Analysis
-
max time kernel
94s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
12-10-2024 18:25
General
-
Target
Bios Flash Helper.exe
-
Size
6.5MB
-
MD5
ca968d3a6dea5e46716281ceb6cd575c
-
SHA1
792ef05b2262577e39b0c91d57874c2326ef0dc5
-
SHA256
6023ea55d3ff78b3642367375c276bbde744636c1d485b5bf7cf3d4609936bef
-
SHA512
b4b62663e9f08b29569cae12b8184366dd38004c574c3c33fe7a5859700277dc66f5d52184dd1a0d4ecac583909be10fe1f5bce250a86685b588edcea792035b
-
SSDEEP
196608:GPH+gp1DM9onJ5hrZER9xQ3jo4UR7+AkC2:WpNM9c5hlER9xA2RSA
Malware Config
Signatures
-
Loads dropped DLL 6 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 27 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Bios Flash Helper.exe"C:\Users\Admin\AppData\Local\Temp\Bios Flash Helper.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Bios Flash Helper.exe"C:\Users\Admin\AppData\Local\Temp\Bios Flash Helper.exe"2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV15⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV15⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV15⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV15⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV15⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV15⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV15⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start3⤵
-
C:\Windows\system32\cmd.execmd.exe4⤵
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7060cc40,0x7fff7060cc4c,0x7fff7060cc582⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,7724201042141831194,5667493781104066361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1964 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1976,i,7724201042141831194,5667493781104066361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2140 /prefetch:32⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2104,i,7724201042141831194,5667493781104066361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2472 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,7724201042141831194,5667493781104066361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,7724201042141831194,5667493781104066361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3716,i,7724201042141831194,5667493781104066361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4592 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4784,i,7724201042141831194,5667493781104066361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4772,i,7724201042141831194,5667493781104066361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4912 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5008,i,7724201042141831194,5667493781104066361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4604,i,7724201042141831194,5667493781104066361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4608 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5092,i,7724201042141831194,5667493781104066361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4964 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4928,i,7724201042141831194,5667493781104066361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5136 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3560,i,7724201042141831194,5667493781104066361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3508 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4716,i,7724201042141831194,5667493781104066361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4656,i,7724201042141831194,5667493781104066361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5392 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5612,i,7724201042141831194,5667493781104066361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5396 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5732,i,7724201042141831194,5667493781104066361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5768 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5908,i,7724201042141831194,5667493781104066361,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5916 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x508 0x2ec1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17KB
MD545a2dde4b4a43c5bb297b1e9d2226f4b
SHA1cca65cc2b7a6349feccf4b9b84272ab74c263254
SHA25696d5001b0f74bf4fe9004eab6e5cd52be632e256ead91642303b049298b405a4
SHA51245bec1fb8e59477cfdc217bbb989f5730e1bd2cfab89887e44480ca3635e73d1e9cbd3c9045db1f8d2ab02cda0299af14ec4d79c5273e6eafc280345fe9ecd90
-
Filesize
1KB
MD549db93f33213c99237ceb5388dbc222a
SHA149982aa238361ab42e75f3764d0743040bd0f3e4
SHA25691b23e71b8ab7965f6b6044d2f402b5a0a42af1fc959cd32dc17f519fb7b1019
SHA5120827a30a7dd384ac3686a0dc0db2be879146bc747fb83634bc04641f4d7830d43ae7fc33743c839810aa4bc0d5feb2e43c4cadd52d3360c354f47adeaf33f0dd
-
Filesize
264KB
MD528bc36d62fdfb61a287f09dcc4625dee
SHA14d02e374981f23db8e6f6ebe6ca4c6d4d0c36f17
SHA2568eff2369930162e4c120fb3438f6574fb62b521cdaf0a9d7eb1a012fa1480912
SHA512ad42aca093d8a4ddf283a265d1038922569039b03c5911bca0eba099f72d47f2fbbcdf51f5b5c6e6026c61911ba6d720514ff49c685e9c0c6cf867863bfefd12
-
Filesize
6KB
MD52a7248773e6f9ffe293b6a7cd2d5f797
SHA1bafa0c0eb487a9372d3b3af4f39a23f3c5e67e3f
SHA256fb2f96717f388e4b129549cc1d2c7b749a7b169e138733c33df940b8e8c0b89f
SHA51275aa103ab1d9ac1c62c91c5b138d6f5e90571101e55fe76103557f1f4b599e3a551930f5cceba4d5eef8fb9a1527be302399da4ba753e80844ecc2dbb586ba9d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
690B
MD5bc3e3bc33b1edb0cb8abfc76db5b97e4
SHA1b0adc1437bf499d6a68abceed32037411f492c5d
SHA256b4741186cb8f233439a8eb962876d40fad73114cc858bda9652b8894ef8ad2c2
SHA512f5bad4efa1cc1aee28bca4dfb5657dfffca34da07432da0faf882cd2c2a4081a53c97f82db8f529ceaecb1bb7ed1133240e84c36ebe2e20c1bc2ee7a88ba0ad7
-
Filesize
857B
MD58ea6979c000de9834ccacc123f053186
SHA1823a3b5abf038bc8e2a7572372b822ae941e0fbd
SHA2566ecd30790a5c446845eaeb0c8f80fcf94ef0bd2d8e48314f0290b07ffbabd58e
SHA512cc30a89088c2e540ce4fef52155d559d628a7613d23c8075be6c303337817be8929e4be0ad3b8abc649180dde2a9c214cc61fa3a7f8c5e5e687649272cfb9b49
-
Filesize
690B
MD52d25ff1cd1f83d409290bd72cc36e867
SHA16d3cf713d58d2b5c88d3d757af368fd230d4be2c
SHA256e41bc6172577e17590ed104b53dd254aceaf2881d12cb8b43dd312b3221a0b16
SHA51201fd6acf970271714ff8e49fb0a0b48539ace872d37e4c48a3c559fe35b4a3818aff7087e481283418cd9120ae3524f26044f213dd6d1b87caeb0b0f17ab0aa1
-
Filesize
857B
MD519fccda7840c5b68f8dace7a9a3c4649
SHA1d9431db542122c5a4b6bd17a80064e4510ed70dc
SHA256c7f6b9501e123ded98ef96754ce42d74280eb2e1630cf1b4c339bf5f5c3dbd71
SHA512ed1162ef6eb7631fb8b572adc8a2dca89930e32e4e01854c2bc84d8e5ecc68fea985e70bc28e1e6920547a6b317f788e11f1832174ce40e2ee00008ce7664cf3
-
Filesize
8KB
MD5c4be8e1cf91de4437889749cf318bad0
SHA1927b401d11d5fc38c07b202db5dd0a1b64ab456e
SHA2563070fb8a4f6cde2e44231ed3be773c3132b902c16c6f867bc7ac919722c9c9e1
SHA512692b85d3edc922c5b159fa6335854cd4c41094bcfba27157627be8ec9b7d8a6cdec6bda3f7ec552a4964dc83c5f70394939b4f9cad05f6974c91d670c50689f7
-
Filesize
9KB
MD5c00317a503e392f21806d98a9d9a7a6e
SHA13c43b79c039b2784855d51cfc4759d08995eb7fb
SHA2560f8054584055509cd6a7f5e01489491426a59811c6d9ea6b9eac9c27e5416710
SHA5129d9a6c23f901b4bd651250e596d197c865e958c902362a36ebd3a9d5f7c5dfd195458e3c2a217dab4a0ea6d73ba3d12d2a7bea98e70c679eaec1a0c04d6d9e1b
-
Filesize
9KB
MD56ae8cb15b011b97dd7d7910022339563
SHA14ca988f7995886bb1820bdccf3ba0608c6cda42a
SHA256c918ba52aa977d4a9abe14410e39b0e90e4df36026fc73f438cbe6fa69d1ca75
SHA51272dcda3e819d176a3d84367351a022eec88745b936aa0faed89429bb9aea341227f8adc68fbad0b933deab9f5c52ce5ac6f11da29db8d159a7d9afd688c215a0
-
Filesize
15KB
MD52c7574b8b65687cb9574e43a860d165c
SHA1efbb563e7c065a1d85df96a199ddafa4e9b6d002
SHA25693bf5f79c1309812586d4fd7b62c210c41c4416cb5b0989bf5e2289b64c3c45a
SHA5122db51ef3e2e80f615b02f08bfd2df17be9fcd4e1f9b45c8964b337c5b80f08e4d299912f6b5c96ad5f1eecf8b76fd3898236d279bb6945965054f3c74e6b62b1
-
Filesize
120B
MD59fd98e0120702c12ace4ca8df689b29a
SHA1a6237b96450eb0df8e7997efb73bd472cd129a54
SHA25686fba45253af515a206360f78b3607c855e418c083efb75bfc21c74a8184179f
SHA5122d782ca3f9425878be59295e6c8f211b2d9ee08c6120cfed8a0d365d7a2e20057e5c12285568ffb6a542c04715d6c71a45e03ec3036f80f36cf894a36100c4da
-
Filesize
228KB
MD5353030c9a4d71f1035197141e48eb893
SHA14d8cad07169b2a26eb84069fd27fea3a2572c363
SHA256a08135e2174127e5933ef96a61843946d9f35a18e3a88f0ff63fbb8e02a8398c
SHA512e9a316d2656899a5d339da5f44e1700849a6e4f1fe278a1f24c1e604136ff09379a4f791bea4044636c6090e74ed3a144b512762738fcfcd1e7a6b41a3e42676
-
Filesize
228KB
MD56d086153d339bd66bc6aef7850c2e363
SHA18c2bc684096cf723ee9cd1f02ba52242774728f5
SHA2566f8649d1996c74bdf6064007c899d52a7a60192a2b4ae40a2547d22c00bb5a33
SHA512e1230808d5e0986a0648032fdf00cdbb1e33d04f4bbbc629c850aa0433b31d2b8946cc02aeb442d243ca489742cd5508dab3733ee7fbb2e8a4b5a0864d4b18c6
-
Filesize
91KB
MD57942be5474a095f673582997ae3054f1
SHA1e982f6ebc74d31153ba9738741a7eec03a9fa5e8
SHA2568ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c
SHA51249fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039
-
Filesize
123KB
MD5b74f6285a790ffd7e9ec26e3ab4ca8df
SHA17e023c1e4f12e8e577e46da756657fd2db80b5e8
SHA256c1e3e9548243ca523f1941990477723f57a1052965fccc8f10c2cfae414a6b8a
SHA5123a700638959cbd88e8a36291af954c7ccf00f6101287fc8bd3221ee31bd91b7bd1830c7847d8c2f4f07c94bc233be32a466b915283d3d2c66abed2c70570c299
-
Filesize
78KB
MD50df2287791c20a764e6641029a882f09
SHA18a0aeb4b4d8410d837469339244997c745c9640c
SHA25609ab789238120df329956278f68a683210692c9bcccb8cd548c771e7f9711869
SHA51260c24e38ba5d87f9456157e3f4501f4ffabce263105ff07aa611b2f35c3269ade458dbf857633c73c65660e0c37aee884b1c844b51a05ced6aed0c5d500006de
-
Filesize
767KB
MD57ece4ca42658ba2a669af5ba31c127f1
SHA1eec81105b210e4a2cf576c7438647d5df2aa6169
SHA2565dcbab6e1b53994dc71aa9b91f16d686387ba3b63c3e6acdf0b6bdf611271986
SHA512818d550ee80d02a928a849383f588ba3f4e8031a5e0f46eabc075cfc8b5833c802740e48a055bab700a7961059fe53eddb487b2f306333f0c9e89a53d6a0f110
-
Filesize
32KB
MD5eef7981412be8ea459064d3090f4b3aa
SHA1c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016
-
Filesize
4.2MB
MD5c4b75218b11808db4a04255574b2eb33
SHA1f4a3497fb6972037fb271cfdc5b404a4b28ccf07
SHA25653f27444e1e18cc39bdb733d19111e392769e428b518c0fc0839965b5a5727a2
SHA5120b7ddbe6476cc230c7bdd96b5756dfb85ab769294461d1132f0411502521a2197c0f27c687df88a2cd1ab53332eaa30f17fa65f93dac3f5e56ed2b537232e69c
-
Filesize
27KB
MD5a2a4cf664570944ccc691acf47076eeb
SHA1918a953817fff228dbd0bdf784ed6510314f4dd9
SHA256b26b6631d433af5d63b8e7cda221b578e7236c8b34b3cffcf7630f2e83fc8434
SHA512d022da9e2606c5c3875c21ba8e1132ad8b830411d6ec9c4ddf8ebd33798c44a7e9fe64793b8efb72f3e220bb5ce1512769a0398ecc109f53f394ea47da7a8767