Overview
overview
10Static
static
10Debug/Crystal.exe
windows10-2004-x64
10Debug/Crys...re.dll
windows10-2004-x64
1Debug/Crys...pet.js
windows10-2004-x64
3Debug/Guna.UI2.dll
windows10-2004-x64
1Debug/Micr...re.dll
windows10-2004-x64
1Debug/Micr...ms.dll
windows10-2004-x64
1Debug/Micr...pf.dll
windows10-2004-x64
1Debug/Monaco/fgd.html
windows10-2004-x64
6Debug/Mona...dex.js
windows10-2004-x64
3Debug/Mona...n/mime
windows10-2004-x64
1Debug/Mona...me.cmd
windows10-2004-x64
1Debug/Mona...me.ps1
windows10-2004-x64
3Debug/Mona...DME.js
windows10-2004-x64
3Debug/Mona...dex.js
windows10-2004-x64
3Debug/Mona...DME.js
windows10-2004-x64
3Debug/Mona...ten.js
windows10-2004-x64
3Debug/Mona...DME.js
windows10-2004-x64
3Debug/Mona...dex.js
windows10-2004-x64
3Debug/Mona...ead.js
windows10-2004-x64
3Debug/Mona...son.js
windows10-2004-x64
3Debug/Mona...raw.js
windows10-2004-x64
3Debug/Mona...ext.js
windows10-2004-x64
3Debug/Mona...ded.js
windows10-2004-x64
3Debug/Mona...dex.js
windows10-2004-x64
3Debug/Mona...dex.js
windows10-2004-x64
3Debug/Mona...DME.js
windows10-2004-x64
3Debug/Mona...dex.js
windows10-2004-x64
3Debug/Mona...dex.js
windows10-2004-x64
3Debug/Mona...ion.js
windows10-2004-x64
3Debug/Mona...ess.js
windows10-2004-x64
3Debug/Mona...nit.js
windows10-2004-x64
3Debug/Mona...ery.js
windows10-2004-x64
3Analysis
-
max time kernel
275s -
max time network
283s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
15-06-2024 13:33
Behavioral task
behavioral1
Sample
Debug/Crystal.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral2
Sample
Debug/Crystal.exe.WebView2/EBWebView/Speech Recognition/1.15.0.1/Microsoft.CognitiveServices.Speech.core.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
Debug/Crystal.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.52/adblock_snippet.js
Resource
win10v2004-20240611-en
Behavioral task
behavioral4
Sample
Debug/Guna.UI2.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Debug/Microsoft.Web.WebView2.Core.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral6
Sample
Debug/Microsoft.Web.WebView2.WinForms.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Debug/Microsoft.Web.WebView2.Wpf.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral8
Sample
Debug/Monaco/fgd.html
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
Debug/Monaco/fileaccess/index.js
Resource
win10v2004-20240611-en
Behavioral task
behavioral10
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime.cmd
Resource
win10v2004-20240611-en
Behavioral task
behavioral12
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime.ps1
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
Debug/Monaco/fileaccess/node_modules/accepts/README.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral14
Sample
Debug/Monaco/fileaccess/node_modules/accepts/index.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
Debug/Monaco/fileaccess/node_modules/array-flatten/README.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral16
Sample
Debug/Monaco/fileaccess/node_modules/array-flatten/array-flatten.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
Debug/Monaco/fileaccess/node_modules/body-parser/README.js
Resource
win10v2004-20240611-en
Behavioral task
behavioral18
Sample
Debug/Monaco/fileaccess/node_modules/body-parser/index.js
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
Debug/Monaco/fileaccess/node_modules/body-parser/lib/read.js
Resource
win10v2004-20240611-en
Behavioral task
behavioral20
Sample
Debug/Monaco/fileaccess/node_modules/body-parser/lib/types/json.js
Resource
win10v2004-20240611-en
Behavioral task
behavioral21
Sample
Debug/Monaco/fileaccess/node_modules/body-parser/lib/types/raw.js
Resource
win10v2004-20240611-en
Behavioral task
behavioral22
Sample
Debug/Monaco/fileaccess/node_modules/body-parser/lib/types/text.js
Resource
win10v2004-20240611-en
Behavioral task
behavioral23
Sample
Debug/Monaco/fileaccess/node_modules/body-parser/lib/types/urlencoded.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral24
Sample
Debug/Monaco/fileaccess/node_modules/es-define-property/index.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
Debug/Monaco/fileaccess/node_modules/es-define-property/test/index.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral26
Sample
Debug/Monaco/fileaccess/node_modules/etag/README.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
Debug/Monaco/fileaccess/node_modules/etag/index.js
Resource
win10v2004-20240611-en
Behavioral task
behavioral28
Sample
Debug/Monaco/fileaccess/node_modules/express/index.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
Debug/Monaco/fileaccess/node_modules/express/lib/application.js
Resource
win10v2004-20240611-en
Behavioral task
behavioral30
Sample
Debug/Monaco/fileaccess/node_modules/express/lib/express.js
Resource
win10v2004-20240611-en
Behavioral task
behavioral31
Sample
Debug/Monaco/fileaccess/node_modules/express/lib/middleware/init.js
Resource
win10v2004-20240611-en
Behavioral task
behavioral32
Sample
Debug/Monaco/fileaccess/node_modules/express/lib/middleware/query.js
Resource
win10v2004-20240508-en
General
-
Target
Debug/Monaco/fgd.html
-
Size
18KB
-
MD5
a1416c1fe209f7687ff79ab44301b3d3
-
SHA1
3ba3ff0027a98128edad78f5561cef53c4236791
-
SHA256
a6897302dba619dd3c156d57fc4b706662bff4df582975c33478b7878b060d2c
-
SHA512
ce8a9aaf7ba903dfb25df53e04addfedae7ee4fcd07dffd42abf3f275a75b14cb26bb64c9320fd425003c73618b2967bb7be2cfb849050d50dd5308e69842f79
-
SSDEEP
384:fihTARA5Lmwl1qPeVvW4NVtabVBJjVBd+TI6noaQLR7:fihTjoy+StabVBJ/kkgoaQLR7
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
Processes:
flow ioc 36 raw.githubusercontent.com 37 raw.githubusercontent.com 41 raw.githubusercontent.com -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629326667802331" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 2456 chrome.exe 2456 chrome.exe 4476 chrome.exe 4476 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exepid process 2456 chrome.exe 2456 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 2456 wrote to memory of 3056 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 3056 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1296 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 536 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 536 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe PID 2456 wrote to memory of 1528 2456 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\fgd.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2456 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb8ecab58,0x7ffcb8ecab68,0x7ffcb8ecab782⤵PID:3056
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1888,i,4235152802791455679,7227377667505733822,131072 /prefetch:22⤵PID:1296
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1888,i,4235152802791455679,7227377667505733822,131072 /prefetch:82⤵PID:536
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1888,i,4235152802791455679,7227377667505733822,131072 /prefetch:82⤵PID:1528
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1888,i,4235152802791455679,7227377667505733822,131072 /prefetch:12⤵PID:3556
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1888,i,4235152802791455679,7227377667505733822,131072 /prefetch:12⤵PID:3492
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 --field-trial-handle=1888,i,4235152802791455679,7227377667505733822,131072 /prefetch:82⤵PID:5104
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1888,i,4235152802791455679,7227377667505733822,131072 /prefetch:82⤵PID:1068
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2676 --field-trial-handle=1888,i,4235152802791455679,7227377667505733822,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4476
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4028
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4532,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=3928 /prefetch:81⤵PID:5172
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD56c118cd926c507a7ba58e82f4d5eaf21
SHA127759367fff7dc9ca54c2c1f0038912ec6619344
SHA256d44c1c9c2de2b17fe21873875e3489c0f0bef31ca25e76f3ec61a2f3a8b93d9c
SHA512f24feb015a6d2df7d4fd550b72c5c84e21adc743f1c11154101a7e6a483db9a1428d2cc71d6606adb495af075b4ab436f50732e72688aeb78aa0745ea059bfb6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1019B
MD533fe371b08f0b30dbfdb2240a1029dad
SHA1a8b8bbed81ba5503210494417762885900111d10
SHA2565cf597a4dc975b97e2b1f8a4034cef537eec31d4ea83b78047c4a76662ebf5d3
SHA512d4f6fe680ec59005cb8385e604038a1cf7f16525887c5081b1cbf97035d2634045e578526b369efee46773adeb093aebd6cbda434083f54ec4888c5bcb30e60f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5811f08bd829942a1928ab7b51ac7f659
SHA1e242b993d7881763a652036fa4b892efd968b1e1
SHA25617c6c48c6c276412d8f76344be90a28868c63bb5e03f04b4e1fd085b6ae06c0c
SHA512feecc65cee0baae2a673cf3a60b08918b1bc1c70390406dac32094fd9598825e98e3a4401c2c6a3e86296cb55cd2c5972290ebaecaa4e6e3954a03e8c3765235
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
138KB
MD519a297272f0bb910b5353d4eda00a6f3
SHA135a1448b6d9c949c3384e38ffb9b0fb5fffcbbb6
SHA256fc47dcad1eb0bd44303278d8bcb5e4102d7f3529cd5b3f27d01a7601e75c57f6
SHA512c1fae791f36ad9da821c95375e8b1803ab00fa1a7ab9bfab9dc3748d6aa6036ee6c129846846ef122cefae5197d72883742bbe04576158f15473674ff42fda2f
-
\??\pipe\crashpad_2456_MWOIHPYZVBNQUZGFMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e