Analysis
-
max time kernel
310s -
max time network
525s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
26-06-2024 07:37
Behavioral task
behavioral1
Sample
Revised Agreement Clauses-ZW33491-6302.pdf
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Revised Agreement Clauses-ZW33491-6302.pdf
Resource
win10v2004-20240611-en
General
-
Target
Revised Agreement Clauses-ZW33491-6302.pdf
-
Size
33KB
-
MD5
488564d6b4f7504c062765f203b73048
-
SHA1
b3da0669659d7c801e0ea31562e52d37b6a38ba8
-
SHA256
9f4fd92f818b53e3814e30df050285df019f1d665fbb0c1d23749f3ab879ca93
-
SHA512
dafebc8f032a4df7fd2a952b62e93a5cc5a198a71639a8f728f284ef12a187b7c1d61fdc5060c3b7f47314664d90f07c76edd49a2308b2a3a91cd99b62f3331d
-
SSDEEP
768:Ts97XWBrlRG+66W6HTYZvUh/C8WRKr0djR7wrulmxDU:T+XWy/dsvWgQd5wrhZU
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies registry class 31 IoCs
Processes:
AcroRd32.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1092616193" AcroRd32.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1" AcroRd32.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f4225481e03947bc34db131e946b44c8dd50000 AcroRd32.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags AcroRd32.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots AcroRd32.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" AcroRd32.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy AcroRd32.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders AcroRd32.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\LogicalViewMode = "1" AcroRd32.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings AcroRd32.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell AcroRd32.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU AcroRd32.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 AcroRd32.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 9e0000001a00eebbfe23000010007db10d7bd29c934a973346cc89022e7c00002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbe7e47b3fbe4c93b4ba2bad3f5d3cd46f98207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000 AcroRd32.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC} AcroRd32.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff AcroRd32.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff AcroRd32.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "4" AcroRd32.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 AcroRd32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\TV_FolderType = "{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}" AcroRd32.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff AcroRd32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}" AcroRd32.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\IconSize = "16" AcroRd32.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Sort = 000000000000000000000000000000000200000030f125b7ef471a10a5f102608c9eebac0a0000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff AcroRd32.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff AcroRd32.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 AcroRd32.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy AcroRd32.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 AcroRd32.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 AcroRd32.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\TV_TopViewVersion = "0" AcroRd32.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9} AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exepid process 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
AcroRd32.exepid process 2932 AcroRd32.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
Processes:
chrome.exepid process 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
Processes:
chrome.exepid process 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
Processes:
AcroRd32.exepid process 2932 AcroRd32.exe 2932 AcroRd32.exe 2932 AcroRd32.exe 2932 AcroRd32.exe 2932 AcroRd32.exe 2932 AcroRd32.exe 2932 AcroRd32.exe 2932 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 2748 wrote to memory of 2448 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2448 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2448 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2668 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2728 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2728 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2728 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2732 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2732 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2732 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2732 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2732 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2732 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2732 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2732 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2732 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2732 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2732 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2732 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2732 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2732 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2732 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2732 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2732 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2732 2748 chrome.exe chrome.exe PID 2748 wrote to memory of 2732 2748 chrome.exe chrome.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Revised Agreement Clauses-ZW33491-6302.pdf"1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2932
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2748 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6a99758,0x7fef6a99768,0x7fef6a997782⤵PID:2448
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1284,i,16478003169781854495,68721036765257153,131072 /prefetch:22⤵PID:2668
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1284,i,16478003169781854495,68721036765257153,131072 /prefetch:82⤵PID:2728
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1544 --field-trial-handle=1284,i,16478003169781854495,68721036765257153,131072 /prefetch:82⤵PID:2732
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2276 --field-trial-handle=1284,i,16478003169781854495,68721036765257153,131072 /prefetch:12⤵PID:1576
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2284 --field-trial-handle=1284,i,16478003169781854495,68721036765257153,131072 /prefetch:12⤵PID:2304
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2824 --field-trial-handle=1284,i,16478003169781854495,68721036765257153,131072 /prefetch:22⤵PID:784
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2876 --field-trial-handle=1284,i,16478003169781854495,68721036765257153,131072 /prefetch:12⤵PID:2220
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3012 --field-trial-handle=1284,i,16478003169781854495,68721036765257153,131072 /prefetch:82⤵PID:3040
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3596 --field-trial-handle=1284,i,16478003169781854495,68721036765257153,131072 /prefetch:82⤵PID:2292
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3704 --field-trial-handle=1284,i,16478003169781854495,68721036765257153,131072 /prefetch:82⤵PID:972
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3752 --field-trial-handle=1284,i,16478003169781854495,68721036765257153,131072 /prefetch:12⤵PID:568
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3912 --field-trial-handle=1284,i,16478003169781854495,68721036765257153,131072 /prefetch:12⤵PID:1632
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2236 --field-trial-handle=1284,i,16478003169781854495,68721036765257153,131072 /prefetch:12⤵PID:924
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3428 --field-trial-handle=1284,i,16478003169781854495,68721036765257153,131072 /prefetch:12⤵PID:1368
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2560 --field-trial-handle=1284,i,16478003169781854495,68721036765257153,131072 /prefetch:82⤵PID:816
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3000 --field-trial-handle=1284,i,16478003169781854495,68721036765257153,131072 /prefetch:82⤵PID:1852
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1256
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\19fddef3-9cf1-415b-a7be-c2a303c2663b.tmp
Filesize5KB
MD5687bd86caf54edbc90924eb7d75759a8
SHA181edf8ddc39b82c92757c7d9e1b3bd3521176dc2
SHA256f4d88019bd3c297eec046092a5275ecffb799b87280a245069d588de3f9f490a
SHA512c67077e18a3f6cd2060969ca480effa2c089b895bb3c759a452cfae4d1f2228e3b54c890efdf9c2c935f87ea84c8ce09da5b361b92c530b798fc3ff761daa685
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
1KB
MD53976def0e2214384bec5a299ace63f20
SHA11aa4c27ed66b0d5e15e760c89a4026b145feb822
SHA2568ac4c530b61e90c06b5dd6ae8e6b070829f1ab77a96aa57863928025b29d7803
SHA51226b1b0123daae9e2e781bbae1413724256dee25984efc308a00b21f646cbcef81693c57e2fefa7142e14174ae42d9eb814d060d664e542680847ce7b8f9f5363
-
Filesize
2KB
MD5aca03f34d28158dae6f5f572bf800244
SHA101f1a5e5dea4b4310ba7d799341c1f2518e13a26
SHA25677370832e71ad9b04a8be00cc5fc59e5770bcdecaf046c568d08324dc1f0b3f8
SHA51265195eaf0e36b5fd13105436ae882cd8e2d030b0fbb79312e9df96c3f6225f4a90c4f173a11f42a77a251427ac3c211ed86376d420844df4775474117e41cd33
-
Filesize
2KB
MD53eda097e9fbf9841e31cae28a038c98d
SHA18b467e87b942d2e405facb15721d23be446fe80a
SHA25695699d77809e0751d6b7866754c9ce5e83f08e2ea2c220846286a3ed0864fea5
SHA512f378abe8429971b1cb40aeaa13c7cea655ab1162547f60a9314bca0eb97598d71c696c975bbeb5510dce65dc2c229a4770b3fb7e1e2dc166c1a7e0a13e98cd60
-
Filesize
525B
MD5b6531846eec893b2eeda68599423e031
SHA10d8cd211eb2496265afdbfa312485461a9971fa9
SHA25692a202a4e4ca7b6fabacb5b1d72839c5aa00bc25319d8f333e20477c5375dd73
SHA51273cf1e216e8aa3b75eb431662e96ecf4bc974491bc52a456727f87461acbf3616ffdc0dcc6454dbefe1ea836d4010c8a5adf3f27a98e0f725eb9f3e31060b7df
-
Filesize
5KB
MD5f1820298cef7c1d9668c9bfcf6c8ab97
SHA11f4bc817ed64d212d8c167e780552b6c81b66975
SHA25691216bb4c411b7d2be0932baedbd9209ab627a73598003753f2eacb74571c8da
SHA5127ef5cb9bbbdc9bcbeae0953abf9f75bc1f5dd9b5ac5ba59e5d200243b0a98c7c0e878bee68e4f0dc062262e63d110283d5d5b543ee0e3e2abab8ca1fd53dc03c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
283KB
MD59c0382f5a947d44351de359c15dee053
SHA112e4667a09a7d56c2fc716efa56267b90ab655d5
SHA25628046fff282d2a00c730d8390df245fc51a1d3dc132abb32573b61d42c5cea20
SHA5120a5dde4a50304cade0cd5427c34fc6dff65d4527a6cfeab4b05513b028ab41fccfeac3cfe7d4fd9d3068f7c59c043f01516acd74d8d8dfd66a272de4d1101a7a
-
Filesize
3KB
MD5e5c61a405128c7eb17e452ceb95bb8fa
SHA1d071329862e850ece290f42cfc0e77aeb5cf804e
SHA256902dc2296ed77f13af0d56ecd88065f0b22516ef826eca5bcc50d5059ba0cf0c
SHA512868384fe0235862bce1c60ec6ac76479865a6476bc7ea1fc1228cd54f3f5650df3c7687c570ae7934f06b09164d133c9d2604ab1710cd435215d449294f15055
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e