Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
11-04-2023 12:22
Behavioral task
behavioral1
Sample
9656a8ec7e267c930429d5f51c8ed30a.exe
Resource
win7-20230220-en
General
-
Target
9656a8ec7e267c930429d5f51c8ed30a.exe
-
Size
1.4MB
-
MD5
9656a8ec7e267c930429d5f51c8ed30a
-
SHA1
6037563cd0c23da5f1727120a89858b1814cbfe8
-
SHA256
b6444634784031f2ac143c2424714d62c339707c8e7d3ee3066747dd8ffe50bc
-
SHA512
b4e232821b043b1cdee026560ec2fd9d7c621a6622292cea741d644d9c042674440773d73be1d60600fbc4fe66e25f2bc78431869555711580d76f3742d978d7
-
SSDEEP
24576:OGU0HpRGUYHKaPUM0Hqy69NgA+iVvRuPpND5TqJ6y5eXt7dRfQ5hkSq:NpEUIvU0N9jkpjweXt77Y5uH
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in Program Files directory 10 IoCs
Processes:
9656a8ec7e267c930429d5f51c8ed30a.exedescription ioc process File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png 9656a8ec7e267c930429d5f51c8ed30a.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js 9656a8ec7e267c930429d5f51c8ed30a.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js 9656a8ec7e267c930429d5f51c8ed30a.exe File opened for modification C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js 9656a8ec7e267c930429d5f51c8ed30a.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html 9656a8ec7e267c930429d5f51c8ed30a.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js 9656a8ec7e267c930429d5f51c8ed30a.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js 9656a8ec7e267c930429d5f51c8ed30a.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js 9656a8ec7e267c930429d5f51c8ed30a.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js 9656a8ec7e267c930429d5f51c8ed30a.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json 9656a8ec7e267c930429d5f51c8ed30a.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Kills process with taskkill 1 IoCs
Processes:
taskkill.exepid process 1868 taskkill.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133256965459773463" chrome.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
chrome.exechrome.exepid process 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 3684 chrome.exe 3684 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
chrome.exepid process 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
9656a8ec7e267c930429d5f51c8ed30a.exetaskkill.exechrome.exedescription pid process Token: SeCreateTokenPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeAssignPrimaryTokenPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeLockMemoryPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeIncreaseQuotaPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeMachineAccountPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeTcbPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeSecurityPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeTakeOwnershipPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeLoadDriverPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeSystemProfilePrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeSystemtimePrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeProfSingleProcessPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeIncBasePriorityPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeCreatePagefilePrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeCreatePermanentPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeBackupPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeRestorePrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeShutdownPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeDebugPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeAuditPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeSystemEnvironmentPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeChangeNotifyPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeRemoteShutdownPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeUndockPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeSyncAgentPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeEnableDelegationPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeManageVolumePrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeImpersonatePrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeCreateGlobalPrivilege 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: 31 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: 32 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: 33 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: 34 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: 35 1636 9656a8ec7e267c930429d5f51c8ed30a.exe Token: SeDebugPrivilege 1868 taskkill.exe Token: SeShutdownPrivilege 4832 chrome.exe Token: SeCreatePagefilePrivilege 4832 chrome.exe Token: SeShutdownPrivilege 4832 chrome.exe Token: SeCreatePagefilePrivilege 4832 chrome.exe Token: SeShutdownPrivilege 4832 chrome.exe Token: SeCreatePagefilePrivilege 4832 chrome.exe Token: SeShutdownPrivilege 4832 chrome.exe Token: SeCreatePagefilePrivilege 4832 chrome.exe Token: SeShutdownPrivilege 4832 chrome.exe Token: SeCreatePagefilePrivilege 4832 chrome.exe Token: SeShutdownPrivilege 4832 chrome.exe Token: SeCreatePagefilePrivilege 4832 chrome.exe Token: SeShutdownPrivilege 4832 chrome.exe Token: SeCreatePagefilePrivilege 4832 chrome.exe Token: SeShutdownPrivilege 4832 chrome.exe Token: SeCreatePagefilePrivilege 4832 chrome.exe Token: SeShutdownPrivilege 4832 chrome.exe Token: SeCreatePagefilePrivilege 4832 chrome.exe Token: SeShutdownPrivilege 4832 chrome.exe Token: SeCreatePagefilePrivilege 4832 chrome.exe Token: SeShutdownPrivilege 4832 chrome.exe Token: SeCreatePagefilePrivilege 4832 chrome.exe Token: SeShutdownPrivilege 4832 chrome.exe Token: SeCreatePagefilePrivilege 4832 chrome.exe Token: SeShutdownPrivilege 4832 chrome.exe Token: SeCreatePagefilePrivilege 4832 chrome.exe Token: SeShutdownPrivilege 4832 chrome.exe Token: SeCreatePagefilePrivilege 4832 chrome.exe Token: SeShutdownPrivilege 4832 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe 4832 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
9656a8ec7e267c930429d5f51c8ed30a.execmd.exechrome.exedescription pid process target process PID 1636 wrote to memory of 1512 1636 9656a8ec7e267c930429d5f51c8ed30a.exe cmd.exe PID 1636 wrote to memory of 1512 1636 9656a8ec7e267c930429d5f51c8ed30a.exe cmd.exe PID 1636 wrote to memory of 1512 1636 9656a8ec7e267c930429d5f51c8ed30a.exe cmd.exe PID 1512 wrote to memory of 1868 1512 cmd.exe taskkill.exe PID 1512 wrote to memory of 1868 1512 cmd.exe taskkill.exe PID 1512 wrote to memory of 1868 1512 cmd.exe taskkill.exe PID 1636 wrote to memory of 4832 1636 9656a8ec7e267c930429d5f51c8ed30a.exe chrome.exe PID 1636 wrote to memory of 4832 1636 9656a8ec7e267c930429d5f51c8ed30a.exe chrome.exe PID 4832 wrote to memory of 3200 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 3200 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 1932 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 4136 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 4136 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 4880 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 4880 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 4880 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 4880 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 4880 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 4880 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 4880 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 4880 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 4880 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 4880 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 4880 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 4880 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 4880 4832 chrome.exe chrome.exe PID 4832 wrote to memory of 4880 4832 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\9656a8ec7e267c930429d5f51c8ed30a.exe"C:\Users\Admin\AppData\Local\Temp\9656a8ec7e267c930429d5f51c8ed30a.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1636 -
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im chrome.exe2⤵
- Suspicious use of WriteProcessMemory
PID:1512 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im chrome.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1868 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4832 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd340c9758,0x7ffd340c9768,0x7ffd340c97783⤵PID:3200
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1764,i,17851380060893671680,9199690285123917472,131072 /prefetch:23⤵PID:1932
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1764,i,17851380060893671680,9199690285123917472,131072 /prefetch:83⤵PID:4136
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1764,i,17851380060893671680,9199690285123917472,131072 /prefetch:83⤵PID:4880
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3180 --field-trial-handle=1764,i,17851380060893671680,9199690285123917472,131072 /prefetch:13⤵PID:1324
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3308 --field-trial-handle=1764,i,17851380060893671680,9199690285123917472,131072 /prefetch:13⤵PID:1176
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3868 --field-trial-handle=1764,i,17851380060893671680,9199690285123917472,131072 /prefetch:13⤵PID:4060
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4840 --field-trial-handle=1764,i,17851380060893671680,9199690285123917472,131072 /prefetch:13⤵PID:4672
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5360 --field-trial-handle=1764,i,17851380060893671680,9199690285123917472,131072 /prefetch:83⤵PID:4764
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1764,i,17851380060893671680,9199690285123917472,131072 /prefetch:83⤵PID:4460
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 --field-trial-handle=1764,i,17851380060893671680,9199690285123917472,131072 /prefetch:83⤵PID:1808
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2992 --field-trial-handle=1764,i,17851380060893671680,9199690285123917472,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:3684
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3816
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
786B
MD59ffe618d587a0685d80e9f8bb7d89d39
SHA18e9cae42c911027aafae56f9b1a16eb8dd7a739c
SHA256a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e
SHA512a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12
-
Filesize
6KB
MD5362695f3dd9c02c83039898198484188
SHA185dcacc66a106feca7a94a42fc43e08c806a0322
SHA25640cfea52dbc50a8a5c250c63d825dcaad3f76e9588f474b3e035b587c912f4ca
SHA512a04dc31a6ffc3bb5d56ba0fb03ecf93a88adc7193a384313d2955701bd99441ddf507aa0ddfc61dfc94f10a7e571b3d6a35980e61b06f98dd9eee424dc594a6f
-
Filesize
13KB
MD54ff108e4584780dce15d610c142c3e62
SHA177e4519962e2f6a9fc93342137dbb31c33b76b04
SHA256fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a
SHA512d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2
-
Filesize
20KB
MD515bb968d4ad939aca638632e84c646c2
SHA18d6b56d8a838696f8312fdd3e613b5c29f63cc9a
SHA2568a503d6de59dc858ca5e9f1e9ae8ef0d78c9600db0d6e95815b9b3a297ed488c
SHA512efb3c4b0ebb807b9da4ab1acb4de064be469aed3c3c2811fc20948b255692132cd973ff9f6eff420f0da981be8baef5fba14a2ff6e478bf8fb24c765bba72a65
-
Filesize
3KB
MD5c31f14d9b1b840e4b9c851cbe843fc8f
SHA1205e3a99dc6c0af0e2f4450ebaa49ebde8e76bb4
SHA25603601415885fd5d8967c407f7320d53f4c9ca2ec33bbe767d73a1589c5e36c54
SHA5122c3d7ed5384712a0013a2ebbc526e762f257e32199651192742282a9641946b6aea6235d848b1e8cb3b0f916f85d3708a14717a69cbcf081145bc634d11d75aa
-
Filesize
84KB
MD5a09e13ee94d51c524b7e2a728c7d4039
SHA10dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
SHA256160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
SHA512f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a
-
Filesize
604B
MD523231681d1c6f85fa32e725d6d63b19b
SHA1f69315530b49ac743b0e012652a3a5efaed94f17
SHA25603164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a
SHA51236860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2
-
Filesize
268B
MD50f26002ee3b4b4440e5949a969ea7503
SHA131fc518828fe4894e8077ec5686dce7b1ed281d7
SHA256282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d
SHA5124290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11
-
Filesize
1KB
MD505bfb082915ee2b59a7f32fa3cc79432
SHA1c1acd799ae271bcdde50f30082d25af31c1208c3
SHA25604392a223cc358bc79fcd306504e8e834d6febbff0f3496f2eb8451797d28aa1
SHA5126feea1c8112ac33d117aef3f272b1cc42ec24731c51886ed6f8bc2257b91e4d80089e8ca7ce292cc2f39100a7f662bcc5c37e5622a786f8dc8ea46b8127152f3
-
Filesize
1KB
MD59fefc63a31e92b768c251f5341eabb9a
SHA1a6ff92a904fbb576f89c21f259377160a7d981ff
SHA256945d0dae4202709f8d6df5ac9fa3258d12882481be5a66ebe6058d3e121b6c2b
SHA51247e7a31953741ab3f29024684a1538278d2a7fa25eba181832d620e4a464337a810c1ab7c207ec8d376eb98e516971982a17cdda26dd28f448813afeb362a139
-
Filesize
874B
MD584f82aecd0e98ddba507df7033230fea
SHA12dd55cc8aa049030a46720c740415372ff251f5e
SHA256c2180582b553861932435fd871d885a8c8b0f33b844a2e7ce0b54c531fe804f2
SHA51255edbea6dcd0d8ea3c88801dcc08ad2ed2a4c675c4d5bce37faadf3bc4e87d67830aecf4e9ccbdd79ceedc2e7b6619470c3277b96ce37b0606d29d309358b847
-
Filesize
874B
MD54f794ddc0284a06c81f1a43eadf5f3a3
SHA11b205b1d631833656146732c50f8b75b677f7ec5
SHA25612252e474587850b1167ddef478392a0c7d4d3857fe26990ccbce4dc420db47f
SHA5127ae26e88590a19a292be810ae1bd15cfa0cc9f6c648cbfd1573482d254226a52b7d065b926dcf5e861f5535a611bdc00bb669e2ce65277e3d4d61d41e132bd3f
-
Filesize
874B
MD593145a0df68693215bf34ca8175041bd
SHA164618fcabd5b728be32f1373849f1a173a8728e3
SHA256b238bc89f620f4977bd34aec663833d9eea2a161917c7aa9ddd0ccb48f2d20cd
SHA512c63a10b8a97be8766758bec55f53f3164e1c0735e15a0325d3af025f55dc8710d0cdf8d896f72e68ea77440bded41dee262e9d5cbc4b195357d93ff1559996c6
-
Filesize
874B
MD59badc535c56e377bd504c018d2f72e06
SHA108e8c36f1c97f054d785a9be2d162136968b5cba
SHA2564b0be8512c51d0c8e6ebd7ce6420f50a4eebdf2b1b0a3d740956876fdc2b0094
SHA5121b5750c42c2f8b435b09a72fc80a87c54f05b764d8a4717b5c59aa155090babaeb68868c3138674e5f8e7a56f0cd972f42df03361c72b11cfcc19357a04671ed
-
Filesize
6KB
MD5a6f085496f8b5b443f742e8edcda1e6b
SHA1e249d90fdc4188ca16d77c5eca7f46487fb49370
SHA2560d7db9bd65b03c4d46506911a8f97818f94413fc0422fd64a7b2ae62bb4a2443
SHA512a3e8d8d9a5f7f0f046a166ca9f7119bd2093c82ddca8b22a8c7875ef6c4fa3287fbba285064cca46b5a7c49d525bc205864f38e5f510c1520105f3552de52689
-
Filesize
6KB
MD50cb74a9bb2107d3b5378e0a469def5a1
SHA1f0844f085937e4448f6a2795055eb0480e09cbbb
SHA2566e1137ad9b5ec27abe6173ad53392fa638398116899f5769e4808a8e9f3c63d0
SHA512457dfed6b4e6988257f8c83662c6c8b63d511e746b7e2b06938aafea2709816116cff730f4bc90b12c4ab950119a5e1352e4ff9ff6df2f0cfd7128ffb1c57eda
-
Filesize
16KB
MD5ac821ea53c1507f9d1c5ba900bda2bb0
SHA120180a35eb36abb179ccb205ecd4de974c7e2a91
SHA25687dbcf25a4a3b902169a4d330e2abdd36f3c383035dc0113b5991970ca46380f
SHA512661875f18d4ff6717828168cc8f47b203bee8aa4e1bebd401a69fb82b5c3234b27fe7365151fd36226eba42e1aad57e7322fda20192f52a1f86593f4dda6f9e1
-
Filesize
16KB
MD535dcbdba1ac47624be00a3f7294258f8
SHA12869bb0c480399319542a697ec86698863d8771b
SHA256f1d22cd6b43a6869df57c0eaf9753f9f6fadd143a9fad33dabc37921b4ce6438
SHA512dc4605708cb833d3b17771e245ccb767afe6db228002b17d45e73c6b29fbc1f04a7630b55a563ae7e7c7cb24a4947470136e57504ae081d1f8b6a6c9fc338c71
-
Filesize
199KB
MD572a9791ce3a11f34517f7ed1dc62d545
SHA13cfeda25c6a3f9bfca901087943614fa4daf06a0
SHA25608d9db50bd9f3472bdb61704d94d67efdbb712fb51eb6774bddbc4c82478b6ab
SHA512dc6f0095af2398883d2d815a07afa1c4b84237d6d3d245d2f47d0275e93e0b1fbc02c5fb7d0ee2391cc17bc0a2bc0c23bf9f61b3c7049bd9048e5441ea4e2b68
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e