Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
25-04-2024 04:50
Static task
static1
Behavioral task
behavioral1
Sample
2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
Resource
win11-20240412-en
General
-
Target
2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
-
Size
1.1MB
-
MD5
c3fe82faf2bea9f2d2ef985b384133aa
-
SHA1
dc50aeb530bb9c34f23e2f37f73bb0a3c77b5ee9
-
SHA256
2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6
-
SHA512
6e6b337ed775d1820cd773663ac115b7b48ae01d856fd87732432035f8260e5b9c47f2e686ab6a8ca9dfe495177a8ff1b6dbc3585e6b4dce733155455323a988
-
SSDEEP
24576:EqDEvCTbMWu7rQYlBQcBiT6rprG8auU2+b+HdiJUX:ETvC/MTQYxsWR7auU2+b+HoJU
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133584942271449163" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-801765966-3955847401-2235691403-1000\{61603791-960F-49D4-A6AC-5021DF5971D9} chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2784 chrome.exe 2784 chrome.exe 912 chrome.exe 912 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe -
Suspicious use of FindShellTrayWindow 63 IoCs
pid Process 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 2784 chrome.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe -
Suspicious use of SendNotifyMessage 48 IoCs
pid Process 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 496 wrote to memory of 2784 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 80 PID 496 wrote to memory of 2784 496 2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe 80 PID 2784 wrote to memory of 760 2784 chrome.exe 83 PID 2784 wrote to memory of 760 2784 chrome.exe 83 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 4820 2784 chrome.exe 84 PID 2784 wrote to memory of 2560 2784 chrome.exe 85 PID 2784 wrote to memory of 2560 2784 chrome.exe 85 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86 PID 2784 wrote to memory of 4808 2784 chrome.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe"C:\Users\Admin\AppData\Local\Temp\2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:496 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2784 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffd8990ab58,0x7ffd8990ab68,0x7ffd8990ab783⤵PID:760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1836,i,1930168644785512882,2718330855297508841,131072 /prefetch:23⤵PID:4820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1836,i,1930168644785512882,2718330855297508841,131072 /prefetch:83⤵PID:2560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2172 --field-trial-handle=1836,i,1930168644785512882,2718330855297508841,131072 /prefetch:83⤵PID:4808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1836,i,1930168644785512882,2718330855297508841,131072 /prefetch:13⤵PID:836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1836,i,1930168644785512882,2718330855297508841,131072 /prefetch:13⤵PID:4660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4220 --field-trial-handle=1836,i,1930168644785512882,2718330855297508841,131072 /prefetch:13⤵PID:4840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4308 --field-trial-handle=1836,i,1930168644785512882,2718330855297508841,131072 /prefetch:13⤵PID:2948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4440 --field-trial-handle=1836,i,1930168644785512882,2718330855297508841,131072 /prefetch:83⤵PID:2648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3272 --field-trial-handle=1836,i,1930168644785512882,2718330855297508841,131072 /prefetch:83⤵
