Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
02/06/2024, 04:50
Static task
static1
Behavioral task
behavioral1
Sample
50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe
Resource
win11-20240508-en
General
-
Target
50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe
-
Size
1.1MB
-
MD5
a8ddc065bd44a3c0a3470c1d03f4567b
-
SHA1
2f7e61f6b432dbacacf3f00d536a21ff7111d907
-
SHA256
50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15
-
SHA512
7bc197eba02fb7656cfb79f872f1583044b4931545cc5d767095160de0a6361e94918092784bc0698eaa0fc3ff223892216a0f0fd0c2f4cb28e1a2a0aa901e6e
-
SSDEEP
24576:3qDEvCTbMWu7rQYlBQcBiT6rprG8auw2+b+HdiJUX:3TvC/MTQYxsWR7auw2+b+HoJU
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133617774212299059" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3001105534-2705918504-2956618779-1000\{11FB80B9-5199-40A5-A24B-E4FFBD39C9D0} chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2992 chrome.exe 2992 chrome.exe 4200 chrome.exe 4200 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe -
Suspicious use of FindShellTrayWindow 63 IoCs
pid Process 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 2992 chrome.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe -
Suspicious use of SendNotifyMessage 48 IoCs
pid Process 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 8 wrote to memory of 2992 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 79 PID 8 wrote to memory of 2992 8 50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe 79 PID 2992 wrote to memory of 4240 2992 chrome.exe 83 PID 2992 wrote to memory of 4240 2992 chrome.exe 83 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 1952 2992 chrome.exe 84 PID 2992 wrote to memory of 3924 2992 chrome.exe 85 PID 2992 wrote to memory of 3924 2992 chrome.exe 85 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86 PID 2992 wrote to memory of 2776 2992 chrome.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe"C:\Users\Admin\AppData\Local\Temp\50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:8 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2992 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd3e02ab58,0x7ffd3e02ab68,0x7ffd3e02ab783⤵PID:4240
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:23⤵PID:1952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:83⤵PID:3924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2112 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:83⤵PID:2776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:13⤵PID:3544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:13⤵PID:908
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4140 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:13⤵PID:3300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3328 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:13⤵PID:1188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4332 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:83⤵PID:2800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4324 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:83⤵
- Modifies registry class
PID:5000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:83⤵PID:3496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:83⤵PID:4700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:83⤵PID:3036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:4200
-
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:644
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
336B
MD56957d36362081d1b8a5f7e99dd35a268
SHA1ce6859d79f3d3048a2c7ceb169fd8e6d93cc0583
SHA25670f02c5f9037cad873e2f4940875f54b6c1bdd37cb18d76869ce11668dc0d831
SHA512bc68759f24ad4fbdb8c32df630b7a82d6b79df5c16856a118517b340217ae8ef06c7115c68d8289766ad77a2f232f132d4cca2fc51778b4b480a8ef208d5c37d
-
Filesize
2KB
MD50c190d1c1bd55579083bebfdba37d28b
SHA19b866f61afda620704c60870a9ad0d9b62a4a69d
SHA256bf3ff1d426045830fef96e378104da771739c19c3c1856f5ee41b52f09165f45
SHA512204151657c46c9e810a4e9ea8ad6337a53773c7eb3f583cb658c513745698b966cf5ad672a7ae1b7c30f949829cbc9a4c6f2b72ff78fbf12daf4ec9139bd958f
-
Filesize
2KB
MD557ec8f0a7277b292053c70d8cf16a723
SHA1e00e7bb2771f59b461c05d49e4650d7b7c8db720
SHA256f404fa8ccc2d19a3b5f23122b942f3adc503144a8f8042fe1c747e9ff4953ca7
SHA5126b411053c61ad317d8425a8f7a45b9112fdcf8dcc73c5b95b758bd05c45ca15c63bca0fe3cc28778959e970a820348b002cb1a25af364386ad7aa79d585674bf
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
524B
MD5b96ccb0a2560cdd8b2bd6bf323083b33
SHA1210872f84870de31c2cbad82b6d568728099aed9
SHA256e81b4d0ea8d8fffb6cd8ea40e044448678b2e486468d0a45137a3fdaf99fac72
SHA51201580d366607f41903c0867a5d669ee4d6ae4002db34617556bb6650c802f9ac89fe4286421b5592477fc5a061597f39bce9b14157c9b215b5a55fd9ac1f92bc
-
Filesize
524B
MD51374d4e3ea4a58aa27f8c70a29e8ac16
SHA127726822a364728098a5f5069cdbd1557527e29e
SHA256bf46290f0313ddaba90d3183537ef23c59e46d03614933c817a5570da3a6e6b7
SHA5120221bdf2637a3e63f4a73b2538e903f3832d71b44f491cb1fa4c79f8c41f6cd98ea2a16f13a2ea124ab9822ef637bfba83132f859a1bc79d3af6b72b61c9dc3b
-
Filesize
7KB
MD54be9032017ee72af25dcfdb2cc785af3
SHA1e16312cc655e80477efd80b36cf81bd30060e9ff
SHA256b0af6791dcd2d73e252a92a4e43f09afcfb722b922da67ad42cc049fd1ed661e
SHA51213736d6012a778d7cd5f37089ef53a3a7f81d5186d306572c367da261d14b37288afdba0afb037100ca8cb10426c03b9d8886084b3b6b4d033cc8054f301d031
-
Filesize
16KB
MD5624741bee20354c2433d595b06734b01
SHA14ff922eb19e2eee25f02f9ae5f53d1fa2dbc0cb4
SHA256e6de4245644f75f891c4d839c956464c74bbff5b117d83a7cf6369f59635e7f7
SHA51295671b3e1481a592e651f455c67e2d7b3416dc13a7166d31e86e602766d737e179c5eed7eed584fdf13f94eed724f7b4812a56fb83a963273d9b1d34a23b78d1
-
Filesize
261KB
MD5f34b5e3f02ec7805a056e245fd1963a4
SHA19b447c51ab510558d70e18d6ad3eb4d946d8ceef
SHA2560c16dc03262ea3938d789b9fb70287287a84d7b90b721d70a5b9c8e070dfb9c0
SHA51298e06dfaf1da4f056768f13930c279b51cbbf8f6b75f6c392bb35773030fa96e3c64a81f2082e70d76d8847220336ad93fa5e71bf3029d1eddf519b0ab17b23e