Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
11-04-2023 01:37
Behavioral task
behavioral1
Sample
96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe
Resource
win7-20230220-en
General
-
Target
96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe
-
Size
1.4MB
-
MD5
d9debe7e5f375b0805f2ba69d72ea7dc
-
SHA1
0ca9f4e0aa6c5d325d1327fd05431bc1aa991087
-
SHA256
96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096
-
SHA512
a2160ffa3eba8b6d15c3e99d9d739c3aab2c62dd6ab8f0400376e3f3d434eb172e88003e3d4b6afb66c01207f85011586e2644db46b4bf506b5c5c28c82c25a0
-
SSDEEP
24576:PGU0HpRGUYHKaPUM0Hay69NgA+iVvRuPpND5TqJ6y5eXt7dRfE5hAS+:OpEUIvUkN9jkpjweXt7785iL
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Drops file in Program Files directory 10 IoCs
Processes:
96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exedescription ioc process File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe File opened for modification C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Kills process with taskkill 1 IoCs
Processes:
taskkill.exepid process 1764 taskkill.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133256578986993609" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
chrome.exechrome.exepid process 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3020 chrome.exe 3020 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
chrome.exepid process 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exetaskkill.exechrome.exedescription pid process Token: SeCreateTokenPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeAssignPrimaryTokenPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeLockMemoryPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeIncreaseQuotaPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeMachineAccountPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeTcbPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeSecurityPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeTakeOwnershipPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeLoadDriverPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeSystemProfilePrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeSystemtimePrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeProfSingleProcessPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeIncBasePriorityPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeCreatePagefilePrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeCreatePermanentPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeBackupPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeRestorePrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeShutdownPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeDebugPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeAuditPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeSystemEnvironmentPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeChangeNotifyPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeRemoteShutdownPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeUndockPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeSyncAgentPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeEnableDelegationPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeManageVolumePrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeImpersonatePrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeCreateGlobalPrivilege 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: 31 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: 32 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: 33 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: 34 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: 35 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe Token: SeDebugPrivilege 1764 taskkill.exe Token: SeShutdownPrivilege 3260 chrome.exe Token: SeCreatePagefilePrivilege 3260 chrome.exe Token: SeShutdownPrivilege 3260 chrome.exe Token: SeCreatePagefilePrivilege 3260 chrome.exe Token: SeShutdownPrivilege 3260 chrome.exe Token: SeCreatePagefilePrivilege 3260 chrome.exe Token: SeShutdownPrivilege 3260 chrome.exe Token: SeCreatePagefilePrivilege 3260 chrome.exe Token: SeShutdownPrivilege 3260 chrome.exe Token: SeCreatePagefilePrivilege 3260 chrome.exe Token: SeShutdownPrivilege 3260 chrome.exe Token: SeCreatePagefilePrivilege 3260 chrome.exe Token: SeShutdownPrivilege 3260 chrome.exe Token: SeCreatePagefilePrivilege 3260 chrome.exe Token: SeShutdownPrivilege 3260 chrome.exe Token: SeCreatePagefilePrivilege 3260 chrome.exe Token: SeShutdownPrivilege 3260 chrome.exe Token: SeCreatePagefilePrivilege 3260 chrome.exe Token: SeShutdownPrivilege 3260 chrome.exe Token: SeCreatePagefilePrivilege 3260 chrome.exe Token: SeShutdownPrivilege 3260 chrome.exe Token: SeCreatePagefilePrivilege 3260 chrome.exe Token: SeShutdownPrivilege 3260 chrome.exe Token: SeCreatePagefilePrivilege 3260 chrome.exe Token: SeShutdownPrivilege 3260 chrome.exe Token: SeCreatePagefilePrivilege 3260 chrome.exe Token: SeShutdownPrivilege 3260 chrome.exe Token: SeCreatePagefilePrivilege 3260 chrome.exe Token: SeShutdownPrivilege 3260 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe 3260 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.execmd.exechrome.exedescription pid process target process PID 2776 wrote to memory of 668 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe cmd.exe PID 2776 wrote to memory of 668 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe cmd.exe PID 2776 wrote to memory of 668 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe cmd.exe PID 668 wrote to memory of 1764 668 cmd.exe taskkill.exe PID 668 wrote to memory of 1764 668 cmd.exe taskkill.exe PID 668 wrote to memory of 1764 668 cmd.exe taskkill.exe PID 2776 wrote to memory of 3260 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe chrome.exe PID 2776 wrote to memory of 3260 2776 96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe chrome.exe PID 3260 wrote to memory of 3604 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 3604 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 4112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 4112 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1016 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1016 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1016 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1016 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1016 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1016 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1016 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1016 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1016 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1016 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1016 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1016 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1016 3260 chrome.exe chrome.exe PID 3260 wrote to memory of 1016 3260 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe"C:\Users\Admin\AppData\Local\Temp\96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2776 -
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im chrome.exe2⤵
- Suspicious use of WriteProcessMemory
PID:668 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im chrome.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1764 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3260 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3e439758,0x7ffc3e439768,0x7ffc3e4397783⤵PID:3604
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1832,i,4565423195482227686,2755015487208242588,131072 /prefetch:23⤵PID:1112
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1832,i,4565423195482227686,2755015487208242588,131072 /prefetch:83⤵PID:4112
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1832,i,4565423195482227686,2755015487208242588,131072 /prefetch:83⤵PID:1016
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3176 --field-trial-handle=1832,i,4565423195482227686,2755015487208242588,131072 /prefetch:13⤵PID:1692
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3312 --field-trial-handle=1832,i,4565423195482227686,2755015487208242588,131072 /prefetch:13⤵PID:1720
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3732 --field-trial-handle=1832,i,4565423195482227686,2755015487208242588,131072 /prefetch:13⤵PID:1308
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4956 --field-trial-handle=1832,i,4565423195482227686,2755015487208242588,131072 /prefetch:13⤵PID:1468
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5188 --field-trial-handle=1832,i,4565423195482227686,2755015487208242588,131072 /prefetch:83⤵PID:3420
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5340 --field-trial-handle=1832,i,4565423195482227686,2755015487208242588,131072 /prefetch:83⤵PID:3312
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5280 --field-trial-handle=1832,i,4565423195482227686,2755015487208242588,131072 /prefetch:83⤵PID:1972
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1832,i,4565423195482227686,2755015487208242588,131072 /prefetch:83⤵PID:2116
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1832,i,4565423195482227686,2755015487208242588,131072 /prefetch:83⤵PID:3372
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1832,i,4565423195482227686,2755015487208242588,131072 /prefetch:83⤵PID:1424
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 --field-trial-handle=1832,i,4565423195482227686,2755015487208242588,131072 /prefetch:83⤵PID:4344
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4720 --field-trial-handle=1832,i,4565423195482227686,2755015487208242588,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:3020
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:336
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
786B
MD59ffe618d587a0685d80e9f8bb7d89d39
SHA18e9cae42c911027aafae56f9b1a16eb8dd7a739c
SHA256a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e
SHA512a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12
-
Filesize
6KB
MD5362695f3dd9c02c83039898198484188
SHA185dcacc66a106feca7a94a42fc43e08c806a0322
SHA25640cfea52dbc50a8a5c250c63d825dcaad3f76e9588f474b3e035b587c912f4ca
SHA512a04dc31a6ffc3bb5d56ba0fb03ecf93a88adc7193a384313d2955701bd99441ddf507aa0ddfc61dfc94f10a7e571b3d6a35980e61b06f98dd9eee424dc594a6f
-
Filesize
13KB
MD54ff108e4584780dce15d610c142c3e62
SHA177e4519962e2f6a9fc93342137dbb31c33b76b04
SHA256fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a
SHA512d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2
-
Filesize
20KB
MD549935d7bf74c7f79b33d0d02da4017a0
SHA1d1cd86a953b34e9c4e658760eff4c52aae1277d6
SHA256abf0ae3034325a221e9a3d5c8304b9314466c5c51c710f26f001359b9b5a5b8a
SHA51288909023d6276823deed0e75f7d88786de5195cd3f270a7bee32bfa760ff5c0bc83c4648b3b04a925b97ffb5c9ea2a645861cc7f643fa35e1b07ba002e86c3c0
-
Filesize
3KB
MD5c31f14d9b1b840e4b9c851cbe843fc8f
SHA1205e3a99dc6c0af0e2f4450ebaa49ebde8e76bb4
SHA25603601415885fd5d8967c407f7320d53f4c9ca2ec33bbe767d73a1589c5e36c54
SHA5122c3d7ed5384712a0013a2ebbc526e762f257e32199651192742282a9641946b6aea6235d848b1e8cb3b0f916f85d3708a14717a69cbcf081145bc634d11d75aa
-
Filesize
84KB
MD5a09e13ee94d51c524b7e2a728c7d4039
SHA10dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
SHA256160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
SHA512f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a
-
Filesize
604B
MD523231681d1c6f85fa32e725d6d63b19b
SHA1f69315530b49ac743b0e012652a3a5efaed94f17
SHA25603164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a
SHA51236860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2
-
Filesize
268B
MD50f26002ee3b4b4440e5949a969ea7503
SHA131fc518828fe4894e8077ec5686dce7b1ed281d7
SHA256282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d
SHA5124290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11
-
Filesize
1KB
MD505bfb082915ee2b59a7f32fa3cc79432
SHA1c1acd799ae271bcdde50f30082d25af31c1208c3
SHA25604392a223cc358bc79fcd306504e8e834d6febbff0f3496f2eb8451797d28aa1
SHA5126feea1c8112ac33d117aef3f272b1cc42ec24731c51886ed6f8bc2257b91e4d80089e8ca7ce292cc2f39100a7f662bcc5c37e5622a786f8dc8ea46b8127152f3
-
Filesize
1KB
MD5aa3337a197daaeee9b73bedd8680da40
SHA180e7f03cd76ea6e610ff9cfef136c2a27bcb6fbd
SHA256ce501f44a4d0035ba39769d6f6877015fb3b62cf2467c8484f5da939563494f7
SHA5129edb2e0156cb72fdfaa65c402ad895e909268a3de19aa6e702f36e3a7c92dbebae276123bd44886f62716826e99678ca1d501a5852cac41d0e790fda783e44a2
-
Filesize
874B
MD560ef57261d5016d757c0da73f504564b
SHA16352f86d1dfa1a7f22246cde0b4b9aa211a63f00
SHA2562fc3792a267777f79c038cf4ec94ca9fa65bd4626f3c8756c7d8a6cf2c845e80
SHA51226b6d0595a3dadc5749ad9d87d8dc9854506e87a3984f778f0f2458aca254837d44c661b570c73d50e2ae6947bb236f495cb887c617c6dabf9e2af73494f5494
-
Filesize
874B
MD55508d8311db0b524ab420edf29daaf75
SHA132357210969a3e7da5d64f2fef261946d269665f
SHA256e2b6706e39a97901d53ccaeab0a1715641e0e54cbf72f6a5b5e63d6db4629ee1
SHA5126195bc13597346085e82774990327745b99a06a3b8a6e4b5bc0908fb0c15187a23137c9d56e7443caaf2d0d65126d2330b5e21b1570727d60d3abd87f4aaf747
-
Filesize
874B
MD53204e38d4a962155764e00c648860fa5
SHA1487e86a32548ce02dd601c92f5873991edde14ce
SHA2563d9c98b33a3905ff69df96b0701d089bc34b87b69610319cfc2785e31fc66c54
SHA512ba64d149bced81e5d3bc2386541a7e3be0e52371fb9670c40051b4de129bd41e2ad83c77ba04515df4a176e1ca1c539812a3b37605f98f389107e6f8f6c04e17
-
Filesize
874B
MD59217a9684121b3ce67665682951afce2
SHA17d1a297a43738b357a3ed195baec682841f71bd4
SHA2566b7a30221a870cd8e5d55b86fd9ef78f857200223dc3dcb976856f1760a35a07
SHA5121872d2da48dd4834a4fb66e0b1bff85e9a5dea24c67165c9fa2d3628b4832cf12d9451e91677b6e7972c80312371e66dcf92ed3f94127bc6184ac15756d3e1c8
-
Filesize
6KB
MD5de0a7a4a3f93c4b5ba8f4b517690be9c
SHA128fe6b8e84720a317e6fa8aad236ad2d4f69ce19
SHA2566157c934306105f5c873f27f8e90e9f7c419a723390881323c77966624c4e39e
SHA512c5704a3390e5060462631e9b100db44b84bde3493ade707e41dd91fb4453fde0bb30951a71a3729914c27188da7518defedaaae65a388d0a523872cf9a64d404
-
Filesize
6KB
MD5eba5dfbfa81608ffbf8cb799b57cb44d
SHA172779214fa50900cdf99e729ebb50b215f28e8d5
SHA2562463291a3fc648baa37f378002a994e2edc37dae8003138dedd873935c3a4ab2
SHA512d0d9e134b72e822c70f3250485d3e69a533451b9b4fd55dca404dde0b39b01f0aea1100b594ab4b43e9eda7c29efc1c0b7b57ad76b047c252245edd2a0febbc6
-
Filesize
16KB
MD51cb8a8299921d6e0c6aebf0d6d422bda
SHA184772e39f1361d103801faaeea9ba09a66d0ed2a
SHA2566130dcd359cad8069de8f4b0dbfcccc8489af3e4be81cfa1862f6276e4172e33
SHA51262069d87faf3568de4efff4512b088b9b9bc35816818d44c205ac95d6142102be664fd3fe929960548c420940c05b68bf238dadd8ac123b6334a2cb378e560f1
-
Filesize
16KB
MD575cc564603c43efddea78335602b690d
SHA1e9fd1dfa9c6f33b99398493619abc29edb09501f
SHA256aa1f8024da6644d4946e733b53160f57404d3f27bf607a46315569d5ef95fa03
SHA5122825a4da13c8a9d355bb42cd4c8cb3303f80b992d05017ef7b6bd02e7a6f230398298e7ee9433d0977d3644a0e09c79d07caa543e6f9ad8b332e88305d9eda4d
-
Filesize
201KB
MD559f2ed7fbcc72d0278f0b2b14b296408
SHA188858de0df2c8d6f96f613c96a8925684af54a65
SHA25637a6ea7dae3e39fe3fa500e633225e81c718ff03e6d735111223876b789d0de3
SHA512d23ff4f696344a4863b7fb055c63ecc8325e6a4d39360a028942cc4c494196f1b8f8986747da411b9f6fc492662367f7c736e6c7acd1330ce4c2cec9b2a78a3b
-
Filesize
72KB
MD5c0492724c8281a154e7171074a6d55f6
SHA126feb459a1034dd3141df38c162cdbf36304798b
SHA256a0bcd9530255a5ad465786324719b90181abddb54a4fab8b75a905e9cdaca700
SHA51253e20936f3902f40f4fd88d378b8a388052d9a43e00eb0f92031305032580a3a5330a302b75bb80bb79b566b0d5fc9170768869f7433c8360f0c60b1555ff2b2
-
Filesize
200KB
MD51bcc561bd5f41b561cf130ef2604cf5d
SHA15d2f2afea93d6a8af13f4747fb1efc4590a9acd2
SHA256f5d5a56aeb6d7524853c18fbe78b0a58c666979832360762f2ecd99c35f903c9
SHA512b8d4a8493912d977b16793921d896be92012313f8cf4726ee40c240d47fdab536ef571b499bacb442bcfb6f26083d47799b3eadd9083dee1e4444748dd8827de
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e