Overview
overview
10Static
static
3MultiHack v1.7.zip
windows7-x64
1MultiHack v1.7.zip
windows10-2004-x64
1MultiHack ...er.exe
windows7-x64
7MultiHack ...er.exe
windows10-2004-x64
10MultiHack ...ME.txt
windows7-x64
1MultiHack ...ME.txt
windows10-2004-x64
1MultiHack ...vm.cfg
windows7-x64
3MultiHack ...vm.cfg
windows10-2004-x64
3MultiHack ...sy.txt
windows7-x64
1MultiHack ...sy.txt
windows10-2004-x64
1MultiHack ...ap.txt
windows7-x64
1MultiHack ...ap.txt
windows10-2004-x64
1MultiHack ...ns.txt
windows7-x64
1MultiHack ...ns.txt
windows10-2004-x64
1MultiHack ...st.txt
windows7-x64
1MultiHack ...st.txt
windows10-2004-x64
1MultiHack ...ts.txt
windows7-x64
1MultiHack ...ts.txt
windows10-2004-x64
1MultiHack ...ds.txt
windows7-x64
1MultiHack ...ds.txt
windows10-2004-x64
1MultiHack ...nu.txt
windows7-x64
1MultiHack ...nu.txt
windows10-2004-x64
1MultiHack ...ns.txt
windows7-x64
1MultiHack ...ns.txt
windows10-2004-x64
1MultiHack ...ts.txt
windows7-x64
1MultiHack ...ts.txt
windows10-2004-x64
1MultiHack ...ut.txt
windows7-x64
1MultiHack ...ut.txt
windows10-2004-x64
1MultiHack ...da.txt
windows7-x64
1MultiHack ...da.txt
windows10-2004-x64
1MultiHack ...le.txt
windows7-x64
1MultiHack ...le.txt
windows10-2004-x64
1Analysis
-
max time kernel
869s -
max time network
805s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 04:32
Static task
static1
Behavioral task
behavioral1
Sample
MultiHack v1.7.zip
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral2
Sample
MultiHack v1.7.zip
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
MultiHack v1.7/Loader.exe
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral4
Sample
MultiHack v1.7/Loader.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
MultiHack v1.7/README.txt
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral6
Sample
MultiHack v1.7/README.txt
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
MultiHack v1.7/jvm.cfg
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral8
Sample
MultiHack v1.7/jvm.cfg
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
MultiHack v1.7/scripts/actbusy.txt
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral10
Sample
MultiHack v1.7/scripts/actbusy.txt
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
MultiHack v1.7/scripts/actremap.txt
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral12
Sample
MultiHack v1.7/scripts/actremap.txt
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
MultiHack v1.7/scripts/audio_options.txt
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
MultiHack v1.7/scripts/audio_options.txt
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
MultiHack v1.7/scripts/bonus_maps_manifest.txt
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral16
Sample
MultiHack v1.7/scripts/bonus_maps_manifest.txt
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
MultiHack v1.7/scripts/bugreporter_defaults.txt
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
MultiHack v1.7/scripts/bugreporter_defaults.txt
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
MultiHack v1.7/scripts/chapterbackgrounds.txt
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral20
Sample
MultiHack v1.7/scripts/chapterbackgrounds.txt
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
MultiHack v1.7/scripts/clientmenu.txt
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
MultiHack v1.7/scripts/clientmenu.txt
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
MultiHack v1.7/scripts/controller_options.txt
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral24
Sample
MultiHack v1.7/scripts/controller_options.txt
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
MultiHack v1.7/scripts/credits.txt
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral26
Sample
MultiHack v1.7/scripts/credits.txt
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
MultiHack v1.7/scripts/damagecutout.txt
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral28
Sample
MultiHack v1.7/scripts/damagecutout.txt
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
MultiHack v1.7/scripts/damagecutout_ceda.txt
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral30
Sample
MultiHack v1.7/scripts/damagecutout_ceda.txt
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
MultiHack v1.7/scripts/damagecutout_female.txt
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral32
Sample
MultiHack v1.7/scripts/damagecutout_female.txt
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
MultiHack v1.7/scripts/actbusy.txt
-
Size
15KB
-
MD5
d763b32d55c33aaa35d84b585a53a379
-
SHA1
3dc086805ff3c4599e45abd6784280437ac67fea
-
SHA256
afd4677654c86372826ac4be0e41c48c33abdbab72a709e1f476c34abc52f82d
-
SHA512
1276a7c16d1bf751c8289030bd0a5340758022b77232b785872f86dcd6f2b6c0b7ed77e30904731bc7563ed23c9d44e9a8fa47e6b442942d300dca6f8a97c65c
-
SSDEEP
96:sHk6/2MMr2xb+LN1yxaeky2ySutP3dvZ26UCN/OCOgM40kAvpOi3HUbAU/2CxGE/:6V02b+LWx5tP3dvDN/Z5jxGEqxKroe
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133626405925459036" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4908 chrome.exe 4908 chrome.exe 2584 chrome.exe 2584 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4908 wrote to memory of 4032 4908 chrome.exe 99 PID 4908 wrote to memory of 4032 4908 chrome.exe 99 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 2776 4908 chrome.exe 100 PID 4908 wrote to memory of 3208 4908 chrome.exe 101 PID 4908 wrote to memory of 3208 4908 chrome.exe 101 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102 PID 4908 wrote to memory of 2184 4908 chrome.exe 102
Processes
-
C:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\MultiHack v1.7\scripts\actbusy.txt"1⤵PID:4436
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4908 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff96dbaab58,0x7ff96dbaab68,0x7ff96dbaab782⤵PID:4032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1852,i,5881522405808653293,14469809279410004806,131072 /prefetch:22⤵PID:2776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1852,i,5881522405808653293,14469809279410004806,131072 /prefetch:82⤵PID:3208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1852,i,5881522405808653293,14469809279410004806,131072 /prefetch:82⤵PID:2184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1852,i,5881522405808653293,14469809279410004806,131072 /prefetch:12⤵PID:4356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1852,i,5881522405808653293,14469809279410004806,131072 /prefetch:12⤵PID:1876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4352 --field-trial-handle=1852,i,5881522405808653293,14469809279410004806,131072 /prefetch:12⤵PID:1176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1852,i,5881522405808653293,14469809279410004806,131072 /prefetch:82⤵PID:4476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1852,i,5881522405808653293,14469809279410004806,131072 /prefetch:82⤵PID:1692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1768 --field-trial-handle=1852,i,5881522405808653293,14469809279410004806,131072 /prefetch:12⤵PID:4824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5064 --field-trial-handle=1852,i,5881522405808653293,14469809279410004806,131072 /prefetch:12⤵PID:1700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4988 --field-trial-handle=1852,i,5881522405808653293,14469809279410004806,131072 /prefetch:12⤵PID:2796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4152 --field-trial-handle=1852,i,5881522405808653293,14469809279410004806,131072 /prefetch:12⤵PID:1092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4464 --field-trial-handle=1852,i,5881522405808653293,14469809279410004806,131072 /prefetch:12⤵PID:3160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2872 --field-trial-handle=1852,i,5881522405808653293,14469809279410004806,131072 /prefetch:12⤵PID:4244
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1852,i,5881522405808653293,14469809279410004806,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4736 --field-trial-handle=1852,i,5881522405808653293,14469809279410004806,131072 /prefetch:12⤵PID:5032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1268 --field-trial-handle=1852,i,5881522405808653293,14469809279410004806,131072 /prefetch:12⤵PID:4384
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4468
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD55729eec5a6c8922e6b82329b7f70d673
SHA12a7e85f7b69594adbf87b657570210a1e30922bd
SHA2561d338bb1f439b5d86c2693f8e3126b3cbcd4673905b69224637ed3701bbca1ee
SHA512512bd1006e003a086be163c82488a8ff5989cf56366a48ba27c869fd91d9b61bf5a07d02b65b155ce77d216bee2745535d30dcd0acfb469ae1c020291f290ce8
-
Filesize
7KB
MD5b0d8792c518a55d15cb7fb3d77abc4f4
SHA142b7b2cca8d67454bf1b44f1d155f0e7b5ab9dfb
SHA256213c6dc251469a18ca9d829c00138f42d11f7d827d89c2ab23121d7732cc6977
SHA512dc4a3fbbada5de8081a6be2b75859a9f64f4f57ea4f5bbef821603fb10f99bb9a2b54f8e90ec42f9c1cf164f222734d294b44459939407db58fe1fba3c99478c
-
Filesize
7KB
MD54048aabf32eb26ac70fa757c386e72a0
SHA10c7059d818ce74f9ccf3e3a08a9e6fd3adc9eae2
SHA2566a59ee10f76d189bf6d537a0030c1c44341610a5ff10e61075b7e54708021419
SHA5125e43177990c0a80a1275458a53461583144a366ddda8f2e1a262f2181c377523d548bf3c2b748b7432184430e64ffcccd7ae32cdb3acd855d6455a0d1864e4c9
-
Filesize
255KB
MD596923706dfb69022cd96a23b14cc0a8f
SHA1aa2f183e077570ec047b70147de7b45666099986
SHA25643241dc44d756942aabe3afaae3c8f1148570ce13fe4cef28c06894f95e8ad6e
SHA512bd798b6130615d6aee05c7a7c94410c808210e62d538eb0986ee1274f4578ba98c43d056574b4e30d750999d2c2c0ba6bcd60896d6f3384268f3508ec740584e
-
Filesize
255KB
MD52ef88dc9dc168574208b829afd9e8bb8
SHA14914f6ee00b9b227bb1e3856d8a6a78fead7e543
SHA256fdf9e29012120b31822615e2ad123edaca8f61e1fa73285fa0cfe6a3a2396a6f
SHA512e6f93a2b6553d065696f51674e93103c21942933b437f7758ee2c4ecb757214f72266135d11ef6bd333649390848d36a02242b0558dbbb1ebe300c1cc6ea13ba