Analysis
-
max time kernel
300s -
max time network
293s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
22/04/2024, 05:39
Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe
Resource
win7-20240221-en
windows7-x64
7 signatures
300 seconds
Behavioral task
behavioral2
Sample
998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe
Resource
win10-20240404-en
windows10-1703-x64
9 signatures
300 seconds
General
-
Target
998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe
-
Size
1.1MB
-
MD5
d651c9c5fba47ea7313136572aea4adf
-
SHA1
36108bfb6232b7e1f6b54c35f969278ead8df25e
-
SHA256
998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555
-
SHA512
e38b2e7385adcb74dd797c2ccbf9a4754cbacd6ac755c8b361f122caa5539de2514984f4de926c2122c9f6c4643eebedef5af6707374c01fc92821cc6d3d7f45
-
SSDEEP
24576:YqDEvCTbMWu7rQYlBQcBiT6rprG8aue2+b+HdiJUX:YTvC/MTQYxsWR7aue2+b+HoJU
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133582379629806674" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2444 chrome.exe 2444 chrome.exe 1220 chrome.exe 1220 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe -
Suspicious use of FindShellTrayWindow 63 IoCs
pid Process 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 2444 chrome.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe -
Suspicious use of SendNotifyMessage 60 IoCs
pid Process 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4896 wrote to memory of 2444 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 73 PID 4896 wrote to memory of 2444 4896 998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe 73 PID 2444 wrote to memory of 4532 2444 chrome.exe 75 PID 2444 wrote to memory of 4532 2444 chrome.exe 75 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 4436 2444 chrome.exe 77 PID 2444 wrote to memory of 2468 2444 chrome.exe 78 PID 2444 wrote to memory of 2468 2444 chrome.exe 78 PID 2444 wrote to memory of 2280 2444 chrome.exe 79 PID 2444 wrote to memory of 2280 2444 chrome.exe 79 PID 2444 wrote to memory of 2280 2444 chrome.exe 79 PID 2444 wrote to memory of 2280 2444 chrome.exe 79 PID 2444 wrote to memory of 2280 2444 chrome.exe 79 PID 2444 wrote to memory of 2280 2444 chrome.exe 79 PID 2444 wrote to memory of 2280 2444 chrome.exe 79 PID 2444 wrote to memory of 2280 2444 chrome.exe 79 PID 2444 wrote to memory of 2280 2444 chrome.exe 79 PID 2444 wrote to memory of 2280 2444 chrome.exe 79 PID 2444 wrote to memory of 2280 2444 chrome.exe 79 PID 2444 wrote to memory of 2280 2444 chrome.exe 79 PID 2444 wrote to memory of 2280 2444 chrome.exe 79 PID 2444 wrote to memory of 2280 2444 chrome.exe 79 PID 2444 wrote to memory of 2280 2444 chrome.exe 79 PID 2444 wrote to memory of 2280 2444 chrome.exe 79 PID 2444 wrote to memory of 2280 2444 chrome.exe 79 PID 2444 wrote to memory of 2280 2444 chrome.exe 79 PID 2444 wrote to memory of 2280 2444 chrome.exe 79 PID 2444 wrote to memory of 2280 2444 chrome.exe 79
Processes
-
C:\Users\Admin\AppData\Local\Temp\998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe"C:\Users\Admin\AppData\Local\Temp\998790d597b6625746ac4ae0fa9c263300eae4d35886e341c8c43809240e7555.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4896 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2444 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffea6099758,0x7ffea6099768,0x7ffea60997783⤵PID:4532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1804,i,1505847513603315348,12871436819833036975,131072 /prefetch:23⤵PID:4436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1804,i,1505847513603315348,12871436819833036975,131072 /prefetch:83⤵PID:2468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1804,i,1505847513603315348,12871436819833036975,131072 /prefetch:83⤵PID:2280
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1804,i,1505847513603315348,12871436819833036975,131072 /prefetch:13⤵PID:3240