- Modifies registry class
PID:440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1836,i,1930168644785512882,2718330855297508841,131072 /prefetch:83⤵PID:5040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=1836,i,1930168644785512882,2718330855297508841,131072 /prefetch:83⤵PID:4712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 --field-trial-handle=1836,i,1930168644785512882,2718330855297508841,131072 /prefetch:83⤵PID:1552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1836,i,1930168644785512882,2718330855297508841,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:912
-
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3940
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
336B
MD530f20d7b72755c0161b61145c13ced9e
SHA18a3c91da99a0f7d1509bbe4846621ef05dfcd86d
SHA256ca049079c671703457131ca24a37dc23ef638968ce8e2b921d61c42efa19fc17
SHA51267edf903d0f7985e20543c54b79f34de097fef7b5ea49520ea7574addad5f63b63246578362277ba26aacf75f862d0a5369e00d0b07e37da56f078b11ed9ff0e
-
Filesize
3KB
MD56baeaffa557af83f724c915eedede30a
SHA1f50e75837c9194583d26f06dcbb2fcd4fc3eb557
SHA2566ba48bf2877d2fdd735a8492e635ef78f344a0f87d083dca1dbf1911456a7e57
SHA512c774ec1139410cb15e2801529c8938c33fa8b0f26dbc5ba8f65c731771f1dcf417c25f8f05ce65cbbdf33cb947125e4783a52982be23314804b785d8533d0f93
-
Filesize
2KB
MD51b1230e3dc1d72370901f50e87b548f7
SHA124160cac7b56d68ecae48b9851fd416fbcdc4634
SHA25644c0b805237acbaf6f5465f65ac418647de3c82ea452a6947bb2d94fb786edf9
SHA512c946ca13aaf3e46d2cc448bc00396b5b9ba8cf6c6a712307c54cebd174141634243e77414ec2c2b8292a56f2e930ed8009fea18b5e20cd32742232a589774862
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
524B
MD5d78f43a24ba15fa1939120cc791bb1a5
SHA1cbd2db17554aae47747ac272529a69804af6def8
SHA25642b5a9251f4c1245bd981501499277ec11639ef734216f1633e65400442aaddd
SHA512a03f3467fdbfa85583851e42898902606e181f64045fe969744d55bb50e586a7e35955f52c51e16e266385ae6281c3da72fb474d1d43674e6684d4bc22daacfd
-
Filesize
524B
MD5bc49ca4e547925bf671bb582b0b27034
SHA1735e63ed67f47933217121cd5cd04fcdf942c5ad
SHA2562f9e01903bebe8811a1d64d503701917af1c8c31bef6c93019f1e89212e40e50
SHA51245cb411ba8c8fb6edacca4d3513d56a5189ab74a0ab68549c1dbc36fa97a3161c4959e7d9d14dd39f8515d93eeec5753369c7f3f8c176bde08336a5409933ea7
-
Filesize
524B
MD5fc1c3d67a44a8800102a614a5ee95bf3
SHA1245f142ae80594a41f4828a565b610381e65af4c
SHA25685eabfac825758b8ca27338c8bbef3363a3024265fbc58143e6761eb4f692146
SHA512ddcd1eab0877bda43a9ec524350513451e00ff0482d2ebbc2dc3835f708c7a9cb769cf9544ccf45ee88ab940ad25d8d24e7430796bea14eddff54f0cf16548e7
-
Filesize
7KB
MD568b1c4e41fcde0b6456ed652e6e5acde
SHA1e6c4c0f998175cdce71e1928b41d936d1660009e
SHA25687eab88ccb3d93898c271eaaea272db8d09b60ec0c030c1182f6ed6f65635d1b
SHA512ce6ebb13b17f71f3337a551cc3bb416de5c0fb92b875e86e6e195050787502624a16d3af4670867a8a8354ff54366066d7a5c414fffda623af09474cbb216097
-
Filesize
16KB
MD52006bda3fee55c1fd134ccc4e089e44d
SHA1ad06c6ee92424217cad683c055d417d824def964
SHA256d8924fa73bb951742eefa13a0f05bdd7b9f833f8d124601d951247fd95cf2b5e
SHA512b34cf7403227bb3dd38c3a312d9bfa85f79c4c0b824f1433b11baa150e6e01bd5e13f8fb1017d1ddcc3da9172f84f563eb1385f8d88b3c1473c9affa9f0bde6f
-
Filesize
253KB
MD5661f8951de8feb1412e91a5489835f18
SHA1fd5b690f533fe1914af60a415564104d7e8663a4
SHA256466541cdd45c192b3d5e78a7a9cabee4553e8202934c2c92099d5c878bf9b3f5
SHA5125ea324ad237eac60e76d48dccf116227d86ce08453f44b4a268ecf4460b12e02b2a00045055cfc8eb94bf6170ea52695a177cd52d30ef619caaea3d5d2d7f8c8