome.exedescription pid process Token: SeCreateTokenPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeAssignPrimaryTokenPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeLockMemoryPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeIncreaseQuotaPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeMachineAccountPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeTcbPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeSecurityPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeTakeOwnershipPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeLoadDriverPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeSystemProfilePrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeSystemtimePrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeProfSingleProcessPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeIncBasePriorityPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeCreatePagefilePrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeCreatePermanentPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeBackupPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeRestorePrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeShutdownPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeDebugPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeAuditPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeSystemEnvironmentPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeChangeNotifyPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeRemoteShutdownPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeUndockPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeSyncAgentPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeEnableDelegationPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeManageVolumePrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeImpersonatePrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeCreateGlobalPrivilege 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: 31 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: 32 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: 33 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: 34 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: 35 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe Token: SeDebugPrivilege 4908 taskkill.exe Token: SeShutdownPrivilege 2132 chrome.exe Token: SeCreatePagefilePrivilege 2132 chrome.exe Token: SeShutdownPrivilege 2132 chrome.exe Token: SeCreatePagefilePrivilege 2132 chrome.exe Token: SeShutdownPrivilege 2132 chrome.exe Token: SeCreatePagefilePrivilege 2132 chrome.exe Token: SeShutdownPrivilege 2132 chrome.exe Token: SeCreatePagefilePrivilege 2132 chrome.exe Token: SeShutdownPrivilege 2132 chrome.exe Token: SeCreatePagefilePrivilege 2132 chrome.exe Token: SeShutdownPrivilege 2132 chrome.exe Token: SeCreatePagefilePrivilege 2132 chrome.exe Token: SeShutdownPrivilege 2132 chrome.exe Token: SeCreatePagefilePrivilege 2132 chrome.exe Token: SeShutdownPrivilege 2132 chrome.exe Token: SeCreatePagefilePrivilege 2132 chrome.exe Token: SeShutdownPrivilege 2132 chrome.exe Token: SeCreatePagefilePrivilege 2132 chrome.exe Token: SeShutdownPrivilege 2132 chrome.exe Token: SeCreatePagefilePrivilege 2132 chrome.exe Token: SeShutdownPrivilege 2132 chrome.exe Token: SeCreatePagefilePrivilege 2132 chrome.exe Token: SeShutdownPrivilege 2132 chrome.exe Token: SeCreatePagefilePrivilege 2132 chrome.exe Token: SeShutdownPrivilege 2132 chrome.exe Token: SeCreatePagefilePrivilege 2132 chrome.exe Token: SeShutdownPrivilege 2132 chrome.exe Token: SeCreatePagefilePrivilege 2132 chrome.exe Token: SeShutdownPrivilege 2132 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe 2132 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.execmd.exechrome.exedescription pid process target process PID 2676 wrote to memory of 5112 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe cmd.exe PID 2676 wrote to memory of 5112 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe cmd.exe PID 2676 wrote to memory of 5112 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe cmd.exe PID 5112 wrote to memory of 4908 5112 cmd.exe taskkill.exe PID 5112 wrote to memory of 4908 5112 cmd.exe taskkill.exe PID 5112 wrote to memory of 4908 5112 cmd.exe taskkill.exe PID 2676 wrote to memory of 2132 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe chrome.exe PID 2676 wrote to memory of 2132 2676 6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe chrome.exe PID 2132 wrote to memory of 4368 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 4368 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 5072 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 3172 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 3172 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 1364 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 1364 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 1364 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 1364 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 1364 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 1364 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 1364 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 1364 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 1364 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 1364 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 1364 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 1364 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 1364 2132 chrome.exe chrome.exe PID 2132 wrote to memory of 1364 2132 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe"C:\Users\Admin\AppData\Local\Temp\6e8e9c29fae3c43c270dfa0e02948e47b81482265d6d64585603ace98424113d.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2676 -
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im chrome.exe2⤵
- Suspicious use of WriteProcessMemory
PID:5112 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im chrome.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4908 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2132 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf8f59758,0x7ffbf8f59768,0x7ffbf8f597783⤵PID:4368
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1792,i,11442627201148048137,17693409413294658701,131072 /prefetch:23⤵PID:5072
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1792,i,11442627201148048137,17693409413294658701,131072 /prefetch:83⤵PID:3172
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1792,i,11442627201148048137,17693409413294658701,131072 /prefetch:83⤵PID:1364
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3160 --field-trial-handle=1792,i,11442627201148048137,17693409413294658701,131072 /prefetch:13⤵PID:3788
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1792,i,11442627201148048137,17693409413294658701,131072 /prefetch:13⤵PID:3728
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3740 --field-trial-handle=1792,i,11442627201148048137,17693409413294658701,131072 /prefetch:13⤵PID:1464
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4764 --field-trial-handle=1792,i,11442627201148048137,17693409413294658701,131072 /prefetch:13⤵PID:1876
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4032 --field-trial-handle=1792,i,11442627201148048137,17693409413294658701,131072 /prefetch:83⤵PID:4780
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5256 --field-trial-handle=1792,i,11442627201148048137,17693409413294658701,131072 /prefetch:83⤵PID:1844
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5344 --field-trial-handle=1792,i,11442627201148048137,17693409413294658701,131072 /prefetch:83⤵PID:1424
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 --field-trial-handle=1792,i,11442627201148048137,17693409413294658701,131072 /prefetch:83⤵PID:2996
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1792,i,11442627201148048137,17693409413294658701,131072 /prefetch:83⤵PID:4288
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2888 --field-trial-handle=1792,i,11442627201148048137,17693409413294658701,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:2996
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3280
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
786B
MD59ffe618d587a0685d80e9f8bb7d89d39
SHA18e9cae42c911027aafae56f9b1a16eb8dd7a739c
SHA256a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e
SHA512a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12
-
Filesize
6KB
MD5362695f3dd9c02c83039898198484188
SHA185dcacc66a106feca7a94a42fc43e08c806a0322
SHA25640cfea52dbc50a8a5c250c63d825dcaad3f76e9588f474b3e035b587c912f4ca
SHA512a04dc31a6ffc3bb5d56ba0fb03ecf93a88adc7193a384313d2955701bd99441ddf507aa0ddfc61dfc94f10a7e571b3d6a35980e61b06f98dd9eee424dc594a6f
-
Filesize
13KB
MD54ff108e4584780dce15d610c142c3e62
SHA177e4519962e2f6a9fc93342137dbb31c33b76b04
SHA256fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a
SHA512d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2
-
Filesize
20KB
MD51d04a644ef2dacd8615566469788c8ab
SHA1d391ffad2fc794544870d185d762894d9186f0c2
SHA256e5c0cc942413d17be4dc53a7e5ce13b6aaff139e39f923ad7c3da1d020befe0f