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3224 --field-trial-handle=1804,i,1505847513603315348,12871436819833036975,131072 /prefetch:13⤵PID:2336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4376 --field-trial-handle=1804,i,1505847513603315348,12871436819833036975,131072 /prefetch:13⤵PID:5072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3296 --field-trial-handle=1804,i,1505847513603315348,12871436819833036975,131072 /prefetch:13⤵PID:4660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4624 --field-trial-handle=1804,i,1505847513603315348,12871436819833036975,131072 /prefetch:83⤵PID:760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1804,i,1505847513603315348,12871436819833036975,131072 /prefetch:83⤵PID:4128
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1804,i,1505847513603315348,12871436819833036975,131072 /prefetch:83⤵PID:3444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1804,i,1505847513603315348,12871436819833036975,131072 /prefetch:83⤵PID:2020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5228 --field-trial-handle=1804,i,1505847513603315348,12871436819833036975,131072 /prefetch:83⤵PID:1684
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 --field-trial-handle=1804,i,1505847513603315348,12871436819833036975,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:1220
-
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3656
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
360B
MD51977ea43e1646055a98e5d2aeae8d40c
SHA1c90f2bb480fb35bb1b415ea690c3b55124f5a991
SHA25694441dca970029ea5bc22d36dc32390ab1359e7fa1227a81ff5fdb046f5a05c5
SHA5129a2ac33cb9b3eedc7ba3358be981b0adc572c6fa0136fdd7a59cc8225c1b56fa31323fbf532bccef9edf24c369832f3a0c3ca7b17675e280f539508045ea1abe
-
Filesize
2KB
MD58d0e73e115f89c0382108ec2c624cd9f
SHA12bf019222f4e3812ea598665dd3d12e0b157fe80
SHA256cf22ea09cc8730ff8b3bdb4f32f20776329ab3251066e093a21dcf912c5fc799
SHA51232fe0de8f5a2ef6fc5156844ecc0f391283e402221861e6b46a6c001b8b2a173e89441071f90fc088a8056587e09fcf20f656a153356f5f216644ce82108cef2
-
Filesize
2KB
MD5cb465646bbd7505519889c1de8a1fdec
SHA134219ad5778c5554b53098f775ea1fb1dd1c357f
SHA25687cf24ab97c1accafc9172d7220838a82cd1bb9d133361382aeceb3c350a6058
SHA512bf29118b1c10d3236ad01cd395bf800b58eb80d553f9f330001c2287247dcc75bac77570a905f02ad4928214f8251975e078ff5d1ff5012d360a9476a154f637
-
Filesize
539B
MD5a438994ce9390a2bd0771d40df79f994
SHA136798a5678d9c02c036ca7ec842f6796ab2477d6
SHA256fafda698d986b2a4e9ba98b12f3dc19a0e08ea0078db55696267ddfe1587e148
SHA5128c7868be80aaa255a49857c816c411f28b112c660ff04401e4c499ceb4c0505b398578f76409d3220dbc6549ddf93504f45ca70b38655fb2d24b6cc3d4498962
-
Filesize
539B
MD5b056fdb43dc2fe5c4330117352ab81cf
SHA1b4acf1a48d7eebc6645aabc8c7337d963834faff
SHA2567394745d7a744a15d91cdcfdd387fa9d3847b66c61ddaf2d13874f3b3da6457e
SHA512b5b97a0efd0999606917d7dd911f28aba58a48f377839967e1fef5250524f5175b74bcc54935ef750a719459a5820bdf47c8159fb206d9197d5520553d4ff29c
-
Filesize
6KB
MD5934014520aee2dfaa5db644130cfca98
SHA1c0088a60c469d159eb3b4cbcdbaec0db8eee9fa4
SHA256c78d74cdd39c805f008917fd79c732dfe83c3a01600ae98927f00d7df8c1d7a5
SHA5123bdc2cba3d8436786bfc5e58dec324ccafb5a87a7b88234394f49f324c2a578fdcfc189f1194ffc15d22c243dea44f06975ee168e4015b997bdcf5be6d1d4f28
-
Filesize
6KB
MD501579ae151ab419cc0e96178c5f7585c
SHA142a0e0461071fc0c6d17ff49b113b13697ae6d1d
SHA2568ce176517823d47db1a0b0a5a7ee05aba8159816b815fc4818bf5c8269dd172b
SHA512a87ce41e2cc4aa56057275f912d877e1b45609af659a16f04d5315269672b31b7697a0081c1e265a02c9171974d5e126c9c9e316fa94bb37d23659c515eeb785
-
Filesize
6KB
MD5ce950b680c95b864d73596fb0820e848
SHA1da8d05bd6f0b1c7f972e283c2db22ee8d6816917
SHA256f59445183abbe865a846199dee5f19037e38fc6be5d23bf835a268af3884dca0
SHA512ecaa49d9b7fc5616840d2bebb77fa63b81f8a242e35b7456373841782f8adedf0304247f1410dbaaf2ebcab74474f76ef1cc1c1760c7bc713c02b745055748b6
-
Filesize
12KB
MD5680c38baf1db9b6505e2577b31b83071
SHA19dab469185dd4c97ba3a2d91962c25b9a3e67c6c
SHA256f1cb8ee7c2464b7d7f96ed2ec80647d5e2fa83aec7798072c12834ff82c8729a
SHA51293ecae91f0dca6d68bb6e644b1762e99480fa9957328329f66b50de0f55433bd2943a080fed27c03e35cd976c9ebd1948d9148a976cd32949a86ce0c8ce6ecf4
-
Filesize
272KB
MD506b8dc5a1eb06d584eead1d80471f367
SHA1a9c82fad31a1a3d7b00510b0c0933ece42905b39
SHA256726ab1bd307422ae39d6e3b0d1173d10c3fad2a44b1ee5cf7214bda02acba2af
SHA5126e2dabb70b43c431579ec7cd27aeaa146ab973ceb35b4f480a52609165cf05f2b4a02c24772933d92700f3fe4bf30a750f69475671c717cf5e54b095a7ac8f3a
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd