Analysis
-
max time kernel
41s -
max time network
44s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
13-08-2024 21:30
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://shared.outlook.inky.com/link?domain=urldefense.proofpoint.com&t=h.eJxdkE1TgzAYhP-Kw4GTLYSPBjrDaC3Wj0Iram31wiBJkBaSEAKIjv_d0oMHb---u_PszH4rjSiU6ZnyISWvp5p2lAgTTGs85oIxwllO5ThlpdYag3nReKfoyJzFMceMF7juKRZZjodULEseq8jzu3CRRGrq4ebmrZZp8uwXRZuX1yvnHe53oqvWZNTas3iOeEZfSJ6HoSq8rQ2D2x2bbx8tbKysTWv6b19PM74Ck-px9B6t73NUrXYb0WVq6e39SEQ3h9j6cLrFIgLVchM_xLgJpG8G_WTmb5Af0O3nYhuGsAp9uS-NXXVVtdd51Aa6qdZeCLJ2FGV395IHYXcQa6tPno3CYfDztdHnd6_LeW_21cuXo6vYU87PlMOwFsWSiYxICKFhuq6WEZHQA2FCXv5dCUU1o_VpuwS4gLhoMkEWcAyiIxumpgF1ABNTR8DSwJFjO8C23DF0hxo81JxYl6nEKMNdIrEYYIOLBvf__-cXvb2YkA.MEYCIQDlWYmC9YWqLwzGo1_Uz-5wC3tKqjhwYdDjRwRlhUS1MgIhAIacU_ZjLEOwuLoud4iCkwdAfjTkcppBULGpCRVOxW_P
Resource
win10v2004-20240802-en
General
-
Target
https://shared.outlook.inky.com/link?domain=urldefense.proofpoint.com&t=h.eJxdkE1TgzAYhP-Kw4GTLYSPBjrDaC3Wj0Iram31wiBJkBaSEAKIjv_d0oMHb---u_PszH4rjSiU6ZnyISWvp5p2lAgTTGs85oIxwllO5ThlpdYag3nReKfoyJzFMceMF7juKRZZjodULEseq8jzu3CRRGrq4ebmrZZp8uwXRZuX1yvnHe53oqvWZNTas3iOeEZfSJ6HoSq8rQ2D2x2bbx8tbKysTWv6b19PM74Ck-px9B6t73NUrXYb0WVq6e39SEQ3h9j6cLrFIgLVchM_xLgJpG8G_WTmb5Af0O3nYhuGsAp9uS-NXXVVtdd51Aa6qdZeCLJ2FGV395IHYXcQa6tPno3CYfDztdHnd6_LeW_21cuXo6vYU87PlMOwFsWSiYxICKFhuq6WEZHQA2FCXv5dCUU1o_VpuwS4gLhoMkEWcAyiIxumpgF1ABNTR8DSwJFjO8C23DF0hxo81JxYl6nEKMNdIrEYYIOLBvf__-cXvb2YkA.MEYCIQDlWYmC9YWqLwzGo1_Uz-5wC3tKqjhwYdDjRwRlhUS1MgIhAIacU_ZjLEOwuLoud4iCkwdAfjTkcppBULGpCRVOxW_P
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133680582551262669" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2084 chrome.exe 2084 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe Token: SeShutdownPrivilege 2084 chrome.exe Token: SeCreatePagefilePrivilege 2084 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe 2084 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2084 wrote to memory of 3596 2084 chrome.exe 93 PID 2084 wrote to memory of 3596 2084 chrome.exe 93 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 4996 2084 chrome.exe 94 PID 2084 wrote to memory of 952 2084 chrome.exe 95 PID 2084 wrote to memory of 952 2084 chrome.exe 95 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96 PID 2084 wrote to memory of 1032 2084 chrome.exe 96
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shared.outlook.inky.com/link?domain=urldefense.proofpoint.com&t=h.eJxdkE1TgzAYhP-Kw4GTLYSPBjrDaC3Wj0Iram31wiBJkBaSEAKIjv_d0oMHb---u_PszH4rjSiU6ZnyISWvp5p2lAgTTGs85oIxwllO5ThlpdYag3nReKfoyJzFMceMF7juKRZZjodULEseq8jzu3CRRGrq4ebmrZZp8uwXRZuX1yvnHe53oqvWZNTas3iOeEZfSJ6HoSq8rQ2D2x2bbx8tbKysTWv6b19PM74Ck-px9B6t73NUrXYb0WVq6e39SEQ3h9j6cLrFIgLVchM_xLgJpG8G_WTmb5Af0O3nYhuGsAp9uS-NXXVVtdd51Aa6qdZeCLJ2FGV395IHYXcQa6tPno3CYfDztdHnd6_LeW_21cuXo6vYU87PlMOwFsWSiYxICKFhuq6WEZHQA2FCXv5dCUU1o_VpuwS4gLhoMkEWcAyiIxumpgF1ABNTR8DSwJFjO8C23DF0hxo81JxYl6nEKMNdIrEYYIOLBvf__-cXvb2YkA.MEYCIQDlWYmC9YWqLwzGo1_Uz-5wC3tKqjhwYdDjRwRlhUS1MgIhAIacU_ZjLEOwuLoud4iCkwdAfjTkcppBULGpCRVOxW_P1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2084 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbccdacc40,0x7ffbccdacc4c,0x7ffbccdacc582⤵PID:3596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,475234696569491317,2533649313144033168,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1896 /prefetch:22⤵PID:4996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,475234696569491317,2533649313144033168,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2176 /prefetch:32⤵PID:952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,475234696569491317,2533649313144033168,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2400 /prefetch:82⤵PID:1032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,475234696569491317,2533649313144033168,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:12⤵PID:2568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,475234696569491317,2533649313144033168,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:5080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4612,i,475234696569491317,2533649313144033168,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4452 /prefetch:82⤵PID:1376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4844,i,475234696569491317,2533649313144033168,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4868 /prefetch:12⤵PID:1544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4912,i,475234696569491317,2533649313144033168,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4948 /prefetch:12⤵PID:3540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5076,i,475234696569491317,2533649313144033168,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:5352
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3212,i,475234696569491317,2533649313144033168,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:12⤵PID:5480
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5184,i,475234696569491317,2533649313144033168,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5196 /prefetch:12⤵PID:5644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5368,i,475234696569491317,2533649313144033168,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:5784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5444,i,475234696569491317,2533649313144033168,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5476 /prefetch:12⤵PID:5940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5596,i,475234696569491317,2533649313144033168,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5584 /prefetch:82⤵PID:4792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5448,i,475234696569491317,2533649313144033168,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5744 /prefetch:82⤵PID:1780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5916,i,475234696569491317,2533649313144033168,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5912 /prefetch:82⤵PID:5192
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5424,i,475234696569491317,2533649313144033168,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5888 /prefetch:82⤵PID:5308
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:3324
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4412,i,1602949858158667699,12464335823361976127,262144 --variations-seed-version --mojo-platform-channel-handle=4448 /prefetch:81⤵PID:1160
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:2576
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD55892729052e131d1fed00308214e252e
SHA1dd075bffc1f1dda7f12999218ac704f89f36b1f1
SHA256eba6447fc4bc81f9422b8de92cd3a8f1428b2c02d1d7df8370fabb4f1b135154
SHA5120368de6cc2e11d49876d9b4e7410da516548a53d98f5699dcd710103748b6b36cb9754fdf4d62deb7be8cab7eff22868097e98fa06417a01f005ab984f2f1ebe
-
Filesize
36KB
MD51181a545cb738b0a889bf8f7b3d39537
SHA1028bb9a0117fdcf42668722e9cf03239792991b0
SHA256a48965f97e623e90d1d3213dc388601830b97dcb2b0728f7c070bfa0a90d580d
SHA512e836d615223de5249529ad55db142804c5cbc1c7cbe1093fc4109dc37968553361901d3736a8281cafc91a72ee03169374adc96d83eea55527000312c41a65c1
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
2KB
MD5954db34cbef9dff127d9aadf5c45bd91
SHA1f9e0580f5c593712cd8261e02d3d5ac25ebab40b
SHA256fbab60522d4c1e33024c2a4ea5570ce219bd36064b1ddaa7873a93d87f64cfa6
SHA512f2a9aab907bfca69fa3097793349f64560cbadaf7d2a7d395f5ca6c1b42208ebe0019e3ba433846fb3316127df4935d696306f609f95108a41ab963272a921bb
-
Filesize
4KB
MD5cff3886ae758c6b3f39b35ab3dd29e78
SHA1b60243b3c94e12be34338576d42c881b61537442
SHA256bee6740949a728298096a52aa615a83152ef0af125245f272578cacc984ce520
SHA5129d993416159cb1263ba446e24521986737ffb0378ef22792acf33ac47569d87aef27ebcef485ede3f69614311ded3f914ddbee758dc774e215dffeb1c6237808
-
Filesize
8KB
MD585a5414c054f9f486f81e64bf2469b16
SHA1af5cea5fad0f761eabaed0c455b01c011661495a
SHA256748874ed52d212d5dfe76775f580cb14918dc72c3d249457104280fe5e8c34a8
SHA5127a4b1bb8f4a96185d43c43a1b061df8b1a347a1a9ca93a55de9304a2b10c1aa61dc5fbd24606961bc905ea7c1b3f7cb9828f96f9a91df3b068d34073f941a961
-
Filesize
9KB
MD5d1cc572c21ce9705d600af1dbb82160f
SHA1096cb8a7ac02d575443a0ce26b8f50f15564082e
SHA25671fd63062be2f02b3fa3772b86a5da1799ab0ec489402887b7daa9999fb6ff69
SHA5122f335d02610d4c6d132f348089e52aa6dee57208cccdf1b9ad017f84ad3c807b9c8bb035d62b4ddb165eeb16428f298bbca9a238defa62afdc57d880de3efad1
-
Filesize
10KB
MD57dd016d69f8c6566222a46dbb6c0f5bc
SHA13f4d9df026c0819260923a5f7bb643c2b16548d4
SHA25659e7d117bbbdf966c24321e6a14dc8392c5fb47056ea06361e6203079103d1da
SHA51251feb1fbcabcf8f21a02a8ecd446d6eaf3c0a4c3d3f68d2c40d4faab0af90a62e3ed7799d4d839860070f5174efb45978e4ff03a6dc912f83b674457b6ff671c
-
Filesize
99KB
MD5f79567094d4ba5aeb4e320f745315c52
SHA147192c0477c97adaa6da2efbcd15176f3205e6d3
SHA256b2f0e551f216983787a7a372a152dd113f6c2685461cfc82bdd3f26520e958a9
SHA512ff441b82a1f00e4c8d7082fc9c4b1db1c64e8c0e81d4eb7f39348c6b5fdfbe4246eb04f5856fd41027192b325c3a2ab1f59d1563fa2a8211d212394d897756ce
-
Filesize
99KB
MD51e05f9520419b5e7b42ae21c6eec4a88
SHA12dc5b85dafd7fe445c879bf9c482803de34d54ec
SHA256e4bfbc21b1052f0eaa40f5f99b01e77d6dd7f7567c19b1fe95740379a1169431
SHA51244c1d8a3b36a147e6231aa6ae05b32d5e3fe1f4793feaf94133adf8411e60e9a94b400a032edf055a65906aa01a713452539a8e306710e80e74a5099495ac55a