SHA512b3d3112b26aa095b3bf7e126025672fde30ed3661486b1529aecced5fe85cabde12876997422aa47de1a9bcbe328ac9ed58c6f11e0ce0cf9c90d83b1eff15989
-
Filesize
3KB
MD5c31f14d9b1b840e4b9c851cbe843fc8f
SHA1205e3a99dc6c0af0e2f4450ebaa49ebde8e76bb4
SHA25603601415885fd5d8967c407f7320d53f4c9ca2ec33bbe767d73a1589c5e36c54
SHA5122c3d7ed5384712a0013a2ebbc526e762f257e32199651192742282a9641946b6aea6235d848b1e8cb3b0f916f85d3708a14717a69cbcf081145bc634d11d75aa
-
Filesize
84KB
MD5a09e13ee94d51c524b7e2a728c7d4039
SHA10dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
SHA256160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
SHA512f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a
-
Filesize
604B
MD523231681d1c6f85fa32e725d6d63b19b
SHA1f69315530b49ac743b0e012652a3a5efaed94f17
SHA25603164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a
SHA51236860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2
-
Filesize
268B
MD50f26002ee3b4b4440e5949a969ea7503
SHA131fc518828fe4894e8077ec5686dce7b1ed281d7
SHA256282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d
SHA5124290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11
-
Filesize
1KB
MD505bfb082915ee2b59a7f32fa3cc79432
SHA1c1acd799ae271bcdde50f30082d25af31c1208c3
SHA25604392a223cc358bc79fcd306504e8e834d6febbff0f3496f2eb8451797d28aa1
SHA5126feea1c8112ac33d117aef3f272b1cc42ec24731c51886ed6f8bc2257b91e4d80089e8ca7ce292cc2f39100a7f662bcc5c37e5622a786f8dc8ea46b8127152f3
-
Filesize
1KB
MD55a00bc482643bb12ba90c400dce6ad33
SHA196a3cbc24fa474db00831680b8955e3a5a643d0a
SHA25611d5cef665eaef6b76dbdbe231cfc0240cba7ac2ae5013820ef0d2809f95c855
SHA512c3603868cad925c0d96198478f1af018b2797a6fd394eaa6f143f2757fdb711fa195670c8e6b2681e1f903965d85a90dc5853d73df860b9566bff9987691deca
-
Filesize
874B
MD5fa94f679fe0bc4fe379b623ae332107e
SHA191cbf14eb7fdfa15f37843d21999193d736e4e25
SHA256bb0faa38625568196cca50f5fa74340034bf1c09536304e72fcfdde7ead6427b
SHA5129fd44b20127f42e98546050d6966cb06613eae79b67cea3d04caff4d82dddabf53ef8810f1d68e19f3fe4e88f6d6b110d101b475cafd2c20c73e2c7274253e8d
-
Filesize
874B
MD5e08ddd35afcb2ed19bd1ac15abf17cde
SHA12523307d047f5666aa677be082b763c41742e581
SHA2566d3cc8447e2454a402753fec1259a2d0d724ed18d40bb623dcffb5abaad86e4c
SHA5127b32c7308e91bbb23f2c55f61f27bca1d5487fedae25d7b94f0729de191c2b5cbc0909696fedca8b4ebd341fe8a4aea0d96c85410a7e10b3a9dffb55ae368d85
-
Filesize
874B
MD5f13877773d70e17519a0cdf79d057548
SHA1200a9ada8e40bed721bbbd5d3a3a4a107c576417
SHA256fff640ed2e1ad4eebcbf7d91a0361a74f16e03b9a84a0e64e9093c0e52b63d39
SHA5125717adfb53dcf06c306f6f687ef66cac9ad28e08ab92a163caf56e0455f0428309cfbea049aa481282c03a10e4e81bc7bd2151f4b9132deadff22956db4e6aa6
-
Filesize
874B
MD50543c68485d7864434b9f99f92a994ec
SHA1c465bdb91a0194f9b0e819607cfaa04c44447f16
SHA2561c1cee7771d5c16bf92244093a5683c970c9be8e4e37e0ff2ef41620b167de9a
SHA512944df7b6814aeb36e0899d45aa81201b6d7c6e8fb91470154c2f57416a59318bf17efb206ce3cd2b3915939a6bb85b97ec6ac4b9ee64d04fd148857d37120863
-
Filesize
6KB
MD5dc64ea8ec8760d42599215c7456619e7
SHA1ffba71a7545f552c30ed79130bb493ab28c0eecd
SHA256bca41d0e97f801ae5096c9a55a6971d5c6626480331d32f2a924fe6b943ac247
SHA5128af424ddeb7bc6b6307839a46e737868171aa65c463bb674f3e1b100d3359916469552bb2022dfb5a7cd48a2a03dd3d3372e0f5e5ac382f72b004b9dea882a3b
-
Filesize
6KB
MD5cb9f3530a8ac2418dbbbaa7a7c18552e
SHA1c6d5f87668097c337ae123aa55f6abdfb908eccf
SHA25675f98fdb271f6b96512fc03b959901cb9e4332416f774c00eb31f957e761a383
SHA512e449fff09d0d96ba93a79b9fa0ae1cedb0a7081e192ce9535cfb9aed8c3442c4424aaea94a1498e4b73269b4d4133911252c05c9b35ad005590027e272dad6e4
-
Filesize
16KB
MD5973e33d24ebbe8b07ab002a2daf45f85
SHA1e763b14aba9e85db3be16d8e3b141c6a0ced99c9
SHA25610e1df46fbc34b42ec83784b6f1acad7a1acaa8c4701b92190b6b8f31de98e51
SHA5128423fc5e8519a5057ce6aa4d61416e801d9ffccb552ce654dec99eef04981e843da0cc6106646ae8c70b09b2c4b6dfd1fa345173f71ffe7d9835e2cc05e42207
-
Filesize
16KB
MD5ecfc6d88e47aeed1243ef76f0e29ddb0
SHA1d4e5e74b1bedbcdd1b9d9337515fd1b9a2fe00ec
SHA256796e6d8ca721df794a05eb7728fdf0f61f16af78538b3e4ad94893453abaa60c
SHA512a181aefb78ca24466f46316f2337d98aa246b3217e09cc10533553b2a54af1a0a3412e1c996b70bf803c5547ad567e0f133709e6feca42f6bb955b680692507f
-
Filesize
200KB
MD5490fcdf537bd321acca7d98ac107cc43
SHA1794661d55ce562795e9e3cb9e9a90e29238ad632
SHA256e5f92542229657ed1218cf79c99d810b59a2cd206a8e5d9f67d1effa5f2ea084
SHA512d696a5a4d316487dd9e94d6c9514ce782ee5287d72bf568cdb397a8e3aa5e49d7d4c54d2bad62bfdf491e29b2e34bf566bfa9d4064ec8129167c92367386a54d
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e