Resubmissions
07/05/2024, 12:22
240507-pjxt9sab53 707/05/2024, 12:19
240507-phfvcsaa87 807/05/2024, 12:09
240507-pbhelshg42 607/05/2024, 11:59
240507-n59khshe59 707/05/2024, 11:59
240507-n5x7gshe53 107/05/2024, 11:56
240507-n386zaeg5x 507/05/2024, 11:40
240507-ntbjcaec5y 5Analysis
-
max time kernel
160s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
07/05/2024, 11:56
Static task
static1
Behavioral task
behavioral1
Sample
images (1).jpg
Resource
win10v2004-20240419-en
General
-
Target
images (1).jpg
-
Size
3KB
-
MD5
6f62187dbc30d53e1d661e8914fa708d
-
SHA1
99b0006f843c006156628767d71cbafd922804bd
-
SHA256
bdd5ea18320c3fb29eece7ffff299152d11361659e8640f64de736affbe11e61
-
SHA512
496f2919cf60ede364db5d5f6947e2a6f607bbe43876745a8443a4ea74068df8961f0629d6a4ae23bf2e4d18b59f40118f63e3c3a6d25c604955ac2eb7a993d8
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133595566116890611" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4420 chrome.exe 4420 chrome.exe 1032 chrome.exe 1032 chrome.exe 1032 chrome.exe 1032 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe -
Suspicious use of FindShellTrayWindow 41 IoCs
pid Process 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4420 wrote to memory of 4928 4420 chrome.exe 98 PID 4420 wrote to memory of 4928 4420 chrome.exe 98 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 4444 4420 chrome.exe 99 PID 4420 wrote to memory of 2548 4420 chrome.exe 100 PID 4420 wrote to memory of 2548 4420 chrome.exe 100 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101 PID 4420 wrote to memory of 2020 4420 chrome.exe 101
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\images (1).jpg"1⤵PID:1880
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4420 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffde92bcc40,0x7ffde92bcc4c,0x7ffde92bcc582⤵PID:4928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2012,i,12036174407423481090,3339904427079482333,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2008 /prefetch:22⤵PID:4444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1916,i,12036174407423481090,3339904427079482333,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2636 /prefetch:32⤵PID:2548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2152,i,12036174407423481090,3339904427079482333,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2652 /prefetch:82⤵PID:2020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,12036174407423481090,3339904427079482333,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3172 /prefetch:12⤵PID:852
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,12036174407423481090,3339904427079482333,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:4000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3712,i,12036174407423481090,3339904427079482333,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4584 /prefetch:12⤵PID:4296
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,12036174407423481090,3339904427079482333,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4784 /prefetch:82⤵PID:4820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4896,i,12036174407423481090,3339904427079482333,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4728 /prefetch:82⤵PID:3556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,12036174407423481090,3339904427079482333,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4728 /prefetch:82⤵PID:3120
