Analysis
-
max time kernel
111s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
18-06-2024 15:56
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://nimb.ws/h3t6XR7
Resource
win10v2004-20240611-en
General
-
Target
https://nimb.ws/h3t6XR7
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133631998643320890" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 3140 chrome.exe 3140 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
Processes:
chrome.exepid process 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 3140 wrote to memory of 3556 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3556 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 4884 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 428 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 428 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe PID 3140 wrote to memory of 3608 3140 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://nimb.ws/h3t6XR71⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3140 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad3f7ab58,0x7ffad3f7ab68,0x7ffad3f7ab782⤵PID:3556
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:22⤵PID:4884
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:82⤵PID:428
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:82⤵PID:3608
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:12⤵PID:1336
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:12⤵PID:4144
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4120 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:12⤵PID:4108
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4556 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:12⤵PID:3084
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4860 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:12⤵PID:1916
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5084 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:12⤵PID:628
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4884 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:82⤵PID:3380
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5344 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:82⤵PID:3996
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:82⤵PID:2188
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:82⤵PID:4712
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4176 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:12⤵PID:4132
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6108 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:12⤵PID:1680
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5148 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:12⤵PID:5028
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5936 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:82⤵PID:4420
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5840 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:82⤵PID:1744
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5924 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:12⤵PID:5108
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6056 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:12⤵PID:4424
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5748 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:12⤵PID:892
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2384 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:82⤵PID:1644
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2284 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:82⤵PID:4948
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3924 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:12⤵PID:2188
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5968 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:12⤵PID:3524
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4440 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:12⤵PID:1964
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6004 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:82⤵PID:1404
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1812
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
122KB
MD56ff74c8dd69d2b4425adc05803abe1f0
SHA1f26de15e88ab37db5f76c8a207f496d4e6e2df65
SHA256c56ff2d017621df02335f09354c255bbdc5ad98bdd5be715894a51d0d5ccde31
SHA51204e4242c8e4f56803441596983226de28052ca28a775f07bce16ab1107a1964a10b8a5a73d4f8df8e9cea91e9e3acf52368a7db723931665b362393f7c95202a
-
Filesize
59KB
MD5caaa5222d179a24ca5540080c7018b99
SHA11f415a7a73a12a4c16f25709504f4e4e4beae9dd
SHA256b729255f2e984a20fa0f0eb07e08368cf468fd17ff27a7d1dbb4042ec261d8cf
SHA51271b4f878aa154ba4a8523c2e36faa8dbe3cfafa082b18796d8b69539dee9506253b9e55fc9b71cc2c9027d22ae08587b0e2ddadbc8d3395dbb73584d1ca1ebcc
-
Filesize
24KB
MD587c2b09a983584b04a63f3ff44064d64
SHA18796d5ef1ad1196309ef582cecef3ab95db27043
SHA256d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067
-
Filesize
69KB
MD5921df38cecd4019512bbc90523bd5df5
SHA15bf380ffb3a385b734b70486afcfc493462eceec
SHA25683289571497cbf2f2859d8308982493a9c92baa23bebfb41ceed584e3a6f8f3f
SHA51235fa5f8559570af719f8a56854d6184daa7ef218d38c257e1ad71209272d37355e9ad93aaa9fbe7e3b0a9b8b46dfc9085879b01ce7bb86dd9308d4a6f35f09e5
-
Filesize
203KB
MD599916ce0720ed460e59d3fbd24d55be2
SHA1d6bb9106eb65e3b84bfe03d872c931fb27f5a3db
SHA25607118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf
SHA5128d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8
-
Filesize
1KB
MD563f06732a4978d7a241ea78c8f5bfbbc
SHA10eff6af1cee1463e334fed1b92fdf9744b7c170e
SHA2567dffc3810480e48dc6f0e47face94808eee9a85f93041a3fe719fee71284c2e7
SHA512d61f62489697a9d426980a455cf9682e9c222b515f3aebd9658c5552059d6b8ce7d66f0b648eb4c45bdcbd7ccf31982b378cadca424103e19cde3e09af688988
-
Filesize
7KB
MD539164cae412e26a3b67ca6fa1d6e3f11
SHA1e047d0673e49db3fdc03be9f9a1138cefd3ffc40
SHA256f2eb3dbef4757e722b7451ec1d0c66dc68d0d865dfadf9373405c0472cdf3163
SHA5124ec17554365d0f2a496190750eda6b405d811ad483eb66941d972b59dd7ac7ba3cd3a54d0f6f4e34eff02e4fd7641065cd1ba6b4565607da422a2d5236acf3b7
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
3KB
MD578b4df4e206733e0de58932d296452b0
SHA105132c29dc3e4c28ee1606d56a9e32224a824df3
SHA25603a6a1b0addb9a0a3b4348de0e62b47f18c8cfa96514472a07bb00a8382ec12e
SHA512f43cb3631c211d37d52cc4593250099411ce6b4e86aad80e96631e3c4203a88fc49b58527b57b9fb257c1705690386ec3750fd97da89a1927ed9c80ddc7a4545
-
Filesize
1KB
MD5471271673ed6c39e7304e47d66589ca1
SHA136262809641a51b8e0e0eaf7f3590c64354aa567
SHA25644b8bdc71f7f76a0b46670ba2fefdf495aa3374f04bebb91e41a61d27f66a85f
SHA512df2f640b472b29cd76f57fd046df742442b11b75f64da3d628033697da52f6fc095496883e25e34642a0133b178c2a30098adca8a3fbe53a577f7cd83b1b168f
-
Filesize
3KB
MD5d3edfd71e44dd1f03273782950c30ea3
SHA15f10e2990630a73ccb801c65b035bcff64a72908
SHA2562a121674fa21b01680d604da440e44c9b3a7d57514ad60e38c3743e30da91086
SHA512fabfc0a82b8f2518bf68e056503d04362e98af04ae66fc410c1d5683aa65d2cfcaa47ded2e143f1d773ffb34ef74109ce6f31d180ed303fd3d22137a2bc69cf3
-
Filesize
3KB
MD5750e96379f748c97965fa6eea42b869c
SHA1d2162d592976f93edf54475d7115695448e1ca12
SHA25611846e12cc7d592c9b034ccfb130e6431dcb4d74836567455d5cc65dba472bfb
SHA5124410ebdf7274c5394eb492f9e7e86f4e7fa3acbc38858f2c0a89e7f0e0cdb865d9a3df6ccebce2663cb1fa42a141da1786b79a79895fb95ae7528828c47eccbe
-
Filesize
3KB
MD593d1485ad657ff77d9e2e8b68c3b2a3b
SHA17afe25c7176fa4ad30394f23621ccae2d24f9113
SHA2565296c66f2f8ecfae92e477d8a81163b097274218a2649de132bd7268dba6d3ea
SHA512e0d8a7b6b27797ff9c714eba1b37873f3bf38e1f50dbcc103c26dd5aad2839772461ed4cb3b222d80d4f2d0dfcc4cab3a5436483f792e138b4f23389b7c22c98
-
Filesize
3KB
MD51c23efbd18b23a3129de6d66139df56e
SHA10a402f50ec6f30005097735b9d1a718e6883b5dd
SHA2568577f09265eaa1bc00d6608072cbe568bc04e91e2e360b12d2a71e59f6c82dd8
SHA512b68dc9fcb84d21a0e3b8755b44c513ea9c4f351971ca9b5432e604191e6cea37d626a82c693046bbdbc52f9a76364a637a6542b80c52b71b0640ecc3e8c07d5a
-
Filesize
6KB
MD52985248a8f6155f43b7f3ea6566ce321
SHA13180400f431549431ee2570d93f28178914096ce
SHA256bbd2bc3c59929322a2771eeee03c19fa0e24aed1b9655e965d45981a67ef7dd4
SHA51271f3e4fd7c9d6e45d14c23c91044f1e665ca6a53011a9a73096a09751a351303797ece77f153c4a5014190da3853d15e34ecb83ecc3169563f108f79d6f0b81e
-
Filesize
7KB
MD547d4d9b14f41334b7777eb9272dca312
SHA12b682c5161325947447384b2db283d0395750ad2
SHA2566b7ccd9bce4abb0bfca4f2e7c137070937653a017270d24ff2fc2fc36ee336a1
SHA512e64593ebb390391a24df258aad3e3d839c333868de26279c4bd2c43fc7eadeb750834d07f6fe06575b0189b23799d856c10e5f9a979f049b61f4f33fe2b5216c
-
Filesize
7KB
MD54e037083b15927c746ae8f5b82ceca63
SHA16af17687c3e7de45dc11157a9de5f00e71d3e520
SHA25612a1727fb24fa9bdffb42d8c1469aaac15b2254d2fa29b14c515226108c7d4f7
SHA51206ada7c6a3b65d205c3a998d61bcf378087f088df812c6751a67c9b7b99e8e36faae4601f1b94a4557018e8a184e4b1023810f0e0126a4cff267ad328c153401
-
Filesize
8KB
MD536d93ffb5a0450b191fdd06d7aa43a1f
SHA10c09b899261a17ae1f8f07327ad5ba591d0b9f97
SHA25657c111ee6843172d3c94aacccff9714458df1d1ade2ac39f6c8e18671ec6d06d
SHA5122598bf54cff0d1ca1082a491350eff0f59a8ca8307a5d0ca16eccf94ee3bf53687dadb2aa768c8401d012668c769ff1aa048a9ef61ac4c7d0110730389153dae
-
Filesize
8KB
MD5bf4746d1be7e25761e47a5d9eab6987c
SHA104412d1c9617d8a0786e233c697cd7c2612b7ad8
SHA2566b1c09b8cfde3b49efb3169d1c2ba978ebe3d7f7f64431a60eb93cabea1629e8
SHA512cd7d0af1415a178bb9db0182fc2045ee6cf5654bdccfb3252321cb69a6350dc3b35d082beac699b68c81098653aa4aa01a8992aebbf9826e0a921f4c39d49fa0
-
Filesize
6KB
MD50d5f8aec78633b25d8ba76c9a559df83
SHA1f8bc6144bf6223892943dcc52e84a464b5fd7a69
SHA256950c3abe48c29377bfa7e2c4600cd6d5f726d8d7ab5a8daad8afdf0a3ce80bc1
SHA512a89ea1d8d55d3b2cb809cf9008e52afdf2ff8ce113a37abea16a101543bd5b0198fbf4c011458110fa144b9698d81df1293341dd672af5583de335f4298f5c47
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize96B
MD56b9f1da78368179b2a59b2228d079890
SHA1e1bc8f78c7eef54a180baf5e314965c0924677e8
SHA2560d51a91847cafa022b001b0cbb99d6f43c7681a0a88b49916cccc4936db4a640
SHA5127646e6e7b92820a617a19bfd42e7dfd46ee18b9fd7f9e37383bde6dca13176e048e8db69f88293f85740fe9ba954dd5f581497f46b7bd551b71d862c0e3517ff
-
Filesize
138KB
MD523ef946d42236eccc7fa32f4c2f27130
SHA1c150623d57282ab3d602108466ba4f072d338505
SHA256cc70e3a09b5097f3450ebb88e037dbd565802ba15b64c67cb8bde6a6b44840ba
SHA51253c999765c8b338972e9bc88ebb7ee6af3856af4ae3cdfd0fc25439c53cf85717d267bc2498c51f262474929ab3ff85c4105e25b281e7eea9132db9a1db12f5d
-
Filesize
138KB
MD5a5fe6230f566da4bca2331ea8891ea3e
SHA148b5c4d37b898fc765af6726b069e35cf465c568
SHA256310bddcbeed7ea10e226a3fc193d136c335f5ca7912eadc2c2d6f261a0bde695
SHA51291495b71f7f3d1c97e03a5f1c4e596b986d9691645c0cb74792b5e556cc1081fce33cceb277896ac5f33f7764a07cb1a29779e0be4eb657ff4be1d858bfa73a8
-
Filesize
138KB
MD5c4acb68ac16ad1709451113faeb9db65
SHA14f332a479373a226b0413e56a1face0f31d0a2f0
SHA2563325ade142eac89b1c5abc72895da6b85e829a60307671daa0f6c4ab4c8686da
SHA512fc2a6e705c17676ab82437e1db623a27a1ce72158e3e8c6df37674e819c696d8c9fc866c53432f001301e534d95d23539b64e6af32016859de8e66e7c35524d4
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e