Overview
overview
10Static
static
3000.exe
windows10-2004-x64
000.exe
macos-10.15-amd64
4Ana.exe
windows10-2004-x64
Ana.exe
macos-10.15-amd64
4Bad Rabit.exe
windows10-2004-x64
10Bad Rabit.exe
macos-10.15-amd64
1Desktop Puzzle.exe
windows10-2004-x64
1Desktop Puzzle.exe
macos-10.15-amd64
1Memz.exe
windows10-2004-x64
7Memz.exe
macos-10.15-amd64
1NoEscape.exe
windows10-2004-x64
NoEscape.exe
macos-10.15-amd64
1WannaCrypt0r.exe
windows10-2004-x64
10WannaCrypt0r.exe
macos-10.15-amd64
1Resubmissions
08-06-2024 08:50
240608-krvyesae91 1008-05-2024 16:15
240508-tqnx6ach3w 1008-05-2024 16:07
240508-tkr3mafa54 1001-05-2024 18:02
240501-wmf49acg3s 627-04-2024 08:46
240427-kpfeysff8s 1025-04-2024 21:25
240425-z9y55afb7v 1025-04-2024 21:16
240425-z4pphafa97 1025-04-2024 18:27
240425-w3929sde33 1025-04-2024 18:17
240425-ww4a5sdc8x 10Analysis
-
max time kernel
58s -
max time network
81s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
25-04-2024 17:55
Static task
static1
Behavioral task
behavioral1
Sample
000.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
000.exe
Resource
macos-20240410-en
Behavioral task
behavioral3
Sample
Ana.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral4
Sample
Ana.exe
Resource
macos-20240410-en
Behavioral task
behavioral5
Sample
Bad Rabit.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral6
Sample
Bad Rabit.exe
Resource
macos-20240410-en
Behavioral task
behavioral7
Sample
Desktop Puzzle.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral8
Sample
Desktop Puzzle.exe
Resource
macos-20240410-en
Behavioral task
behavioral9
Sample
Memz.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral10
Sample
Memz.exe
Resource
macos-20240410-en
Behavioral task
behavioral11
Sample
NoEscape.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral12
Sample
NoEscape.exe
Resource
macos-20240410-en
Behavioral task
behavioral13
Sample
WannaCrypt0r.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral14
Sample
WannaCrypt0r.exe
Resource
macos-20240410-en
Errors
General
-
Target
000.exe
-
Size
6.7MB
-
MD5
f2b7074e1543720a9a98fda660e02688
-
SHA1
1029492c1a12789d8af78d54adcb921e24b9e5ca
-
SHA256
4ea1f2ecf7eb12896f2cbf8683dae8546d2b8dc43cf7710d68ce99e127c0a966
-
SHA512
73f9548633bc38bab64b1dd5a01401ef7f5b139163bdf291cc475dbd2613510c4c5e4d7702ecdfa74b49f3c9eaed37ed23b9d8f0064c66123eb0769c8671c6ff
-
SSDEEP
3072:eaLA1++iCeFj0im6X/AXpT8vVMCcHVcdhghUuz1o9Y:fLJlC6j0CX4XmvWHVcd62uO9
Malware Config
Signatures
-
Disables Task Manager via registry modification
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\L: 000.exe File opened (read-only) \??\Q: 000.exe File opened (read-only) \??\S: 000.exe File opened (read-only) \??\U: 000.exe File opened (read-only) \??\X: 000.exe File opened (read-only) \??\Z: 000.exe File opened (read-only) \??\N: 000.exe File opened (read-only) \??\O: 000.exe File opened (read-only) \??\A: 000.exe File opened (read-only) \??\B: 000.exe File opened (read-only) \??\H: 000.exe File opened (read-only) \??\I: 000.exe File opened (read-only) \??\J: 000.exe File opened (read-only) \??\K: 000.exe File opened (read-only) \??\E: 000.exe File opened (read-only) \??\G: 000.exe File opened (read-only) \??\P: 000.exe File opened (read-only) \??\T: 000.exe File opened (read-only) \??\V: 000.exe File opened (read-only) \??\W: 000.exe File opened (read-only) \??\M: 000.exe File opened (read-only) \??\R: 000.exe File opened (read-only) \??\Y: 000.exe -
Modifies WinLogon 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell = "0" 000.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\Desktop\Wallpaper 000.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Kills process with taskkill 2 IoCs
