Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
03-06-2024 12:56
Static task
static1
Behavioral task
behavioral1
Sample
191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe
Resource
win11-20240508-en
General
-
Target
191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe
-
Size
1.1MB
-
MD5
870234ec4903e34c59e2d59631fbb0b7
-
SHA1
cf28f0b52458014e54ae41d1cf6f1f75933218d7
-
SHA256
191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2
-
SHA512
2e0f52541bf78da4e4da2ae81324d81e276a0cebd1a0c9179cfde84bb9fe9dbbaa213f4122d9d838812013f59d56a678fb1442100cf5134a0e66e8eb32142140
-
SSDEEP
24576:+qDEvCTbMWu7rQYlBQcBiT6rprG8auV2+b+HdiJUu:+TvC/MTQYxsWR7auV2+b+HoJU
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618930018769446" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3433428765-2473475212-4279855560-1000\{AF62BDD3-ABF2-40BE-ABDC-79B853D43BEF} chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4636 chrome.exe 4636 chrome.exe 3040 chrome.exe 3040 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe Token: SeShutdownPrivilege 4636 chrome.exe Token: SeCreatePagefilePrivilege 4636 chrome.exe -
Suspicious use of FindShellTrayWindow 52 IoCs
pid Process 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4636 chrome.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe -
Suspicious use of SendNotifyMessage 37 IoCs
pid Process 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4636 chrome.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4540 wrote to memory of 4636 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 81 PID 4540 wrote to memory of 4636 4540 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe 81 PID 4636 wrote to memory of 2900 4636 chrome.exe 84 PID 4636 wrote to memory of 2900 4636 chrome.exe 84 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 3600 4636 chrome.exe 85 PID 4636 wrote to memory of 4412 4636 chrome.exe 86 PID 4636 wrote to memory of 4412 4636 chrome.exe 86 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87 PID 4636 wrote to memory of 1204 4636 chrome.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe"C:\Users\Admin\AppData\Local\Temp\191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4540 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4636 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8af84ab58,0x7ff8af84ab68,0x7ff8af84ab783⤵PID:2900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:23⤵PID:3600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:83⤵PID:4412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2116 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:83⤵PID:1204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:13⤵PID:1244
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:13⤵PID:3964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4128 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:13⤵PID:4104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4332 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:13⤵PID:1944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4536 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:83⤵PID:4688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:83⤵
- Modifies registry class
PID:2396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3208 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:83⤵PID:3464
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3252 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:83⤵PID:4496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:83⤵PID:4828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:3040
-
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4584
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
336B
MD57e551ac3fbf84f28bc4c2c3c0630864c
SHA12cbf7c22778b7240716f22a0e77bc117cb62e432
SHA256a015e0fa98ef7e76ab9713e92a4756eb9a412d97709ee8cc3a4bdfb9b435f305
SHA512e96f8de599b110c7e4f8a3ad9100d0d7d2da08d9cd8f08eee74f3462d73e94d6167f2b376e4116383e01df2efa4a3c055d68df4f3af00f194f20cbafaa079f6f
-
Filesize
2KB
MD5ebfe1b24ec5948001955b9deafff890a
SHA1c326ccc430e5aa10d5395993d813fe0ce54d5ef8
SHA256486958250b7e51fc249cc39d004eeb96620775765e2e1e58d0de94daae6ddb8d
SHA512d354d13c68f0cf7b8bbdfcae13b2d95f9b476765c98d13e2e5b3dc568ea8ad5df264fc23558ad69cbcb0b584343e63804cc4b25fb4eb843a6d2919a4a937efdf
-
Filesize
2KB
MD5c21f71a015c842c2b5501067d0ea5652
SHA10c19c9b3894a0d57595b06811e8994222eb6ed81
SHA2565947d41ab53d7e1e4044ff5a420fa1dd36c415b0aa661bf1972bdef1929c20fb
SHA512d7dc7a9b79f6fd9c9ee8964897333c3879d817bbf3ddb8adc269f75b0bf27392b0edb83abef547ae585c7abcf48b149ec9bf6fa88f395e1024f8ecaa0a27beef
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
524B
MD5f5f9213267f89dbce19aba4973a55a0a
SHA1c43b6c7ffa3b40e5281e7788fca8317dcae46ede
SHA2565cab1d434fab7cca521faa6e3251a9ba1bc28faf62573638fb6717959a16f54a
SHA512372b388f02926abf70987e0557e2a3114aab4b0d6d1dbd732c3d7bb7cd719fd69849d625ea4f7530019c59d1e6c859282b479380b6d05a5d6e2d53c2f86bd00d
-
Filesize
524B
MD5bf0ab82b34fe6fb11c82b93e9cd2d72e
SHA19237e80c9de2d499ed2a276f7ecb9d6f7d80c176
SHA256de8ee4f1a7a23d2a43f09f3e46a72ee316cef5ee91c111037e646af30f4320a1
SHA51227c9859ac0196e8594f2282625205e755a00063982735061c724fd273aaa28a7d98bc7c82f5d1decafb2186c166f62b059260540013f1bc9ed7ee624cba879af
-
Filesize
7KB
MD563865e636655f21170b164f35a4db2af
SHA1eb8f3eb3db2de6dc421657336fb7120beb22f34b
SHA256ec4e0396b91a7f5c0e3e6021975f717d4680d1c12b0a71f659f8b4e6058b5aa3
SHA5121e72f54dd2fac3f2c21e26d2f971a5577ac2011f5647e7da74753236de8bc7c8afe7429daec8c5b6c9e861e701156d5ea57b9983ec4c1c65d37b02362cc7d82c
-
Filesize
16KB
MD5b0622ba6632922aed73ef90a64a30612
SHA13f300c2c4b5fd7f94ab81c7d6bb58523eec52d23
SHA256ce074ab5e4a82b4ea035c6e39ed70e72a22d56a39a4fec643ddab766b716c2d4
SHA512567396d9ad8018ad40f444d3e13c58579f20a583aa81a0783c971c40b58f41af7e7fd8a09eaa8969a36729ede380a0ca42ea7484f5600ad5f117ab02a91556f8
-
Filesize
259KB
MD5a2ed55223a2b844fee7fea910d352cfa
SHA1404a461ad33ba36bb0f5d1e84de45de31b80c2e9
SHA256c02529c105bd510b9407b5b71d6bea5880f3d027103d8c3a9660770d8b7043bb
SHA512ca05f0387c2dc26b0ce1320e04fca65efd00f7ae9487d72ab1c73a785dacd452f475fa30b866703b9bd23fb1382e58c76a98fbd436875e15bf7987a4d0df4363