Analysis
-
max time kernel
209s -
max time network
209s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
13-06-2024 05:52
Static task
static1
Behavioral task
behavioral1
Sample
autochroma.exe
Resource
win10-20240404-en
General
-
Target
autochroma.exe
-
Size
17.8MB
-
MD5
83d9e05f5f1290a8cf6a6970e69a74e6
-
SHA1
186a3f5820cbd07956b619bd799a15fa7ac54044
-
SHA256
8b60c8577876df3d563c8519b7210c1ea76a282125331dcd1ec5de312f29a4a8
-
SHA512
e73355638dcd60cdf3e22ae4f94b5eb0d45cac6a9c48d7655880bfddabcd79e2219f7c3a25141cbb2c818b3bc91e004e1cbec7a49348f68254aa7575c7ab9666
-
SSDEEP
393216:YYzMmVMKzE+fXa0Fpf2p04X04MGaeaj6avoOVlSV2o9a:YcMKzLXp/f2KCMBRVlSg
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
autochroma.tmppid process 4556 autochroma.tmp -
Loads dropped DLL 2 IoCs
Processes:
autochroma.tmppid process 4556 autochroma.tmp 4556 autochroma.tmp -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 5 IoCs
Processes:
autochroma.tmpdescription ioc process File opened for modification C:\Program Files\imagiro\autochroma\autochroma.exe\autochroma.exe autochroma.tmp File created C:\Program Files\Common Files\VST3\autochroma.vst3\is-KJELT.tmp autochroma.tmp File created C:\Program Files\Common Files\VST3\autochroma.vst3\is-O1PP1.tmp autochroma.tmp File created C:\Program Files\Common Files\VST3\autochroma.vst3\Contents\x86_64-win\is-276UQ.tmp autochroma.tmp File created C:\Program Files\imagiro\autochroma\autochroma.exe\is-1KTB0.tmp autochroma.tmp -
Drops file in Windows directory 2 IoCs
Processes:
taskmgr.exedescription ioc process File created C:\Windows\rescache\_merged\4183903823\2290032291.pri taskmgr.exe File created C:\Windows\rescache\_merged\1601268389\715946058.pri taskmgr.exe -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exedescription ioc process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627317744270227" chrome.exe -
Modifies registry class 1 IoCs
Processes:
taskmgr.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings taskmgr.exe -
Suspicious behavior: EnumeratesProcesses 31 IoCs
Processes:
autochroma.tmptaskmgr.exechrome.exepid process 4556 autochroma.tmp 4556 autochroma.tmp 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4440 chrome.exe 4440 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
chrome.exepid process 4440 chrome.exe 4440 chrome.exe 4440 chrome.exe 4440 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
taskmgr.exechrome.exedescription pid process Token: SeDebugPrivilege 4504 taskmgr.exe Token: SeSystemProfilePrivilege 4504 taskmgr.exe Token: SeCreateGlobalPrivilege 4504 taskmgr.exe Token: 33 4504 taskmgr.exe Token: SeIncBasePriorityPrivilege 4504 taskmgr.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe Token: SeCreatePagefilePrivilege 4440 chrome.exe Token: SeShutdownPrivilege 4440 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
autochroma.tmptaskmgr.exechrome.exepid process 4556 autochroma.tmp 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4440 chrome.exe 4440 chrome.exe 4440 chrome.exe 4440 chrome.exe 4440 chrome.exe 4440 chrome.exe 4440 chrome.exe 4440 chrome.exe 4440 chrome.exe 4440 chrome.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
taskmgr.exechrome.exepid process 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4504 taskmgr.exe 4440 chrome.exe 4440 chrome.exe 4440 chrome.exe 4440 chrome.exe 4440 chrome.exe 4440 chrome.exe 4440 chrome.exe 4440 chrome.exe 4440 chrome.exe 4440 chrome.exe 4440 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
autochroma.exechrome.exedescription pid process target process PID 612 wrote to memory of 4556 612 autochroma.exe autochroma.tmp PID 612 wrote to memory of 4556 612 autochroma.exe autochroma.tmp PID 612 wrote to memory of 4556 612 autochroma.exe autochroma.tmp PID 4440 wrote to memory of 536 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 536 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1336 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 2044 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 2044 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1260 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1260 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1260 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1260 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1260 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1260 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1260 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1260 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1260 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1260 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1260 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1260 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1260 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1260 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1260 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1260 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1260 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1260 4440 chrome.exe chrome.exe PID 4440 wrote to memory of 1260 4440 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\autochroma.exe"C:\Users\Admin\AppData\Local\Temp\autochroma.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:612 -
C:\Users\Admin\AppData\Local\Temp\is-6IJHD.tmp\autochroma.tmp"C:\Users\Admin\AppData\Local\Temp\is-6IJHD.tmp\autochroma.tmp" /SL5="$502FC,17831890,832512,C:\Users\Admin\AppData\Local\Temp\autochroma.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:4556
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2160
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4504
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4440 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd4,0xd8,0xdc,0xb0,0xe0,0x7ffa76c29758,0x7ffa76c29768,0x7ffa76c297782⤵PID:536
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1868,i,10460802736392571063,7721433652951696191,131072 /prefetch:22⤵PID:1336
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1868,i,10460802736392571063,7721433652951696191,131072 /prefetch:82⤵PID:2044
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1868,i,10460802736392571063,7721433652951696191,131072 /prefetch:82⤵PID:1260
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1868,i,10460802736392571063,7721433652951696191,131072 /prefetch:12⤵PID:4204
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=1868,i,10460802736392571063,7721433652951696191,131072 /prefetch:12⤵PID:4188
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4416 --field-trial-handle=1868,i,10460802736392571063,7721433652951696191,131072 /prefetch:12⤵PID:4316
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4428 --field-trial-handle=1868,i,10460802736392571063,7721433652951696191,131072 /prefetch:82⤵PID:708
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3732 --field-trial-handle=1868,i,10460802736392571063,7721433652951696191,131072 /prefetch:82⤵PID:4620
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3752 --field-trial-handle=1868,i,10460802736392571063,7721433652951696191,131072 /prefetch:12⤵PID:2984
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4280 --field-trial-handle=1868,i,10460802736392571063,7721433652951696191,131072 /prefetch:82⤵PID:4184
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5104 --field-trial-handle=1868,i,10460802736392571063,7721433652951696191,131072 /prefetch:82⤵PID:988
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1868,i,10460802736392571063,7721433652951696191,131072 /prefetch:82⤵PID:516
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2240
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168B
MD5f44361e8d666ca6f6c9f2bfcf453e7dc
SHA1c58fb551f92e46af248db35a87ffbd2e14bbe2d1
SHA256b6911e5e6d32e20fd738bf3d59836ee79aa03c9eb964b06716ff46df94e25c63
SHA51253fece4b3f3d0b0b3e97e559872e5a41cd0b457cb43bada31c02e7e3d16ee61faf961e74b2adeb2dfc0a4343ab5b54e4b458d80229bb083460d3805876fa1fe3
-
Filesize
527B
MD5828c9f40887dd30a44db8dac6401994a
SHA1d40e1911de8414f8e5e5b6d4b23453ff5804448e
SHA2565e491dfc71c733becc36395f0f23d3e0364ee24c689427a0a50f88524f787121
SHA5123b92d5cb42724fca70cc0427bfbf0d0f8baabb7627f1ed261050f145dd68a606352cc7396f96d66c19c7321795747042acb7c49a18f684343e1e382b78c0e4e5
-
Filesize
5KB
MD560094ffaf17f83c97d6c22ca739a603b
SHA1c0928bd715725c3dceabb76c2b250545d1c9e92a
SHA25678edf1618812fc19dd58c1693b0d89bf4396e88825319f2941e380a3857e4a64
SHA51274c2324838f7a25e33ac087e869d7399e1a4961245053ce0392fa7355f5d7dde8a3d6fc7e7b44b327ba31fd2d6e74ca82d6dfce24c43356704c321b7e24aa607
-
Filesize
12KB
MD5ef1f05f779cbdcbb4089f4f88e4b673f
SHA1a08ade1bbe53ec8260155e3af1c25f38ca2a8ea3
SHA25630d50d3e2299a5b503395c8db019a66dbdee1b58b50e13a868db915ce12c3a46
SHA5129821e5a68402f102baaa38985c6cb9c60b232c57b50273fe46432677676fb9ccd3ce4ca09f62307ef9df9cbb4607ea26167058eda541d3a9fd0aa009fc73576f
-
Filesize
282KB
MD545f8a3fffb5e1fdaf37255e00356bc0c
SHA1b0a6e5bf9261c1891713167e3556cfcda80e662d
SHA2568615952e8cf11b112a64083ab3ad0bbdf2daf3d20d1e9c744d4a01e725f52977
SHA51229f38be78cbef82ed1e46873f943923029ed55d96fc42e95dee30f1b5d7c672ff08050f680ce2185855cd7fd4e97f60b3babf68d1bdd31403b1264b6b3a5cdff
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
3.1MB
MD5d591369097f48f931f1421dfd778c272
SHA100bed09b04f5e35dff5dd1351e16dea12bfe6da1
SHA256c11f004a518266ef5e3ff20564711b0b237edc59ba667ee4387511bbe88f7ab3
SHA5123d6522abb38929fbee3f57591bf7d43c78d23d091843dcceef4718796f1489cffebe9bb6e4e24085baa472c2f35dc0e87ce3b09d12b9629870077694075e7fcc
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
28KB
MD5077cb4461a2767383b317eb0c50f5f13
SHA1584e64f1d162398b7f377ce55a6b5740379c4282
SHA2568287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64
SHA512b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547