Analysis
-
max time kernel
31s -
max time network
32s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 17:30
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://discord.gg/KCt6y8YT
Resource
win10v2004-20240508-en
General
-
Target
https://discord.gg/KCt6y8YT
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 6 IoCs
Processes:
msedge.exechrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627734523691758" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exechrome.exepid process 4420 msedge.exe 4420 msedge.exe 380 msedge.exe 380 msedge.exe 4536 identity_helper.exe 4536 identity_helper.exe 2420 chrome.exe 2420 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
Processes:
msedge.exechrome.exepid process 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 380 msedge.exe -
Suspicious use of AdjustPrivilegeToken 30 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe -
Suspicious use of FindShellTrayWindow 51 IoCs
Processes:
msedge.exechrome.exepid process 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe -
Suspicious use of SendNotifyMessage 48 IoCs
Processes:
msedge.exechrome.exepid process 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 380 wrote to memory of 3220 380 msedge.exe msedge.exe PID 380 wrote to memory of 3220 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4240 380 msedge.exe msedge.exe PID 380 wrote to memory of 4420 380 msedge.exe msedge.exe PID 380 wrote to memory of 4420 380 msedge.exe msedge.exe PID 380 wrote to memory of 1860 380 msedge.exe msedge.exe PID 380 wrote to memory of 1860 380 msedge.exe msedge.exe PID 380 wrote to memory of 1860 380 msedge.exe msedge.exe PID 380 wrote to memory of 1860 380 msedge.exe msedge.exe PID 380 wrote to memory of 1860 380 msedge.exe msedge.exe PID 380 wrote to memory of 1860 380 msedge.exe msedge.exe PID 380 wrote to memory of 1860 380 msedge.exe msedge.exe PID 380 wrote to memory of 1860 380 msedge.exe msedge.exe PID 380 wrote to memory of 1860 380 msedge.exe msedge.exe PID 380 wrote to memory of 1860 380 msedge.exe msedge.exe PID 380 wrote to memory of 1860 380 msedge.exe msedge.exe PID 380 wrote to memory of 1860 380 msedge.exe msedge.exe PID 380 wrote to memory of 1860 380 msedge.exe msedge.exe PID 380 wrote to memory of 1860 380 msedge.exe msedge.exe PID 380 wrote to memory of 1860 380 msedge.exe msedge.exe PID 380 wrote to memory of 1860 380 msedge.exe msedge.exe PID 380 wrote to memory of 1860 380 msedge.exe msedge.exe PID 380 wrote to memory of 1860 380 msedge.exe msedge.exe PID 380 wrote to memory of 1860 380 msedge.exe msedge.exe PID 380 wrote to memory of 1860 380 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/KCt6y8YT1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:380 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f8da46f8,0x7ff8f8da4708,0x7ff8f8da47182⤵PID:3220
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9464401552976508130,9172300823692445319,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:4240
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,9464401552976508130,9172300823692445319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4420 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,9464401552976508130,9172300823692445319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:82⤵PID:1860
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9464401552976508130,9172300823692445319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:1020
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9464401552976508130,9172300823692445319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵PID:3608
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9464401552976508130,9172300823692445319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 /prefetch:82⤵PID:3552
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9464401552976508130,9172300823692445319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4536 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9464401552976508130,9172300823692445319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:12⤵PID:2100
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9464401552976508130,9172300823692445319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:12⤵PID:4872
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9464401552976508130,9172300823692445319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵PID:2060
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9464401552976508130,9172300823692445319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:12⤵PID:2328
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9464401552976508130,9172300823692445319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:3840
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9464401552976508130,9172300823692445319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:12⤵PID:2628
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,9464401552976508130,9172300823692445319,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4896 /prefetch:82⤵PID:5372
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9464401552976508130,9172300823692445319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:12⤵PID:6088
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3180
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4044
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2420 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e779ab58,0x7ff8e779ab68,0x7ff8e779ab782⤵PID:4700
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1956,i,3654357822404216503,14389613729969840594,131072 /prefetch:22⤵PID:2380
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1956,i,3654357822404216503,14389613729969840594,131072 /prefetch:82⤵PID:4388
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1956,i,3654357822404216503,14389613729969840594,131072 /prefetch:82⤵PID:3440
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1956,i,3654357822404216503,14389613729969840594,131072 /prefetch:12⤵PID:924
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3256 --field-trial-handle=1956,i,3654357822404216503,14389613729969840594,131072 /prefetch:12⤵PID:3732
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3656 --field-trial-handle=1956,i,3654357822404216503,14389613729969840594,131072 /prefetch:12⤵PID:5192
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4912 --field-trial-handle=1956,i,3654357822404216503,14389613729969840594,131072 /prefetch:12⤵PID:5580
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4444 --field-trial-handle=1956,i,3654357822404216503,14389613729969840594,131072 /prefetch:12⤵PID:5608
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3228 --field-trial-handle=1956,i,3654357822404216503,14389613729969840594,131072 /prefetch:12⤵PID:5772
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4332 --field-trial-handle=1956,i,3654357822404216503,14389613729969840594,131072 /prefetch:82⤵PID:5780
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1956,i,3654357822404216503,14389613729969840594,131072 /prefetch:82⤵PID:5900
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3800
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
6KB
MD52e3964ab290e628e663d691f2deadc27
SHA151e7a7c5dd162bdafc3456837bd440f641e4eb7d
SHA2565f920a02728c20767d41a8791286b1df0e460af965816fbd1a4def71c5d68b24
SHA512c54d0b1c9150367ac2987a2ad5945b7505f62e0e315b46c785f428ed85b0fbe170354880880fda22cdd6dec4dd37e623013d946e90a719787e1365c5e65d279b
-
Filesize
257KB
MD5a5f11efec0c39a711803394b9b415bc8
SHA1fcc953fcc6fec957418a63477ee050d2ce2a9f2c
SHA256712fff4535800ee445fbc54383e8d352ecfdf7500aaf0757a71d5b8013efaa0f
SHA51255753dc26fa310d7ba8b7df08ed656eaf7366a5d6e5f3690c6c809b71f5d2e55bff39cad1a95e02d78062c4d90f82b2f44f3b6a04c6898870b0e37e169892c11
-
Filesize
257KB
MD5cf175b089cd7360e165bc2193abe2115
SHA16f01060bb8930afc15dc6ba45076e3cb61047d1a
SHA256745ff1639c676a136b58447e1ab030a0bb9ad6fc169430083d077d649725a868
SHA5122476acfa5d8c8415d8c90e0f9e61f23461c1c064fe7b27d2bb09a8007e63ee9a0bbc119a22415eadb78bded71560773b0f6a8caf0c62b57251da5701ec0a012a
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
5KB
MD54ab11693acc33b5caf39995cbf2af35f
SHA12ea0a10c5ca82de6f6a9587097c91b5eba67a638
SHA2563be9d211d14e7533c16bd2dac5b1ba05b6a73679d81c88bc9a1c17c7cb197d18
SHA5125e2f289edc1359094bc5ce18ef32ab47e3df5291e0d8a3068cb1b3b93e0ee4577b9c43de74d186ed32b98d6c638f829c8593afb8fe3663d12107d2791ee162e1
-
Filesize
6KB
MD58e0bd4d23900f9007351b5ec8beb2bb8
SHA1055849f791b453174c4fd5a67909f579166663ee
SHA2565865fd521dc3781f0f931a18234e588fc499f3963c2720e09320a85e95bd8b17
SHA512066c1c085001923c53dd60c61ae56798a6bde728068e780cfc466d05fba4c4cc1660e81947c75081dfa1d34a07e82da7435f9432eb6b2f3f85a8dc1cb1e19c2a
-
Filesize
6KB
MD59bf875d63cbe6aa3794b363589613ead
SHA1f16f9720a42ebaaf47048879b107603c4c888248
SHA256a260dcab315664b48c84e7bb8cb8b3a2d12f8b15729c49ba9f4a02fe975e4d9a
SHA51205680d18b21ec24605cb0fbfecb8b4f9778f78deb0aa360ad06cc68f1906e92759aeddba5c453276c44429cc67ea55713fe54e5b0f103dbd8292789980481e03
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
8KB
MD507adf09af8dc24fd4f71c52655c2ae7a
SHA10b502661e3b7c855184f589be2272bab59e20c51
SHA256c51fb5f07cbaf3e4b4291f4d3dc844c4f3b95404cebe2b8cf1a9655133088a0d
SHA512767723312b5b2cb0a12c7fa8f0a913a77af6a146464d4727a1161fa9effb6fd4b83b4007413bbf091ec087b498d0cf208e1d70aa907c64d573e1c65b6fbb564a
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e