Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
11-04-2023 01:19
Behavioral task
behavioral1
Sample
cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe
Resource
win7-20230220-en
General
-
Target
cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe
-
Size
1.4MB
-
MD5
9720ce92da3a77fb3b974d145bd4b853
-
SHA1
b6da683572dd8288fb92fb54538a2ed56fcb4389
-
SHA256
cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06
-
SHA512
dfd07302ea37b246b58bbcaef97c4f5430d6f480f40bcefd385986a8c621e9ffb16f65ecc77e888a49dba4cc9da139cea757c8da58b90ec7a0114a9e7fa51029
-
SSDEEP
24576:zGU0HpRGUYHKaPUM0Hqy69NgA+iVvRuPpND5TqJ6y5eXt7dRX75hQS+:ypEUIvU0N9jkpjweXt77L56L
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in Program Files directory 10 IoCs
Processes:
cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exedescription ioc process File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe File opened for modification C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Kills process with taskkill 1 IoCs
Processes:
taskkill.exepid process 2836 taskkill.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133256567997010966" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
chrome.exechrome.exepid process 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 400 chrome.exe 400 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
chrome.exepid process 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exetaskkill.exechrome.exedescription pid process Token: SeCreateTokenPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeAssignPrimaryTokenPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeLockMemoryPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeIncreaseQuotaPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeMachineAccountPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeTcbPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeSecurityPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeTakeOwnershipPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeLoadDriverPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeSystemProfilePrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeSystemtimePrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeProfSingleProcessPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeIncBasePriorityPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeCreatePagefilePrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeCreatePermanentPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeBackupPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeRestorePrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeShutdownPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeDebugPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeAuditPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeSystemEnvironmentPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeChangeNotifyPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeRemoteShutdownPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeUndockPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeSyncAgentPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeEnableDelegationPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeManageVolumePrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeImpersonatePrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeCreateGlobalPrivilege 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: 31 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: 32 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: 33 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: 34 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: 35 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe Token: SeDebugPrivilege 2836 taskkill.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.execmd.exechrome.exedescription pid process target process PID 1668 wrote to memory of 4088 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe cmd.exe PID 1668 wrote to memory of 4088 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe cmd.exe PID 1668 wrote to memory of 4088 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe cmd.exe PID 4088 wrote to memory of 2836 4088 cmd.exe taskkill.exe PID 4088 wrote to memory of 2836 4088 cmd.exe taskkill.exe PID 4088 wrote to memory of 2836 4088 cmd.exe taskkill.exe PID 1668 wrote to memory of 224 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe chrome.exe PID 1668 wrote to memory of 224 1668 cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe chrome.exe PID 224 wrote to memory of 112 224 chrome.exe chrome.exe PID 224 wrote to memory of 112 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4872 224 chrome.exe chrome.exe PID 224 wrote to memory of 4656 224 chrome.exe chrome.exe PID 224 wrote to memory of 4656 224 chrome.exe chrome.exe PID 224 wrote to memory of 752 224 chrome.exe chrome.exe PID 224 wrote to memory of 752 224 chrome.exe chrome.exe PID 224 wrote to memory of 752 224 chrome.exe chrome.exe PID 224 wrote to memory of 752 224 chrome.exe chrome.exe PID 224 wrote to memory of 752 224 chrome.exe chrome.exe PID 224 wrote to memory of 752 224 chrome.exe chrome.exe PID 224 wrote to memory of 752 224 chrome.exe chrome.exe PID 224 wrote to memory of 752 224 chrome.exe chrome.exe PID 224 wrote to memory of 752 224 chrome.exe chrome.exe PID 224 wrote to memory of 752 224 chrome.exe chrome.exe PID 224 wrote to memory of 752 224 chrome.exe chrome.exe PID 224 wrote to memory of 752 224 chrome.exe chrome.exe PID 224 wrote to memory of 752 224 chrome.exe chrome.exe PID 224 wrote to memory of 752 224 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe"C:\Users\Admin\AppData\Local\Temp\cff8c67f73d1661b159fcb2e26f3ebfd583e7fd94bcf8f2d69c2989ad01e8a06.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1668 -
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im chrome.exe2⤵
- Suspicious use of WriteProcessMemory
PID:4088 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im chrome.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2836 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:224 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4f2b9758,0x7ffc4f2b9768,0x7ffc4f2b97783⤵PID:112
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 --field-trial-handle=1856,i,18421195550755075995,10646170733974689703,131072 /prefetch:23⤵PID:4872
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1856,i,18421195550755075995,10646170733974689703,131072 /prefetch:83⤵PID:4656
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1856,i,18421195550755075995,10646170733974689703,131072 /prefetch:83⤵PID:752
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3132 --field-trial-handle=1856,i,18421195550755075995,10646170733974689703,131072 /prefetch:13⤵PID:2620
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3264 --field-trial-handle=1856,i,18421195550755075995,10646170733974689703,131072 /prefetch:13⤵PID:4564
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3864 --field-trial-handle=1856,i,18421195550755075995,10646170733974689703,131072 /prefetch:13⤵PID:4260
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4800 --field-trial-handle=1856,i,18421195550755075995,10646170733974689703,131072 /prefetch:13⤵PID:3196
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1856,i,18421195550755075995,10646170733974689703,131072 /prefetch:83⤵PID:4396
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5192 --field-trial-handle=1856,i,18421195550755075995,10646170733974689703,131072 /prefetch:83⤵PID:852
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1856,i,18421195550755075995,10646170733974689703,131072 /prefetch:83⤵PID:2080
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5420 --field-trial-handle=1856,i,18421195550755075995,10646170733974689703,131072 /prefetch:83⤵PID:4128
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 --field-trial-handle=1856,i,18421195550755075995,10646170733974689703,131072 /prefetch:83⤵PID:3748
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1856,i,18421195550755075995,10646170733974689703,131072 /prefetch:83⤵PID:4408
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 --field-trial-handle=1856,i,18421195550755075995,10646170733974689703,131072 /prefetch:83⤵PID:2568
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5004 --field-trial-handle=1856,i,18421195550755075995,10646170733974689703,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:400
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3724
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
786B
MD59ffe618d587a0685d80e9f8bb7d89d39
SHA18e9cae42c911027aafae56f9b1a16eb8dd7a739c
SHA256a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e
SHA512a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12
-
Filesize
6KB
MD5362695f3dd9c02c83039898198484188
SHA185dcacc66a106feca7a94a42fc43e08c806a0322
SHA25640cfea52dbc50a8a5c250c63d825dcaad3f76e9588f474b3e035b587c912f4ca
SHA512a04dc31a6ffc3bb5d56ba0fb03ecf93a88adc7193a384313d2955701bd99441ddf507aa0ddfc61dfc94f10a7e571b3d6a35980e61b06f98dd9eee424dc594a6f
-
Filesize
13KB
MD54ff108e4584780dce15d610c142c3e62
SHA177e4519962e2f6a9fc93342137dbb31c33b76b04
SHA256fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a
SHA512d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2
-
Filesize
20KB
MD56d5ce78a37a47af4d5b496410587b8d9
SHA18fcf3f45bf7022ba2347c522cc2d605e90736d11
SHA256898907bb467916bfcee4493ec8cb3e39d38c63a1b61120c7a11d0738ca2a4cc2
SHA512974c11c763feb1b3911e6f751cd57780cffad06fb7d975a571eb9910a168823cb0360a5e610c323b03c274f503853b69ede0dfbcf3c59668ca5d3ddd98f4a195
-
Filesize
3KB
MD5c31f14d9b1b840e4b9c851cbe843fc8f
SHA1205e3a99dc6c0af0e2f4450ebaa49ebde8e76bb4
SHA25603601415885fd5d8967c407f7320d53f4c9ca2ec33bbe767d73a1589c5e36c54
SHA5122c3d7ed5384712a0013a2ebbc526e762f257e32199651192742282a9641946b6aea6235d848b1e8cb3b0f916f85d3708a14717a69cbcf081145bc634d11d75aa
-
Filesize
84KB
MD5a09e13ee94d51c524b7e2a728c7d4039
SHA10dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
SHA256160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
SHA512f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a
-
Filesize
604B
MD523231681d1c6f85fa32e725d6d63b19b
SHA1f69315530b49ac743b0e012652a3a5efaed94f17
SHA25603164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a
SHA51236860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2
-
Filesize
268B
MD50f26002ee3b4b4440e5949a969ea7503
SHA131fc518828fe4894e8077ec5686dce7b1ed281d7
SHA256282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d
SHA5124290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11
-
Filesize
1KB
MD505bfb082915ee2b59a7f32fa3cc79432
SHA1c1acd799ae271bcdde50f30082d25af31c1208c3
SHA25604392a223cc358bc79fcd306504e8e834d6febbff0f3496f2eb8451797d28aa1
SHA5126feea1c8112ac33d117aef3f272b1cc42ec24731c51886ed6f8bc2257b91e4d80089e8ca7ce292cc2f39100a7f662bcc5c37e5622a786f8dc8ea46b8127152f3
-
Filesize
1KB
MD50eb16150a9fe44a0864054ddb0cb5013
SHA1621400ffb5efa85b5a06cdc932991abbd29f895a
SHA2562f0a2654d369f843a918cc6b0d4aefc869c510b2442cfc7cb7c40c9472eff04f
SHA512b211c3333fdf49d725572a5d3f0718da3b16d516ac165e37e2677661e166f8d0e2aec999877fa068e7e2cf1877dd7ea70f88fca3b56ac98a7e61f53465d6c8a1
-
Filesize
1KB
MD5c8435b15ad0f47cc6b08fea6f3969425
SHA1e07fecfdfce99223433bfdb4662db9fd130035ab
SHA256c2e10dde1432653b2c0c7ff873a545d1e99a6b34f486085b421bac95c9752517
SHA51209277e35f193a5744482d333c064b289cbbce20f7c4dc58981f699bfea5cbc7931c37750c36a2433b359bfbb0f1e697b136db8455705372e1da3e4c887ce5870
-
Filesize
874B
MD53437c0123c530f8673d6937aea560d7d
SHA185c2777a8ab459bfe02353eaa8da94bf998bdfb1
SHA25648c5ce27a8f22f2c3a3b12d1e70dbca58eee3df90dffef4da93f77edc551c51e
SHA51298a8042f26b6e5f82997d67541612a43cf27b732a7da8f7d7a48672c1ef2a938c909e712ffdecf5bc36eb5fca80e7011934c0868733526a81685ed2b33fc1c4d
-
Filesize
874B
MD5d2278f8dfe8ca5ca761205c8455f0997
SHA159140711e859269b05f38a37a136edfce24eb455
SHA256865d776b79acc31ded6fd68f546681d0a36c21a2228b7f0f8bbe4603fafee909
SHA5125add65773e73717f43ded7e77393b5ea5a58c1b59d749f954cfe66c05eb1317ef564e58d4ef8753181c4e4d913809b7ebc31d999423c4cdcbb3ece0e54887fef
-
Filesize
874B
MD5486517faf5fa70707e821d41c77c4f1b
SHA1b89c14c9e8232d1b86beecbe5d3b48ea2141d25a
SHA256c56f266cdf41cd92f5b4e2c67f9a566e8da8b301246e3f1957acd423f3f14a3e
SHA5126ef758edb3135136ee20ad0d81bd030b30a65f026ffed1c9e9af6774c89ee5634dc46b6014a2d688ab0d2d53f4432df66456d3ae87484b678f8a861904e58e54
-
Filesize
874B
MD580af9138ef184ed6310fd0b71789acd1
SHA131f147dd692bf8553d1f18f75d76ecdebbf3c4a6
SHA2561a0494fb392c0834708c4ae07b393d11e59e767dc7c4e9248af26d208d429c51
SHA512c48fa4585e9cc57d39d2701e518d6704a21030e02cd723bdeb40fb8f2e6aea33c3f4d72892e7e8b2175e9fa9c9f6cad85796a79a0cf35128d634bbeb86ba529b
-
Filesize
6KB
MD5f982ba18b548ca33320236db74191d73
SHA1b679ee5d4055520634e93aa91c72c1cbd82a4c7f
SHA256154756c2ddcac9e0b470b4d00acb1162a8a54c32d18cfd5298c3fbf44080121f
SHA512bced1c4357685c390a604c0ac3ae5d84110f46f63729cbca4120326783cbcfc602a1318ee7cbc75d1725ac21a3d57bb617518443948ce5251e7e975a880e9ad0
-
Filesize
6KB
MD54763393b457fd984da70bed67ceaf56d
SHA11f0db2a26e454557dec729596dbe516fd83bc0b3
SHA256526a1907d3230a4f63bb4f09cbfecb1f26d3d7e033333e3011982ad9c4489e86
SHA5128b14130c16f3bf8db01548c03aff34e35a373c334cc22c8d0cb9e24f23f65fabc3041b41e7f3944c1816273d9ff60d642a6fa207ec5357f44dcf6de0a9055f01
-
Filesize
16KB
MD51cb8a8299921d6e0c6aebf0d6d422bda
SHA184772e39f1361d103801faaeea9ba09a66d0ed2a
SHA2566130dcd359cad8069de8f4b0dbfcccc8489af3e4be81cfa1862f6276e4172e33
SHA51262069d87faf3568de4efff4512b088b9b9bc35816818d44c205ac95d6142102be664fd3fe929960548c420940c05b68bf238dadd8ac123b6334a2cb378e560f1
-
Filesize
16KB
MD52f90b5fcada19cf34f4fa9f55e6b1dbd
SHA101616e087e42aaab5f091720102c89c41e490a62
SHA256cc6143d139f59b0f86c8f7dca2551d1df8732f782f419a535664d45d1625c0d2
SHA5120813307eed63a3bee4a671849e4e4a44f9ef5c26fdbebcab64587f185f518900f2e1b8bc3d0c22fcd980a52896433ca29566a4720d7cc7e62ec46462664d3b3e
-
Filesize
201KB
MD5e32484b04ca201f3d2e8a7c90be73e36
SHA13cac53d04288fb66afdfb8375d5dc0ae15814cd0
SHA2564c782bef62db85511076a5f296df98451cdf7d9ddc7e8d93a176ba25ac42f932
SHA5120d701a41c4306ba7a90a9535b41605efc7047de81e14521b12b16be554497b1b1b1ba27b02c2fa404b456af54f9dbeff8b8711407732f6c666797f13e0677ffd
-
Filesize
201KB
MD5cddc17428fc132fa835d3367ce4c771f
SHA117efee4ce4566852e5046ee03e9cb0e251945229
SHA256f9172e70c8fd1cc041e03d358be54f7f86c8651a02ba969a9c2d626253d40eaa
SHA51211220f23ac62cb04036bdf240cee3fe5559abcd31179277e78078dec256c8ff499f037f9a43f749ae49765478c7f7eabcbf0f40cf9de16f8e1eb3b743b42714c
-
Filesize
72KB
MD57df9b9e21f31f57e3233dfec2ccb590b
SHA1b64b879a67ffea274cd8a0623311bb20aa8647e4
SHA2563a721215b0a30fe04213426ebdb19c12e2fbf51de0995b82d68c722f75f9431a
SHA512882bec64a5379a028890b54099ec2025672f3d02c4d175db3789e16fee9e950c253376612e50d9f0832ace2832cb22b651b9028db773d6e47683c6460c62e5b1
-
Filesize
200KB
MD523c6bff5e54f5bbca06b41fcf3c84dc5
SHA1189b33e2cd9b6620aea1f5b58fff1a475ee96874
SHA25668edfba0facf47f77bd4d281685b0884a73f557a8450028c341752d877b5426b
SHA512e57d40dbb31340ee3545d244290bb0e14476a5c3cb4f46d819fdb06a611ba60089f84e24ad39d8290c69408cd11adf17fa7020181bdf79dad41d01ee9daee031
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e