Analysis
-
max time kernel
1799s -
max time network
1727s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
24-05-2024 11:38
Static task
static1
Behavioral task
behavioral1
Sample
Screenshot 2024-05-20 11.05.08 AM.png
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Screenshot 2024-05-20 11.05.08 AM.png
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Screenshot 2024-05-20 11.05.08 AM.png
Resource
win11-20240508-en
Behavioral task
behavioral4
Sample
Screenshot 2024-05-20 11.05.08 AM.png
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral5
Sample
Screenshot 2024-05-20 11.05.08 AM.png
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral6
Sample
Screenshot 2024-05-20 11.05.08 AM.png
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
Screenshot 2024-05-20 11.05.08 AM.png
-
Size
517KB
-
MD5
d62be3530273b7679f61d10db4306110
-
SHA1
4d19cadc719b105a9861668ab0a9f41b553474a2
-
SHA256
c735814996365d94afdf77e3adb83e0bbf422f2072051f16e45d219216e4ef17
-
SHA512
7fbfebcfa8838079e5fe91d05ce498dca972da0369d0af4111bc7dc5ec28e86d35f6f9a9b344b1e2cb60ac02400190f4b8df8e75272a48f1d792318dfdb7153c
-
SSDEEP
12288:qrWK46hnilM26ReJFOOpzGAXHakAbLtWSCwquxE9Yq:i546BilMZRqFOOpzb6kAbLQSC4W93
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 5 IoCs
Processes:
chrome.exechrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133610253472192106" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Modifies registry class 1 IoCs
Processes:
OpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 1104 chrome.exe 1104 chrome.exe 484 chrome.exe 484 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
OpenWith.exepid process 3268 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
chrome.exepid process 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe Token: SeShutdownPrivilege 1104 chrome.exe Token: SeCreatePagefilePrivilege 1104 chrome.exe -
Suspicious use of FindShellTrayWindow 52 IoCs
Processes:
chrome.exepid process 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe 1104 chrome.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 3268 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exechrome.exedescription pid process target process PID 1104 wrote to memory of 2732 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 2732 1104 chrome.exe chrome.exe PID 4828 wrote to memory of 736 4828 chrome.exe chrome.exe PID 4828 wrote to memory of 736 4828 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1284 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 5044 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 5044 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe PID 1104 wrote to memory of 1800 1104 chrome.exe chrome.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-05-20 11.05.08 AM.png"1⤵PID:2432
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3268
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1104 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x108,0x10c,0x110,0xe8,0x114,0x7ff91b3eab58,0x7ff91b3eab68,0x7ff91b3eab782⤵PID:2732
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:22⤵PID:1284
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:82⤵PID:5044
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:82⤵PID:1800
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:12⤵PID:3392
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:12⤵PID:1792
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3844 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:12⤵PID:1664
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4408 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:82⤵PID:3684
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:82⤵PID:2084
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:82⤵PID:424
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:82⤵PID:4424
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4044 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:82⤵PID:464
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4452 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:12⤵PID:3932
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:484
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:4828 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff91b3eab58,0x7ff91b3eab68,0x7ff91b3eab782⤵PID:736
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1772,i,5553284659825672090,13560173947681764888,131072 /prefetch:22⤵PID:4672
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1772,i,5553284659825672090,13560173947681764888,131072 /prefetch:82⤵PID:1528
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:2928
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40B
MD5bbdce7283f8c8e7d66ccf5cba06bcfdd
SHA1c2e2d0145906f8992455ad7819275db251f1a482
SHA256ac592c3e751c5521f73447f2f32b6d4fda91635f349431f89f975c1e3208537e
SHA512b8fa50f8201bdbf43b9065e9a9f0ce5cc1a182ab5da6ce275afe823b3ea4cca84c7c43e7e09ec47523fda2013c8af5081656378326cc148c89eded6dd62e0a37
-
Filesize
72B
MD55ba203eb65bcbffd32603a23df574cd5
SHA16adaafa0afccc8314d98316466797b381da5b1e8
SHA25665e6af10d3c3ac3a5d432a3cba77f36b0e2bf7309635f73ad7607f4653c879a9
SHA512e90f0d2e57863c3e2ab465da282545d2e003b7adc3dfc5ac420adb161c6ea743a73cdf0ce3b6bf57b541a9e51db9971e7838d3c69acab93d488dc4617f8cd357
-
Filesize
2KB
MD59eeb67848a34847aca88a55e53852649
SHA1bf4dddfd012c810b23ca02ccd5f3ba9e3a3ccb3b
SHA25630485cf5889f4b4e9cb9468a6582c3bb1d7eac52166022284a850b6596d44d62
SHA51238485b932a64f386f66f7a2cb8db2e4dab56cb878c522f3ca8ccfe8921a1c4db5bd7aeeff5d93c06038aa3d15328de506e778645eb83d42eb2c75f8a18b6a380
-
Filesize
2KB
MD5d8c0a5540fd59500e349e1b6930223f4
SHA11884a3cb563a1490f09d7c787dc178b4264eb7c1
SHA256872372fd39e3edb9ee7e65b300eab9c620f913c41ae435e2ffaacba36c5ae651
SHA5125e92d92685959b9a6d8fb5cecb7ba1300ed1d8dabbee6dbf1116dcc5eb7ce1fc0db429001037e0c52c700c0a760e16a6fe3cd5d766d5c34af346697723c3d384
-
Filesize
2KB
MD50f16f84aa0839b51604fb112b108aada
SHA12572a54b5b953af0c36ccf4b9244b22ae22c6a63
SHA256c2f9a386cec77ec6f21f85f70b5a84ac83a3d9b0b065a76236cf5e01b2fdc39e
SHA5126b3a344e491753fd7f1ec09ab3c908af5ddb0964e22dcf9a09baa2798d0c336875ec6a036838fdb8bbfaa0b08455ea916c5e49290da4f8a8c7a49942b29f7cce
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD54eb8cc30cece20f77c775c4ef376152f
SHA1c60fb9e60a893d46b520965d7a1fa42e8f1489ee
SHA256f094d61adfcd34e3cde59174899dfebf2592da6dad1d3a08331916335333faf3
SHA51258380ac9d953c50b5ee56b62f764b7fc3ddfc48f55a63463ca3cf035684cef526af94762be8fd398bb83e13d14865f2da06722e607f039079048d2d3a1f8dd39
-
Filesize
356B
MD544ad3e31593d451f773460c416cde40d
SHA189e4030e9b5cf8bcffba20a65069de839d549d7a
SHA2563a7a76dedb22ab7774e7cb6fe2c6ad27fe5b1f47a9ce27812511e3b2f7d8cd9d
SHA512b70866c8e4aee3794a4c6ee0b6644d34fe4a56547bce8f97d8b75cba525c1641c51c8bc3eda72fe2e64540c064406ac53ab14b04138e892146653f1db6a9bc33
-
Filesize
7KB
MD5ffaff37cc28d2a1f955452f4ed2bccec
SHA1d24f46d72c49d197068fe7dc39c80b9e8188554b
SHA2561b7ece5b47340db926602de5e441cb8ada962fa8d091bc352ffb4008536eeea3
SHA51281a62a9add42b95722037e85770d7ce8ddfdf907aab45f10f65ee7ad57e8e1becae422d4295be09d980d1ec15ca9de69130c6cb30fe0351d170b8b77b4adedca
-
Filesize
6KB
MD595db8c3b233c2690e0c03eac73529d84
SHA15665056e1a70bd50e6ae2f9163a7943fb6497e87
SHA25681e17d3fdeb3b58676cbb59db17f455fe402cbdb3ef898734cec245bc4f717d1
SHA512916734a4cad5484a0f4276c7b1df97fceea4affa4366feb724450ab2952e47997e78aaa5f5238aa07e89ec23209da934715ba64f0450a3bf8e52def94072e10d
-
Filesize
16KB
MD5fa2cdab9feec32ecff7097b29a7fb84d
SHA15809f570e89d64b5b1f3ee543df35e890a78ba3e
SHA2569fb56a9295b694b3fd9c74588a68e20c424c6f3a948068784c14bf00afae78e3
SHA5121f190ccd954b62bee6f3a53ac6ae253c42cd984ced2769aa18b1141e98786b167345e66836a8fd887a6faa385985d732776cca06ebb0176ec3e80a1443ada50b
-
Filesize
129KB
MD51a14896048c0777397f19f49dfdeed63
SHA13bab260949af64db0b903bfef1f99a25b0dc9443
SHA256528112028431cc75e46a747c395c3e7042bce029cc4913e4f6747a7f3c8f5269
SHA5127d47df62d25a7962340660720f7526d5be16a5f078bbcff09bc8bb152138e764851ad2a0f8a6e38dbd7df8ae86e8a9e287e505856d5712e84f666525c0af4ac9
-
Filesize
260KB
MD5f0ef100a5253eaebfdd4f4b35f34e7e2
SHA1031f233c7701f326789fd96ddf44e7f986adde76
SHA2563691ad51ed122de11b6e9bf0467254831b0bce2511417fc9c85a2e374b2457e3
SHA5125fac18b36e460a85dc4563365a060699beba03cf48b62d740ba6d89acfbdecab324f168a5adf6542fe1686149cfaf45be40ccf793903ffa23d03338dd088398f
-
Filesize
86B
MD5f732dbed9289177d15e236d0f8f2ddd3
SHA153f822af51b014bc3d4b575865d9c3ef0e4debde
SHA2562741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e