Overview
overview
7Static
static
3Hexa v1.5.zip
windows10-1703-x64
1Hexa v1.5/...de.dll
windows10-1703-x64
1Hexa v1.5/...er.dll
windows10-1703-x64
1Hexa v1.5/...ts.dll
windows10-1703-x64
1Hexa v1.5/...er.dll
windows10-1703-x64
1Hexa v1.5/...de.dll
windows10-1703-x64
1Hexa v1.5/...data_0
windows10-1703-x64
1Hexa v1.5/...data_1
windows10-1703-x64
1Hexa v1.5/...data_2
windows10-1703-x64
1Hexa v1.5/...data_3
windows10-1703-x64
1Hexa v1.5/.../index
windows10-1703-x64
1Hexa v1.5/...er.exe
windows10-1703-x64
7Hexa v1.5/...config
windows10-1703-x64
3Hexa v1.5/...al.dll
windows10-1703-x64
3Hexa v1.5/...or.dll
windows10-1703-x64
1Hexa v1.5/...HT.txt
windows10-1703-x64
1Hexa v1.5/...es.txt
windows10-1703-x64
1Hexa v1.5/...To.txt
windows10-1703-x64
1Hexa v1.5/...ng.txt
windows10-1703-x64
1Hexa v1.5/...Me.txt
windows10-1703-x64
1Hexa v1.5/...rt.txt
windows10-1703-x64
1Hexa v1.5/...HT.txt
windows10-1703-x64
1Hexa v1.5/...HT.txt
windows10-1703-x64
1Resubmissions
23/04/2023, 17:07
230423-vm2waagc9v 723/04/2023, 17:03
230423-vkr83aeg34 723/04/2023, 16:56
230423-vf3h8sef88 7Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-1703_x64 -
resource
win10-20230220-es -
resource tags
arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows -
submitted
23/04/2023, 17:03
Behavioral task
behavioral1
Sample
Hexa v1.5.zip
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral2
Sample
Hexa v1.5/Hexa/Community/Scripts/AdvancedMode.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral3
Sample
Hexa v1.5/Hexa/Community/Scripts/CommunityScriptsLoader.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral4
Sample
Hexa v1.5/Hexa/Community/Scripts/PreMadeScripts.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral5
Sample
Hexa v1.5/Hexa/Community/Scripts/ScriptMaker.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral6
Sample
Hexa v1.5/Hexa/Community/Scripts/SimpleMode.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral7
Sample
Hexa v1.5/Hexa/GPUCache/data_0
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral8
Sample
Hexa v1.5/Hexa/GPUCache/data_1
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral9
Sample
Hexa v1.5/Hexa/GPUCache/data_2
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral10
Sample
Hexa v1.5/Hexa/GPUCache/data_3
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral11
Sample
Hexa v1.5/Hexa/GPUCache/index
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral12
Sample
Hexa v1.5/Hexa/HexaBuilder.exe
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral13
Sample
Hexa v1.5/Hexa/HexaUI.config
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral14
Sample
Hexa v1.5/Hexa/Hexal.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral15
Sample
Hexa v1.5/Hexa/Injector.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral16
Sample
Hexa v1.5/Hexa/©COPYRIGHT.txt
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral17
Sample
Hexa v1.5/Important/Features.txt
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral18
Sample
Hexa v1.5/Important/HowTo.txt
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral19
Sample
Hexa v1.5/Important/NotWorking.txt
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral20
Sample
Hexa v1.5/Important/ReadMe.txt
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral21
Sample
Hexa v1.5/Important/Support.txt
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral22
Sample
Hexa v1.5/Important/©COPYRIGHT.txt
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral23
Sample
Hexa v1.5/©COPYRIGHT.txt
Resource
win10-20230220-es
windows10-1703-x64
General
-
Target
Hexa v1.5.zip
-
Size
21.5MB
-
MD5
fff80170492a9c4a8f4948ded88a36ae
-
SHA1
f1523517319cb5717cee0f06ae3500dca3be2a07
-
SHA256
871761e2556c306e5507c278fee29c3f507d4eb0efac36cb98dc432daa15784f
-
SHA512
7f37c7b76c1adb990f310282902a737b257689ee82141a0c291363399769f5cf63209e0028c112b519af5d2ceb8a09dad92cc1ad32d5ea9e023886d5edea10e5
-
SSDEEP
393216:hjsBtdiiH+F7w7ifc8Ms68AbEupoQIx+q03woJxKK9S0bj+rTObuHPXvL9Qk:hoBfiiH+hjfcttnAupoNx/awoJxKIS0E
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133267502941196873" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1532 chrome.exe 1532 chrome.exe 5076 chrome.exe 5076 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe Token: SeShutdownPrivilege 1532 chrome.exe Token: SeCreatePagefilePrivilege 1532 chrome.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
pid Process 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1532 wrote to memory of 4868 1532 chrome.exe 68 PID 1532 wrote to memory of 4868 1532 chrome.exe 68 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4476 1532 chrome.exe 71 PID 1532 wrote to memory of 4324 1532 chrome.exe 70 PID 1532 wrote to memory of 4324 1532 chrome.exe 70 PID 1532 wrote to memory of 2568 1532 chrome.exe 72 PID 1532 wrote to memory of 2568 1532 chrome.exe 72 PID 1532 wrote to memory of 2568 1532 chrome.exe 72 PID 1532 wrote to memory of 2568 1532 chrome.exe 72 PID 1532 wrote to memory of 2568 1532 chrome.exe 72 PID 1532 wrote to memory of 2568 1532 chrome.exe 72 PID 1532 wrote to memory of 2568 1532 chrome.exe 72 PID 1532 wrote to memory of 2568 1532 chrome.exe 72 PID 1532 wrote to memory of 2568 1532 chrome.exe 72 PID 1532 wrote to memory of 2568 1532 chrome.exe 72 PID 1532 wrote to memory of 2568 1532 chrome.exe 72 PID 1532 wrote to memory of 2568 1532 chrome.exe 72 PID 1532 wrote to memory of 2568 1532 chrome.exe 72 PID 1532 wrote to memory of 2568 1532 chrome.exe 72 PID 1532 wrote to memory of 2568 1532 chrome.exe 72 PID 1532 wrote to memory of 2568 1532 chrome.exe 72 PID 1532 wrote to memory of 2568 1532 chrome.exe 72 PID 1532 wrote to memory of 2568 1532 chrome.exe 72 PID 1532 wrote to memory of 2568 1532 chrome.exe 72 PID 1532 wrote to memory of 2568 1532 chrome.exe 72 PID 1532 wrote to memory of 2568 1532 chrome.exe 72 PID 1532 wrote to memory of 2568 1532 chrome.exe 72
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Hexa v1.5.zip"1⤵PID:1276
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1532 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaa82e9758,0x7ffaa82e9768,0x7ffaa82e97782⤵PID:4868
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1668,i,14959318415805647214,8305601493414816217,131072 /prefetch:82⤵PID:4324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1668,i,14959318415805647214,8305601493414816217,131072 /prefetch:22⤵PID:4476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1668,i,14959318415805647214,8305601493414816217,131072 /prefetch:82⤵PID:2568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1668,i,14959318415805647214,8305601493414816217,131072 /prefetch:12⤵PID:4136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1668,i,14959318415805647214,8305601493414816217,131072 /prefetch:12⤵PID:3104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4376 --field-trial-handle=1668,i,14959318415805647214,8305601493414816217,131072 /prefetch:12⤵PID:4696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4360 --field-trial-handle=1668,i,14959318415805647214,8305601493414816217,131072 /prefetch:82⤵PID:4704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4676 --field-trial-handle=1668,i,14959318415805647214,8305601493414816217,131072 /prefetch:82⤵PID:4608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1668,i,14959318415805647214,8305601493414816217,131072 /prefetch:82⤵PID:4944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1668,i,14959318415805647214,8305601493414816217,131072 /prefetch:82⤵PID:4888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4544 --field-trial-handle=1668,i,14959318415805647214,8305601493414816217,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5076
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3664
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1013B
MD5a45b82f9ac19c9a4f1f4a6ecd26ce72e
SHA1e6c8e6353ce24f6bc6d98c051c34a7d82ae56f22
SHA256c87445b15033832360bbd86faf4217d0cb9b62e66e03be2b07e5a552ca28a88c
SHA51290e6bdb8a4a3ac23d07d66bc91ffadccb59e1440067636f90039ebc4f948a4cc3c0f0b40c708b7172d568d0c58aba1ed40e0cd68c27a9290357e25ba5dc3aca9
-
Filesize
371B
MD5fc8b3f5d14dff65f667335bc9632db19
SHA115af24b0bfaddff10359d758a221f2c3458e4dd8
SHA2566823925a43c357d830d4bffc246ea5a01e381e92ac66d07369d622d3675d3b93
SHA5128892418c4cfa5d6d8fd0178233d9020f78878285ae5107299b5914a27a668dcfe1dca101f77208e9a3a45127bce86b78b0def3e9d0c7fd9efde776a26e8c2b67
-
Filesize
5KB
MD570b288c8a69f119acd1b448baa5fb17b
SHA1b20e189f45e74296d48cc95ac6a1ba96c021df42
SHA25674349ff22b30e5b94a077446b7d38e90313d7f382b33120564c35d3814663de9
SHA512d3c4cad3412ac1682fa610999e9fc78aee92dc3c9a8889a1f61b38c5a5932f19435d9bcf41fc2ae60fa04d969b5726dfd86ced88c1fe67c433f88d39941c80d0
-
Filesize
5KB
MD58e51d07da4f74c50fcfc8cfd3ed49124
SHA106b07a947904eec98226d5b16a5df72d5cc22960
SHA25661cba408b1c846956a862b9aaef50623bfc520ac6328d1893e5d86c302ee6ce9
SHA5125d8352ffcee54f4498d70501a16acca2fe5a494901e1cfd79b301c438cc41c6cb58ed76fd6d3b89c988df2dc4e3db1f54cfbc97677b55d9abb7ef68464d87985
-
Filesize
5KB
MD55d8a84cd3a2176c42414aa903ae8bd54
SHA15aff488a90d28f1fb1ff78daf1b4f48184d7d754
SHA256240b48eb9f6332e248fd6af63de75e3bf240dd6ac924aae47d6c530a5fc9ce25
SHA5126610de744e65d223975115871e26fd13da0aef9f7e2fc444203aaf54979d080dbb4c5c03df28a8457e12b66b761be66c6781cea44fe9a9917beeca899910d177
-
Filesize
5KB
MD53d184183da5e9b0f457711f5aed11a3b
SHA12bac9fdeeb2ae31686c3c1cf284420aa251b3ff2
SHA2561a03ae42b99899d30460dca65099abfc0d511474056a38e4f042f1b3e9ca828d
SHA51243851186a39d2a8c8ff51415f936d08c5871204b6e89ca81dbad02c84685e8f44162ba055ebf2825882723b0e469781afc0f31c3fd875a8194833586cc32c6b2
-
Filesize
200KB
MD5c7aa2cbca2ac90957cf3013e7382ff8e
SHA1fe2bd26154312d1171514463e04043830b87d81c
SHA25661fbab1bd8ef4b54a6ee226e98ccceb355cf78fc8e89c4e668409f49e6557ed8
SHA512ab2a6ed10c04bba189c51db67257d34aa1443f417442c02a2506dbe3b33004daff087daaeb4f414450ea607d439feb46d769f91db92477d40045ceb219ec6d00
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd