Analysis
-
max time kernel
427s -
max time network
429s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
06-06-2024 12:59
Behavioral task
behavioral1
Sample
NLHyrbid.rar
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
NLHyrbid.rar
Resource
win11-20240426-en
General
-
Target
NLHyrbid.rar
-
Size
15.4MB
-
MD5
174d3821d673d3fd0ba0f51b3ba750f5
-
SHA1
efa93f9daf492722dab96db0e3b13f6e770b762d
-
SHA256
562a06ab82cdd49a5edb68730c6bf90f76301dbb8f895e6aca99b60a7f6971c0
-
SHA512
2659113feb6f2959178610b2dfe1a8d3bd2a42819bcaf94b4c13785a37abedddbfd95a6b1a5af6ef9f433fb3f86cabb5367b6f762fe602969a7a89813ef6a7fd
-
SSDEEP
393216:L+DYLweLOo3ln55Q5bZdO5xQB1se2Er8LevVXkcZ8/lz:KDYLVR725bZc5xQ8e2EggVXmz
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133621528383388284" chrome.exe -
Modifies registry class 3 IoCs
Processes:
cmd.exeOpenWith.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exepid process 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
OpenWith.exepid process 2720 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
Processes:
chrome.exepid process 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe Token: SeShutdownPrivilege 2464 chrome.exe Token: SeCreatePagefilePrivilege 2464 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe 2464 chrome.exe -
Suspicious use of SetWindowsHookEx 58 IoCs
Processes:
OpenWith.exeOpenWith.exepid process 3716 OpenWith.exe 3716 OpenWith.exe 3716 OpenWith.exe 3716 OpenWith.exe 3716 OpenWith.exe 3716 OpenWith.exe 3716 OpenWith.exe 3716 OpenWith.exe 3716 OpenWith.exe 3716 OpenWith.exe 3716 OpenWith.exe 3716 OpenWith.exe 3716 OpenWith.exe 3716 OpenWith.exe 3716 OpenWith.exe 3716 OpenWith.exe 3716 OpenWith.exe 3716 OpenWith.exe 3716 OpenWith.exe 3716 OpenWith.exe 3716 OpenWith.exe 3716 OpenWith.exe 3716 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe 2720 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 2464 wrote to memory of 4200 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 4200 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 380 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 4780 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 4780 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe PID 2464 wrote to memory of 2596 2464 chrome.exe chrome.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\NLHyrbid.rar1⤵
- Modifies registry class
PID:3796
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3716
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1156
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2720
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2464 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb8cdbab58,0x7ffb8cdbab68,0x7ffb8cdbab782⤵PID:4200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:22⤵PID:380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:82⤵PID:4780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:82⤵PID:2596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:12⤵PID:3788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:12⤵PID:3580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:12⤵PID:220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4036 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:82⤵PID:164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:82⤵PID:3480
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:82⤵PID:1324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:82⤵PID:2740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4256 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:82⤵PID:2012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4832 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:82⤵PID:4608
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level2⤵PID:1672
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff7fa3fae48,0x7ff7fa3fae58,0x7ff7fa3fae683⤵PID:4040
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:82⤵PID:3212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4852 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:12⤵PID:3840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4212 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:12⤵PID:3488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:82⤵PID:1872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:82⤵PID:3392
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:82⤵PID:3008
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4988
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
488B
MD56d971ce11af4a6a93a4311841da1a178
SHA1cbfdbc9b184f340cbad764abc4d8a31b9c250176
SHA256338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783
SHA512c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f
-
Filesize
384B
MD540b8343817da1f47e7ffc82a535e58fe
SHA14a19ab53fef4472f326e9e698045848aba1f0dfd
SHA2564e682e938a5dcd32fb508952e964bce64a0f218d4abfc8e0dd46d3c25f19e5e7
SHA51228efb4d384c11212911cd129068d84269ab96609e3c6bf9e34833f042a3d7bc8ca2e241548820d5c9cf3cd996b97f24ddfc4374b15969837050429c371475cc6
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
523B
MD5edc23a14384746be910ee24ceacb4b39
SHA18b4f68a60c50244195d303e953405bf8f6852dbb
SHA25650568c819b67a20a6cf26101384e17a764e5c1bacdaf41a3f3acad211eab85b1
SHA512a1a6b9994ae2584012b2d64d8ad4e3318fd10eb8fee971409214b950b33bad36baf612dc3502da72bcbb2b461ae0d894b376cc39dd21c73166f9651114a6abcf
-
Filesize
690B
MD5cac3cb58d03b09881b96395b3b44777d
SHA15651e225d82c1a8b46a2fd949b6df145cbc83bb9
SHA256fea1e3be0e46775f5446ae270aae24a2a5766320835487d7d8b08897e67bd5dc
SHA512556f4e2b8c4de4fbba14c2cf1de0e78bf1cfda8fa21f09cf10ba388f92bfab956abb3c8b89eb12a2ef47339b6296a6aabe81a9b0ff8bf78be4ed12cbe775143d
-
Filesize
8KB
MD595aed40d71e26e85a44fe0165058f64d
SHA1ef6c0cefecc95ca342f1e9329840562cefd3fbcb
SHA2567a92a2dbc2ee8aad88af4eed00d4529ed8ae15611a8a46838e1a0775064baa79
SHA5123b91e27ed38c18c1b13d88313f3078c2f86a9260957a0237a1b7256cf69da63d754c54a140a59d0397250bbb9641193d41ea81a48c0acc4ae09de03f937f3a61
-
Filesize
7KB
MD59efce971e26d5465a6b7a31f5b0350c0
SHA10e0390339328fe009e512d4d53c6688495cf2436
SHA2564ccab444692e3556c7cda3cb1862680f3705ad0af9781023c6dff0dd372f60aa
SHA512cb6a5b31a5015ab216030b46f64463787f51a6fc348dda3a016b7aa88f2cda0b816aa0a401a717cc451dbed0cafae3c9a54a90bc033a9664d504a7ae1e60fbbb
-
Filesize
7KB
MD551926fdfa40a9f9aac500e8743b41dd1
SHA11b57653d278b7c3e6f03fee8083e8ecad09963e1
SHA256d8ab9138d4789bcc9b4ba79419f9c4e042f778ed7c72b90b72b16cef22c2b7f4
SHA51250d8eebda7a89db723c57583d7ac0062177f3e65f809e6bc2ce1183741460bfd787bd24165d8cfec3c4af027a3249355aab5956534a0402c4041265e96c85931
-
Filesize
16KB
MD59e18b67027592277e475269f1db03de2
SHA1cd6d721a505f652a21b1e3bbf752e7800c68459f
SHA256a9504af39f43a2cadb7201d365f5e8ac5ed4522959e4e110b536b8a97cc60872
SHA5125e2bc287929223c597564d425fff4b4d68daa6e9a4779aec2ce60621d8ecb8614be1af885f7f1d468bd2de7c64e2d32d4c3de7669180a9567685eff4cf74b53b
-
Filesize
257KB
MD589556df70ee47f82aba38d3ec2636406
SHA1f5e9b12f3c9b887ea606b6185ed5ad8670db3518
SHA2564a3311a5f08794017c3b06ea5cadba0c20c5de7e14cd417069b4ceeca06d223c
SHA5124b14fd27df8b88d6dff3efb8386d280501397cc27c63d8808064ee111f6dec4b2f780e1cfa2e436d245eff5bdbdae1d16825cc70dd1b7eee24faed894d5139db
-
Filesize
264KB
MD5ebef730ed019e0377f2e8c8415be6e3a
SHA1644be35dfaa1840ebd4fa3ec3f305ad6cce28a39
SHA256492b869ebfb0a5836256320c0d9fd0a9fdcb0cf5cc910901ebd8c3703c200a73
SHA512a39d17faa8b7f0863815b695f77ff09b06a45eca88d2c5527423773ed8a0bc2d7f38b2d823d2a818dd75e61d25e3ec8a2333b57e48edd8459bc78e58d8c57c6f
-
Filesize
91KB
MD52b464769f532f50a7748378a8e6371ed
SHA109118343452bba2fccbbe88cf4ddaeaebc5de103
SHA2567d73fa3bb7800636b99c35150e819d6c6ff3542e136b759ccb2c32b77b316313
SHA5128e58eca2ed222e6ec2590cf4211d8e83e42f1547ab3992c6c095908d8bf2e98d5e4d5f4639ce920cc30fd6a780fc809b24b566ea1d94a4b8c4f2776512ea7a19
-
Filesize
88KB
MD5c06f13eba8de4d024f8b6f7b389c65a5
SHA1dc772c9383ac82a9ce015ea64517aec2683e7ce4
SHA2567f029246349e3dc251b795ef4961a5bf3cab5d73ea1539958dce68db01b632b1
SHA512f4fe6265a9b7b49ebc46f59b84a370cc7da28675f903154a739b06cc7570cb404443044a6500884ce317492ff184269f5756b21ea5136c46e0d1033c60fa6ee4
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e