Overview
overview
3Static
static
1aOneblo...er.vbs
windows7-x64
3aOneblo...er.vbs
windows10-2004-x64
1aOneblo...ad.vbs
windows7-x64
1aOneblo...ad.vbs
windows10-2004-x64
1aOneblo...ad.vbs
windows7-x64
1aOneblo...ad.vbs
windows10-2004-x64
1aOneblo...nd.vbs
windows7-x64
1aOneblo...nd.vbs
windows10-2004-x64
1aOneblo..._1.vbs
windows7-x64
1aOneblo..._1.vbs
windows10-2004-x64
1aOneblo..._2.vbs
windows7-x64
1aOneblo..._2.vbs
windows10-2004-x64
1aOneblo..._3.vbs
windows7-x64
1aOneblo..._3.vbs
windows10-2004-x64
1aOneblo..._4.vbs
windows7-x64
1aOneblo..._4.vbs
windows10-2004-x64
1aOneblo..._5.vbs
windows7-x64
1aOneblo..._5.vbs
windows10-2004-x64
1aOneblo..._6.vbs
windows7-x64
1aOneblo..._6.vbs
windows10-2004-x64
1aOneblo..._7.vbs
windows7-x64
1aOneblo..._7.vbs
windows10-2004-x64
1aOneblo..._8.vbs
windows7-x64
1aOneblo..._8.vbs
windows10-2004-x64
1aOneblo..._9.vbs
windows7-x64
1aOneblo..._9.vbs
windows10-2004-x64
1aOneblo...ck.vbs
windows7-x64
1aOneblo...ck.vbs
windows10-2004-x64
1aOneblo...ar.vbs
windows7-x64
1aOneblo...ar.vbs
windows10-2004-x64
1aOneblo...wn.vbs
windows7-x64
1aOneblo...wn.vbs
windows10-2004-x64
1Analysis
-
max time kernel
58s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
20-08-2024 17:17
Static task
static1
Behavioral task
behavioral1
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/blocker.vbs
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral2
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/blocker.vbs
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/load.vbs
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral4
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/load.vbs
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/reload.vbs
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral6
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/reload.vbs
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/second.vbs
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral8
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/second.vbs
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/stages/phase_1.vbs
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral10
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/stages/phase_1.vbs
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/stages/phase_2.vbs
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral12
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/stages/phase_2.vbs
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/stages/phase_3.vbs
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral14
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/stages/phase_3.vbs
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/stages/phase_4.vbs
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral16
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/stages/phase_4.vbs
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/stages/phase_5.vbs
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral18
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/stages/phase_5.vbs
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/stages/phase_6.vbs
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral20
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/stages/phase_6.vbs
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/stages/phase_7.vbs
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral22
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/stages/phase_7.vbs
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/stages/phase_8.vbs
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral24
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/stages/phase_8.vbs
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/stages/phase_9.vbs
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral26
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/stages/phase_9.vbs
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/tick.vbs
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral28
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/tick.vbs
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/trial_handler/boss_bar.vbs
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral30
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/trial_handler/boss_bar.vbs
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/trial_handler/cooldown_down.vbs
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral32
Sample
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/trial_handler/cooldown_down.vbs
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
aOneblock 2Original rv3_0_2/datapacks/ob_system/data/obs/function/blocker.vbs
-
Size
4KB
-
MD5
79ba617608c38df387721c574e2b2114
-
SHA1
8535f405b19b35fee47977eb69cbd5055d86df3c
-
SHA256
8818edc48328e43b8083754d14ae460e59b8e1f5f5bfc9b4992112e315b04a89
-
SHA512
ed1be4e7444e8ea2647ef6bf9234e9f7e0e271f81050c33d374941a469134ba93036a6cc3e984446a313c707ed5f75d75140509e687394ab0f2c011c7448ca3d
-
SSDEEP
96:j+vYr+Mvy+1lwF+qFs+LUf+Ib2+Rq5+GhA+nwjzCB2/QTQUdadz2P2ijDsj6sQsh:aMuIUI
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2952 chrome.exe 2952 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2952 wrote to memory of 2388 2952 chrome.exe 31 PID 2952 wrote to memory of 2388 2952 chrome.exe 31 PID 2952 wrote to memory of 2388 2952 chrome.exe 31 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 3032 2952 chrome.exe 33 PID 2952 wrote to memory of 2064 2952 chrome.exe 34 PID 2952 wrote to memory of 2064 2952 chrome.exe 34 PID 2952 wrote to memory of 2064 2952 chrome.exe 34 PID 2952 wrote to memory of 2588 2952 chrome.exe 35 PID 2952 wrote to memory of 2588 2952 chrome.exe 35 PID 2952 wrote to memory of 2588 2952 chrome.exe 35 PID 2952 wrote to memory of 2588 2952 chrome.exe 35 PID 2952 wrote to memory of 2588 2952 chrome.exe 35 PID 2952 wrote to memory of 2588 2952 chrome.exe 35 PID 2952 wrote to memory of 2588 2952 chrome.exe 35 PID 2952 wrote to memory of 2588 2952 chrome.exe 35 PID 2952 wrote to memory of 2588 2952 chrome.exe 35 PID 2952 wrote to memory of 2588 2952 chrome.exe 35 PID 2952 wrote to memory of 2588 2952 chrome.exe 35 PID 2952 wrote to memory of 2588 2952 chrome.exe 35 PID 2952 wrote to memory of 2588 2952 chrome.exe 35 PID 2952 wrote to memory of 2588 2952 chrome.exe 35 PID 2952 wrote to memory of 2588 2952 chrome.exe 35 PID 2952 wrote to memory of 2588 2952 chrome.exe 35 PID 2952 wrote to memory of 2588 2952 chrome.exe 35 PID 2952 wrote to memory of 2588 2952 chrome.exe 35 PID 2952 wrote to memory of 2588 2952 chrome.exe 35
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\aOneblock 2Original rv3_0_2\datapacks\ob_system\data\obs\function\blocker.vbs"1⤵PID:2780
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2952 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef71f9758,0x7fef71f9768,0x7fef71f97782⤵PID:2388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1280,i,16840772756986874270,12070105144484806921,131072 /prefetch:22⤵PID:3032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1280,i,16840772756986874270,12070105144484806921,131072 /prefetch:82⤵PID:2064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1280,i,16840772756986874270,12070105144484806921,131072 /prefetch:82⤵PID:2588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1280,i,16840772756986874270,12070105144484806921,131072 /prefetch:12⤵PID:1992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1280,i,16840772756986874270,12070105144484806921,131072 /prefetch:12⤵PID:1980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1468 --field-trial-handle=1280,i,16840772756986874270,12070105144484806921,131072 /prefetch:22⤵PID:2144
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3204 --field-trial-handle=1280,i,16840772756986874270,12070105144484806921,131072 /prefetch:12⤵PID:1324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 --field-trial-handle=1280,i,16840772756986874270,12070105144484806921,131072 /prefetch:82⤵PID:1276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3700 --field-trial-handle=1280,i,16840772756986874270,12070105144484806921,131072 /prefetch:12⤵PID:1696
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2028
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
Filesize
168B
MD5d832401d68556af642e45ccdb9810912
SHA1da764f9fbdc96d11beed29ecc276444ebaa03487
SHA256279489ed0c641184dd35258517b9bf0bbb0f410d0fd6e0706c89a05f9cb25070
SHA512f4a4c95c5f2a1797368c7f8783ebfd629e9cd934aa5571f93a8628ff6327b7c760aa2eae360016e7301a35a8996180199cbea18a4c0e84f619c2b69a76ee744c
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
1KB
MD5df360e673ee24e5f8a1ffcbf24da8be6
SHA18c855ec6749012f32af4d47319ce10dbcc2d0c14
SHA256ebe6c02452afc24fce1f5e0a9fbc1bc5eb2c3407eccbb17326c8489bc690de59
SHA512ea4bea0d44bff158df0f90cc99e60e7bae037bfcc91cd14fc44f44319c244a8c3da09011668ce70fa2d831cf66269e9621e04e73f019d94ef2d2b64e08a430fa
-
Filesize
363B
MD5add8855b362986f295d551972a189430
SHA198d4b5a8e3de35ab70903a2052ea3c3f6f57d4b4
SHA256094ad5c7163e89abdd90d3463c206cd6a4eac35ab1ddbdbc10b4948fef2c9ecc
SHA512388e6f267b9199d1fe964e08c4c2ef881e3b2fc1125e3aecc79fd4125991310df421d2a3999936bbfaca462cd82949ac90953f686ca4e980561526a41c9bd004
-
Filesize
5KB
MD587993cec96661406cb0b3fb602670f3a
SHA15d52029232e60b4fb4ca1b7d1f4384f5f88552e3
SHA25687e6027cf09f391980b652aa8021902363c07aad0a3f444aca7bd6fe54e5c5d9
SHA512b06cde6fd207232cebb4b08082cc8786c9c73945f225a0442f36c5b54d37fd3fdcb4195036bd2f48618134a31fd5293aa874337829e6f03fa7dda51ca85cf5f0
-
Filesize
5KB
MD5dd25f088293b8cbde9d0a13c6186d402
SHA172ab2cc70b8358353b6bc0d35459c74b60144d0e
SHA256fb00c28ca1e339105b82bcfd50193b97c963c9b13f3eefc9eddd909bdd687daa
SHA51236842188c296e5c09bc91bab0ac201da268a28cb3f3940a407b57ae5e59d24643db82c8632625ce55a2f27ac749365137d91054215a1714b56a145381de7caa4
-
Filesize
6KB
MD520f59add41c7524fa64c517526fb9260
SHA12d3f5e9cd4d4713549318be27a9304850ca880fc
SHA256e2281ac35e56967961ae2bdfc6d3d1359e37bcb29ee842ce1dd2fed099086e0e
SHA512105a7d0e5bf80b5f28e5a5bdceac7dc1b19a74fc95f7b751d1162e7c1309db29f051096db7a6b8912f70d49610fc23f1ced6db9b9e84ce3b87559e4ba988cdac
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2