Analysis
-
max time kernel
149s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 04:50
Static task
static1
Behavioral task
behavioral1
Sample
50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe
Resource
win11-20240508-en
General
-
Target
50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe
-
Size
1.1MB
-
MD5
a8ddc065bd44a3c0a3470c1d03f4567b
-
SHA1
2f7e61f6b432dbacacf3f00d536a21ff7111d907
-
SHA256
50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15
-
SHA512
7bc197eba02fb7656cfb79f872f1583044b4931545cc5d767095160de0a6361e94918092784bc0698eaa0fc3ff223892216a0f0fd0c2f4cb28e1a2a0aa901e6e
-
SSDEEP
24576:3qDEvCTbMWu7rQYlBQcBiT6rprG8auw2+b+HdiJUX:3TvC/MTQYxsWR7auw2+b+HoJU
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133617774160790810" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1162180587-977231257-2194346871-1000\{4083AD9A-3499-4195-8F93-7B7B34511141} chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3640 chrome.exe 3640 chrome.exe 372 chrome.exe 372 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe Token: SeShutdownPrivilege 3640 chrome.exe Token: SeCreatePagefilePrivilege 3640 chrome.exe -
Suspicious use of FindShellTrayWindow 63 IoCs
pid Process 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 3640 chrome.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe -
Suspicious use of SendNotifyMessage 60 IoCs
pid Process 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 3640 chrome.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5024 wrote to memory of 3640 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 82 PID 5024 wrote to memory of 3640 5024 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 82 PID 3640 wrote to memory of 2876 3640 chrome.exe 84 PID 3640 wrote to memory of 2876 3640 chrome.exe 84 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 664 3640 chrome.exe 86 PID 3640 wrote to memory of 1572 3640 chrome.exe 87 PID 3640 wrote to memory of 1572 3640 chrome.exe 87 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88 PID 3640 wrote to memory of 1692 3640 chrome.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe"C:\Users\Admin\AppData\Local\Temp\50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe"1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5024 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3640 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7c12ab58,0x7ffa7c12ab68,0x7ffa7c12ab783⤵PID:2876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1900,i,7048972387722794973,12635978710933642619,131072 /prefetch:23⤵PID:664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1900,i,7048972387722794973,12635978710933642619,131072 /prefetch:83⤵PID:1572
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1900,i,7048972387722794973,12635978710933642619,131072 /prefetch:83⤵PID:1692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1900,i,7048972387722794973,12635978710933642619,131072 /prefetch:13⤵PID:4720
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1900,i,7048972387722794973,12635978710933642619,131072 /prefetch:13⤵PID:392
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4372 --field-trial-handle=1900,i,7048972387722794973,12635978710933642619,131072 /prefetch:13⤵PID:4640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4572 --field-trial-handle=1900,i,7048972387722794973,12635978710933642619,131072 /prefetch:13⤵PID:2016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4344 --field-trial-handle=1900,i,7048972387722794973,12635978710933642619,131072 /prefetch:83⤵PID:5072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1900,i,7048972387722794973,12635978710933642619,131072 /prefetch:83⤵
- Modifies registry class
PID:936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1900,i,7048972387722794973,12635978710933642619,131072 /prefetch:83⤵PID:5100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5036 --field-trial-handle=1900,i,7048972387722794973,12635978710933642619,131072 /prefetch:83⤵PID:456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1900,i,7048972387722794973,12635978710933642619,131072 /prefetch:83⤵PID:3116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2384 --field-trial-handle=1900,i,7048972387722794973,12635978710933642619,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:372
-
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:2012
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
336B
MD5a2026d2281834a2e30f7148f661d3a77
SHA1828ffd6827b417041e2fe0817371533cbf0a2d0f
SHA256961955bc296cbec82c6737f9bf569c038ac442b2a4933f2c44ae8c2e54e64ec6
SHA512df1d3ae216d962a960d26834eda6510f4d510bd77951d162ee3fab9b5e09afcfa6e912841e1cd85d6c03eec51387e95aff85c2482e9f10e7852f34b58fa89b0d
-
Filesize
2KB
MD5535b43db2264484109540973c31711b4
SHA13b1796e7fed2e3bf93e90af1f89434532a7230c8
SHA25602a6a573c4e3911be225ef395eaf52dd7c18cc1e6a0317aa8856700be71eb2db
SHA5125452757f257ac2e878a3029d2941803682ede3fbbd77be6a0ecfcd0234e73b00e078a8693dd490086170f84537cf4f4ce2dfe398a697f7b0c85a257526eb7e23
-
Filesize
2KB
MD57ccd96130c88086ec67fabb23d926bcf
SHA105f424dc744a1fe900646708f1131fb191e5703c
SHA2567610382171a58054f921b0c19fadcddacabdeaafc009279b984e01ffa28f468f
SHA512d1f6b661a5f83e40ac37250ed36cc85817deeccb5a742a11b504234918dcf4bc2c48e36f62afd48adea8bc2eabf470dbd2549a2abd437f966297986e5b66f009
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
524B
MD5b7cd6ce27817a9448e342de98536b438
SHA1e752cb40f51023a9f9fadaa2de6050c514e8e21c
SHA25671dc9455897bc0ac3145324226579845d6ea59eacf452f525d1a1f5d461c56a2
SHA5128f395ac870d0a16dac829801200fcdbe5e84526f112372fa043fefccf93e2c32953d40e62f90b4c12bb27d5e9333a14ea9a6b7ab68741ef2237659a2c33bef08
-
Filesize
524B
MD5e84e40572c25aee9f72b0c36d20687c1
SHA1b14b939d21e997b4580dc8a90a036fcd5b6ec0c3
SHA256b6368ea8133b44b2e74771f7a720e322645c7de0a160d2c7eca970807a58412b
SHA512650ce48c866caa5c429afbe71358b5b7bd04ea74d1efc73d7a8074dba9352d5dd66724777e4efe809bd220b023b21e762934c3ce61866dbc054f6c28a854b0dd
-
Filesize
7KB
MD5d4bb47da77ddddc2aa8c4852c8ae659a
SHA1b7d14e08c19790ef18e1d2e67047cc0c2481cfa9
SHA256fe548365a83f69db927b58e5919e3e1097aca8ffd98a82dba9f57121987ddedf
SHA512597ac71e6a7ac8c45192ceb1ce9f08425504ddcd8bf21060c1c8fc22df37ad95da0cd79b65fc4eccc5c5711a370abcdbb06f961a826a68380420b991c4b5850c
-
Filesize
16KB
MD52153f016fef6b4c6bddfc7af1264cc02
SHA1e66f4ea6ec1738944c38c3caf04a7e2291b9f3df
SHA256bcc5c5009f1795c82c788ea4b27df38efb914cbf6324686b75cd3f27c5520e84
SHA512dfc50debbcc3def6d910dd2d3a21f2737a391d13b84087208188735542a98d07476ddd08e32551c20884c4a615b476be9f2831f5daa440fa7377df275345bfe1
-
Filesize
261KB
MD5ab3bf44c02cf543db2b03497609c0f84
SHA13e0b5ef41932a6c4a3c43fe1b59a83af4e86891a
SHA256d380bc7ebcdcf16ed3244dc03c5dec8bff3e6d72d089a24f57757e9cf91730dd
SHA512f8feb23fefabe76af159fc8e9b75ee36ff0e351d3f92ff6281a99d143c9064788791c55a7dbb7cda24fb2076d503e7321cb631766ec06b5b8918d7946267118d