Analysis
-
max time kernel
150s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
10-04-2023 03:23
General
-
Target
b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe
-
Size
1.4MB
-
MD5
9656a8ec7e267c930429d5f51c8ed30a
-
SHA1
6037563cd0c23da5f1727120a89858b1814cbfe8
-
SHA256
b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc
-
SHA512
b4e232821b043b1cdee026560ec2fd9d7c621a6622292cea741d644d9c042674440773d73be1d60600fbc4fe66e25f2bc78431869555711580d76f3742d978d7
-
SSDEEP
24576:OGU0HpRGUYHKaPUM0Hqy69NgA+iVvRuPpND5TqJ6y5eXt7dRfQ5hkSq:NpEUIvU0N9jkpjweXt77Y5uH
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in Program Files directory 10 IoCs
Processes:
b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exedescription ioc process File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe File opened for modification C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Kills process with taskkill 1 IoCs
Processes:
taskkill.exepid process 3912 taskkill.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133255778710359063" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 1628 chrome.exe 1628 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
chrome.exepid process 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exetaskkill.exechrome.exedescription pid process Token: SeCreateTokenPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeAssignPrimaryTokenPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeLockMemoryPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeIncreaseQuotaPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeMachineAccountPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeTcbPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeSecurityPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeTakeOwnershipPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeLoadDriverPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeSystemProfilePrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeSystemtimePrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeProfSingleProcessPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeIncBasePriorityPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeCreatePagefilePrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeCreatePermanentPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeBackupPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeRestorePrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeShutdownPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeDebugPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeAuditPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeSystemEnvironmentPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeChangeNotifyPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeRemoteShutdownPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeUndockPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeSyncAgentPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeEnableDelegationPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeManageVolumePrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeImpersonatePrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeCreateGlobalPrivilege 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: 31 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: 32 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: 33 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: 34 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: 35 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe Token: SeDebugPrivilege 3912 taskkill.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.execmd.exechrome.exedescription pid process target process PID 4580 wrote to memory of 1316 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe cmd.exe PID 4580 wrote to memory of 1316 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe cmd.exe PID 4580 wrote to memory of 1316 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe cmd.exe PID 1316 wrote to memory of 3912 1316 cmd.exe taskkill.exe PID 1316 wrote to memory of 3912 1316 cmd.exe taskkill.exe PID 1316 wrote to memory of 3912 1316 cmd.exe taskkill.exe PID 4580 wrote to memory of 1628 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe chrome.exe PID 4580 wrote to memory of 1628 4580 b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe chrome.exe PID 1628 wrote to memory of 936 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 936 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 3236 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 5020 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 5020 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 2560 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 2560 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 2560 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 2560 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 2560 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 2560 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 2560 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 2560 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 2560 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 2560 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 2560 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 2560 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 2560 1628 chrome.exe chrome.exe PID 1628 wrote to memory of 2560 1628 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe"C:\Users\Admin\AppData\Local\Temp\b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4580 -
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im chrome.exe2⤵
- Suspicious use of WriteProcessMemory
PID:1316 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im chrome.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3912 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1628 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc48759758,0x7ffc48759768,0x7ffc487597783⤵PID:936
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1852,i,4013727500713678000,3694370008463873491,131072 /prefetch:23⤵PID:3236
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1852,i,4013727500713678000,3694370008463873491,131072 /prefetch:83⤵PID:5020
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1852,i,4013727500713678000,3694370008463873491,131072 /prefetch:83⤵PID:2560
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3136 --field-trial-handle=1852,i,4013727500713678000,3694370008463873491,131072 /prefetch:13⤵PID:368
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3260 --field-trial-handle=1852,i,4013727500713678000,3694370008463873491,131072 /prefetch:13⤵PID:4144
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3708 --field-trial-handle=1852,i,4013727500713678000,3694370008463873491,131072 /prefetch:13⤵PID:3724
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4996 --field-trial-handle=1852,i,4013727500713678000,3694370008463873491,131072 /prefetch:13⤵PID:3580
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5216 --field-trial-handle=1852,i,4013727500713678000,3694370008463873491,131072 /prefetch:83⤵PID:1148
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5352 --field-trial-handle=1852,i,4013727500713678000,3694370008463873491,131072 /prefetch:83⤵PID:3328
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 --field-trial-handle=1852,i,4013727500713678000,3694370008463873491,131072 /prefetch:83⤵PID:4944
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 --field-trial-handle=1852,i,4013727500713678000,3694370008463873491,131072 /prefetch:83⤵PID:3232
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=1852,i,4013727500713678000,3694370008463873491,131072 /prefetch:83⤵PID:2644
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4384
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
786B
MD59ffe618d587a0685d80e9f8bb7d89d39
SHA18e9cae42c911027aafae56f9b1a16eb8dd7a739c
SHA256a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e
SHA512a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12
-
Filesize
6KB
MD5362695f3dd9c02c83039898198484188
SHA185dcacc66a106feca7a94a42fc43e08c806a0322
SHA25640cfea52dbc50a8a5c250c63d825dcaad3f76e9588f474b3e035b587c912f4ca
SHA512a04dc31a6ffc3bb5d56ba0fb03ecf93a88adc7193a384313d2955701bd99441ddf507aa0ddfc61dfc94f10a7e571b3d6a35980e61b06f98dd9eee424dc594a6f
-
Filesize
13KB
MD54ff108e4584780dce15d610c142c3e62
SHA177e4519962e2f6a9fc93342137dbb31c33b76b04
SHA256fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a
SHA512d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2
-
Filesize
20KB
MD525cd76fc93a4a476b6bb1f768be3f8aa
SHA13889b811f6265ff6a0cb031dc61c9ed1638435a8
SHA256fb49d4f884a29f20a23e3997b98f0b97d97b04956a758327ed1e01638f7fe19d
SHA5127f9dd5a87bdd14f9077dbe385418a8647d69c7be3381ae6b80798843f0e85f0c4b470b3c89325be0340671f7989012f7e690c377eb8c57352640fa848269f5dc
-
Filesize
3KB
MD5c31f14d9b1b840e4b9c851cbe843fc8f
SHA1205e3a99dc6c0af0e2f4450ebaa49ebde8e76bb4
SHA25603601415885fd5d8967c407f7320d53f4c9ca2ec33bbe767d73a1589c5e36c54
SHA5122c3d7ed5384712a0013a2ebbc526e762f257e32199651192742282a9641946b6aea6235d848b1e8cb3b0f916f85d3708a14717a69cbcf081145bc634d11d75aa
-
Filesize
84KB
MD5a09e13ee94d51c524b7e2a728c7d4039
SHA10dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
SHA256160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
SHA512f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a
-
Filesize
604B
MD523231681d1c6f85fa32e725d6d63b19b
SHA1f69315530b49ac743b0e012652a3a5efaed94f17
SHA25603164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a
SHA51236860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2
-
Filesize
268B
MD50f26002ee3b4b4440e5949a969ea7503
SHA131fc518828fe4894e8077ec5686dce7b1ed281d7
SHA256282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d
SHA5124290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11
-
Filesize
1KB
MD505bfb082915ee2b59a7f32fa3cc79432
SHA1c1acd799ae271bcdde50f30082d25af31c1208c3
SHA25604392a223cc358bc79fcd306504e8e834d6febbff0f3496f2eb8451797d28aa1
SHA5126feea1c8112ac33d117aef3f272b1cc42ec24731c51886ed6f8bc2257b91e4d80089e8ca7ce292cc2f39100a7f662bcc5c37e5622a786f8dc8ea46b8127152f3
-
Filesize
1KB
MD54155d07f7e1e69607988766e303e73be
SHA12a995ab24c9c850e27140226a635987a1ae3f767
SHA256956dd769c9d506238d59782888d8e41ac432f0ac0402d44f77bd5e3b60c4c168
SHA51225453580557ef78e544298bbdd5a9df627ba1c9783fd9d9cb999627629997e80ee87de3d99c8391039875c02d176ef9b60e45729679cdb5146fb6469af77caa3
-
Filesize
874B
MD54c59e0059d6f59028ae33a650f95285c
SHA1f2928b7e0e90f686452ba58f23e9a7a5ce39982f
SHA256744b3066317170316a1072d25ea43fa7ff85e0144b1b7f8a99f001d7cc17a6bc
SHA512cca9f371d067dbc4c05579244fe24afa3d4025d67b5bab51d193528ec70e6482224802534f8ab18e9f8197b9ff11c471646d08aac2b7b5dc690c99b66f6370b2
-
Filesize
874B
MD59dcb98bfea9f23ab1cdd4e2acc90182d
SHA196ca2ae7923ea95565d9bf00818570c14f50f123
SHA2564613ff3cec5b6cae2f4b83418f6b1144841e1f505a398350cbd466d9704a839f
SHA512ad887f8c1c180d0e975b214c9b9285f9712ac538e394588681314ec900c3fe86e501377d4174a704656d30a2d8d7f2a832e432cbb2b5a671bd62155788c4396f
-
Filesize
868B
MD5663ad3c049ad07c9f7c1c7599dbfa792
SHA1016e259c8d0193ea8358a1802b79c41a1bd083e8
SHA256c3b0e9e1cba67f3cb231790e27770144f40855bbaf268b33000975a8df5b730e
SHA51243907a069f0d7695c49d909bb82e0e628796b23d2f1e0995f636668a58a093fb14478c7e5d9a4b62dedfd130b4758704f8f0c742be3dd4dda339012f68e872ce
-
Filesize
6KB
MD54679b7bf7f78e278f96f3e157fc1431b
SHA1044b909df7859b0799dc1e9ce6c368979a10abe7
SHA2567539657053e31b2f2cc32f2aa7f699b4992dbe952fdc9f8dc2cc8aa9115bc841
SHA51209ae6ff87f381aa1c5655b9059c19dc65ed07f940b56c570278bd57fb95ee7a4576d2418b1a3a13b09abf859d1a90d541c935d300bb003e2a2c2b637795bea25
-
Filesize
6KB
MD52215a1e31f69d34e82dda0f2611c3aa4
SHA17068225caa24904aa4d0e17f7c0b86aa224d193d
SHA256fe8f0f6c69b564f31ba91afbac6740e006bb4111649fa9fadef9a7da4d4c9844
SHA5126396afefe2662fb4ffa54c2e47ddfe5c528f102af7e72e6e5379d0a4c78d9eb590ed95dbafe319a91e411729390218be71735b51be96294314a18be54611b9c6
-
Filesize
16KB
MD5973e33d24ebbe8b07ab002a2daf45f85
SHA1e763b14aba9e85db3be16d8e3b141c6a0ced99c9
SHA25610e1df46fbc34b42ec83784b6f1acad7a1acaa8c4701b92190b6b8f31de98e51
SHA5128423fc5e8519a5057ce6aa4d61416e801d9ffccb552ce654dec99eef04981e843da0cc6106646ae8c70b09b2c4b6dfd1fa345173f71ffe7d9835e2cc05e42207
-
Filesize
16KB
MD5415111fa44968b2099d81ffa61f704b0
SHA13ee41cecb5e766766d52bbf69b08cea075397f25
SHA256f190f4e1b1e2e08a3c4845baf12866e77828dd2881f3d30dd6f9422462b3241c
SHA512dc4bb89729ef21d6b092099e7b427ddeaeadfdb234ea2bbe12e21ee26fbc3b9ed24b557cbaea99521c32633d4d76c70fba08f7b9a66daca78917ebcbdbc95378
-
Filesize
200KB
MD59cc96711fdd04d9fb9a52220eea8c958
SHA172700c8475a964fbd6d402bdb238c1bffb203bf9
SHA256e906dced81f26ccd0b221f2f6c47baa478180dbc929ffeb92df74333c66acea6
SHA512dc347e03899dbb6026dc2df02574af822f08ea672c9f3cf114149ca1b5648386c9e5e8d63fe6bd0430c9fa503cf2c7ae02543e70959e2d4cffc11ab5ecf0e512
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e