Analysis
-
max time kernel
1799s -
max time network
1705s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
03/06/2024, 07:32
Static task
static1
Behavioral task
behavioral1
Sample
Egon Bondy.docx
Resource
win11-20240508-en
General
-
Target
Egon Bondy.docx
-
Size
13KB
-
MD5
a3bca72294bd2cd0921fbdcc871ab3bc
-
SHA1
f2311787ee01c5f57b816c6ae99b8f067b335980
-
SHA256
23ef942b84f0fb42078ef13fa29a9018b91df94be626752f03d8f92dea414172
-
SHA512
6b41f6f47f84e3de116d35615f87d3a8e62f02cefce07110ed3adf41c4353e6b19346c5e89f72eae0b3f9188927ab8c5248477e375a29f5ce2e072928c0195fe
-
SSDEEP
384:dLJqibNxt/ZtNNjnpRsXWKZ0VVqx59K6sS:tYiBxllNjnpR79qx3K6v
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618736519239706" chrome.exe -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 1544 WINWORD.EXE 1544 WINWORD.EXE -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3676 chrome.exe 3676 chrome.exe 4080 chrome.exe 4080 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
pid Process 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe Token: SeShutdownPrivilege 3676 chrome.exe Token: SeCreatePagefilePrivilege 3676 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe 3676 chrome.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
pid Process 1544 WINWORD.EXE 1544 WINWORD.EXE 1544 WINWORD.EXE 1544 WINWORD.EXE 1544 WINWORD.EXE 1544 WINWORD.EXE 1544 WINWORD.EXE 1544 WINWORD.EXE 1544 WINWORD.EXE 1544 WINWORD.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3676 wrote to memory of 576 3676 chrome.exe 84 PID 3676 wrote to memory of 576 3676 chrome.exe 84 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 4000 3676 chrome.exe 85 PID 3676 wrote to memory of 1524 3676 chrome.exe 86 PID 3676 wrote to memory of 1524 3676 chrome.exe 86 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87 PID 3676 wrote to memory of 1732 3676 chrome.exe 87
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Egon Bondy.docx" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1544
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3676 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd9efaab58,0x7ffd9efaab68,0x7ffd9efaab782⤵PID:576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:22⤵PID:4000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:82⤵PID:1524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:82⤵PID:1732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:12⤵PID:808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2188 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:12⤵PID:4408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4232 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:12⤵PID:2244
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4400 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:82⤵PID:2336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:82⤵PID:896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3868 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:82⤵PID:1768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:82⤵PID:5068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:82⤵PID:4556
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level2⤵PID:2504
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff74e07ae48,0x7ff74e07ae58,0x7ff74e07ae683⤵PID:1896
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4584 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:12⤵PID:2528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3392 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:12⤵PID:2008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3348 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:12⤵PID:5052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3268 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:12⤵PID:4880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4176 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:12⤵PID:2812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3420 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:12⤵PID:4760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4124 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:12⤵PID:3140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4900 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:12⤵PID:3780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5020 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:12⤵PID:4736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4596 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:12⤵PID:1644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4080
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3648
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
432B
MD52c7c215e22ec1086977ce72d99874c47
SHA1dc773a2432ec3766116ddb2592d892b50117286c
SHA2564798ea9deeb0c7eb018c515cebf64b8590ed0a7173bdf1785adfcfad384c1e7d
SHA512dbad465d1e6b47ceb2fdc3da5f7286a153a69ebf1b593203da2561bdccedbd24771b13c029810b9a59de56d6ea943912bbff00c78d9974954c14ad5d109f3acd
-
Filesize
960B
MD5e93eacc3c0dbeb55d475612fe8219b91
SHA1b9ccced09981c32ce4910ca7d1df2ec331a939cf
SHA256d46f5610c980ea847a90166b1093f86e33ccf71618654730c8922abe74a945fa
SHA51270af0a8508b437b3c34b9ea6208f8cd01568307ffc35ea472621c46aa808e6d6788f742a5d61b1fc16a72ec5fff95a29ddace4da7bdbe562c0ca139b78b389b0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\227bea68-1abb-40dd-87c5-1b2d33c60058.tmp
Filesize4KB
MD59cbf62f4218f6d30cdc2cd95d943f966
SHA1a5cd4dbf3a0235b2f8c68121fa417c548a4787c0
SHA2562e5aeebe66cd004449f49e88be8ba0ddd74dc955d2b3a288a3c3f45098f05913
SHA512329cba8224affa91d2e503d97d2c2094d447b6c84b0e816eec474b3c399e6b63fb2c4bc0bf489610e46ead7e599d7613af45e615706095f4dbac713ac1410b62
-
Filesize
5KB
MD530bd0f4bc0a9338d0249172195a25d58
SHA189dcfcd284bfd4298560d6830bc666a5e6a5f39d
SHA2561ef25f6b2f8a2657b33e92d5523f1463c098bfab95c77955e90bc4eaed1f755a
SHA512f8ba5613a2fba950be45726a4f0908a74d9d4f554e8a5597cd20adf8d88d7a5af84ce86109feabc441c1ef50b623bcb27de7bacc7eca2738edab3ec7d6351730
-
Filesize
5KB
MD598572d9f2b799e608b5e64fb31bf952c
SHA10f2a3749fcf0162fcf6aa3950dfd61f93084cb93
SHA2560efb3328ef61b7c0b6a29a46593a672edde0ca07b88760efb81cd9b593878e15
SHA5123ca271bb20c7b993f7bef07d3128dce63a5af3fe67b143bb91f23678307cc2f60260c856241099b00ac4cfaeab514e6feae772476d4073a3896b1e862a95f152
-
Filesize
5KB
MD59e9a1fe3078bd8b4296cce27e9301790
SHA111b9b9dbf9728cdeaecec1937151e74018d5e550
SHA256a823fbc8bf9163feb8b8668eb2f694e6617a292995ef2419a632870c38119d43
SHA512eb35af78b774ec8ef583b9e5cb8409aa39056640e3d12afd35b797ca5bb3addfb4ae157541ea598994ddb6567869d756c7ee9e3085f2e698582ab2d429dfb595
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
524B
MD50d0d054407c33e82b410da8b99aeb6f5
SHA146b4c82526c49c55865891a6e1e4b595c93029bd
SHA2569e671c9448db61240b437e760ff671186968c0ed704e8e27e6c4afbf790c5bed
SHA512e4e37886666cb0aeec28c1917a77752c79dbe9c076aeed44ce473e0de7907aad5589a2c6005395437b960b3d81f98fe10ac054355bc8eb24311c21c87a836f9a
-
Filesize
524B
MD500a1004558405f88004cf97fa299eea7
SHA1a4ed43764304b30f6ab321c177dd202cf96ef983
SHA25627ff46d6cfaa15c24c9332c2550105184a740a372b599ba1b16f717209e3136c
SHA512a403f288487aa721799bc2c4764a92714ba3bbad8a4191b172f3b565c313cf9ca38c8693a93b791cb8c4e0a092a7a93482fbe28b28c615cba2e8914045ea08b3
-
Filesize
524B
MD5798e3809a7b70c2ff979e5b2042b6872
SHA1ade5715e0df4b8ae9b9405400ede33a673aa9ef8
SHA25643b87eefd9c1b9dda13384da88e9455a21582836a747ffb34f308346f8e18eba
SHA51262e0819b2f8e8834747041930cc432b652e002235be7038378f30f80a934009b7fb3aeefc32fafc7faffceca3543c2b5fc93564517b00d2312fa4bb58a89333b
-
Filesize
7KB
MD5d2dcac921bcbf574bf81be4bb275f124
SHA10911831fdff24475fa3eeb8563204f0d194d40e2
SHA256518a4307f3e529fc545b62e5890956bfaa62670b25a049346858401a55a92c77
SHA5128ae834b10b3d16a966d169bc425d2b46ceaa24f180be4a83b36c14d96ece86cbf2cbfdbb1343efa0c7e5521b081db9d54cd59298bd1575488990dd446e446640
-
Filesize
7KB
MD5781c422f747deb2baf51af2b5c69c7c0
SHA1900e77010020668d7996da1f0f6ff58273e84f4e
SHA2561a80d5a188d0b6a8508dac35084077d87bbcf834ec625d74b04d52a9ced41c90
SHA512c50291598a3abbe0e4c7ec44b45dbfee2d3d2b750a2fbe5205326a2dacc69f6f25ba65d5bf12299c131786a86b54eabe4a7a670abaa03e44079ee0a25f44a46e
-
Filesize
16KB
MD529d50fd4e84c3e7c099c0fb13b2dab22
SHA13f44c412e56c4951d87412751e527d9b48c5fabf
SHA256d0b7f725186d1c0c9b45ee6096d7912866136388e4520e48cae8123f8aaa3b7b
SHA512f7c37f6dc5ca0226f66fd5ec52e1a4e85de08118c273db710f20019e1d92b37e6589fbd9d8ab194d889c423f3e1c99931c83122af2347758f22b4fa5f5066885
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize56B
MD5ae1bccd6831ebfe5ad03b482ee266e4f
SHA101f4179f48f1af383b275d7ee338dd160b6f558a
SHA2561b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize120B
MD5e29fd1efd0c49efbc2f17c4fda17657f
SHA105be1b46ab8cf1dc237fc08312cb5071047391a2
SHA25639e3c9314a41ddc7caef36449acf8215327e91c9feee95af2bb68f4ab58e0c45
SHA51207998e05ada23d0edb150c46587d84802ab48ddb1ebd72a960162d6854fb0ae94fd90c4cff5b70ac318b9a918fd99dd13a1b500f431b7545458edf3b19ce1774
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57d179.TMP
Filesize120B
MD55a420522253ca0d62b0e7c99d34ef4f0
SHA1bc4c179d2c59bad21d316e2f4c661fc516633acd
SHA256ec6c732a42f0bcc10cff60bf3d36917fe7986daf9e44c26d46e5cd508904a3b4
SHA512c4ade8ceacd2e89c2e89e9df4160b089cf902541541bb38deb2d3b1c6738d5c79b0a72fba222bef0cd47ee5fe41cc3d5a83847593a981ae67e7124d1cf9abd73
-
Filesize
259KB
MD5935be76b36a3f4b3ede17dc0fa48edeb
SHA12c9f14dcb2c4f958ba6b8ad35178194d09536673
SHA256d0a42a6698ec361dd5f4c6b47f6fbd38cba2fec17dd249842db5f0fcdf888474
SHA512d89527774c4bb94995cf1591176617fc0ad032bd9a96ce6be64891bb2e1c6ea5229c1dcdfb5ede3b1f8c53e1df913e6135e0e783f56047062d3958d1ebc19a7f