Overview
overview
3Static
static
1ваня3�...lc.zip
windows7-x64
1ваня3�...lc.zip
windows10-2004-x64
1DLC/dlc040...40.dlc
windows7-x64
3DLC/dlc040...40.dlc
windows10-2004-x64
3DLC/dlc040...ry.gfx
windows7-x64
3DLC/dlc040...ry.gfx
windows10-2004-x64
3DLC/dlc040...es.gfx
windows7-x64
3DLC/dlc040...es.gfx
windows10-2004-x64
3DLC/dlc040...ks.gfx
windows7-x64
3DLC/dlc040...ks.gfx
windows10-2004-x64
3DLC/dlc040...es.gfx
windows7-x64
3DLC/dlc040...es.gfx
windows10-2004-x64
3DLC/dlc040....asset
windows7-x64
3DLC/dlc040....asset
windows10-2004-x64
3DLC/dlc040....asset
windows7-x64
3DLC/dlc040....asset
windows10-2004-x64
3DLC/dlc040....asset
windows7-x64
3DLC/dlc040....asset
windows10-2004-x64
3DLC/dlc040....asset
windows7-x64
3DLC/dlc040....asset
windows10-2004-x64
3DLC/dlc040....asset
windows7-x64
3DLC/dlc040....asset
windows10-2004-x64
3DLC/dlc040....asset
windows7-x64
3DLC/dlc040....asset
windows10-2004-x64
1DLC/dlc040...ns.txt
windows7-x64
1DLC/dlc040...ns.txt
windows10-2004-x64
1DLC/dlc040...ns.txt
windows7-x64
1DLC/dlc040...ns.txt
windows10-2004-x64
1DLC/dlc040...ll.dds
windows7-x64
3DLC/dlc040...ll.dds
windows10-2004-x64
3DLC/dlc040...ll.dds
windows7-x64
3DLC/dlc040...ll.dds
windows10-2004-x64
3Analysis
-
max time kernel
1050s -
max time network
993s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
19/03/2024, 15:39
Static task
static1
Behavioral task
behavioral1
Sample
ваня3вНОВОЕdlc.zip
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
ваня3вНОВОЕdlc.zip
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
DLC/dlc040_trial_of_allegiance/dlc040.dlc
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
DLC/dlc040_trial_of_allegiance/dlc040.dlc
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
DLC/dlc040_trial_of_allegiance/gfx/entities/TOA_meshes_infantry.gfx
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
DLC/dlc040_trial_of_allegiance/gfx/entities/TOA_meshes_infantry.gfx
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
DLC/dlc040_trial_of_allegiance/gfx/entities/TOA_meshes_planes.gfx
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
DLC/dlc040_trial_of_allegiance/gfx/entities/TOA_meshes_planes.gfx
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
DLC/dlc040_trial_of_allegiance/gfx/entities/TOA_meshes_tanks.gfx
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral10
Sample
DLC/dlc040_trial_of_allegiance/gfx/entities/TOA_meshes_tanks.gfx
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
DLC/dlc040_trial_of_allegiance/gfx/entities/TOA_meshes_vehicles.gfx
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
DLC/dlc040_trial_of_allegiance/gfx/entities/TOA_meshes_vehicles.gfx
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
DLC/dlc040_trial_of_allegiance/gfx/entities/TOA_units_artillery.asset
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
DLC/dlc040_trial_of_allegiance/gfx/entities/TOA_units_artillery.asset
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
DLC/dlc040_trial_of_allegiance/gfx/entities/TOA_units_cavalry.asset
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral16
Sample
DLC/dlc040_trial_of_allegiance/gfx/entities/TOA_units_cavalry.asset
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
DLC/dlc040_trial_of_allegiance/gfx/entities/TOA_units_infantry.asset
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral18
Sample
DLC/dlc040_trial_of_allegiance/gfx/entities/TOA_units_infantry.asset
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
DLC/dlc040_trial_of_allegiance/gfx/entities/TOA_units_planes.asset
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
DLC/dlc040_trial_of_allegiance/gfx/entities/TOA_units_planes.asset
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
DLC/dlc040_trial_of_allegiance/gfx/entities/TOA_units_tanks.asset
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
DLC/dlc040_trial_of_allegiance/gfx/entities/TOA_units_tanks.asset
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
DLC/dlc040_trial_of_allegiance/gfx/entities/TOA_units_vehicles.asset
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral24
Sample
DLC/dlc040_trial_of_allegiance/gfx/entities/TOA_units_vehicles.asset
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
DLC/dlc040_trial_of_allegiance/gfx/interface/equipmentdesigner/graphic_db/01_trial_of_allegiance_plane_icons.txt
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral26
Sample
DLC/dlc040_trial_of_allegiance/gfx/interface/equipmentdesigner/graphic_db/01_trial_of_allegiance_plane_icons.txt
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
DLC/dlc040_trial_of_allegiance/gfx/interface/equipmentdesigner/graphic_db/01_trial_of_allegiance_tank_icons.txt
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral28
Sample
DLC/dlc040_trial_of_allegiance/gfx/interface/equipmentdesigner/graphic_db/01_trial_of_allegiance_tank_icons.txt
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
DLC/dlc040_trial_of_allegiance/gfx/interface/ideas/portrait_ARG_alberto_gilbert_small.dds
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
DLC/dlc040_trial_of_allegiance/gfx/interface/ideas/portrait_ARG_alberto_gilbert_small.dds
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
DLC/dlc040_trial_of_allegiance/gfx/interface/ideas/portrait_ARG_antonio_parodi_small.dds
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral32
Sample
DLC/dlc040_trial_of_allegiance/gfx/interface/ideas/portrait_ARG_antonio_parodi_small.dds
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
DLC/dlc040_trial_of_allegiance/gfx/entities/TOA_meshes_infantry.gfx
-
Size
103KB
-
MD5
487185357b6bd77faf2ebf80313f4e13
-
SHA1
38ec9def9cc6c0d3002a46671cafd137753b6581
-
SHA256
fd9e74e4644fdcebb93aae97a2b628671a2382c7d6f3b14c6d6b801ffce748fe
-
SHA512
d230202d02be1a48bd6a0b48c5fd061d00555265c5e36a406874f4a6d7d3597e24799a049442b1a87ce8919ea3c64d903d5f8d393352eddbec5af29f7892d318
-
SSDEEP
192:Pt89kpRf9kGjkb/t8Z4dRfZ42qWaQ2jagt87WZRf7WFBWXt8QxTRfQxCLnt8Q/vP:VCM
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133553365179530244" chrome.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4888 chrome.exe 4888 chrome.exe 764 chrome.exe 764 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4704 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe Token: SeShutdownPrivilege 4888 chrome.exe Token: SeCreatePagefilePrivilege 4888 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe 4888 chrome.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4704 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4888 wrote to memory of 844 4888 chrome.exe 95 PID 4888 wrote to memory of 844 4888 chrome.exe 95 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 4032 4888 chrome.exe 96 PID 4888 wrote to memory of 1644 4888 chrome.exe 97 PID 4888 wrote to memory of 1644 4888 chrome.exe 97 PID 4888 wrote to memory of 2944 4888 chrome.exe 98 PID 4888 wrote to memory of 2944 4888 chrome.exe 98 PID 4888 wrote to memory of 2944 4888 chrome.exe 98 PID 4888 wrote to memory of 2944 4888 chrome.exe 98 PID 4888 wrote to memory of 2944 4888 chrome.exe 98 PID 4888 wrote to memory of 2944 4888 chrome.exe 98 PID 4888 wrote to memory of 2944 4888 chrome.exe 98 PID 4888 wrote to memory of 2944 4888 chrome.exe 98 PID 4888 wrote to memory of 2944 4888 chrome.exe 98 PID 4888 wrote to memory of 2944 4888 chrome.exe 98 PID 4888 wrote to memory of 2944 4888 chrome.exe 98 PID 4888 wrote to memory of 2944 4888 chrome.exe 98 PID 4888 wrote to memory of 2944 4888 chrome.exe 98 PID 4888 wrote to memory of 2944 4888 chrome.exe 98 PID 4888 wrote to memory of 2944 4888 chrome.exe 98 PID 4888 wrote to memory of 2944 4888 chrome.exe 98 PID 4888 wrote to memory of 2944 4888 chrome.exe 98 PID 4888 wrote to memory of 2944 4888 chrome.exe 98 PID 4888 wrote to memory of 2944 4888 chrome.exe 98 PID 4888 wrote to memory of 2944 4888 chrome.exe 98 PID 4888 wrote to memory of 2944 4888 chrome.exe 98 PID 4888 wrote to memory of 2944 4888 chrome.exe 98
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\DLC\dlc040_trial_of_allegiance\gfx\entities\TOA_meshes_infantry.gfx1⤵
- Modifies registry class
PID:2916
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4704
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4888 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9cd029758,0x7ff9cd029768,0x7ff9cd0297782⤵PID:844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1872,i,11861749598936894363,2583245654369790256,131072 /prefetch:22⤵PID:4032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1872,i,11861749598936894363,2583245654369790256,131072 /prefetch:82⤵PID:1644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1872,i,11861749598936894363,2583245654369790256,131072 /prefetch:82⤵PID:2944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2936 --field-trial-handle=1872,i,11861749598936894363,2583245654369790256,131072 /prefetch:12⤵PID:2164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=1872,i,11861749598936894363,2583245654369790256,131072 /prefetch:12⤵PID:5084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4532 --field-trial-handle=1872,i,11861749598936894363,2583245654369790256,131072 /prefetch:12⤵PID:4208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1872,i,11861749598936894363,2583245654369790256,131072 /prefetch:82⤵PID:4136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1872,i,11861749598936894363,2583245654369790256,131072 /prefetch:82⤵PID:3712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5228 --field-trial-handle=1872,i,11861749598936894363,2583245654369790256,131072 /prefetch:82⤵PID:4348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3704 --field-trial-handle=1872,i,11861749598936894363,2583245654369790256,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:764
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4272
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5d3ae4bbc1a211152a9b5a10db2e3e147
SHA1581b92cb38425a25bdf2154c199c35e87ad3a37f
SHA2561c9329abc5ae9fbbbe24c3edcf11aa0f09d07317ff00224b9c1ec85225599655
SHA5121de266f26707bc785855e25163c55687e9974f1822119b3d808b2d063af61f8f4536eba2b24c83ead56ce7661e38086df2ad59bbc34cadd3be4c874ed89309bb
-
Filesize
1KB
MD50691b255aba21b6d713c45cf3feb5146
SHA17301200dbb76b9f7e61b4af184836b27a0373a7a
SHA256c5c4122b13a7b7faa5533f25ccc333fe5e1ddc7a61e9eb9bd1a2f859d9c87feb
SHA512db653aca1f3b6aafbd64bbf7c27a1cefba49ce6b9dcb0f779bb00c2c2fcd1f1f6867c343a3834bcedbb8c0e22566e9ecafb822a8e5a3d71b1ccb3e4b0cf8150f
-
Filesize
1KB
MD5f3b6956555af6ee268d579a707cd2c7c
SHA1f9271112337825e918a2b99a06b3483cd4db4f3e
SHA256fae53c3a8dfa6c90a601f69cf87775024df9401e809eb75a05a9c4e3ba57d269
SHA512cf28446e47da40ad3616582e00e6c0b53aab06ca6a29c14e36903fef356c2fbb500b15dba5b1e0aafff9a717e113e9cf9c2fd109d19c82bf30a1aaa8e05ed232
-
Filesize
371B
MD5d552962e927f5ad25394b06234cb1712
SHA1de529e1e4c06e0abf9dc84f083dbabd87942072c
SHA256b9f8f40df9542f0dbc2e4a40f8606112b093a0e9e45db1659dd1622cf3555f25
SHA512b787be24d87e74b0e3c3c3ce1095bad2c557e2b263b9d376ced71fd4f38815858546a418b7ab1b9838b2b2356a7755c7ad4bc01913d5aecfdc460f12bb526afe
-
Filesize
371B
MD5b98f9821c76e6d5b5e349c3a8be0bc45
SHA16dd07679316ddc92158826b55df7b9dbc1032ce2
SHA25668e6cf06ad955b9f6bdde0a171aa45090375e0865d7913051c0a8010dd231dbe
SHA512c845d82004c0b04b5dbf14f37af316d419b45f4df626d268d498c42b98cde3685970150cec1165283b1d96a2da222ba767bc36d80195d4de7b72ac167eebddd9
-
Filesize
6KB
MD50ca682749e4d9cb51a6b803022fd4996
SHA1e968c2dd381e4d45e5ea6fbff1eaf92c661ab34b
SHA2564f75197c2c5a4cc1960ea843efe59f46aa5ed5931ab577d7f2d454e7eef8c017
SHA512d68f81f65abdbb54cd7c7c95224eb8fa56a05ce336cd23d701b1f18818f19305c245e45e79375ea35136dacce49a55e1410ec59cafb2e6096f1747f40764dfda
-
Filesize
6KB
MD5829c5f3af9835dd2430260e732f9b90b
SHA146896e86cdcfe24f5db09354d1a615f9feebc9b8
SHA25696f873ff802f9dfa144f6bc49cb493d479b64821fad6465558ef7a13f931cae8
SHA512efbd4be572312b6178ce3460d561d432ed565cc540cf501017ee8a1b3b5d7d892db583738a7530fbc2a4e96eeb007c145321b95e1c473debc2f9ffc006db2373
-
Filesize
15KB
MD501fc9ca1ae5476f3f5230b998b3dd53f
SHA13d7a1f50250ca8d381c7bd59fe4a3f2e89e66e58
SHA256556c7299837f44475c8d066972c6113f2dd2bbd00882bd14900f9746b088366e
SHA51282d4468c2f99a30d91ce8bb61175cafcdc69d1105c603c4482832a0c62ddea42e41a46a3ad26fa796546586ad5cb5f17257247e42c728dcdb3df1d98775a65d9
-
Filesize
244KB
MD53e293f2532177666a4202c0c02290108
SHA1fda0893eeb907f55b1b4484e9d30091330a8450a
SHA256838060ae3f27426d9f767793137144cd695ab98aa5f6a17b596c9b88f0cf5a47
SHA5120e130db23a29446edcd36d17b8de62ef7cce6a67839c9abfe0784ddba6dd789165f1415a7f49e2759bef152774fb9b92baa98168658d13cdb28aebd1fa6cc819
-
Filesize
244KB
MD53d30d58231336408bed50a056d3d127d
SHA1c3a12140e200d8c144c7bccb911b4d7665b4ee07
SHA25632eeff43289cf85580f4204c462205f891d402ff0692767625e3cdb604385c67
SHA512ba3859d75d783096eb8feb6659c2dbdb9302c1203fe904553bdcaa7f9266877ee91cf5f037ee81606e31fc4fb9c1e4dee9b29f43ca0be3d175500f62c90ffbe6
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd