Overview
overview
1Static
static
1iviettech-...r.html
windows7-x64
1iviettech-...r.html
windows10-2004-x64
1iviettech-...ain.js
windows7-x64
1iviettech-...ain.js
windows10-2004-x64
1iviettech-...aos.js
windows7-x64
1iviettech-...aos.js
windows10-2004-x64
1iviettech-...dle.js
windows7-x64
1iviettech-...dle.js
windows10-2004-x64
1iviettech-...dle.js
windows7-x64
1iviettech-...dle.js
windows10-2004-x64
1iviettech-...min.js
windows7-x64
1iviettech-...min.js
windows10-2004-x64
1iviettech-...rap.js
windows7-x64
1iviettech-...rap.js
windows10-2004-x64
1iviettech-...rap.js
windows7-x64
1iviettech-...rap.js
windows10-2004-x64
1iviettech-...min.js
windows7-x64
1iviettech-...min.js
windows10-2004-x64
1iviettech-...min.js
windows7-x64
1iviettech-...min.js
windows10-2004-x64
1iviettech-...kgd.js
windows7-x64
1iviettech-...kgd.js
windows10-2004-x64
1iviettech-...min.js
windows7-x64
1iviettech-...min.js
windows10-2004-x64
1iviettech-...cky.js
windows7-x64
1iviettech-...cky.js
windows10-2004-x64
1iviettech-...min.js
windows7-x64
1iviettech-...min.js
windows10-2004-x64
1iviettech-...min.js
windows7-x64
1iviettech-...min.js
windows10-2004-x64
1iviettech-...ate.js
windows7-x64
1iviettech-...ate.js
windows10-2004-x64
1Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31-01-2024 19:06
Static task
static1
Behavioral task
behavioral1
Sample
iviettech-exam/Register.html
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
iviettech-exam/Register.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
iviettech-exam/assets/js/main.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
iviettech-exam/assets/js/main.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
iviettech-exam/assets/vendor/aos/aos.js
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral6
Sample
iviettech-exam/assets/vendor/aos/aos.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
iviettech-exam/assets/vendor/bootstrap/js/bootstrap.bundle.js
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral8
Sample
iviettech-exam/assets/vendor/bootstrap/js/bootstrap.bundle.js
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
iviettech-exam/assets/vendor/bootstrap/js/bootstrap.bundle.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral10
Sample
iviettech-exam/assets/vendor/bootstrap/js/bootstrap.bundle.js
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
iviettech-exam/assets/vendor/bootstrap/js/bootstrap.bundle.min.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral12
Sample
iviettech-exam/assets/vendor/bootstrap/js/bootstrap.bundle.min.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
iviettech-exam/assets/vendor/bootstrap/js/bootstrap.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
iviettech-exam/assets/vendor/bootstrap/js/bootstrap.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
iviettech-exam/assets/vendor/bootstrap/js/bootstrap.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral16
Sample
iviettech-exam/assets/vendor/bootstrap/js/bootstrap.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
iviettech-exam/assets/vendor/bootstrap/js/bootstrap.min.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral18
Sample
iviettech-exam/assets/vendor/bootstrap/js/bootstrap.min.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
iviettech-exam/assets/vendor/counterup/counterup.min.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral20
Sample
iviettech-exam/assets/vendor/counterup/counterup.min.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
iviettech-exam/assets/vendor/isotope-layout/isotope.pkgd.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral22
Sample
iviettech-exam/assets/vendor/isotope-layout/isotope.pkgd.js
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
iviettech-exam/assets/vendor/isotope-layout/isotope.pkgd.min.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral24
Sample
iviettech-exam/assets/vendor/isotope-layout/isotope.pkgd.min.js
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
iviettech-exam/assets/vendor/jquery-sticky/jquery.sticky.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral26
Sample
iviettech-exam/assets/vendor/jquery-sticky/jquery.sticky.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
iviettech-exam/assets/vendor/jquery.easing/jquery.easing.min.js
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral28
Sample
iviettech-exam/assets/vendor/jquery.easing/jquery.easing.min.js
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
iviettech-exam/assets/vendor/jquery/jquery.min.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral30
Sample
iviettech-exam/assets/vendor/jquery/jquery.min.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
iviettech-exam/assets/vendor/php-email-form/validate.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral32
Sample
iviettech-exam/assets/vendor/php-email-form/validate.js
Resource
win10v2004-20231222-en
windows10-2004-x64
General
-
Target
iviettech-exam/Register.html
-
Size
7KB
-
MD5
9a6778ddb98638aead1f78e2ebf24477
-
SHA1
27960edea6e5653c183eb67dccac473d3b8c9cd1
-
SHA256
bc602e5c2dfc1a5dca07dcdaff66190f3f8dc5be82ba64de997ab05a5f4dd481
-
SHA512
56bfe7ac4d0aee85821598143c5b93816b27187f557e67fbebebe00cd8e01dc398c66d1ce2d90caa7af803a6fb7a334ece3df69fc9dcdaa65b94bef86d8f7f65
-
SSDEEP
96:k0zIVVcLzeCtCczRPVqt1lXI4/jab1uGNdl8+nsZO:k0UVVcLzeCtDPItbLaZvluZO
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133512016492903978" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4580 chrome.exe 4580 chrome.exe 2688 chrome.exe 2688 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4580 chrome.exe 4580 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe Token: SeShutdownPrivilege 4580 chrome.exe Token: SeCreatePagefilePrivilege 4580 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe 4580 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4580 wrote to memory of 2680 4580 chrome.exe 84 PID 4580 wrote to memory of 2680 4580 chrome.exe 84 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 3356 4580 chrome.exe 87 PID 4580 wrote to memory of 60 4580 chrome.exe 86 PID 4580 wrote to memory of 60 4580 chrome.exe 86 PID 4580 wrote to memory of 2388 4580 chrome.exe 88 PID 4580 wrote to memory of 2388 4580 chrome.exe 88 PID 4580 wrote to memory of 2388 4580 chrome.exe 88 PID 4580 wrote to memory of 2388 4580 chrome.exe 88 PID 4580 wrote to memory of 2388 4580 chrome.exe 88 PID 4580 wrote to memory of 2388 4580 chrome.exe 88 PID 4580 wrote to memory of 2388 4580 chrome.exe 88 PID 4580 wrote to memory of 2388 4580 chrome.exe 88 PID 4580 wrote to memory of 2388 4580 chrome.exe 88 PID 4580 wrote to memory of 2388 4580 chrome.exe 88 PID 4580 wrote to memory of 2388 4580 chrome.exe 88 PID 4580 wrote to memory of 2388 4580 chrome.exe 88 PID 4580 wrote to memory of 2388 4580 chrome.exe 88 PID 4580 wrote to memory of 2388 4580 chrome.exe 88 PID 4580 wrote to memory of 2388 4580 chrome.exe 88 PID 4580 wrote to memory of 2388 4580 chrome.exe 88 PID 4580 wrote to memory of 2388 4580 chrome.exe 88 PID 4580 wrote to memory of 2388 4580 chrome.exe 88 PID 4580 wrote to memory of 2388 4580 chrome.exe 88 PID 4580 wrote to memory of 2388 4580 chrome.exe 88 PID 4580 wrote to memory of 2388 4580 chrome.exe 88 PID 4580 wrote to memory of 2388 4580 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\iviettech-exam\Register.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4580 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9bc519758,0x7ff9bc519768,0x7ff9bc5197782⤵PID:2680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1888,i,9542495966832134698,8246324679678661561,131072 /prefetch:82⤵PID:60
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1888,i,9542495966832134698,8246324679678661561,131072 /prefetch:22⤵PID:3356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1888,i,9542495966832134698,8246324679678661561,131072 /prefetch:82⤵PID:2388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1888,i,9542495966832134698,8246324679678661561,131072 /prefetch:12⤵PID:4300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1888,i,9542495966832134698,8246324679678661561,131072 /prefetch:12⤵PID:3584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1888,i,9542495966832134698,8246324679678661561,131072 /prefetch:82⤵PID:1852
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1888,i,9542495966832134698,8246324679678661561,131072 /prefetch:82⤵PID:2924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2844 --field-trial-handle=1888,i,9542495966832134698,8246324679678661561,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2688
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4844
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\88b80bc3-b88d-4b72-8179-cdc9528abc6d.tmp
Filesize6KB
MD539e7320d6dc6f6861ee0ed56fd65e9cf
SHA14cee18ffa890dc5041e131398438f325ff3834be
SHA256ba5772923d0bdfe9510ddf2863a7a9bc4d4950d491ba9e50fdabb8c208749720
SHA512ebee1e069159e7097a008ea5958c20a809ad378f8e896230a0f8d24af5054d658f8a8801afa4f92889b79ed73b6e2d9a60780579e0b5d9f5245495320258c5b0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\89d8ca26-58c3-45cf-b7d3-cfc41ae5a1a4.tmp
Filesize1KB
MD5c8552bc8acb67c0a5b6768424fd169bc
SHA16f3edd7f0d87d4703440e6de61cb9a10778881ef
SHA256a780dea29b5f75e27650be7942f769f33ba6c3a7b71dacebfa9e4cc331ae45f9
SHA51240512aee7bcbf3ef0d59e0a465a65221d153b0959f71c8c233704216b39dd0c1e0e2084d3f38e1efdc48e32b245737ce7e462008e42c729c52d51af731059d3e
-
Filesize
539B
MD5115aecda8125de1701041e2690dacb48
SHA1b04efb76464ae32127f665dce8834f21c56fa4fb
SHA256f80c3c06188071eb09e8f4ac66c420c69418d3c5d7717d1088fbd3a21833c566
SHA512a39449984e9382f001cab00de19711ecf2b5458ab575370d2a8d0ea1134dde454ee6fc4a4c7aec93daa77f4823b183ed0145ddd78beb4a3ee36de6c495cf70d6
-
Filesize
6KB
MD5d81f51208606abea2c04e65221dd44ee
SHA1ad4dc94716b08277b6770570996b5150557ac844
SHA256dd3e0765875ee91697031a439cc4c35653dc081e2f7ec2b15723c40153ddc5a9
SHA51250875b90a0cdbdfef0945da6bbbecf18707d7d6bcebd7bed04d33ba6ebe9c7e335935acbf00844b82a5f67fc2d479fedf5c0f4e2db6a96af311ea6a5e1cb00eb
-
Filesize
114KB
MD591c1ed1e274e13361eb6e4de74c84457
SHA1490462d54fd52f3a4e255428dad5b5a42422face
SHA256666bd71d24ca94b3c9717d68554700314607a3ab270975517298424d1a85672f
SHA512d13ca4255ad51ecfd3b993f333d1af6baa21326227b4173a110180cba48d030acc9cd531bc47ca8aa11c22cb32afafafc9b1f8668ce88df06cb44f02ab659b82
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd