Analysis
-
max time kernel
51s -
max time network
56s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
03/11/2024, 21:00
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://wearedevs.com
Resource
win10v2004-20241007-en
General
-
Target
http://wearedevs.com
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
pid Process 3956 Extreme Injector v3.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 194 raw.githubusercontent.com 195 raw.githubusercontent.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133751412587359330" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1932 chrome.exe 1932 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
pid Process 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe Token: SeShutdownPrivilege 1932 chrome.exe Token: SeCreatePagefilePrivilege 1932 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe 1932 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1932 wrote to memory of 3872 1932 chrome.exe 84 PID 1932 wrote to memory of 3872 1932 chrome.exe 84 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 4960 1932 chrome.exe 86 PID 1932 wrote to memory of 2732 1932 chrome.exe 87 PID 1932 wrote to memory of 2732 1932 chrome.exe 87 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88 PID 1932 wrote to memory of 2948 1932 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://wearedevs.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1932 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa3a40cc40,0x7ffa3a40cc4c,0x7ffa3a40cc582⤵PID:3872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1932 /prefetch:22⤵PID:4960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2196 /prefetch:32⤵PID:2732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2420 /prefetch:82⤵PID:2948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3060 /prefetch:12⤵PID:3048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:12⤵PID:4516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4492,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3668 /prefetch:12⤵PID:3600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3356,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:1972
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4660,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4668 /prefetch:12⤵PID:2024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4792,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4648 /prefetch:12⤵PID:3480
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4320,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:12⤵PID:2440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5232,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5184 /prefetch:12⤵PID:4216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6072,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5756 /prefetch:82⤵PID:2340
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3052,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4024 /prefetch:12⤵PID:2004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3528,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5236 /prefetch:12⤵PID:4892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5268,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:82⤵PID:996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5184,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5040 /prefetch:82⤵PID:1404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4024,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5704 /prefetch:82⤵PID:4076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6132,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5680 /prefetch:82⤵PID:4216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6000,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6016 /prefetch:82⤵PID:2776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6232,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6256 /prefetch:12⤵PID:2092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6388,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6392 /prefetch:12⤵PID:4192
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5448,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6580 /prefetch:12⤵PID:432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4664,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6616 /prefetch:12⤵PID:4716
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5668,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5488 /prefetch:82⤵PID:3392
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:2600
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4428
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2100
-
C:\Users\Admin\Downloads\Extreme Injector v3.exe"C:\Users\Admin\Downloads\Extreme Injector v3.exe"1⤵
- Executes dropped EXE
PID:3956
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5a8c5436fedb2c1ddd4208ed591c92c17
SHA1446047388352d76fe6b149654e522ab08144953f