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4528,i,12036174407423481090,3339904427079482333,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4920 /prefetch:82⤵PID:3400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5080,i,12036174407423481090,3339904427079482333,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4740 /prefetch:12⤵PID:1168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5212,i,12036174407423481090,3339904427079482333,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5228 /prefetch:82⤵PID:3624
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5200,i,12036174407423481090,3339904427079482333,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4036 /prefetch:82⤵PID:1336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4452,i,12036174407423481090,3339904427079482333,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5196 /prefetch:12⤵PID:4916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5472,i,12036174407423481090,3339904427079482333,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5480 /prefetch:12⤵PID:2464
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5520,i,12036174407423481090,3339904427079482333,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5264 /prefetch:82⤵PID:2688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5616,i,12036174407423481090,3339904427079482333,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5628 /prefetch:82⤵PID:664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5408,i,12036174407423481090,3339904427079482333,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5516 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:1032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5416,i,12036174407423481090,3339904427079482333,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5104 /prefetch:82⤵PID:5112
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:432
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:880
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9cb05196-7aee-4924-af2a-3c33a98f018e.tmp
Filesize10KB
MD5ba64342a0863f613fccb41d92aec2bd7
SHA14cad7d7053f473e56e7dfaf16950b9ae563ae0d6
SHA2563f78f2429fa084b3be0bfbec54da19cf8dafe457519aafe48cb423a52f3ca03f
SHA512f973a34e868abd27f0c76123bf3d7ad1ae15987df68db91f2fbd606b9f09e438045c7fbe6de056d1cf543317c42688784d8c5f59dacc9fc6eb67664497e9fc6e
-
Filesize
649B
MD5acde8d5ac4d8a719ff77dfcfccae0fcf
SHA1bb9f6f9f083dbfc7a11bcb616927cfff5aa4342b
SHA256e9416372d217dfa6cc6d49ab08a4fa757398fb82e19dec9550746a970ffcab47
SHA512a96f0e0f296cada6406e4b8f0873050e35e328c9c807ce2e6e40ece92029b06062c480bfeeed08bde942b62ba8ace7cb10b62cba9a9f0bf6401553c6a6d72a9b
-
Filesize
40KB
MD55ce7bdeeea547dc5e395554f1de0b179
SHA13dba53fa4da7c828a468d17abc09b265b664078a
SHA256675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9
SHA5120bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e
-
Filesize
200KB
MD5a484f2f3418f65b8214cbcd3e4a31057
SHA15c002c51b67db40f88b6895a5d5caa67608a65ce
SHA25679cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6
SHA5120be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c
-
Filesize
10.5MB
MD562adc72948afe52459302258edd8041a
SHA1d66cf1a2364464fb33902da7f1fc8f808b76117a
SHA2568e6115a51fe7ad4bb65b0f1b3b22ed087edfa1ee565b0f80157e5ee10276445c
SHA51224acb5cb2a545268f219e8570773bea96d98351ecb5a0f08879166999ab0b7cfd5bacaefb7cb40579953948ad3a0075f500abb69f3e7d86dd6b4c25f10c1fc16
-
Filesize
864B
MD57900ce31cade5f3c51038e9a0012028d
SHA1ff5a515648c7e8f86d15505c695bb688e4f10daf
SHA256f44357283b1fc6a500145d06b732fa08d5986e0077fda65e80f32383f1770c4a
SHA5122d556732ce04301ca3ea27f2c650b307900191e0e984504c1fb11b5c67df8fb6fc4e75a820b39592734679dbe667fc1c8faa38dd8605834e58a14a13c13c1363
-
Filesize
6KB
MD56a0e89ca4a29f939c850852bb034b901
SHA197d5f04ee4cc0868fc345fcd1447ef9222578300
SHA256636ab0dd427d1dd7885067cef10c6f2fc69faa07f6794fd2c6c60cf716aa115f
SHA5123eb97bca8936eb30fa790ecfb21518c7cb966b245af1e69362ddb7db78f1a4f746559379415a65d5a2bff88aee809a5cf37f9da2ddda024c3c1b3cea2e26d104
-
Filesize
6KB
MD5c92ac34c979ed2221c9221d0f4ae5f48
SHA11f2d01afddc8742baa53c4fd1c26af9b29e11f15
SHA2563822030e2e6f5c20d1c0fc3c456c6faac870c7ee389fff4018b338a646207b4a
SHA5120fa5070d4236ba628e8144edb1ec366a23498e4d68a74f3f2ba11ec3219d664d710551e59f73a29d66072ea66827137e3b1637faddf75df5377052a44a24b6df
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1015B
MD584d240e7267f531d4e3514d5cf9f555f
SHA15e6722bc54047ebe09820afbabd18ff1a7fab32d
SHA2563c5e86e9d8424cc638f18a2af0bac5c13ae885d00f734a3d4e36c65148772fa3
SHA512dc73a8cbbc8f9bbc2ec94e28c4da0573f189a3db97506aabc2d29c7618aa48679b421f3bf5d50507def19572ca7318a78c21b12eaec94f266e4ecfe511f3a1cd
-
Filesize
1019B
MD5e9d06ddd9c4416644aabe4065b108c33
SHA1b7d8dab9d3ea35f761666b4e814c4b96113c24dc
SHA256f63bc88116136f46f3da9da8d2e42c829142705b8db92be909f358393aacde2b
SHA512d167cd3a522aaf4a6dc694d35196d807ad9b028a624d388e217da46f4397a6c166da1ff9852082ba79e67ce0fdd0012e606c5f86cc3e831d1a665179609327e1
-
Filesize
1015B
MD58c6c6cf5e272c2527f834d7200982e35
SHA1e41be1363487bad846d9ea8ee78b2b0b2be40c10
SHA256367543e0f73899ee0fd8cf51eb307756428048cc823baacb1ae9597c9589adea
SHA5123685d5cc696bcd6b8e6be382b95a1fce9ceb94fc1104db15f3b67808555ee0fcfff407f1ab8c7a38e7e6f1dd1fd784a040277c8cb6283841aa7298360eea3ace
-
Filesize
354B
MD5796e2a9a3ac2719267b705f243e5a38b
SHA1ab06d0cd9f6b89fc5dd30cf3fe4fc09a5a6b0300
SHA25642735375bb50a3fc3d0577ec72db20397b6131b038fb73e52e19e0ca6822fd64
SHA5126b0317bcdeceff17923a8ff37337f972eb97e84b952392fda562611ee8636cf53a2036e0df2eb46796e1827275ff18c316aa2324a54f3b66421b1313cc1e5081
-
Filesize
10KB
MD597d3e410f4b4c9f110f6f6256a392fe9
SHA1c5de3677bbc5e467f2feece4f3ab27a15c8918fe
SHA256d28a5bc893204bfc0019e576abd1680d37b018af6e70c8dae70f5f93003387ab
SHA5120bbe81cb34527791e022c595151255f817540a4826143a96d112cdd91c1a22e20057557b6fc4a2c61b4d3dcd8557b7330e89bc651702f4d778374a679948a818
-
Filesize
9KB
MD547dd168b593c416559ae4cece7ee5a84
SHA1e30bef9798b733699c75f6be1af79801819c4818
SHA256b03cd5ec74461fd58508fe63f76adef759eef369137201a422a36c885fa59a86
SHA512f79fec7b62e3ef84cfe2b5e8b537a874790434ed406beb74efefc4be557add941e86041d6128f410e4f2e61d6d97780c6384e249eb9f46a53ff1dac2adbb92dd
-
Filesize
9KB
MD596ea67f85f0a6d03e2a91e49de42873a
SHA15c9faab8312082367008b8e97780731bc1cb9906
SHA2560b51a008789e11298ffd1528cd5a9a65f98708c6e63cf1f2f43d85784d69c242
SHA5123e983a83335dda4b7b6a88696b110f09979912f431995de5506031db2cebc5556be624c7d81feac084544a480e4ffd5e0e322e2f7ffa5c2f47ceb7a3b1b9a861
-
Filesize
10KB
MD58ded538f81d38abce5fc29f383b171b4
SHA1a52fb30a2c9ec87b69b404b0db39abf1109bb977
SHA256188d37cba3e36d6bbeee20621f095617305fb8d732288f83d387156837c7c89f
SHA512203eea2bcad432016e1c2a15dbbf87c21d653bdc370a372e43702c693390c917da6efc0f30cbf6bb1c89c588ecf8c853d9c25d18be5a616d81f68275d8f1770f
-
Filesize
9KB
MD5f6b201e8cdbdc83174fd54e53f116c7f
SHA10016c9bdccea18df3c9fbf804f0171e1be193c7f
SHA2569a91bba9712809a6f5f81cb1b88861d2b1f91171afc3ec81135e2e25c15f8b4f
SHA5122e1bca69d009c496fafd746828b3db362886d785b8c373ca8deadc02478f6434779c722c7126855b53f07dd9731284b7f226bfcd4531c530dc781debcd1c56e3
-
Filesize
10KB
MD5086e49b5415efe94ffb50d04f745ea0e
SHA198cbeb4bc0f22aa67e756c4e16b35d0102739f07
SHA256da430cdebf544cd23421769c3d9dde331bda2b99a30c3b511c800978588f3427
SHA51261eee9a2388828e97e50b1d6467369239ef302ac0a7f4d2013041651c2a1c234a6a6c92fd1ff33a81b7ce5c8ae42bc94f613907880d5fb0aa6c537cced9db72c
-
Filesize
10KB
MD5b32677c854263db1bfdf263fcbfb3eec
SHA12db2184ef80724cbfcf401d704a45e2de2213515
SHA2563f76277900c6a331cf5e7fabd36f7e2a3c71579f16457374aa9afa457d25e7ff
SHA51210a65860eb1574286037de432b239a2e0e0c427bd492b5f2dedc8477662a5a21dc09fca1219409d941474c936fdfa6ae55eae811e1fe3eb649fe6f6f977413bc
-
Filesize
10KB
MD50fa0532f82f2a3e054d9aec7c6b36fdc
SHA1fa29230b7ee7dab04d4c0066172bdefab1e60394
SHA256c6d1c0d8e9e38c5f537d0d69a5fe23f7dd49a2a99325123c7f406ca37b99ab45
SHA512debbaad164c043e00f615d90c089a13aa4b42c9f88516857d75e09c523a7ed3e1f525cde1d72d9ad62d0a0b3a1ef643b2233507178b7904329f41df76460f65c
-
Filesize
10KB
MD552a57bec6496b24cfa7d1e10a754c271
SHA1a24231cbed22cf7f37d437a97fdee4a3e35688e3
SHA25601dde3a5746e44c961bd921dee791cd3148aad03394ae0ef2d8fca2dc169b70f
SHA512d3a6fd546c0cf454b9777e6f53b65d31aa68853ddac028606cdafde8e75cf348be4d48c10259bf60a3f283447f22f2c7d9c14425839725e682c0298e1b730615
-
Filesize
15KB
MD5e38314b5960f0c6d4647f8099138d988
SHA18fd3a72e281d21c18860dd5f2cd56c881099d02e
SHA25605e98dfa19776c0f86f986b9603488c9007eab4f0110732b5164308eced294db
SHA5125136dd7098223bce3ea5ce08c59371bf28fe2cf9532059d0c0e9b90a2fc91de3d127f13099a776ede6cabcefd6d51802202ab9d473b3c2f3b04f26ff7b17cdbd
-
Filesize
152KB
MD55a2a44ac51ea14abe1d031ea169b5fca
SHA116a6b421fbc3e8396f2d5a9ae875de231db32c7e
SHA256bdb5726569ff70ec1db790047ab4bedcd59b32c4e0fc176e2e23c1a8878e086a
SHA512033ec193497e01327b613ac82862ccadac28a30113bbc841b9b914ef0264869220d24729fd71fbce4b173169141fcb8d8855ed809e159caaa2c30d6559dc6322
-
Filesize
152KB
MD54c07f23d3c16ad38a7309625365cd4b7
SHA12173b5ed028ca2c137da96fb807907e436c0df24
SHA25644ca7e484a18a6ec7593a71a8d632127cd1eb1b82c7ed310dcfcbf1d337d2b61
SHA51277c61ed5b0c39e355a925f9da81f06579675d53276cf20b42a1e67f0e63005a88eea4d51baeb3ad46cdf866e733ee1d689d8622cb22734ca3d3a00a945ae42d6
-
Filesize
152KB
MD5f90e55563ca44a0f0859aa80daa3b7c7
SHA18004470be479174b27a53bf63e620eb850a77886
SHA256a6cfd98b4f33635d8e7f478221494641f5e45e9b7a098b4e56d9d8fd51746a69
SHA512ab6108e8caaa52f7d9d1ee0d77ae349a3d8f8cff8868d0565342f0779e6e90a82aeffe952d48adc86814ff7d31ebd387e65a2a08c4a68915dd2387549ca3fc96