pid Process 4012 taskkill.exe 2488 taskkill.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585414002069014" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Modifies registry class 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico" 000.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{B069A985-AA8B-4DCF-AFEC-08D3A9A8B216} 000.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 640 chrome.exe 640 chrome.exe 640 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeDebugPrivilege 4012 taskkill.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeDebugPrivilege 2488 taskkill.exe Token: SeIncreaseQuotaPrivilege 3668 WMIC.exe Token: SeSecurityPrivilege 3668 WMIC.exe Token: SeTakeOwnershipPrivilege 3668 WMIC.exe Token: SeLoadDriverPrivilege 3668 WMIC.exe Token: SeSystemProfilePrivilege 3668 WMIC.exe Token: SeSystemtimePrivilege 3668 WMIC.exe Token: SeProfSingleProcessPrivilege 3668 WMIC.exe Token: SeIncBasePriorityPrivilege 3668 WMIC.exe Token: SeCreatePagefilePrivilege 3668 WMIC.exe Token: SeBackupPrivilege 3668 WMIC.exe Token: SeRestorePrivilege 3668 WMIC.exe Token: SeShutdownPrivilege 3668 WMIC.exe Token: SeDebugPrivilege 3668 WMIC.exe Token: SeSystemEnvironmentPrivilege 3668 WMIC.exe Token: SeRemoteShutdownPrivilege 3668 WMIC.exe Token: SeUndockPrivilege 3668 WMIC.exe Token: SeManageVolumePrivilege 3668 WMIC.exe Token: 33 3668 WMIC.exe Token: 34 3668 WMIC.exe Token: 35 3668 WMIC.exe Token: 36 3668 WMIC.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeIncreaseQuotaPrivilege 3668 WMIC.exe Token: SeSecurityPrivilege 3668 WMIC.exe Token: SeTakeOwnershipPrivilege 3668 WMIC.exe Token: SeLoadDriverPrivilege 3668 WMIC.exe Token: SeSystemProfilePrivilege 3668 WMIC.exe Token: SeSystemtimePrivilege 3668 WMIC.exe Token: SeProfSingleProcessPrivilege 3668 WMIC.exe Token: SeIncBasePriorityPrivilege 3668 WMIC.exe Token: SeCreatePagefilePrivilege 3668 WMIC.exe Token: SeBackupPrivilege 3668 WMIC.exe Token: SeRestorePrivilege 3668 WMIC.exe Token: SeShutdownPrivilege 3668 WMIC.exe Token: SeDebugPrivilege 3668 WMIC.exe Token: SeSystemEnvironmentPrivilege 3668 WMIC.exe Token: SeRemoteShutdownPrivilege 3668 WMIC.exe Token: SeUndockPrivilege 3668 WMIC.exe Token: SeManageVolumePrivilege 3668 WMIC.exe Token: 33 3668 WMIC.exe Token: 34 3668 WMIC.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 228 000.exe 228 000.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 640 wrote to memory of 2964 640 chrome.exe 92 PID 640 wrote to memory of 2964 640 chrome.exe 92 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 456 640 chrome.exe 94 PID 640 wrote to memory of 3596 640 chrome.exe 95 PID 640 wrote to memory of 3596 640 chrome.exe 95 PID 640 wrote to memory of 1444 640 chrome.exe 96 PID 640 wrote to memory of 1444 640 chrome.exe 96 PID 640 wrote to memory of 1444 640 chrome.exe 96 PID 640 wrote to memory of 1444 640 chrome.exe 96 PID 640 wrote to memory of 1444 640 chrome.exe 96 PID 640 wrote to memory of 1444 640 chrome.exe 96 PID 640 wrote to memory of 1444 640 chrome.exe 96 PID 640 wrote to memory of 1444 640 chrome.exe 96 PID 640 wrote to memory of 1444 640 chrome.exe 96 PID 640 wrote to memory of 1444 640 chrome.exe 96 PID 640 wrote to memory of 1444 640 chrome.exe 96 PID 640 wrote to memory of 1444 640 chrome.exe 96 PID 640 wrote to memory of 1444 640 chrome.exe 96 PID 640 wrote to memory of 1444 640 chrome.exe 96 PID 640 wrote to memory of 1444 640 chrome.exe 96 PID 640 wrote to memory of 1444 640 chrome.exe 96 PID 640 wrote to memory of 1444 640 chrome.exe 96 PID 640 wrote to memory of 1444 640 chrome.exe 96 PID 640 wrote to memory of 1444 640 chrome.exe 96 PID 640 wrote to memory of 1444 640 chrome.exe 96 PID 640 wrote to memory of 1444 640 chrome.exe 96 PID 640 wrote to memory of 1444 640 chrome.exe 96
Processes
-
C:\Users\Admin\AppData\Local\Temp\000.exe"C:\Users\Admin\AppData\Local\Temp\000.exe"1⤵
- Enumerates connected drives
- Modifies WinLogon
- Sets desktop wallpaper using registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:228 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""2⤵PID:496
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im explorer.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4012
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im taskmgr.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2488
-
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic useraccount where name='Admin' set FullName='UR NEXT'3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3668
-
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic useraccount where name='Admin' rename 'UR NEXT'3⤵PID:5044
-
-
C:\Windows\SysWOW64\shutdown.exeshutdown /f /r /t 03⤵PID:2940
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:640 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff9eb3b9758,0x7ff9eb3b9768,0x7ff9eb3b97782⤵PID:2964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1948,i,8553955746044781560,10057867889580652119,131072 /prefetch:22⤵PID:456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1948,i,8553955746044781560,10057867889580652119,131072 /prefetch:82⤵PID:3596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1948,i,8553955746044781560,10057867889580652119,131072 /prefetch:82⤵PID:1444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3312 --field-trial-handle=1948,i,8553955746044781560,10057867889580652119,131072 /prefetch:12⤵PID:1944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1948,i,8553955746044781560,10057867889580652119,131072 /prefetch:12⤵PID:4340
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4664 --field-trial-handle=1948,i,8553955746044781560,10057867889580652119,131072 /prefetch:12⤵PID:916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=1948,i,8553955746044781560,10057867889580652119,131072 /prefetch:82⤵PID:4396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=1948,i,8553955746044781560,10057867889580652119,131072 /prefetch:82⤵PID:232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=1948,i,8553955746044781560,10057867889580652119,131072 /prefetch:82⤵PID:2088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1948,i,8553955746044781560,10057867889580652119,131072 /prefetch:82⤵PID:1860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4560 --field-trial-handle=1948,i,8553955746044781560,10057867889580652119,131072 /prefetch:12⤵PID:4160
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2272
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1424 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:81⤵PID:1676
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3994855 /state1:0x41c64e6d1⤵PID:4860
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
288B
MD53805453d6b60885a898d03eb5819c636
SHA1b0b37b07df9860fe593ba42da937620c3aecee76
SHA25624f6dcc920f8bb9ce8cbdb8207aad1b1ff2e3ea6961e14e9546d10a7f19f263e
SHA512f9137c315935f0f19eca4647995bc0926c3aa76bae53c386d7f9a309f29aeaf9c7f43d0c7448feccdb58f690bac91a888eb8eccdb9901bd75d98c906ad4a3131
-
Filesize
369B
MD53ff90cfff0187ef56232d0cebce12f4b
SHA1ebc004ba4f68853373b123849a04387d10987e3a
SHA256f431916532b437a7254e8390698dcbd76a4d644f0c5ee7756481bb8b996eb1ea
SHA5125c4ce50a1882a68da878a32bb5941cb875e2f1bca06bdc0ca844be7bc670f9c820ce4792c10eb69bcfe3390060948fb51553b9079c189c97e27699ab96e0966c
-
Filesize
369B
MD5ef00048f47abddbbec0d14f65a648005
SHA13328f3fd93364fb666f78b48c954d1b398c2eab4
SHA256c5486044d1d88c794718a4741f9c6f85ce9af95f65c8dc430b0fac5fbb8dd64c
SHA5120aaecebb91fc68ca4b332004b54d19481e958f14d2a520d6af73ba15dab67b90d17f30ec54a4fcbdaafaccb80f810dd9c0163a70df9aa298b28f692ccd128536
-
Filesize
369B
MD5aa2997db32d8485da380ea833fd28245
SHA1df80dd15f7317b862dac751f3410c224fc9dd3d3
SHA256c85802f6fbe5d9ca35ff3471724b957aadc309dae606f82111cc38a2988dc88a
SHA512ef9e1fa97d861e20748d6003084380d37eacb00267f8cad4856f50279770e5c0ce661648482a713cf466c7d283e865f52c3c97d9ec92827716b057e2c5da485e
-
Filesize
6KB
MD520f53ab6a9f84ddb3e829318d174a1ad
SHA1e0af48ab10589c2a54618a30f23dc823fd119f61
SHA2569be11df4cc31787f7f5fad2fac88c31b1ccf990619594fd48c892a25a6520808
SHA512be1e2252cb9af8e66d8c9f63584bae69c8341c3ce61a7122bdba6e7649599a06bcf7cd302419ad8cedbcb6c7f7c69e3db896b368a42a261a9865705552dabef8
-
Filesize
6KB
MD5e313dfee5cbb44751895f343b6e65b4e
SHA171f011f310d26094c83420c6647b07b29d4bdbe4
SHA2563fd01b6eebb07cdacb491e57ba6e612a0a19e0619bd0827b1e303e9d0e258c59
SHA5126849c20429ddf38b624eb58d6e39a6c170010eb2d054f7c5232f91c4daf4f6a104b75f7844a060c88bc29f652223688bd1c6c33d67df2742aa23722a22c1ff2a
-
Filesize
5KB
MD5a357320759aa693da51eba250d7645c4
SHA1e517cfbf6f7ea33e9fcdcdc5469e027a682c1dc0
SHA256ca12f564f27be5aba0880d2dcc2d4b06a2592f4c41048669d2017b85a1c9ba40
SHA512b3534ec834053379538b8af29bff6d23a027599b7ab1fb613e4730627c54207e42fe479451c86dc2c8c0202434b58d5ec049f3e218beeea246b517433f815d6c
-
Filesize
6KB
MD528c07db0f912b33b0b10f4afbe22d988
SHA11865fd0da0e21db17b62518ddb37266f5f4cd761
SHA2560dae137042a93b5c4e8604b2dbb287b91c48d8e30329339eade8d307381cfd9b
SHA512eccfe4fdaab732ce9e604328c284c9e05cc313e3885641bb28666f34bb185550862913ec888cbb989360878847ede2293dc55abeb5ea625e7543a8d3e2386800
-
Filesize
265KB
MD5b84dfe3a2a1081c9c16c2dc434ea342b
SHA1d8bd696bcee6072038c12ac95469edb6b49d1053
SHA256263974198d63d0710714f0a8dfb8191480f62dd35b08cbec0123325d740262fd
SHA512c19e9826c81477648a67810e4c552a3c40943c1e41f8107a2d2b42df711b79a04c859ef5c27e2df79609bc94d5ea3c31b591c51b9d57b2662619430105d2bf93
-
Filesize
265KB
MD59e7a2b4071afcf0ea2b005e098689d75
SHA19f488e73d4c6b5d8270b35c35f32bb7cd5d895c5
SHA2568cc4c4be0b843dda9b0bd8ea9bc6295898ee5e88d001f68dcc34124869dbe1b4
SHA51290b0041c5eea04d4f29e169bba01f1f3def9c06108f5f94a81f70a0a20903498ab34a62c5b306050195f97c7fab84b5cae9c1194dac8d50eb212ec49094c7ce5
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
384KB
MD5e4ce7c2fac2fd2150828e8668a1e0185
SHA12af89339e7a5c363807450131ea3c1b08da5abc6
SHA256f8adbc6e4371d8c25d8a5b3b88e4fe92900407446508f67ebd8567276b9601e7
SHA512e5d6df92a5f4c7d0b71b42bd35a98b0436d42e8aa153650069406bd6fe030e933a94241e7350478874c6c45d7857c76a148f5ea69d16d470585e7e91fd1619bc
-
Filesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b
-
Filesize
403B
MD56fbd6ce25307749d6e0a66ebbc0264e7
SHA1faee71e2eac4c03b96aabecde91336a6510fff60
SHA256e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690
SHA51235a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064
-
Filesize
76KB
MD59232120b6ff11d48a90069b25aa30abc
SHA197bb45f4076083fca037eee15d001fd284e53e47
SHA25670faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be
SHA512b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877
-
Filesize
396B
MD59037ebf0a18a1c17537832bc73739109
SHA11d951dedfa4c172a1aa1aae096cfb576c1fb1d60
SHA25638c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48
SHA5124fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f
-
Filesize
81KB
MD5d2774b188ab5dde3e2df5033a676a0b4
SHA16e8f668cba211f1c3303e4947676f2fc9e4a1bcc
SHA25695374cf300097872a546d89306374e7cf2676f7a8b4c70274245d2dccfc79443
SHA5123047a831ed9c8690b00763061807e98e15e9534ebc9499e3e5abb938199f9716c0e24a83a13291a8fd5b91a6598aeeef377d6793f6461fc0247ec4bbd901a131
-
Filesize
771B
MD5a9401e260d9856d1134692759d636e92
SHA14141d3c60173741e14f36dfe41588bb2716d2867
SHA256b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7
SHA5125cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6