Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29-05-2024 00:36
General
-
Target
Client.exe
-
Size
31KB
-
MD5
fdbf55e90eba969a41229f1a8b2506b5
-
SHA1
5df3f39480c05be26a61d41406ae50b107873a87
-
SHA256
6e4e80c7fc6f4a659f2bceabc5e609061ee6e3715c070f853e79c8ad9a2718f6
-
SHA512
9857f7c45ad04ff7a095f52523c6da22ed8d5e3e841e988ee430c691e585c17d39f4110f8e9e55cacbbebbde65f838f8a736dc7c563e50e13429a78dcecffdb3
-
SSDEEP
768:7e0v+hW1nRNAzx7SnAlOvQFLhvKcQmIDUu0ti+Yj:C0K2a9RLQVkCj
Malware Config
Signatures
-
Modifies Windows Firewall 2 TTPs 1 IoCs
Processes:
netsh.exepid process 2172 netsh.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133614166618163587" chrome.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
chrome.exeClient.exepid process 1772 chrome.exe 1772 chrome.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe 3440 Client.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
Processes:
chrome.exepid process 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
Client.exechrome.exedescription pid process Token: SeDebugPrivilege 3440 Client.exe Token: 33 3440 Client.exe Token: SeIncBasePriorityPrivilege 3440 Client.exe Token: 33 3440 Client.exe Token: SeIncBasePriorityPrivilege 3440 Client.exe Token: 33 3440 Client.exe Token: SeIncBasePriorityPrivilege 3440 Client.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: 33 3440 Client.exe Token: SeIncBasePriorityPrivilege 3440 Client.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: 33 3440 Client.exe Token: SeIncBasePriorityPrivilege 3440 Client.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: 33 3440 Client.exe Token: SeIncBasePriorityPrivilege 3440 Client.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: SeShutdownPrivilege 1772 chrome.exe Token: SeCreatePagefilePrivilege 1772 chrome.exe Token: SeShutdownPrivilege 1772 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
Client.exechrome.exedescription pid process target process PID 3440 wrote to memory of 2172 3440 Client.exe netsh.exe PID 3440 wrote to memory of 2172 3440 Client.exe netsh.exe PID 3440 wrote to memory of 2172 3440 Client.exe netsh.exe PID 1772 wrote to memory of 4004 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 4004 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1088 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 2344 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 2344 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe PID 1772 wrote to memory of 1012 1772 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Client.exe"C:\Users\Admin\AppData\Local\Temp\Client.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3440 -
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\Client.exe" "Client.exe" ENABLE2⤵
- Modifies Windows Firewall
PID:2172
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1772 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb97bdab58,0x7ffb97bdab68,0x7ffb97bdab782⤵PID:4004
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:22⤵PID:1088
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:82⤵PID:2344
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:82⤵PID:1012
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:12⤵PID:516
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:12⤵PID:4348
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4296 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:12⤵PID:4756
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4032 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:82⤵PID:4336
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4584 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:82⤵PID:4108
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:82⤵PID:2472
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:82⤵PID:5056
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:82⤵PID:3180
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5064 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:12⤵PID:2244
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4872 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:12⤵PID:4536
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3952 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:12⤵PID:4388
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3120 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:82⤵PID:5004
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:82⤵PID:3600
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3208 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:12⤵PID:516
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3236 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:82⤵PID:4612
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5244 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:12⤵PID:1472
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5708 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:12⤵PID:3180
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5824 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:12⤵PID:3188
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5968 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:82⤵PID:4724
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6076 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:82⤵PID:1996
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5968 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:12⤵PID:4748
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4728
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
69KB
MD5c356a0c771a0209d3482777edfc10768
SHA11ff2d992af8a6f19c30ecbe8f3591f26fe1cab08
SHA25632381f4549d36fa4583e599adc04056a4da80a6067c6805b7081c3f3f54a27ad
SHA512561084baf8d65579ead79e79c2c3920ef987384d52ecc11a2689aff95c54a6b823a0c4a8e5b910e60e569450e36563f53adb5796f261f13bbeea59130b81fe3c
-
Filesize
326KB
MD5b99c109402eb5090a41bd60127623b77
SHA1f0a74bfe1e275a5683bfb4312aba6486e2834d62
SHA256ba454b5ba7c123abbb66244771cf49844219cb6c9f2a23d07bd6bc91a4f8f950
SHA512619a29ea7a1c678ab86c9cd4c2c3cf9686d613bba14088fece0f8a55a51f8bdbbe239b58f53c2c84e3b20e9fb8cb842c92a4627c760a164777d5f03176a96608
-
Filesize
133KB
MD518fa2e39cd464591489d8fa9217e25e7
SHA187e11371a06ed5cb998d77504b2ac18e1f022e01
SHA25692c83b8cd694d5aa9b846bde687c15ac8c6c086116a79962cb77831b3d333535
SHA5127a97c939acafe8c6f140ac29ac93f3756231dbd31c346a24ca0b2aa7b46527afa5d22c710693edf5ed218ae68b2e0e9077f05bedc9749383fb60471d3a3e5e2a
-
Filesize
73KB
MD534602c14b3cd39436015a03c31a33c69
SHA13c483bff2700da63547b033d6e181d8eda923a79
SHA256cdcd68953968b057152973f3a8c5ddb22af24ad0fa7f30150cff714ffa124284
SHA51207d047a878e3dd70fa32b6c40812a79e8cccad87708a40fc942422067a95c4fc5b97b69e1921103fc569fe48b9fb2499c3a1578b2c4dd1cf2add1f0e07fb95b5
-
Filesize
32KB
MD5df0c867c5fabd8e3d924adaa0b71645f
SHA103080a2098c5ae7d430ffc50360252ce01dc8d19
SHA2565f58994bcd7c1fd1ea6b68dc79e50554a82235f193937093cdd7b1f0d9b1fb5b
SHA512da24d89c4921a5f1ec0d7aefcbca5a8a4e53fdc28385e4c9c29f3b3a0b6d2f84167e46ef77b7aff03c5b0ed23917b3fd8e7e8bda675903788e95cdad9a56d352
-
Filesize
64KB
MD5d84862513956cbe61aeb4ebbfdd3355a
SHA114ab269df17cb0333b1556ce120d587324479f6b
SHA256a18b26912ab9e034923cc64fbfdb59d682500f2c556456930e480b6bd69e33b5
SHA512d04ca96d72595f1e291a6ce96f092c1707064800103cde733512a186c1b22e089b63690a0c53965c97248dd782731b22fa2d27b8ee3ae112647382f1c06d1a9d
-
Filesize
19KB
MD5d546a874d6488dc7b2abd0843b4d02b2
SHA1abc38412c078bb9ab9ff9757aeefa67a19ff2501
SHA256c243c2a98c75631185c8d04ecfffc2765b0d3e3516c3ee7e2cd8d2b67660cf5e
SHA51213c7bde4df056340a345dbf1473a01308fd2786be7a384411814afa8f005d34d2ea979a24cb2d7821b5bd928841ffc3c00944500a55c2f0934155ba786ae9c0b
-
Filesize
2KB
MD5492612622352ad00963f0442009b8de5
SHA1878f3a4ecb624042bdfce0129827737a810e58cc
SHA25615cc21d60af9164537b63f13019b9330553da7287d22755313beca0aca1e04f9
SHA512c0612172ae010baa526fbb4a2b8c30d6233e778a5d80b8a234728d7e0e56afeb4d0642b5e6e076eba9449451f843e18add232a54508fa043b3ccdaa70504afb4
-
Filesize
6KB
MD58157920e475c3f6226ac2aadfaadfc4b
SHA19de46fbb7ed69898f4ba6038a10ea1a17ad035cd
SHA256926ccc20444eff8439ce16765f6b918214b15e05d0b538b45451a384a46af2b2
SHA512f470ce78e4a2dc34847fe377e983ead623c48af2fd0fd9f5173d60c82598edabb7142b5d6a5cc794e1a85df4a644af9348a582a14d7dc2cb928592757b8fd06c
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
524B
MD5ead0400b11f443bb5ac44bc7c032693e
SHA100edeb1109767d9a88806e163c52d79d2f99661c
SHA2561d3a8f3c4c654765a607d766345b561f569150beb36b2368ccb2c0a827823a28
SHA512f0655a775b2a78ea0797e6f27de6405f294eceed2719c6c93379e626318626a6068d714554afb959a93a4cc79c48c147dffbe2ee1921544617578ea905b10cf8
-
Filesize
1KB
MD52d1f23f3b2d88cace27e02735e493035
SHA1e6f7474a1722d158ba948804f9bbca2599df6c48
SHA25656988fb00effedca7033783c1e41edca09620231cf563ba60543109b1ec3f7dc
SHA51253a3f22db92436ec5d6f43ae02ec4c05310add9ee918c790a8085704e44555242b83db930cb91f7a8866bf05fac848e541aa380b780ae45bb2d81629f4e8f4ec
-
Filesize
1KB
MD5ea9d75cdcdc3314217f0edf69e3fb7bb
SHA1bb36bed24caa7e18ff96b71398b54e988b759dd3
SHA2565619f2c627e4a52ea1619d1bd401e60fec46445ae894fa28afc5733f0ce47703
SHA5122ce161ef650aa3004f519dcd2fe167c880d2f9131e212b719ff60d8717ad64f9b0dc599df8642ed28867b69df39fd8e38c6408d79b4e6cb6671f13496e642445
-
Filesize
1KB
MD593558e2a4c2d37a4666350c6ddd78982
SHA17d0aa614efee5c3563ce249a05019c16d29c0224
SHA256da8651004ca790f50135260a3ea1b7231374ae6d47de4516d1e2fb0748ee03f6
SHA512c71bff004d919e7cc0adac464e26306fbfcef2a4633d2cd4367300348614e48d214b7c598d82d72bd001b4af8f396bb2f216bed95415d4d66fa4e41f0ebb7e1d
-
Filesize
1KB
MD5a61da270ef35eb46ca18ae9d18be6ea7
SHA17b000a507ad10cb09ff5f81ef7274975b5f2b2c8
SHA256dd3269e9105b5a9efee13b0dd07584da5caab550bcab785beaa13d4db86c5c1b
SHA512ea7f8027f6246e8c661542d725d054e1c1d602f692199d37db913bde6ad4264bd2e7f6e07c8ce44766bae4353630c4be086aa2b5e766ece30b06262d40b4eda9
-
Filesize
1KB
MD5db8eeb1efcb680b0ef83570e2bdcf99e
SHA12331023234ad9610f69c140b5673d2fc0dd6d308
SHA2561310176caec8cf867a552a10f204b4254c102907f4fc51f045c40dd28a58ac49
SHA5125c2fe28ee2d1fd3ec0dcd3b1234012a89e77fdd9d94c6cc7651531d034b28f9b4364ba18a738915424caac758b18c5797ec8b76596a6a1166f9efeebdfa52f6b
-
Filesize
7KB
MD5a861f4c01174dcb49bb2f3da84109770
SHA19f050d6428bb7e8b4af2a9694c889e0af4657f1e
SHA2562a44d984aad16935f54a35d9c043180cefc6fc0ff8bd57e513d7688a2ff3a018
SHA512208f2ad5dda55201a9ed442aa62a3bd63e8b57597cb77fcc9fb898b8c0ec49bcc5c43c73388b648933eecc1023fe6a11451f2066de40635210fcb128b0553ab8
-
Filesize
7KB
MD54ecd9b405155bf3375b70263775750fe
SHA165d7fb158c5f36fd71550ae23241a7e6a6254eda
SHA256360f55820831250e7095302b8ade436572b4580ae87fb5e1af43f658d6d46dd4
SHA5128ffcf60f42ed040cae65185a4a33f0a682556ea054dd0ee998f5bcaa2980ee66560c33c1466189b2882e22f252e76aeb02ffed19818b6ffa72c2ead65c84e01e
-
Filesize
6KB
MD5c18c1b7c91f2602a497b22b7322dc5a6
SHA1ca5e8243b7e90c09a3b4355890166386d1efbbde
SHA25661cb371cb1dc486a3a7cfece8ea0f13a853b3947741cdb30faed244829a11c49
SHA5124e951c709eb393a9fd23805a11a6df68799dd23dddd4df561e46c8194c7d90d3807eefc17de85ede7f3b007af9fc41e3815d26b83f3b53ffc368c75ffdacbb75
-
Filesize
8KB
MD5db638310fa4abbda02cbb0816d9592b1
SHA13e4d4283c21493493fca3816d580f66156e4d36b
SHA256e9d4b643ae5c8247e51cd9bd776b48eb826a2fe2a9c681d423e2aa3851f487db
SHA512df6ba861c77d3081953e2ae65bb4aee910c4a68b7b03621a16da2d373de4dc691b1c4a9367f819ecdd08d0910730d4408100f07831cc07f716598620485717c0
-
Filesize
16KB
MD53c1d89e664ba304a549ac91f463d49a2
SHA1c7392f3386e3b87c708b0cf287c723346801aa16
SHA2567eb8d9968ae75f141be6000a8693cfab7ab7f34884fd4ab0b09c2bc534f4918b
SHA5128ef83d6553ff57e368a78703d8dfdc7f267ad88c527ae5387b4381a759283f8e909bf82768278b36bf64de26dcc77e0965056b3c373fbad5d2d6527d53431ad4
-
Filesize
261KB
MD54404d7c58181e45d40130e374682b9eb
SHA1d6299cfb654e628c9c1a2b5d341dcee5c123c8e3
SHA256b47ad636aef1a6c3b4d55d4021da7d3fc7bb90ff9e565fc1aa81cf80dfeb0779
SHA5127a39a4ddf3dc51229506efadc2acd870eb385992ce6305d931438b584a17881c18b06a1be1c4236ab829e08ef91a51d08a736893a88281c076ff063e24e0252a
-
Filesize
257KB
MD501fedaa06c4cae55e922b7b3d20c6790
SHA11601ff09cef8898732c62d23289b91b598c47ba7
SHA256010d78ec02f4018101fdbe655cccc12c85b060aaac647bbd34b2166cb07d338b
SHA5124ab68bb1ffad79e3ac1a968d7b79e6ac38d7b5a84f7299dc2ec21522f9c3284823277438a11eeac40a3de9d06172c47b465b430b29fb6d9d3f95e2f3225f3c3d
-
Filesize
262KB
MD5cc27f4998d441a8143f49290cf6b1f99
SHA1ca6fa5965a61914c4c47df324c69079dc39c2635
SHA2569360435e77ae2561de1dd86edfcb79bb055abf2f11ddcdef445bcdde7c87baf0
SHA51262498b42e4c1e19378306b83b5a17bf24bd3556b87260980b15727415248ae02ea55ea0521bbb14df524c3ce24537d729801632a8b3352ebb4154229e48e1fc7
-
Filesize
95KB
MD5000f8638efd24f102fc4a56d7c64eae5
SHA1bc60005efd49c147d00c608b32fafd9341be9e47
SHA256e59ef6dfe4a5a2d0e30e64b08da6bca6c171d4f0673cfa9e5f8ecad62e786ab3
SHA512bc9925d1400536901137c026bd19fa7325ffc0f4fad90bc608b2920423ad6b2404c2759f3dfed9ca91a93d12e04454a8bc7b3628c19a066abdb1eb506485779d
-
Filesize
89KB
MD547325fb167b9a495e59d0b83b8868cd3
SHA10d1bc351a525ca807a486f914ed7df736d810356
SHA2564e1f580a463c174c56a5ee60090257ca81fde7504cc39b2acfb5c7b6e1c8c191
SHA51246f9f8ab116c048a2db3bd7d8919b4e31eaeeca4d994f83481cadbc4cf1d637a5c706a1bedb5324cb77e936dd6957f75aba0816db38d3e66ca167af9eb4f2181
-
Filesize
262KB
MD518febfa85b6b27a4baa9d12b81838f2f
SHA1edae22d485cdd01c9334823834cf5ad5e436c5bb
SHA256d9c80f36447175bb127d12c0eeef14582b6dee94c91e7b9e856edda79894562b
SHA512ae39af8a01b53feeb3f3df638d7579f87d49d1073b9a2e0360f90131a92b37fed00d9be52fe9f5d5927a42f1114e3c8e8f9f1fbe7cf4c0c243f139e1d37d9bb9
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e