Overview
overview
1Static
static
1OEBPS/Text...1.html
windows10-2004-x64
1OEBPS/Text...2.html
windows10-2004-x64
1OEBPS/Text...3.html
windows10-2004-x64
1OEBPS/Text...4.html
windows10-2004-x64
1OEBPS/Text...l.html
windows10-2004-x64
1OEBPS/Text...e.html
windows10-2004-x64
1OEBPS/Text...t.html
windows10-2004-x64
1OEBPS/Text/3-TOC.html
windows10-2004-x64
1OEBPS/Text...e.html
windows10-2004-x64
1OEBPS/Text...d.html
windows10-2004-x64
1OEBPS/Text...1.html
windows10-2004-x64
1OEBPS/Text...0.html
windows10-2004-x64
1OEBPS/Text...1.html
windows10-2004-x64
1OEBPS/Text...2.html
windows10-2004-x64
1OEBPS/Text...3.html
windows10-2004-x64
1OEBPS/Text...4.html
windows10-2004-x64
1OEBPS/Text...5.html
windows10-2004-x64
1OEBPS/Text...6.html
windows10-2004-x64
1OEBPS/Text...2.html
windows10-2004-x64
1OEBPS/Text...3.html
windows10-2004-x64
1OEBPS/Text...4.html
windows10-2004-x64
1OEBPS/Text...5.html
windows10-2004-x64
1OEBPS/Text...6.html
windows10-2004-x64
1OEBPS/Text...7.html
windows10-2004-x64
1OEBPS/Text...8.html
windows10-2004-x64
1OEBPS/Text...9.html
windows10-2004-x64
1OEBPS/Text...t.html
windows10-2004-x64
1OEBPS/Text...s.html
windows10-2004-x64
1OEBPS/Text...1.html
windows10-2004-x64
1OEBPS/Text...t.html
windows10-2004-x64
1OEBPS/Text...t.html
windows10-2004-x64
1OEBPS/Text/cover.html
windows10-2004-x64
1Analysis
-
max time kernel
1799s -
max time network
1686s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-es -
resource tags
arch:x64arch:x86image:win10v2004-20240226-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
08/03/2024, 19:11
Static task
static1
Behavioral task
behavioral1
Sample
OEBPS/Text/1-Cover-1.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral2
Sample
OEBPS/Text/1-Cover-2.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral3
Sample
OEBPS/Text/1-Cover-3.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral4
Sample
OEBPS/Text/1-Cover-4.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral5
Sample
OEBPS/Text/10-HH-Legal.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral6
Sample
OEBPS/Text/11-eBook-license.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral7
Sample
OEBPS/Text/2-Backlist.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral8
Sample
OEBPS/Text/3-TOC.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral9
Sample
OEBPS/Text/4-Title-Page.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral10
Sample
OEBPS/Text/5-Primarchs-Legend.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral11
Sample
OEBPS/Text/6-Primarchs-Content-1.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral12
Sample
OEBPS/Text/6-Primarchs-Content-10.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral13
Sample
OEBPS/Text/6-Primarchs-Content-11.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral14
Sample
OEBPS/Text/6-Primarchs-Content-12.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral15
Sample
OEBPS/Text/6-Primarchs-Content-13.html
Resource
win10v2004-20231215-es
windows10-2004-x64
Behavioral task
behavioral16
Sample
OEBPS/Text/6-Primarchs-Content-14.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral17
Sample
OEBPS/Text/6-Primarchs-Content-15.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral18
Sample
OEBPS/Text/6-Primarchs-Content-16.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral19
Sample
OEBPS/Text/6-Primarchs-Content-2.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral20
Sample
OEBPS/Text/6-Primarchs-Content-3.html
Resource
win10v2004-20231215-es
windows10-2004-x64
Behavioral task
behavioral21
Sample
OEBPS/Text/6-Primarchs-Content-4.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral22
Sample
OEBPS/Text/6-Primarchs-Content-5.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral23
Sample
OEBPS/Text/6-Primarchs-Content-6.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral24
Sample
OEBPS/Text/6-Primarchs-Content-7.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral25
Sample
OEBPS/Text/6-Primarchs-Content-8.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral26
Sample
OEBPS/Text/6-Primarchs-Content-9.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral27
Sample
OEBPS/Text/6-Primarchs-Content.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral28
Sample
OEBPS/Text/7-Josh-Reynolds.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral29
Sample
OEBPS/Text/8-Extract-1.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral30
Sample
OEBPS/Text/8-Extract.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral31
Sample
OEBPS/Text/9-Newsletter-advert.html
Resource
win10v2004-20240226-es
windows10-2004-x64
Behavioral task
behavioral32
Sample
OEBPS/Text/cover.html
Resource
win10v2004-20240226-es
windows10-2004-x64
General
-
Target
OEBPS/Text/6-Primarchs-Content-15.html
-
Size
16KB
-
MD5
5c14178fe0127d3d0fc897a9f9010d5b
-
SHA1
4ceb1fb22f966a4fbd6d13b4070b54c0ab11108f
-
SHA256
2d554088194a29a98974ec6dbac6fec38eff851315b87a21c63be40926cde8a7
-
SHA512
2b97b2f24d0d78ca3461dfbc7f28b2d2d4cdbc909557e847fbb78a6a768a49c7a1b2d2f9af2f552bcb82d64ef7f1b0ba93755e159743e532c74221ad5570a913
-
SSDEEP
384:PT6UDDHINZi+xqSkYymCYvR8gOTZr4DY0VClb2qYzZhUrJ2MnVanLd/xZW:P5fIz5R8hTZ8DY0x7Gfn4Ld/O
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133544016540764682" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3028 chrome.exe 3028 chrome.exe 1568 chrome.exe 1568 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3028 chrome.exe 3028 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe Token: SeShutdownPrivilege 3028 chrome.exe Token: SeCreatePagefilePrivilege 3028 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3028 wrote to memory of 2784 3028 chrome.exe 87 PID 3028 wrote to memory of 2784 3028 chrome.exe 87 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 1516 3028 chrome.exe 91 PID 3028 wrote to memory of 3956 3028 chrome.exe 92 PID 3028 wrote to memory of 3956 3028 chrome.exe 92 PID 3028 wrote to memory of 2860 3028 chrome.exe 93 PID 3028 wrote to memory of 2860 3028 chrome.exe 93 PID 3028 wrote to memory of 2860 3028 chrome.exe 93 PID 3028 wrote to memory of 2860 3028 chrome.exe 93 PID 3028 wrote to memory of 2860 3028 chrome.exe 93 PID 3028 wrote to memory of 2860 3028 chrome.exe 93 PID 3028 wrote to memory of 2860 3028 chrome.exe 93 PID 3028 wrote to memory of 2860 3028 chrome.exe 93 PID 3028 wrote to memory of 2860 3028 chrome.exe 93 PID 3028 wrote to memory of 2860 3028 chrome.exe 93 PID 3028 wrote to memory of 2860 3028 chrome.exe 93 PID 3028 wrote to memory of 2860 3028 chrome.exe 93 PID 3028 wrote to memory of 2860 3028 chrome.exe 93 PID 3028 wrote to memory of 2860 3028 chrome.exe 93 PID 3028 wrote to memory of 2860 3028 chrome.exe 93 PID 3028 wrote to memory of 2860 3028 chrome.exe 93 PID 3028 wrote to memory of 2860 3028 chrome.exe 93 PID 3028 wrote to memory of 2860 3028 chrome.exe 93 PID 3028 wrote to memory of 2860 3028 chrome.exe 93 PID 3028 wrote to memory of 2860 3028 chrome.exe 93 PID 3028 wrote to memory of 2860 3028 chrome.exe 93 PID 3028 wrote to memory of 2860 3028 chrome.exe 93
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\OEBPS\Text\6-Primarchs-Content-15.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3028 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff37a39758,0x7fff37a39768,0x7fff37a397782⤵PID:2784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1772,i,5519241977470367404,6528021846570211792,131072 /prefetch:22⤵PID:1516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1772,i,5519241977470367404,6528021846570211792,131072 /prefetch:82⤵PID:3956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1772,i,5519241977470367404,6528021846570211792,131072 /prefetch:82⤵PID:2860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1772,i,5519241977470367404,6528021846570211792,131072 /prefetch:12⤵PID:2128
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1772,i,5519241977470367404,6528021846570211792,131072 /prefetch:12⤵PID:660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1772,i,5519241977470367404,6528021846570211792,131072 /prefetch:82⤵PID:2344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1772,i,5519241977470367404,6528021846570211792,131072 /prefetch:82⤵PID:4012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2524 --field-trial-handle=1772,i,5519241977470367404,6528021846570211792,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1568
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4884
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:3564
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵PID:4948
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6KB
MD5a65b809dc6ce514da7dd6f204000e75b
SHA13be6eeb094a187dcc5fe1d98e09daae8dc8236bd
SHA256a2470453ed9bd7369ba9075ec0c89b43b23e67f554ac00d038db4e28e5229054
SHA5122a09010cb3c002c22a7a4baf5fa6190b70cdb16bab76e5e687a97f55209b7433063ab2c1b4efb0a13c10e809fab89775756c56ca5fd3f8cf4ef3e5f9983bb2a6
-
Filesize
6KB
MD5947b2fa203403bc2e1e0cbc79a4dece0
SHA17af9f3e80f07e4aeaa4b0a3ea88293d61affca12
SHA256073085be52a9fc722eaefb91bf1bd7dd9e40f5fb1dfdd8eb606678cc672f484d
SHA51235ffcacc0105c0a9f07a058855312d55356b58bf2509306389ff05034bbf7f126ac6ed5898717a3e22973096d62706ef617de12ad057fa98342d2b05124f004c
-
Filesize
128KB
MD5ab58953770084cac8ee9d333a37343f0
SHA1805cc6315b9b1b095a53cf4fe04b5179789786f2
SHA256858e8d9930a6105e47239490fa7cee0daa11038677921fffedde6b46490e084b
SHA51216029bc4761b0f7012d0f6a5a4deaee055e972f2cb2a873052844ecd51c8be8041aa3cf3fa6fb08b09e5282af582e3d810bed46ded5928803298502fa645161a
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd