Analysis
-
max time kernel
149s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
03-07-2024 11:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
15 signatures
150 seconds
Behavioral task
behavioral2
Sample
1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe
Resource
win11-20240508-en
windows11-21h2-x64
14 signatures
150 seconds
General
-
Target
1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe
-
Size
2.2MB
-
MD5
9f9ed20614b43af7afbdfe94f1f9d57f
-
SHA1
86f7d864e8b6457828fd90091345c6a67981f221
-
SHA256
1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a
-
SHA512
aa2bd936012d2c74686565e2cff28fbf70c8f61845d8836952adcb16dca08261e41b6ae3c1c8dca2be855bdb87b624066b00a6014625f2d17600a88d64f510ef
-
SSDEEP
49152:FiBavT3YSK5h1mUwSgiNsQbuUaBASxyt/w9mZCu/f3HuBVO0c3J2:USe/1mU5gi5braB3T9mZr/fHuBkc
Score
9/10
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation 1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe -
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Wine 1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe -
AutoIT Executable 11 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule behavioral1/memory/3776-3-0x0000000000C00000-0x0000000001151000-memory.dmp autoit_exe behavioral1/memory/3776-4-0x0000000000C00000-0x0000000001151000-memory.dmp autoit_exe behavioral1/memory/3776-5-0x0000000000C00000-0x0000000001151000-memory.dmp autoit_exe behavioral1/memory/3776-6-0x0000000000C00000-0x0000000001151000-memory.dmp autoit_exe behavioral1/memory/3776-7-0x0000000000C00000-0x0000000001151000-memory.dmp autoit_exe behavioral1/memory/3776-9-0x0000000000C00000-0x0000000001151000-memory.dmp autoit_exe behavioral1/memory/3776-11-0x0000000000C00000-0x0000000001151000-memory.dmp autoit_exe behavioral1/memory/3776-10-0x0000000000C00000-0x0000000001151000-memory.dmp autoit_exe behavioral1/memory/3776-12-0x0000000000C00000-0x0000000001151000-memory.dmp autoit_exe behavioral1/memory/3776-14-0x0000000000C00000-0x0000000001151000-memory.dmp autoit_exe behavioral1/memory/3776-16-0x0000000000C00000-0x0000000001151000-memory.dmp autoit_exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 3776 1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133644812305897855" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 3776 1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe 3776 1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe 4972 chrome.exe 4972 chrome.exe 612 chrome.exe 612 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe Token: SeShutdownPrivilege 4972 chrome.exe Token: SeCreatePagefilePrivilege 4972 chrome.exe -
Suspicious use of FindShellTrayWindow 31 IoCs
pid Process 3776 1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe 3776 1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe 3776 1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe 3776 1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe 3776 1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe -
Suspicious use of SendNotifyMessage 29 IoCs
pid Process 3776 1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe 3776 1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe 3776 1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe 3776 1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe 3776 1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe 4972 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3776 wrote to memory of 4972 3776 1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe 87 PID 3776 wrote to memory of 4972 3776 1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe 87 PID 4972 wrote to memory of 4556 4972 chrome.exe 89 PID 4972 wrote to memory of 4556 4972 chrome.exe 89 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1936 4972 chrome.exe 90 PID 4972 wrote to memory of 1192 4972 chrome.exe 91 PID 4972 wrote to memory of 1192 4972 chrome.exe 91 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92 PID 4972 wrote to memory of 2432 4972 chrome.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe"C:\Users\Admin\AppData\Local\Temp\1dc4fc7846d417d72faaa40c3da95b68080a9fd6c54951f7cb3b74f75ce59c7a.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3776 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4972 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff81c5bab58,0x7ff81c5bab68,0x7ff81c5bab783⤵PID:4556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1916,i,16341203813550696857,6780908285458193868,131072 /prefetch:23⤵PID:1936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1916,i,16341203813550696857,6780908285458193868,131072 /prefetch:83⤵PID:1192
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1916,i,16341203813550696857,6780908285458193868,131072 /prefetch:83⤵PID:2432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1916,i,16341203813550696857,6780908285458193868,131072 /prefetch:13⤵PID:3212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1916,i,16341203813550696857,6780908285458193868,131072 /prefetch:13⤵PID:384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3992 --field-trial-handle=1916,i,16341203813550696857,6780908285458193868,131072 /prefetch:13⤵PID:3416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=1916,i,16341203813550696857,6780908285458193868,131072 /prefetch:83⤵PID:3584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4536 --field-trial-handle=1916,i,16341203813550696857,6780908285458193868,131072 /prefetch:83⤵PID:4704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1916,i,16341203813550696857,6780908285458193868,131072 /prefetch:83⤵PID:4116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1916,i,16341203813550696857,6780908285458193868,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:612
-
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4792
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216B
MD56f1efff06a643ceb18f55a889a9bd53f
SHA1fa8390f389db64d11facf27fe0c2d7c1cac3fe3d
SHA256223948c3d81eb3cb24b5cb239a3e94448d481ee97aad0790c79893636f838e33
SHA5122023e14d49cb2e4031783e950d8acfc8cc0082a5b13203ac8275c2cf5ee407446feb83195ed42794770645e5fbde3960f4db388e9f42039c44ab547f20456a1c
-
Filesize
3KB
MD5346e264d45cce974c9eda19304b209c2
SHA1473769751457492b7e057026c75e6f85f09411d4
SHA25655593a824b71dcb25538dacb4193a56cd4ee04d053907afe5bf9b1198cb5207d
SHA5120d2b4283fb2f49d642be8e78ee9fc6fbbf744dae6e2b4b45e94d76856372a3d35cc224c22d7320540be634fef9d225afeb4c560e378f1719b29bddc50567b278
-
Filesize
2KB
MD5e24314d1f1d2fdee0dc8c570e387b546
SHA1e7d231af37674a4be6e5226a82ebedaff0e353c0
SHA256a5b9ef3e15d2a03022986749d7d59ce98d184a8db42c1cc7bcc26ba1aa956970
SHA51257d260429268cc70899676573de7f97074b358a6d51848cea3d74f61dd40090c25fb9cd6bdd21b12c523f974b86a39d8617c451cdcbacf05ce0d576d442c1e86
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
524B
MD5c3a479b9c4ceeaeb48dc51819aa146c8
SHA1776135316fb2a3b6ab4582f70746320418831d43
SHA2563a37e5239a56b757f9658a66fcc158c32b0aaf2491c330d5bedf3713cf181099
SHA5125f852dd1882d2c19bf63880b92c63a1907503fc73ab4678a8d0fdee044aa92c2cd73e66fb4c52cc816a31956966347b11abde05496e18e2e6daa7a3d122f7b24
-
Filesize
7KB
MD545a1a184de819ac5ef2324ff2053c4be
SHA11cd30b01915a5a30392e7230a1434e2b4511d010
SHA256e688702b659f47fdc7d683ec3a487d26d9d9dd08484119e9d9083adcc01971cc
SHA5128cdec0c805d8287bc91011625b4241a6c1fb8056f2a5a1e3ecf75b4147d98221ff4472c5c265c149469d5512ff2d4f5ef88288a00535d1507c453274d5ddcf43
-
Filesize
16KB
MD51a0bb7314f50751e49575a5438c9cda3
SHA10cb19c681b618a57550e51daf41f920133c077bf
SHA256d9ca4422a1d7c143c83b3b892c30a1a0df57894b5daa00e964634e64859456af
SHA512f54ed5f2b4b14998ff09372fe8717972e9052c52680c56719d7d4d73c16dd73ea566a058450ea0e3b289c16a1590c50e8ca88c84f1e4cdc956bb1d7b1b4a8d22
-
Filesize
279KB
MD54956069e2222df6cdb36d557b4d6cbe2
SHA1fa9cb67a854ead1ad592c06378e0f6dfd93841c3
SHA25636f9bed69059d9143ed0d6540fc176ce2affc3690fdd1eee764f08c57d30670d
SHA5121ff83451d71cd61420a5317437633ede8288cb0a20d90d19fb527b9af045162c994fcc0fc994156b289aa07b21a1eb8878c8a61331c23f18632be5e8d55f8e77