Overview
overview
3Static
static
1Transfer.zip
windows10-2004-x64
1Transfer/control.lua
windows10-2004-x64
3Transfer/d...n.json
windows10-2004-x64
3Transfer/freeplay.js
windows10-2004-x64
1Transfer/info.json
windows10-2004-x64
3Transfer/l...it.dat
windows10-2004-x64
3Transfer/level.dat0
windows10-2004-x64
3Transfer/level.dat1
windows10-2004-x64
3Transfer/level.dat10
windows10-2004-x64
3Transfer/level.dat11
windows10-2004-x64
3Transfer/level.dat12
windows10-2004-x64
3Transfer/level.dat2
windows10-2004-x64
3Transfer/level.dat3
windows10-2004-x64
3Transfer/level.dat4
windows10-2004-x64
3Transfer/level.dat5
windows10-2004-x64
3Transfer/level.dat6
windows10-2004-x64
3Transfer/level.dat7
windows10-2004-x64
3Transfer/level.dat8
windows10-2004-x64
3Transfer/level.dat9
windows10-2004-x64
3Transfer/l...tadata
windows10-2004-x64
3Transfer/l...ay.cfg
windows10-2004-x64
3Transfer/l...ay.cfg
windows10-2004-x64
3Transfer/l...ay.cfg
windows10-2004-x64
3Transfer/l...ay.cfg
windows10-2004-x64
3Transfer/l...ay.cfg
windows10-2004-x64
3Transfer/l...ay.cfg
windows10-2004-x64
3Transfer/l...ay.cfg
windows10-2004-x64
3Transfer/l...ay.cfg
windows10-2004-x64
3Transfer/l...ay.cfg
windows10-2004-x64
3Transfer/l...ay.cfg
windows10-2004-x64
3Transfer/l...ay.cfg
windows10-2004-x64
3Transfer/preview.jpg
windows10-2004-x64
3Resubmissions
18/01/2024, 21:47
240118-1m8ayshghp 318/01/2024, 21:42
240118-1kd94ahgdk 118/01/2024, 21:39
240118-1h5dhaafa4 1Analysis
-
max time kernel
299s -
max time network
293s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
18/01/2024, 21:47
Static task
static1
Behavioral task
behavioral1
Sample
Transfer.zip
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
Transfer/control.lua
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Transfer/description.json
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
Transfer/freeplay.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Transfer/info.json
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
Transfer/level-init.dat
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Transfer/level.dat0
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
Transfer/level.dat1
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Transfer/level.dat10
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
Transfer/level.dat11
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Transfer/level.dat12
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
Transfer/level.dat2
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Transfer/level.dat3
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
Transfer/level.dat4
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Transfer/level.dat5
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
Transfer/level.dat6
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Transfer/level.dat7
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
Transfer/level.dat8
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Transfer/level.dat9
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
Transfer/level.datmetadata
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Transfer/locale/af/freeplay.cfg
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
Transfer/locale/ar/freeplay.cfg
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Transfer/locale/be/freeplay.cfg
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
Transfer/locale/bg/freeplay.cfg
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Transfer/locale/ca/freeplay.cfg
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
Transfer/locale/cs/freeplay.cfg
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Transfer/locale/da/freeplay.cfg
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
Transfer/locale/de/freeplay.cfg
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Transfer/locale/el/freeplay.cfg
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
Transfer/locale/en/freeplay.cfg
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Transfer/locale/es-ES/freeplay.cfg
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
Transfer/preview.jpg
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
Transfer/level.dat11
-
Size
343KB
-
MD5
10c34d8de718ad706d772a7aff7982ce
-
SHA1
1f650bed01f117802d1bcfcb96a6ca8f54e4043e
-
SHA256
5cb7e257a5151b58e8f561745f5fac35af6e67cb0205bbc7a54a3a55040adf27
-
SHA512
61fb1037d33ddf2578d526ad3c65ce9e12376327cdc383827cc17e416910093662bbaf7d91afe443527b820d7d387ee0d26419aa2f348bdf93b703854527540f
-
SSDEEP
6144:JSoVito9JAW98wUHO+yTLkQw9oHYHc+/2KetSX0wdm5q2Q8t76y4PNP:0oVitSJh8wUHOhLkQA0YHROym51qP
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133500882934335547" chrome.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings OpenWith.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 1048 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3372 chrome.exe 3372 chrome.exe 3024 chrome.exe 3024 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2252 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe -
Suspicious use of SetWindowsHookEx 39 IoCs
pid Process 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe 2252 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2252 wrote to memory of 1048 2252 OpenWith.exe 115 PID 2252 wrote to memory of 1048 2252 OpenWith.exe 115 PID 3372 wrote to memory of 5096 3372 chrome.exe 127 PID 3372 wrote to memory of 5096 3372 chrome.exe 127 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4744 3372 chrome.exe 129 PID 3372 wrote to memory of 4592 3372 chrome.exe 133 PID 3372 wrote to memory of 4592 3372 chrome.exe 133 PID 3372 wrote to memory of 4392 3372 chrome.exe 130 PID 3372 wrote to memory of 4392 3372 chrome.exe 130 PID 3372 wrote to memory of 4392 3372 chrome.exe 130 PID 3372 wrote to memory of 4392 3372 chrome.exe 130 PID 3372 wrote to memory of 4392 3372 chrome.exe 130 PID 3372 wrote to memory of 4392 3372 chrome.exe 130 PID 3372 wrote to memory of 4392 3372 chrome.exe 130 PID 3372 wrote to memory of 4392 3372 chrome.exe 130 PID 3372 wrote to memory of 4392 3372 chrome.exe 130 PID 3372 wrote to memory of 4392 3372 chrome.exe 130 PID 3372 wrote to memory of 4392 3372 chrome.exe 130 PID 3372 wrote to memory of 4392 3372 chrome.exe 130 PID 3372 wrote to memory of 4392 3372 chrome.exe 130 PID 3372 wrote to memory of 4392 3372 chrome.exe 130 PID 3372 wrote to memory of 4392 3372 chrome.exe 130 PID 3372 wrote to memory of 4392 3372 chrome.exe 130 PID 3372 wrote to memory of 4392 3372 chrome.exe 130 PID 3372 wrote to memory of 4392 3372 chrome.exe 130 PID 3372 wrote to memory of 4392 3372 chrome.exe 130 PID 3372 wrote to memory of 4392 3372 chrome.exe 130
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Transfer\level.dat111⤵
- Modifies registry class
PID:1944
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2252 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Transfer\level.dat112⤵
- Opens file in notepad (likely ransom note)
PID:1048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3372 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffab30e9758,0x7ffab30e9768,0x7ffab30e97782⤵PID:5096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1876,i,11566477758362745945,13917320139482106313,131072 /prefetch:22⤵PID:4744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1876,i,11566477758362745945,13917320139482106313,131072 /prefetch:82⤵PID:4392
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1876,i,11566477758362745945,13917320139482106313,131072 /prefetch:12⤵PID:5112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1876,i,11566477758362745945,13917320139482106313,131072 /prefetch:12⤵PID:2152
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1876,i,11566477758362745945,13917320139482106313,131072 /prefetch:82⤵PID:4592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4692 --field-trial-handle=1876,i,11566477758362745945,13917320139482106313,131072 /prefetch:12⤵PID:1436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4848 --field-trial-handle=1876,i,11566477758362745945,13917320139482106313,131072 /prefetch:82⤵PID:4000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4948 --field-trial-handle=1876,i,11566477758362745945,13917320139482106313,131072 /prefetch:82⤵PID:2032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1876,i,11566477758362745945,13917320139482106313,131072 /prefetch:82⤵PID:5116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1876,i,11566477758362745945,13917320139482106313,131072 /prefetch:82⤵PID:1240
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4988 --field-trial-handle=1876,i,11566477758362745945,13917320139482106313,131072 /prefetch:82⤵PID:1328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5480 --field-trial-handle=1876,i,11566477758362745945,13917320139482106313,131072 /prefetch:12⤵PID:3736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3288 --field-trial-handle=1876,i,11566477758362745945,13917320139482106313,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3024
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1456
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
456B
MD5ae93213728bb6c84301534fd0e70b26b
SHA154baa13bd26372e1bc79cc92b68d67f05ae04f43
SHA256be213405f4099a91142936fdcf78b035da1c1b2d060b10d53bd57a191ae56ce1
SHA512435d1bcfb691277508710aa1532aed48e60115a0ba1a966b216e8c4284177e1889a3c78e2d3ee67e26cd451f0b006752db56f1220838c791a386a10b594d3c13
-
Filesize
2KB
MD55bd774d2df9052ce973b288ca4e722e9
SHA1b397b8d4126ce6552f3390b2816639f57aa3f584
SHA256087a98a8d93ad790d0bea3a9ddbc8f0271f869490bcc771c315b664be9b3d741
SHA512602eb76886c5c59f0ffbb849079302ea6746bf4548104c2d776f8caf9d99f5d757ba2a5229a81cdf911ccfb372dee8cf830e8247bf621b422f16971cecef7191
-
Filesize
2KB
MD55907b3f01712808517e37d280cd58fdc
SHA1a22a21cd31f4cc889f5af248f73328037f5c0f78
SHA256bd1061aa8db5f11a8a19c9c633a1f5d1866f8f59c6b3f62731e7d6540ea2eedb
SHA512b956073e7885fe019f68bb77546af187aa444e32ea641b8937d0bd2d22212cac4f3ac2554f36d957eaf9c43f16e51e8eb4e5ace61a5ccde7f3272ecf6c2352aa
-
Filesize
371B
MD565ec7e82c032ece9649f0ae8e28e4aad
SHA167f9648314a0ed43d07f6944c1731e27c545d7dc
SHA256a2b8fa25397d837aa9a797b0ae4714ef8d3d3c3265d11a8f9dbff9140f8ef74e
SHA512d59c00bbfbbb7b2198a4aaf5c0915af81edb1027307be55c341181c63a3c38d17231b5f9753aff0b846634ba037d2c013670a054a88a7c86840f9d6fb586bf80
-
Filesize
371B
MD5b5fa49020d8c69097429095497c34720
SHA142f3e3ebab8d8059b952271812fca54d05731531
SHA25632c634be717f4b85b122067741db4fc1bf184df293ae3c6a6b72377cffa3f520
SHA512ee89b445c5c65e5a186a2805f6a28112d6d79293358dd0fcad849c2e37b41b70297f26a054f24de0ad81c3d2215d9d3de0bf3c5a639cc0bb5feb81fd5ea58207
-
Filesize
6KB
MD5d8281d2ad2eb84034a80b3b19dc88ed2
SHA1438f76fa6341aae53e8024f0fd410c64d6dd8434
SHA256e91f5c06d8eae6503d320941d723b5580da923451b08733fe61c4d333d7941d4
SHA512bae1b990b5a9f4c86625a91a06d00fa6d4334b292a002ece1c476f84159cb03e7c42e956abcfbd65fc6c0ca283e3da9b12d0b602ace22d7cd5ab4da3c8993e3d
-
Filesize
6KB
MD560c4ed74152e5d1390586cad1960bca9
SHA12e50bbdf1d70713e41b7ac825637430ddf3040a4
SHA256c9bcfc15d063bf90dbfe4445a2aa18b94ea7f8ceb3625ab96dc073925adf544e
SHA51244c70b7575c2b52edcdd177c6f8ef095d0322331da74807d4e2f627dac4f447a20c7eb42c368ebf6eb895a20b387b84305d3005e433a421348472685dd20321f
-
Filesize
6KB
MD5da8d9f6f2e466e9df4d964a3a2a896c9
SHA159704623d25b0761ce4b203dc0866e5936b1cd66
SHA2562815a5807c85e13ac1a43a2252709042c16fa6da800788e26d59b4cdc098787c
SHA5121c3b30a0b6cbe7480a02cde0cea253e6149d767616e6849c9421994322921d956a3e1c4f6a10dca80a182a21c0ecd42df2bef5daa5cd27819ec38b96f894a509
-
Filesize
15KB
MD57b67d06fe3d3b9e108bb4b8621b08f05
SHA138b75b539943303a2a611d5922809eb50ea2e94c
SHA256f51a997b4e7c71ae86a76c3c348e94feaa1b74d9258ccb19aa4cd84c76e88381
SHA51234a7c14f0b2a70e84956a5ca6c99ba8fbeff76bd40a583949b07ac4abdd51c4d548502e257a4dabc0ddafc6c0c291fca6e7f55159a4bfea8043d49b59784f53a
-
Filesize
228KB
MD5b25781b21421a5817427d4c92baa1272
SHA12679bf960dc361b7c37cd56550ae3fb8a0e06058
SHA2566e44d286c0025f6dfb7be18750267e8cb6a72d81185089f18a3fb4820a4d9e6f
SHA5128f6f872d378be3761bffdce7bdc51e4b154762f341d924759bb727fa6b2c823405cf4a2b6ee78e49ce91cd3fec981790297a3e38ea700480f6315d8b6dc01d0a
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd