Analysis
-
max time kernel
150s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:56
Static task
static1
Behavioral task
behavioral1
Sample
191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe
Resource
win11-20240508-en
General
-
Target
191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe
-
Size
1.1MB
-
MD5
870234ec4903e34c59e2d59631fbb0b7
-
SHA1
cf28f0b52458014e54ae41d1cf6f1f75933218d7
-
SHA256
191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2
-
SHA512
2e0f52541bf78da4e4da2ae81324d81e276a0cebd1a0c9179cfde84bb9fe9dbbaa213f4122d9d838812013f59d56a678fb1442100cf5134a0e66e8eb32142140
-
SSDEEP
24576:+qDEvCTbMWu7rQYlBQcBiT6rprG8auV2+b+HdiJUu:+TvC/MTQYxsWR7auV2+b+HoJU
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618929945213568" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{17B1F750-F0C3-42D8-9B8B-ADF7C3878D1A} chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 1664 chrome.exe 1664 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe Token: SeShutdownPrivilege 216 chrome.exe Token: SeCreatePagefilePrivilege 216 chrome.exe -
Suspicious use of FindShellTrayWindow 52 IoCs
pid Process 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 216 chrome.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe -
Suspicious use of SendNotifyMessage 49 IoCs
pid Process 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 216 chrome.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1796 wrote to memory of 216 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 83 PID 1796 wrote to memory of 216 1796 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 83 PID 216 wrote to memory of 2780 216 chrome.exe 85 PID 216 wrote to memory of 2780 216 chrome.exe 85 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 2116 216 chrome.exe 86 PID 216 wrote to memory of 4292 216 chrome.exe 87 PID 216 wrote to memory of 4292 216 chrome.exe 87 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88 PID 216 wrote to memory of 400 216 chrome.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe"C:\Users\Admin\AppData\Local\Temp\191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe"1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1796 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:216 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa056dab58,0x7ffa056dab68,0x7ffa056dab783⤵PID:2780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:23⤵PID:2116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:83⤵PID:4292
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:83⤵PID:400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:13⤵PID:1268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:13⤵PID:1780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3924 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:13⤵PID:3044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4468 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:13⤵PID:1184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4160 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:83⤵PID:3444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:83⤵
- Modifies registry class
PID:4688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:83⤵PID:1404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:83⤵PID:1564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:83⤵PID:4884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:83⤵PID:4532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:83⤵PID:2532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:83⤵PID:4336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:1664
-
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3428
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
336B
MD5d3862608044379f8b60a18f37910d137
SHA1195a44924b3369d62e3c503ae25412c7a3144cd6
SHA256e5fb29112b54e43adab7b109bfdef29cf22e2fddd7bcd1183a7e1becd77ee64e
SHA512342d8380e6355742b34d60dd9eb5b422a189ca9af1ed4d063ac61f561ef83281cad5959d8a2dad748fdbf47a9b8e37a7a098150a1697243b27077121ed695d4f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\526c5129-5ac8-463d-ad90-086020d58a3f.tmp
Filesize2KB
MD5b21283ad7a0bd21ddbbace9f52b3a806
SHA10e0a9c816bf51827f93dc460cd1b8071389c5f58
SHA2561b4e4a36ba41b66156839672e2f17d33015828c08ae16ebeddbd8ed20204b25d
SHA512d439a700fac34bad5c687d189b9bfbc435447bb4e5ebb2881543ef20847bbc9d3a6437ad6cbee8f4bf5b11cc5796009bc52d090c2bb9451ca8b15dafeff5300c
-
Filesize
2KB
MD50256aefe410f78f35b061a13a95482d3
SHA172c54b7d02a3cfe34ab0265f8fba530f8ce4b99b
SHA256f6440bd603aaa8e32a1618580bfd2215a854dfe3c8b1361878564a7a9de7aafe
SHA512f9ffce6a17f603989848706215e74f312b87ffe982329585dceee595d55a03e9ace75d01750586cefe808ff3958579b9768c9f7d28890d4195b2577d90476f29
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
522B
MD52983ec7fb872f25fa6394e1d6d5c938e
SHA16aeaba20e6f908d3b7f93aa0142fdf6b10676ddc
SHA256005f434c0c88c9d696c67461f4185605baf44773e5836a55101cb7af9e4e9752
SHA512034b25c2b5e0a1ce70c8c4b4c2691314503e169f6c6ff6e9f5e0d8e3532fdaf6395933ac8dc011ffd7bae1b03eb0b018330bafd9bc034cb50b32b131b629cb92
-
Filesize
522B
MD544990e8f651f21025f790cc76606dc9d
SHA17f0233a0e21d60b72fce1885d88593cb2b4fa98b
SHA256ff473ee54e2c42885761ac946d2837b9f506388b09ecdbfe9e8cb90066cfeb2a
SHA512a82adc9e195d3c82b459e980a3ff5d80018588156bd2641c1b2730452882108add23fdd9da92485e135f75ef77653b3d2769c11a5c11264579fdab4dd17a85e2
-
Filesize
520B
MD545c1a3bed68883ff43a654f91f47d397
SHA16a45b597c52b4644fcfca33248e7e07fd9fda4c5
SHA256170a83625955e4449c6228d0b1551fffbce433384443131ed8a643098d45a047
SHA5120f5979eb0e0b5547611514e4d64f401a5cb7fd1e80c62a9bea8f4d1cf35751721c5e1c3c7ba6ec8d50208f7081bd4d85cc3879a90d60c2e296caa067583577ed
-
Filesize
7KB
MD5e5c2a0058f32373111cdbdd059b0cd00
SHA17240d836e6f060a4dd65a55e1c4c9eaefe364e96
SHA256d1c7b8767d1991fa58d205e47d0d52c6781e3adcd600f87b235ee36292d25e65
SHA512893df980585b84d30d1d102d54f121020e1baa7109cdd27cb24943ab4fbbced0bb86b60cc1df811da5ec94bc792189b8688ddbe14a6e35aedc0dc43ec282f286
-
Filesize
16KB
MD58d00e7d4dc7d397510f5cdede6ea4b0c
SHA10a22f269f61b3b25d1dc2a46ee67967ef4b33b3a
SHA2564999a81ccc8c0342e2f8b685712f9440c69c45f7826068051474265d9da324bf
SHA51268c46e5c06f993f6784c937e91ab947c47e894ca33479884ee2ca445bd5941861c62642fe9042eef9ccce26946c3f9a034dc3a7b8ba347217b1de2cf43aadad0
-
Filesize
261KB
MD5a1cf59ab0fc0bd30bd89ad0e2a1b2f39
SHA1dd1e92899b6573c05b73cfa18198b4df5ddd5b1d
SHA25659d5b76e3736ca60db074bac692fea81aa0120fe29b36b9b5c06231035ed316b
SHA5121adf6e774dc7709ed869e739a52c19a8823cd471e3300d5a01715af72f7cc192d38024108e4c666c5ce017d056dd3b07ced33dd5259fd742d053e5a4e78c76a6
-
Filesize
257KB
MD548a35165b939ca1c51a6955d7be2b740
SHA18f380b920760a62e5f895621532522b1e39354b1
SHA25685a283cf2b5b019eb197bc69bf373be115a5314bf69c6cd2bde7539a21fe0a4e
SHA5129551cf714f579eed36804a71b03f43a6f479239f64514cf93e621f27d23b23c906a48a395017d4d3bce59d116004985c8eb82a99e723377ad2457e6660c7e096
-
Filesize
261KB
MD5ffc4d52e259b9978e168053593211ce0
SHA1fdeae9cfa1e043d01c599b6713c54e3d412e812d
SHA256ff58fc3b26c4d34756f0dbf8ec5f0348978dfef870615e3de823e6c1df18d173
SHA512478195cf45f4e6c7b445845b465c50a47bd23ec1e9d7e30c6b65b48733b142a76b38de281b79bae473df68ae8c031ee5ee8e1d72b7c707bb3e3d61a259751ea1
-
Filesize
281KB
MD5b4be63fe25e993d7e1966fe7194d5f06
SHA19ee82a7c801c9734fab91df49f13df0050f9917d
SHA256e1f4dcf838b052bfaf0af6d0961502bd46cd3e29e2411446156cd1fe0a5c345a
SHA512946580071a380c4936b5949f570ed7a1f741b74f98a5b260f3fcee459adabc62a956760a8ff87d8af729a743cd700d40300989aa155fbeeafaba3d93925097e6
-
Filesize
98KB
MD577bd51d85a16df5a2435d874b4cbe0ca
SHA1331e11939d7af2a6ebfd04498f98abaebe0ae918
SHA256d5d6e1c879bc4a69540f85aa508c58b15b849f7782c3bd8a745fa573aff650e7
SHA51239e00fdf0d0291e6a0c21c66d694b3439607af6af121d8834e61a2b0ff769a76947084d559e9564b8c976e3c95b10c1c7652f4be67eb81bf10b426b28e043b59
-
Filesize
94KB
MD5de26d2568262654af3799ef283d8002b
SHA1d2a37eeaace3b3f85bd182cbbec499288074ce39
SHA2564159ae7fdf80e405d2331b35449a5d32b407fd821941a391b280dbd1480bb85e
SHA51213bda046250a321cecf3b87dc0c4fa5c24c362eb4ff12076214066f3407c9b1f810e7c63c3101eb1f9ecd733765bbb91ff1f48a9e2e6a7ec6a65b8f2e4d24d5b