SHA256182e36d4b13b78ba106ecc01f47c2eca662583c2707823382bf8108e6b0d27d6
SHA5120275b2143aaf7b39033bcda4abfae839a47c802298b180b6886dfd7662fe81d8595973102fece8e67e60a045a31dbe2c2450604e7f017c297ccccec2004f0adb
-
Filesize
52KB
MD5d0257b73c491f026709ce5d4bd65a8e0
SHA1ef1e88f1d6dbf04ba4983e48e91dc174a1697c96
SHA256b399da75ede339706576a976f7766d444b67b4daf62b0b321866f6103bf291a6
SHA512c8fcd72af6e6c82b0d7c4d51e31fc5dd5321eca6b3cf339888645a49eb010351a429cdf5f926c27cf0c150b48285e0f521431aa07b41dd8b0b3aa70358fdfa21
-
Filesize
128KB
MD5b40fb6ac17dfb5bb35878a384682a64b
SHA161925f87658b84cb5b53ba9db59dd2f1ed814fd1
SHA256449deb6564c13c0afd52e4301c3a37d3130fb6afecd59f3341b70649ba4dfbc3
SHA512ff56388f78213eafd7f290c02256c7331f02d59977581355fe5457723e593bb620d2f886523aa695494bf9ed3b681a788e2e2791de7b4183c860c4afe1ddca86
-
Filesize
20KB
MD5bec2af13143a7771b0b89cec2ab92b27
SHA19cd25b2c17a630fd0d6dae4aa80ea510ef4b89b2
SHA25652aa9c3bdb64b5d1c1fe6dbf456fc50da434916b6c7489f3c64a0ea9253408ab
SHA51242d00250350982b0d3f26b84f33cc1365c8ab57f830f2f859cf3cdc8ba2879c09249264b1177c4b85de6a2461efe06620668c8d5bb036fde0b0030fa246075b6
-
Filesize
1.9MB
MD5ec801a7d4b72a288ec6c207bb9ff0131
SHA132eec2ae1f9e201516fa7fcdc16c4928f7997561
SHA256b65f40618f584303ca0bcf9b5f88c233cc4237699c0c4bf40ba8facbe8195a46
SHA512a07dd5e8241de73ce65ff8d74acef4942b85fc45cf6a7baafd3c0f9d330b08e7412f2023ba667e99b40e732a65e8fb4389f7fe73c7b6256ca71e63afe46cdcac
-
Filesize
270B
MD58e05d718e7167f5c2baebb39d775ba77
SHA1ccafb4b54cbec17e4f8723c7e503fb63c2ad287e
SHA25624e8396609f1e9724b00ec4990da4a3c843756574cf084b024be7f3a802e5e45
SHA51238c204d6eeae6224ce826ad25e2d4659fd5312e3f0b33318117b1e0915daed3c8340b761843b43a18feaab7972ec29df8a92f351fdfee97d4059c77d94a8575f
-
Filesize
1KB
MD582932d5a6abc3126df384a7ced51b453
SHA1f1c6940b5b9d4a00e381dd4b3ad686e43c086e38
SHA256868ceac71fb21ae764c177c82b63f4f033986eaa5ff59f8ff64431c8f50a542d
SHA512396a4563da46db97f1dd84b1bb8fd05921c706ee72923550acaacf36e07c72c3e84ed038f3cc23780c3debb28e0571b1ad17f2d10188a7d373994b7afeacb533
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD5a40ac255ebae30146dc34e97baecb2be
SHA109f988ad7783c468af3cabf55fc93a5c2ccb3423
SHA2568aa07761d06335fc1b9eb9f99fa05d95d557922f281a38e3608b626d33d41870
SHA5123bcd4044a44a0ab7acfd1dc773ab9524cd6f5a8f52656426124d523f97ad104b3297626e5918e8742b64150c4247dda0d2d7129b73d3cd5579702bc4874c59c3
-
Filesize
1KB
MD5763a9255f0c6d759484680be96eddd66
SHA12475d48e2f231835e3318e1b47a7dda462fbac56
SHA2569220c2cc78b0d921f3ba265a24bd90970add221eabe387804170b781d18e575b
SHA51262396bbd667a6463ef0b367dd0a6c936a23e40fff8c616566d076204c9cfd3f9f9b2efff48488125f285a071ba95a8ca1b0b79760e80a0d551b34c91bfc4906d
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
9KB
MD59ddafd11964d641e0c6a6fcb90525695
SHA1875ac3f00a859301fd5d8db77b1cf79c05396f90
SHA25606e47668573a0da26ad9d5596190ef32fd77650b4e32d4d4c76a8590d20fa609
SHA512cd270ef26c814c56f688ca46862b96530bfac40c93532327af0335c4ea5a8d0cd56db4c65742cc42b6f8026f77dd7a6e67345389630d6c2ab61bf90a66d11bd1
-
Filesize
9KB
MD5885bf05a13c15b61a9594cf0c5d97d11
SHA1ae0f4172f7cfb21a23cbe811ed15fd2286768e31
SHA2563276d553b2ff84c0fce1d66feaddfcdc8d9a95ac4184f1ae7efc01dfd0e62a0e
SHA51202105fa3856e7fd8109bf32e3b2ecd370e6b338b59fe17dd8f54cdad662d14506caa06341cb9a0c7278b01c759b72fa427bc7e869b80506ff0b1442b517aeca6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize96B
MD57b8fde2a36ece9e20a7075c6ce8a4752
SHA1ce1f4e788b0f0363deffa2e7d52da7da1a64e462
SHA256c2f3aad69e2f6eb79d2880a1685b5d0df7fb9de8f3751b46bdc5ea6272bd2389
SHA5121b5ba12e2baae00397f8b00bc4c7ae01bce261c628ca7d599de0644a6b8a52d84a8f3d15086dcdcc06a341f430832a9d2282664ce8f9a53b56b8e3a8a8944a94
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c8fbfe82-f6ab-444d-8b19-010950237df3.tmp
Filesize9KB
MD5c1c1fd76765561e86358d65496c6301f
SHA16b4f51376f95662e4ed3fbc7c7f492907ee3d373
SHA2564ec860c92d9fddd7dfba5b1ba62c46c9d659dd183c233c4001c40cedfa6ce42d
SHA512e4c19ce1dbddd282880f21e3dac49415cb3d58ffd174803acf86395b9a96ad0e15876ba2418d07a8831e53aab31285ccf1619aa88ad17fe105725e7f8d38c11d
-
Filesize
116KB
MD58a5c0c6ba0578fba0556956cc993e7b2
SHA1e05bb9f1b95b07300e9d210d9e85ebeb37d505f0
SHA25694e12d817e3d4fa36f1f7d7709f8030604b056fa0dfb9bbe0cecc3a297005fb6
SHA512fe8c2c5df17189f67e4ff18e26bfb799a80465a70b67c0186a10db1f73369d45f990d864bdfb07e892c727e90b24571f6d300535edd0c84548d27834af817958
-
Filesize
116KB
MD567998b68087704054ae1b4e6695f2ec6
SHA1b6273e093a5cbd13d335018168e48f5d25b4182f
SHA25680a6af3894c9f0e540e90dd674fa2f4ccf41885f917b0d5caa451f1ad8a9603f
SHA512d2dd27e9eb4500626657842d42598497f61895552e61dd82c430acca149fdb0552435a4b6d36a769d46c8d0dbbaef38e1f025b547973490c2f4c19f595175f13
-
Filesize
116KB
MD51e284038c4d627789c8421a3f88e88a2
SHA17f2db82da7b68e0195b6dc551fa83a7412f7a661
SHA256e6821a429112eb1de41b2780572c10b417def6975a76ca857267910520996577
SHA512f5a68ce15bb52d49eabc137ab6c798c8d44fd9cd06ce1e545557be333cddd6b0d657698b284aade8979d180d3960175a0bbad910440d2d6b315ccdfc6f236015