Analysis
-
max time kernel
132s -
max time network
145s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
22/04/2024, 07:27
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://link.brawlstars.com/en?extlink?action=voucher&code=page=https://a9fm.github.io/lightshot
Resource
win11-20240412-en
Errors
General
-
Target
https://link.brawlstars.com/en?extlink?action=voucher&code=page=https://a9fm.github.io/lightshot
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 9 IoCs
pid Process 1552 MEMZ.exe 3840 MEMZ.exe 3224 MEMZ.exe 840 MEMZ.exe 1316 MEMZ.exe 872 MEMZ.exe 4516 MEMZ.exe 1208 MEMZ.exe 3632 MEMZ.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 1 raw.githubusercontent.com 70 raw.githubusercontent.com -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 MEMZ.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133582444969222600" chrome.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier chrome.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1556 chrome.exe 1556 chrome.exe 2824 chrome.exe 2824 chrome.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe 840 MEMZ.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 41 IoCs
pid Process 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 840 MEMZ.exe 4516 MEMZ.exe 1316 MEMZ.exe 1208 MEMZ.exe 872 MEMZ.exe 1208 MEMZ.exe 1316 MEMZ.exe 4516 MEMZ.exe 840 MEMZ.exe 872 MEMZ.exe 1208 MEMZ.exe 840 MEMZ.exe 4516 MEMZ.exe 1316 MEMZ.exe 872 MEMZ.exe 1208 MEMZ.exe 872 MEMZ.exe 1316 MEMZ.exe 4516 MEMZ.exe 840 MEMZ.exe 1208 MEMZ.exe 840 MEMZ.exe 1316 MEMZ.exe 4516 MEMZ.exe 872 MEMZ.exe 1208 MEMZ.exe 872 MEMZ.exe 840 MEMZ.exe 1316 MEMZ.exe 4516 MEMZ.exe 1208 MEMZ.exe 872 MEMZ.exe 840 MEMZ.exe 1316 MEMZ.exe 4516 MEMZ.exe 1208 MEMZ.exe 872 MEMZ.exe 1316 MEMZ.exe 840 MEMZ.exe 4516 MEMZ.exe 1208 MEMZ.exe 872 MEMZ.exe 840 MEMZ.exe 1316 MEMZ.exe 4516 MEMZ.exe 1208 MEMZ.exe 872 MEMZ.exe 1316 MEMZ.exe 4516 MEMZ.exe 840 MEMZ.exe 1208 MEMZ.exe 872 MEMZ.exe 4516 MEMZ.exe 840 MEMZ.exe 1316 MEMZ.exe 1208 MEMZ.exe 872 MEMZ.exe 1316 MEMZ.exe 840 MEMZ.exe 4516 MEMZ.exe 1208 MEMZ.exe 872 MEMZ.exe 4516 MEMZ.exe 840 MEMZ.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1556 wrote to memory of 1076 1556 chrome.exe 79 PID 1556 wrote to memory of 1076 1556 chrome.exe 79 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 828 1556 chrome.exe 81 PID 1556 wrote to memory of 1136 1556 chrome.exe 82 PID 1556 wrote to memory of 1136 1556 chrome.exe 82 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83 PID 1556 wrote to memory of 4720 1556 chrome.exe 83
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://link.brawlstars.com/en?extlink?action=voucher&code=page=https://a9fm.github.io/lightshot1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1556 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdf66bab58,0x7ffdf66bab68,0x7ffdf66bab782⤵PID:1076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:22⤵PID:828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:82⤵PID:1136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2136 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:82⤵PID:4720
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:3016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:1212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4452 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:82⤵PID:4036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:82⤵PID:248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4464 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:1196
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3084 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:3100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4080 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:3160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3140 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:4240
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3536 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:1164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4528 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:2748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4172 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:4396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3156 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:4124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3096 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:2176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4580 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:4948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4264 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:1584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4684 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:1620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4456 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:908
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4580 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:2120
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4708 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:4748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3860 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:2136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4672 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:3552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4444 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:4048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4656 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:3924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4192 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:1436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3536 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:3980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4764 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:4396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4936 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:3120
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5080 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:5116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5028 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:4816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4136 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:82⤵PID:4748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4224 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:82⤵PID:3488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5236 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:82⤵PID:4644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5232 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:82⤵PID:3160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4696 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:2584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=2152 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:2480
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4552 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:2556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=2208 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:4536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4700 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=2632 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:5112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=4700 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:2428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5168 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:3552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=4320 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:4048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=4260 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:4220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5448 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:82⤵PID:1780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=5444 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:3372
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2704 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:82⤵PID:3120
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4200 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:82⤵PID:2008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5328 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:82⤵PID:5108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=5032 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:2504
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=2224 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:5052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=2160 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:12⤵PID:2816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5112 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:82⤵PID:3224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4980 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:82⤵PID:232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:82⤵PID:1436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4248 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:82⤵
- NTFS ADS
PID:4692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5404 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:82⤵PID:3352
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2664 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:82⤵PID:3056
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe"2⤵
- Executes dropped EXE
PID:1552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1460 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2824
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3112
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4552
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe"1⤵
- Executes dropped EXE
PID:3840
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe"1⤵
- Executes dropped EXE
PID:3224 -
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:840
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:872
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4516
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1208
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /main2⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:3632 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵PID:3208
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
165KB
MD5f1e41151a38a26c9258d8701ecaccba6
SHA1dd5a051e06ec769a9ce25f05cea759d8d6a31914
SHA256aded510c842cf36451d1bd8d7edd27cb6e83475a0cc326bbadd1828d9d3f4054
SHA51227f7d07a4b363f30d3bccb36c53562dd4bc5394479fd1a25e69791022848ff7f8c0d824887779eb4187a57fdc837875e02c2fc0f8dc63d176fd48c2ecd829dfc
-
Filesize
3KB
MD5b3189bbdffa4d84234709663baa50ed5
SHA10c8e6f2e97a8cd4d7f61ddca8110a22205c397af
SHA25637d17018abb531ed41451df5158dd269c3e82be8beefd17f821dba30f5f454f4
SHA5121f049aef61e6199d06420469e6fcfb9297efe9bdbd8645f13683c6ffdc71c86787e68bc16723eb3c1f8ae9c8f2da946c24cd99e6746c0d541b534a3359e75242
-
Filesize
264B
MD5efffde07e3b72dc98e58724dcecc991e
SHA1993e10bff8da84eb3f2e8b496caba1b5fff17737
SHA256fe3007bba12218c477aac7fbb55fdbe6dc1fea2ee095662ed19ed8e6f5fa21d9
SHA5129b378dc586fe144c7c6a20e2672e0aa0654feb30989b2ad0aadd1317dd149ce4916f079d5405995e9fc70f85d781ec127fedeb90b26962c5a815b95801443a0b
-
Filesize
5KB
MD5b04f1e432adac1ca9877ec0a9bf799dc
SHA15092b7cc2de30fbe7b9c7fcadb1665f1f91b4ec6
SHA256f0c7aa220d5b9763c4b537e6f2e01777acd26fb0613a024fbc75fef76d4b2445
SHA51207f7354edc0a31aec56edf624388d0932ffe6cd8989b9a0a857e5af065cb1a7d99f6fb0a07b589674df3840b7dd6496345a7ca9c6ad21d84bbe3f353820d4ded
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD5cbc72b0651e1d916c4d1c4f582bcc62b
SHA1012e0c2d5808600a736d674c9d6ed0c03959b631
SHA256eabe129a0495e125e67c6cf9ca24313e5c99f76c4e75f0526b3f664213afc35e
SHA5128e5a59abceb6a62f0c21cad8dccc05b16073e16a96526f29e65cd6c1397cecd4e8ffcdceeb6b25eec305a13eabf1a33b54cf3905d248d57c22cca6cd7e87fa7e
-
Filesize
2KB
MD5d41d5ceeb58c0621402ebd050e445352
SHA18782b38515480e4732986b3f1f8c9a6bdcce0c55
SHA256e1dfd23a3cec58a5f3d8c3ac08840b181b53789e468dfeb2af9a532a4d914d05
SHA51254febdbe4f61a7fe046fbee56aaaded2464ae3c307755f90bd9d13c9b2adbce422e7a2c8caf31c4563af9e9494604235233f114b6fe16b83f665b3d29c6f76ae
-
Filesize
2KB
MD5633cfc1d248ed3b2c24eb22910986c82
SHA1bcd1710aaa3dc4784dbaaf6675f4d3647d0c1bd7
SHA2563f8316545c5b9d8cbd85262692cd34aff59c07fbfec82306cb4d59e181f4601b
SHA512b5bf63edd6b6a6b24b1c0dcacfcbda85d2c46bea8798dd0cdbec8051f89d3ae90f26321d69ef73ce972c069d015e8bd3568552db70497e55fd8f5e5e17ee6da3
-
Filesize
1KB
MD5303fefabdc622abdb0d6002ae109db86
SHA1f4231a7618fc36d49064b670843dd0bb1717c42b
SHA2565a3c433169eb804bb63cf28916cb34d531d8df009ddea04300beba1a181b3365
SHA5122ea8f401809cd8733d5057dd658f387ddbbcc05949862e2c137cccc85514c7e402346883c33b0e08b960147b51e5c2dc6b6fba736b523eb37c432f09c3bac658
-
Filesize
2KB
MD55c675ad868db757623c43f7e9e31d3d2
SHA109299fce98c80f1744ff4f0dc2cd4cec678e8f4a
SHA2566e75015824740f864e854722621d8fe52f32d9838173647176f1b1686c6d579f
SHA512a62c674fc17ff4b089b47a6d1df3dfe396547bee2edd517bd638d3da56d1d4acd62cf5a241089f1b859d72b6d039e787e86407082e6c69ee85cc489d608bddcc
-
Filesize
1022B
MD52903eee3090890d460dfb24671c8883a
SHA18fb10db063673ba87d580501489c86b5368d2b9c
SHA256ebbf451f29cd0353c319776ddbfda5946c1ab74653d97fa2ea7157af7fe27058
SHA512fb577877549aaea573154a30e5d6b55ffb5a794d7f5c534a266b95165e4bea2efd464d4031f626f2b7b0f3b73aaf3271121f13411bacf73526102ecdd334ed61
-
Filesize
1022B
MD5a27a71304de9cbd618c81e3f8f7cc3d1
SHA16c15b20e865f92b8d00b323461026d231d0c2843
SHA2566ffd8660d5c51d5f7b984dbda1b7ee1f3d77b89f1d5aebd91a527ab7d78847e3
SHA512b4276d821c588c794ef1c0187aa03d87bac321329e7a2320f2fee3cbb656911c069d39b09768ee0420a2e505e4eba3acd9c7bc198360a9225fef353d61f94b96
-
Filesize
8KB
MD5f1ffbf80491ef82cf4af98118dfa327a
SHA1669fc42c9a5297156aa78f8f54fd2e680088425f
SHA2562db6fbf010141b2c1222c0ee1907ee6db09424e0f7a0ce779ec398c81acd7791
SHA51241a23fc7e4ffbd25d90d97ff8ee4538b422c11a61d63bc9700b9bf049ed911125a30fef3d6eddcbb17bae6eda0defc52da5c44350c493ba34bc9eac7f9ae9b91
-
Filesize
8KB
MD573f0dac3dc3d8f8780a2116631001b6d
SHA11caf04115074019514ed97cabe4efe6835f3e698
SHA25614521f86f4a53dbf7bbf01a2c035c55eb15857858a71663cf31df7cbd2cb7899
SHA51293308e1e68cc1696c97bc39dd03d063a5fe1a36bbb1380a6bebec29a32056f784e8a0c42b24065abfbfacbe47adae8943c087689fd06bae123ebdd0e313046e3
-
Filesize
7KB
MD5b8a18c3045c50e2875ac2137bac32058
SHA110a51ce1a6fee80cb37884664a6f9ee6e7e07223
SHA256252ce03ca2530086378bf83882241817facf45a4d39a5277b57102bd77bb631b
SHA5129d7c4df5b6453ceb2de71c8ea1d6e00022c873d8c4a6992a20be951a1518a33014d0eec66c7ab4e7860d7976eb60fe81d0768c62767bee1c39378574248f5bbc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize56B
MD5ae1bccd6831ebfe5ad03b482ee266e4f
SHA101f4179f48f1af383b275d7ee338dd160b6f558a
SHA2561b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57fabb.TMP
Filesize120B
MD516ec11571e32c0d6a560baa4aee2d517
SHA1b3392d72bb1b211b17a1e553fe3ff7fef277cff5
SHA256f54ec7a816bcee2ef26d780b2dd5b738011ca17988fcf286e70540881f44aa4a
SHA512c330f56d85b865ba8e39224eceab53e2368e5164bbab7ed6ecd421bdadc1dcf0db8557c0f3e3e302b65b0e37f0c11ccdade81ae8a420bd75b7c4c1fd0148cee2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\aab3ce0d-775b-4ab9-8c07-0eb7c983ca0c.tmp
Filesize7KB
MD536ccbe64f833d4fa786b15a190b1fed7
SHA102d5099039db39b5c500dd28a8a580d1ae2e3727
SHA256972eb2647d6d1cc4ba002321d9d72d7b028099bf856bf9f2e20682ff4bed58b1
SHA512438eeb4d4af335cec76deabbfc4ff4756499338cbeb18bc0cabe63d1f6269cc57ea6b0bbb9871318ff953c28faf5d6497b2cc1b8b0689483941811cb85109202
-
Filesize
127KB
MD535dc6a8e1af71746efb204f5e0e7384d
SHA19949b6c7a98f3ae640875f242ad468beb836eb27
SHA25684a04e6d91391e5d24f1da13b188bbb660eed3095794c06e7f241e5c02f34d02
SHA5124e292b347aa77a48de7c4e255da059658e4b17441638afdcd194a340b8215c87499bbeb78c01df2273cb88357b2bd6894fb502c194627075de1588aae8678cd9
-
Filesize
127KB
MD5d932cd788e2554ce7966b82155961f2c
SHA1af44ceb763c459a6678db3f04e3afecc2bc37be7
SHA2560c7df8dde0b64990274dd1865eaf96a7ebae21437a160772fecbf74029520129
SHA51259156e15a659cd0391e20654ef44769c8b7e1650fbe5d3acf4edf699777be0721df39f093fe507fa9864a20a9d73c264d523a1a077442d832919e81bebad6f87
-
Filesize
127KB
MD5486372d4432ba72807cc2c7af1723a8c
SHA1c8e62ef8fc4c93a632d997071ce83c37f840ccf1
SHA2568883f72c661042f4459b179e4c1fcf0fb85456463d5959e38f2c71aba4e45ee5
SHA512ee173658e8471da45d2f5873186fd56ad145e76266d26d298b52b88a66562d4ec39fb253579935786d0a4b03a815421d0e88011963a6c33adaf12e37a2d91b82
-
Filesize
98KB
MD5e5d36c3a437a6877b5234e8fdf66e22e
SHA1ef8cfa4730e2f29202d47e64d1d9022a03096dd4
SHA25686107f48508c3c0ddfd4f6e5ed685927af582da8f45c25d1c72b3ba08047bf62
SHA512da3effbc7cc15fa42155ced4beb8b7439f95598633974a71fb85d378200a1053abcd7fdc36c89df1f3bd2c7c73ac95123cd87130beb05ed827e587f53c38e3ad
-
Filesize
82KB
MD5b982c3007b4e5a689a981379d9f06a23
SHA1b6fc74f1bafc5e88d58fc7769b0c76ec5dbb69ce
SHA256a0be7f7c4cfe3201c1d42b623046165c33fa3a072bea1834bca6ab9ade8dfd52
SHA512be1fa9d55288a6df37c3b9a9082592cd7983bee87f1cde42f33082ec885ab505c23be95bd987b9d852d7610699eb92a6c2d635f4cfbb0bac1db850d2a7e3bb6f
-
Filesize
16KB
MD51d5ad9c8d3fee874d0feb8bfac220a11
SHA1ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA2563872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1
-
Filesize
55B
MD50f98a5550abe0fb880568b1480c96a1c
SHA1d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA2562dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6