Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
17/01/2024, 18:47
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://url001.furnwise.co.uk/ls/click?upn=VFkUlRdQeKr-2BAh2nx6fJRjGoPXcC-2BWHRlYdSDDOBmTSTNvxc088NqFba2TMK83U4Rp7knOCouyDhskN39f4pjXdHVyyO2Tox494LeF-2FpGHJAevdqsEZ6xEkDS888opFl95tYEYkjOqrS0mls3azDfs8wbj-2BEeTfLuC3FWIUJvM8pBhqXzPe1tp0HanZNw5Fo7yrG9bbKN718N-2FS-2BhZE2OAfP7U8scngP6NBBomQ3nabturUBrV1kqCOv5zdkCdh3wPIcBne-2BfPFQQz6dhSDtKgzW0GMttrPKVAvGmWaKARPqG-2BVbc2MIyCbAoxPstoS816l1xXWBFao0XwGiOxUZgQyicvUgzRd53MKjcQ5E8lSgrRJSe9VZ1Y4nITaKPRPBj0TOy3hOl93Z6bErCWwZnTQLNhRCJjvQxp2Z2aFJsPv6-2FDsIY6l1w-2Bkb0k-2BCDsCjh8arRp3hFzg8l7hw7oJ7NkkHrOK7c4YZAyDlZpqu-2FqoXJZwJ7o-2BJDVCElYxKGInXRpjEfK8uxZSECt7RGHx1CzY2uFqOz2ysLuM9XyAxntl9C3pyi6cdUgE4GigV3stcAiog_LpsdMmOcx5wSUBG0N3RMhFfdroQLGGkMxnbj7-2Fy2-2BlmxM0LqwgttIZAZEsKGLIp7uLPwWrZeiHCUyWnhnVa4AmkRn5xTqUHnhI9oRQVWelyuJ0cZLgz0BYkyLo2RxAUMpFAHdMaPUeObT78H3j8wmmZCkULfmv4SNgS8yAKjRPEvqP3c7EAaJ4a7isHYKnueDn7PhEiO-2FafA-2FcD1DrYdHJ4zmzB3GJOKTAnQ-2FOVUHwV0d1ThGjpZ68zCqwPlKrgKDCi9R-2F2g54JTlC1f60De3wvDWhL87tWdWOtmTOZYk3IpofKXYsS8sPhuJ5SdT-2BiA
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
http://url001.furnwise.co.uk/ls/click?upn=VFkUlRdQeKr-2BAh2nx6fJRjGoPXcC-2BWHRlYdSDDOBmTSTNvxc088NqFba2TMK83U4Rp7knOCouyDhskN39f4pjXdHVyyO2Tox494LeF-2FpGHJAevdqsEZ6xEkDS888opFl95tYEYkjOqrS0mls3azDfs8wbj-2BEeTfLuC3FWIUJvM8pBhqXzPe1tp0HanZNw5Fo7yrG9bbKN718N-2FS-2BhZE2OAfP7U8scngP6NBBomQ3nabturUBrV1kqCOv5zdkCdh3wPIcBne-2BfPFQQz6dhSDtKgzW0GMttrPKVAvGmWaKARPqG-2BVbc2MIyCbAoxPstoS816l1xXWBFao0XwGiOxUZgQyicvUgzRd53MKjcQ5E8lSgrRJSe9VZ1Y4nITaKPRPBj0TOy3hOl93Z6bErCWwZnTQLNhRCJjvQxp2Z2aFJsPv6-2FDsIY6l1w-2Bkb0k-2BCDsCjh8arRp3hFzg8l7hw7oJ7NkkHrOK7c4YZAyDlZpqu-2FqoXJZwJ7o-2BJDVCElYxKGInXRpjEfK8uxZSECt7RGHx1CzY2uFqOz2ysLuM9XyAxntl9C3pyi6cdUgE4GigV3stcAiog_LpsdMmOcx5wSUBG0N3RMhFfdroQLGGkMxnbj7-2Fy2-2BlmxM0LqwgttIZAZEsKGLIp7uLPwWrZeiHCUyWnhnVa4AmkRn5xTqUHnhI9oRQVWelyuJ0cZLgz0BYkyLo2RxAUMpFAHdMaPUeObT78H3j8wmmZCkULfmv4SNgS8yAKjRPEvqP3c7EAaJ4a7isHYKnueDn7PhEiO-2FafA-2FcD1DrYdHJ4zmzB3GJOKTAnQ-2FOVUHwV0d1ThGjpZ68zCqwPlKrgKDCi9R-2F2g54JTlC1f60De3wvDWhL87tWdWOtmTOZYk3IpofKXYsS8sPhuJ5SdT-2BiA
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
http://url001.furnwise.co.uk/ls/click?upn=VFkUlRdQeKr-2BAh2nx6fJRjGoPXcC-2BWHRlYdSDDOBmTSTNvxc088NqFba2TMK83U4Rp7knOCouyDhskN39f4pjXdHVyyO2Tox494LeF-2FpGHJAevdqsEZ6xEkDS888opFl95tYEYkjOqrS0mls3azDfs8wbj-2BEeTfLuC3FWIUJvM8pBhqXzPe1tp0HanZNw5Fo7yrG9bbKN718N-2FS-2BhZE2OAfP7U8scngP6NBBomQ3nabturUBrV1kqCOv5zdkCdh3wPIcBne-2BfPFQQz6dhSDtKgzW0GMttrPKVAvGmWaKARPqG-2BVbc2MIyCbAoxPstoS816l1xXWBFao0XwGiOxUZgQyicvUgzRd53MKjcQ5E8lSgrRJSe9VZ1Y4nITaKPRPBj0TOy3hOl93Z6bErCWwZnTQLNhRCJjvQxp2Z2aFJsPv6-2FDsIY6l1w-2Bkb0k-2BCDsCjh8arRp3hFzg8l7hw7oJ7NkkHrOK7c4YZAyDlZpqu-2FqoXJZwJ7o-2BJDVCElYxKGInXRpjEfK8uxZSECt7RGHx1CzY2uFqOz2ysLuM9XyAxntl9C3pyi6cdUgE4GigV3stcAiog_LpsdMmOcx5wSUBG0N3RMhFfdroQLGGkMxnbj7-2Fy2-2BlmxM0LqwgttIZAZEsKGLIp7uLPwWrZeiHCUyWnhnVa4AmkRn5xTqUHnhI9oRQVWelyuJ0cZLgz0BYkyLo2RxAUMpFAHdMaPUeObT78H3j8wmmZCkULfmv4SNgS8yAKjRPEvqP3c7EAaJ4a7isHYKnueDn7PhEiO-2FafA-2FcD1DrYdHJ4zmzB3GJOKTAnQ-2FOVUHwV0d1ThGjpZ68zCqwPlKrgKDCi9R-2F2g54JTlC1f60De3wvDWhL87tWdWOtmTOZYk3IpofKXYsS8sPhuJ5SdT-2BiA
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133499909058893262" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4604 chrome.exe 4604 chrome.exe 3324 chrome.exe 3324 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe Token: SeShutdownPrivilege 4604 chrome.exe Token: SeCreatePagefilePrivilege 4604 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe 4604 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4604 wrote to memory of 672 4604 chrome.exe 88 PID 4604 wrote to memory of 672 4604 chrome.exe 88 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2084 4604 chrome.exe 92 PID 4604 wrote to memory of 2140 4604 chrome.exe 91 PID 4604 wrote to memory of 2140 4604 chrome.exe 91 PID 4604 wrote to memory of 448 4604 chrome.exe 93 PID 4604 wrote to memory of 448 4604 chrome.exe 93 PID 4604 wrote to memory of 448 4604 chrome.exe 93 PID 4604 wrote to memory of 448 4604 chrome.exe 93 PID 4604 wrote to memory of 448 4604 chrome.exe 93 PID 4604 wrote to memory of 448 4604 chrome.exe 93 PID 4604 wrote to memory of 448 4604 chrome.exe 93 PID 4604 wrote to memory of 448 4604 chrome.exe 93 PID 4604 wrote to memory of 448 4604 chrome.exe 93 PID 4604 wrote to memory of 448 4604 chrome.exe 93 PID 4604 wrote to memory of 448 4604 chrome.exe 93 PID 4604 wrote to memory of 448 4604 chrome.exe 93 PID 4604 wrote to memory of 448 4604 chrome.exe 93 PID 4604 wrote to memory of 448 4604 chrome.exe 93 PID 4604 wrote to memory of 448 4604 chrome.exe 93 PID 4604 wrote to memory of 448 4604 chrome.exe 93 PID 4604 wrote to memory of 448 4604 chrome.exe 93 PID 4604 wrote to memory of 448 4604 chrome.exe 93 PID 4604 wrote to memory of 448 4604 chrome.exe 93 PID 4604 wrote to memory of 448 4604 chrome.exe 93 PID 4604 wrote to memory of 448 4604 chrome.exe 93 PID 4604 wrote to memory of 448 4604 chrome.exe 93
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://url001.furnwise.co.uk/ls/click?upn=VFkUlRdQeKr-2BAh2nx6fJRjGoPXcC-2BWHRlYdSDDOBmTSTNvxc088NqFba2TMK83U4Rp7knOCouyDhskN39f4pjXdHVyyO2Tox494LeF-2FpGHJAevdqsEZ6xEkDS888opFl95tYEYkjOqrS0mls3azDfs8wbj-2BEeTfLuC3FWIUJvM8pBhqXzPe1tp0HanZNw5Fo7yrG9bbKN718N-2FS-2BhZE2OAfP7U8scngP6NBBomQ3nabturUBrV1kqCOv5zdkCdh3wPIcBne-2BfPFQQz6dhSDtKgzW0GMttrPKVAvGmWaKARPqG-2BVbc2MIyCbAoxPstoS816l1xXWBFao0XwGiOxUZgQyicvUgzRd53MKjcQ5E8lSgrRJSe9VZ1Y4nITaKPRPBj0TOy3hOl93Z6bErCWwZnTQLNhRCJjvQxp2Z2aFJsPv6-2FDsIY6l1w-2Bkb0k-2BCDsCjh8arRp3hFzg8l7hw7oJ7NkkHrOK7c4YZAyDlZpqu-2FqoXJZwJ7o-2BJDVCElYxKGInXRpjEfK8uxZSECt7RGHx1CzY2uFqOz2ysLuM9XyAxntl9C3pyi6cdUgE4GigV3stcAiog_LpsdMmOcx5wSUBG0N3RMhFfdroQLGGkMxnbj7-2Fy2-2BlmxM0LqwgttIZAZEsKGLIp7uLPwWrZeiHCUyWnhnVa4AmkRn5xTqUHnhI9oRQVWelyuJ0cZLgz0BYkyLo2RxAUMpFAHdMaPUeObT78H3j8wmmZCkULfmv4SNgS8yAKjRPEvqP3c7EAaJ4a7isHYKnueDn7PhEiO-2FafA-2FcD1DrYdHJ4zmzB3GJOKTAnQ-2FOVUHwV0d1ThGjpZ68zCqwPlKrgKDCi9R-2F2g54JTlC1f60De3wvDWhL87tWdWOtmTOZYk3IpofKXYsS8sPhuJ5SdT-2BiA1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4604 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf7749758,0x7ffbf7749768,0x7ffbf77497782⤵PID:672
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1728,i,17251572564043993194,3023336286352730261,131072 /prefetch:82⤵PID:2140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1728,i,17251572564043993194,3023336286352730261,131072 /prefetch:22⤵PID:2084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1728,i,17251572564043993194,3023336286352730261,131072 /prefetch:82⤵PID:448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=1728,i,17251572564043993194,3023336286352730261,131072 /prefetch:12⤵PID:920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1728,i,17251572564043993194,3023336286352730261,131072 /prefetch:12⤵PID:1332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4844 --field-trial-handle=1728,i,17251572564043993194,3023336286352730261,131072 /prefetch:12⤵PID:4984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1728,i,17251572564043993194,3023336286352730261,131072 /prefetch:82⤵PID:4016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1728,i,17251572564043993194,3023336286352730261,131072 /prefetch:82⤵PID:1980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 --field-trial-handle=1728,i,17251572564043993194,3023336286352730261,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3324
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:5040
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\55d75014-3efc-4bd9-9703-d5e6d9b08f33.tmp
Filesize536B
MD5edb64ff219f4506db23f4040bf6b8e13
SHA165915114e6176838e5ef08675dc437a39e56c29d
SHA2567ed84a63ae97fe1143b702a44f8bef11012e69d237feda05bbe583803619f0cf
SHA51299732bf5091d3fe037b5a1399d8618d5cf67239498f0757be31fa89501d01cc8261091186c1f0ea3c416017fbf45c5aa66be3660e10abfad4136dee90dc1b8ef
-
Filesize
1KB
MD5e31c7b70dfc53a8adfdc39e11bcea9e3
SHA1ec894241d19cb96a09a1a1b6a8c62fafc34e7532
SHA256b0c9cc36672cdbce51c8bf872737782d4b4550de37832c9b5d91c4bebb3dcc6e
SHA512545fac6fccb9f8e95035a5a1a3327ec39cfb6e4acac720c83bf88bfd0056ba38d0bf05e7039202526b8646c87b834324292eb66e3611bf539c2a9286a61120c1
-
Filesize
6KB
MD5f8325ee517b9f784f1a4902bdd181929
SHA16b05f02619f076e4824391bdb5a5172f674d60cc
SHA2563c5c9894e0832f60caae542127b107789f9f559db8262ef964a788826ab18cc0
SHA51229602766dba87d52f1a8f01b7b8eb3c23e61b658c5089215a81a51ce886e4f5456f6dd781721974d1a80fee554c7656d7acbeb5bc971a9733962b16c7bd9a2a1
-
Filesize
6KB
MD5984a7e68384d8c432c039d460a472116
SHA10937281d820eeda2bf35f16bdb1eeb9fcc5afc09
SHA256407df5a524c13b13ca5c89145606053f30c86552b32bd6d62ffa6b99555c0f27
SHA512658377d46cd274e22b8d2494b0f0f6a44424c91d914031e96c7df8e0a11788ab77151d0885b300356432b0f6d46fc9b7824dd3ab0e67648ae35a3c3c4d3cc0ae
-
Filesize
6KB
MD5b44a4bb122a2e1cbef901fc9e1fe45ef
SHA1ab944dab73328d4bcf3b785d0ec4a70ad86b500d
SHA256195e88504689fcb4c5a52ad4e2598ca4fe4c357f6a3e00218101e464d9f915af
SHA512bbce3c89fed992637f21e28cee8beca6fdce6e3dc358807a1eea96685218a56d632f64aa2a7e09e150e58e50a80bd12732412665a4a2f0dfc9bc983726126afb
-
Filesize
114KB
MD523d7c2997886796f64fc1d4e78e898f9
SHA1b14f7c981daa3691362acddf9a62a25a6440325f
SHA256a4f04ce163719f3e4e06ebd2a8ebd511536861f2707fc6b82a4caf1459455b97
SHA51278aabfe6241d66fc960630b4579ad1b2f5b25008b99dd47260e19b7ee2acde0dc42d94526fba2ac7c1574fd7270e300f4477e00edd7a3f0edd16aaf354a2a9d3
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd