Analysis
-
max time kernel
149s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18-06-2024 19:35
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://recp.mkt81.net/ctt?m=9201264&r=MjcwMzc5ODk4MTM3S0&b=0&j=MTY4MDU5NzgyOAS2&k=Language&kx=1&kt=12&kd=//assets-usa.mkt.dynamics.com/2cd19119-032d-ef11-8406-000d3a342d2d/digitalassets/standaloneforms/1799700c-1f2d-ef11-840a-000d3a5c988f??#Ytv1fbx-2FTav-2BQH9ZOs5QAVQoyOVXkjqzWmn068bxJM1DUjUUU5Y-2BBw-3D-3D&data=05%7C02%7Cbob.briggs%40grammer.com%7Ceacc07dcf1304938423e08dc122cbb1b%7C63d639818f404ab2a0cc299291d700fc%7C0%7C0%7C638405230530695155%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=idFt5Zdq6/FBDWXC9y5X6YRdrAeTIbDuY%2B57c2BGf8Q%3D&reserved=0&McasTsid=20893&McasCSRF=6cb6998babe0869e6f1be1711d4d6fe2f63a7c6279b2ca508c107864e8181b5e
Resource
win10v2004-20240508-en
General
-
Target
http://recp.mkt81.net/ctt?m=9201264&r=MjcwMzc5ODk4MTM3S0&b=0&j=MTY4MDU5NzgyOAS2&k=Language&kx=1&kt=12&kd=//assets-usa.mkt.dynamics.com/2cd19119-032d-ef11-8406-000d3a342d2d/digitalassets/standaloneforms/1799700c-1f2d-ef11-840a-000d3a5c988f??#Ytv1fbx-2FTav-2BQH9ZOs5QAVQoyOVXkjqzWmn068bxJM1DUjUUU5Y-2BBw-3D-3D&data=05%7C02%7Cbob.briggs%40grammer.com%7Ceacc07dcf1304938423e08dc122cbb1b%7C63d639818f404ab2a0cc299291d700fc%7C0%7C0%7C638405230530695155%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=idFt5Zdq6/FBDWXC9y5X6YRdrAeTIbDuY%2B57c2BGf8Q%3D&reserved=0&McasTsid=20893&McasCSRF=6cb6998babe0869e6f1be1711d4d6fe2f63a7c6279b2ca508c107864e8181b5e
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133632129238825117" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
chrome.exechrome.exepid process 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 4604 chrome.exe 4604 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
chrome.exepid process 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 2968 wrote to memory of 4696 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 4696 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3180 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3356 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 3356 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe PID 2968 wrote to memory of 1664 2968 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://recp.mkt81.net/ctt?m=9201264&r=MjcwMzc5ODk4MTM3S0&b=0&j=MTY4MDU5NzgyOAS2&k=Language&kx=1&kt=12&kd=//assets-usa.mkt.dynamics.com/2cd19119-032d-ef11-8406-000d3a342d2d/digitalassets/standaloneforms/1799700c-1f2d-ef11-840a-000d3a5c988f??#Ytv1fbx-2FTav-2BQH9ZOs5QAVQoyOVXkjqzWmn068bxJM1DUjUUU5Y-2BBw-3D-3D&data=05%7C02%7Cbob.briggs%40grammer.com%7Ceacc07dcf1304938423e08dc122cbb1b%7C63d639818f404ab2a0cc299291d700fc%7C0%7C0%7C638405230530695155%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=idFt5Zdq6/FBDWXC9y5X6YRdrAeTIbDuY%2B57c2BGf8Q%3D&reserved=0&McasTsid=20893&McasCSRF=6cb6998babe0869e6f1be1711d4d6fe2f63a7c6279b2ca508c107864e8181b5e1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2968 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbd88ab58,0x7ffdbd88ab68,0x7ffdbd88ab782⤵PID:4696
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1916,i,2987815748313044479,2076282171449337799,131072 /prefetch:22⤵PID:3180
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1916,i,2987815748313044479,2076282171449337799,131072 /prefetch:82⤵PID:3356
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1916,i,2987815748313044479,2076282171449337799,131072 /prefetch:82⤵PID:1664
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1916,i,2987815748313044479,2076282171449337799,131072 /prefetch:12⤵PID:1108
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1916,i,2987815748313044479,2076282171449337799,131072 /prefetch:12⤵PID:2984
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1916,i,2987815748313044479,2076282171449337799,131072 /prefetch:82⤵PID:736
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 --field-trial-handle=1916,i,2987815748313044479,2076282171449337799,131072 /prefetch:82⤵PID:1936
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5104 --field-trial-handle=1916,i,2987815748313044479,2076282171449337799,131072 /prefetch:12⤵PID:1092
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3904 --field-trial-handle=1916,i,2987815748313044479,2076282171449337799,131072 /prefetch:12⤵PID:3668
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1916,i,2987815748313044479,2076282171449337799,131072 /prefetch:82⤵PID:4480
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1916,i,2987815748313044479,2076282171449337799,131072 /prefetch:82⤵PID:4920
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 --field-trial-handle=1916,i,2987815748313044479,2076282171449337799,131072 /prefetch:82⤵PID:4936
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5028 --field-trial-handle=1916,i,2987815748313044479,2076282171449337799,131072 /prefetch:12⤵PID:4160
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1548 --field-trial-handle=1916,i,2987815748313044479,2076282171449337799,131072 /prefetch:12⤵PID:4036
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3240 --field-trial-handle=1916,i,2987815748313044479,2076282171449337799,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4604 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4996 --field-trial-handle=1916,i,2987815748313044479,2076282171449337799,131072 /prefetch:12⤵PID:4648
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3216
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD52f3891f82ad5794d256185d7f69ecfc7
SHA1179020bfe5967b02b84b72a110146c3b9abac7a0
SHA2566c1b2485f01a0888acd5ceae13fa1b49b01bcc8acf824e38efe9efedac299213
SHA512a75463dcc7190fdf4de9bc9961e54a9df1f6b4282764fce3cd6d23372613d753be77ebf33ee8c7fec4ac66deac4bf6d5cb378e6674338fbbe9d37f7daccdf9ae
-
Filesize
257KB
MD51515df9de4d13170a06062a6d98901f7
SHA1522cfdf6a6c6aa5dde7639be61d0d2b70b7a7940
SHA256b019409ca464f9d0aa296427e51ea897f3c9104d3114c86d14f928290e55b410
SHA512c6c5756360adbe33642010d9630d821f9ef554059b0bd6a6881036bd821a2fc70f3dc1eaadfe952de71c22b93e50b49878a5b9479bdaa93cf799aa64018d1b12
-
Filesize
257KB
MD598268358cf9d2348e699c4c874012d71
SHA138bed3724c83d1acdbd21432069b171fde1a0223
SHA256a6c747efbaae5dd4c7bd483afef8f8c7233f356fa2982ba805ae38102c45a1fa
SHA51212ccd5ef9290226e4199fe6b885069d386bfc8dc628d10ec0833b80ea780dd8f5de5a8004eefc7b197285344e5bef5cbe0b004569d249c789b1fcb093b207e45
-
Filesize
91KB
MD50ff1e167aefbe6dc26d0c2b387fa2eb7
SHA1d364047982c21d1bd011a99bc8c54c605c85eef6
SHA2562d972b00a7b624870c0a6d2b7835f12283f222f83132b80775122ed07ba9c10f
SHA51276e029c304a0a321aac394e9732692c8a77423bab883bb6d94eedff4c79d41c43e76886cf88bae4572d9fb3be67932859600f523e516661a21a91e5b97ee4516
-
Filesize
88KB
MD55664ce67505ba618cd2596d8f96e07d8
SHA14a349e5aa29b3034757a94632cffd9859f223c13
SHA2565de51b1a0b00f9baf60464a5e1f2ed47c8563905e92cd6a59a40764103a631c9
SHA512bbd4bf0f34ca59a40f0bcc73ce4799908686ca4dc9f94bbd852d8093db11b3e307727b017ebbe42f077235902aeed84e5381103ee42fca6492304c624e255652
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e