Overview
overview
7Static
static
6Dokan.exe
windows7-x64
7Dokan.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PROGRAMFI...ME.url
windows7-x64
6$PROGRAMFI...ME.url
windows10-2004-x64
6$PROGRAMFI...tl.exe
windows7-x64
1$PROGRAMFI...tl.exe
windows10-2004-x64
3$PROGRAMFI...ard.js
windows7-x64
3$PROGRAMFI...ard.js
windows10-2004-x64
3$PROGRAMFI...pt.vbs
windows7-x64
1$PROGRAMFI...pt.vbs
windows10-2004-x64
1$PROGRAMFI...er.exe
windows7-x64
1$PROGRAMFI...er.exe
windows10-2004-x64
3$PROGRAMFI...or.exe
windows7-x64
3$PROGRAMFI...or.exe
windows10-2004-x64
3$PROGRAMFI...ME.url
windows7-x64
6$PROGRAMFI...ME.url
windows10-2004-x64
6$PROGRAMFI...tl.exe
windows7-x64
1$PROGRAMFI...tl.exe
windows10-2004-x64
1$PROGRAMFI...ard.js
windows7-x64
3$PROGRAMFI...ard.js
windows10-2004-x64
3$PROGRAMFI...pt.vbs
windows7-x64
1$PROGRAMFI...pt.vbs
windows10-2004-x64
1$PROGRAMFI...er.exe
windows7-x64
1$PROGRAMFI...er.exe
windows10-2004-x64
1$PROGRAMFI...or.exe
windows7-x64
1$PROGRAMFI...or.exe
windows10-2004-x64
1$SYSDIR/dokan.dll
windows7-x64
3$SYSDIR/dokan.dll
windows10-2004-x64
3$SYSDIR/dokannp.dll
windows7-x64
3$SYSDIR/dokannp.dll
windows10-2004-x64
3Analysis
-
max time kernel
41s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
07/11/2024, 21:32
Behavioral task
behavioral1
Sample
Dokan.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Dokan.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PROGRAMFILES/Dokan/DokanLibrary/README.url
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PROGRAMFILES/Dokan/DokanLibrary/README.url
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PROGRAMFILES/Dokan/DokanLibrary/dokanctl.exe
Resource
win7-20240729-en
Behavioral task
behavioral8
Sample
$PROGRAMFILES/Dokan/DokanLibrary/dokanctl.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PROGRAMFILES/Dokan/DokanLibrary/include/fuse/ScopeGuard.js
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PROGRAMFILES/Dokan/DokanLibrary/include/fuse/ScopeGuard.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PROGRAMFILES/Dokan/DokanLibrary/include/fuse/fuse_opt.vbs
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
$PROGRAMFILES/Dokan/DokanLibrary/include/fuse/fuse_opt.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PROGRAMFILES/Dokan/DokanLibrary/mounter.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$PROGRAMFILES/Dokan/DokanLibrary/mounter.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$PROGRAMFILES/Dokan/DokanLibrary/sample/mirror/mirror.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$PROGRAMFILES/Dokan/DokanLibrary/sample/mirror/mirror.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/README.url
Resource
win7-20241010-en
Behavioral task
behavioral18
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/README.url
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/dokanctl.exe
Resource
win7-20241023-en
Behavioral task
behavioral20
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/dokanctl.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/include/fuse/ScopeGuard.js
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/include/fuse/ScopeGuard.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/include/fuse/fuse_opt.vbs
Resource
win7-20240729-en
Behavioral task
behavioral24
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/include/fuse/fuse_opt.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/mounter.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/mounter.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/sample/mirror/mirror.exe
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/sample/mirror/mirror.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
$SYSDIR/dokan.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
$SYSDIR/dokan.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
$SYSDIR/dokannp.dll
Resource
win7-20241023-en
Behavioral task
behavioral32
Sample
$SYSDIR/dokannp.dll
Resource
win10v2004-20241007-en
General
-
Target
$PROGRAMFILES/Dokan/DokanLibrary/sample/mirror/mirror.exe
-
Size
33KB
-
MD5
6acbc945f2d080370369e635b0dbf34e
-
SHA1
94ced85b00dd5c35b8c0089f8f55168fb9236856
-
SHA256
9fb18147d2d0fbe0ca4380b046ec4c8b4e9c768563496f55af3f7ab030e11b08
-
SHA512
cf0b7d7ce7ccd21165e64eef7dac607870fbf9a9ca77789befb81b19554c6a8715f3941cede865427a92208db14fbed8eda6bfa826cb73024c73b2e52bc76793
-
SSDEEP
384:tzTNGajG5cxPcazjBb7IRRFg0yk/+pK7lq9pehABt7OCnYPLDHxF6A:tzJj1xEaeRF2kAxP1tCCGmA
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2156 chrome.exe 2156 chrome.exe -
Suspicious use of AdjustPrivilegeToken 60 IoCs
description pid Process Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2156 wrote to memory of 2032 2156 chrome.exe 30 PID 2156 wrote to memory of 2032 2156 chrome.exe 30 PID 2156 wrote to memory of 2032 2156 chrome.exe 30 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 1604 2156 chrome.exe 32 PID 2156 wrote to memory of 2952 2156 chrome.exe 33 PID 2156 wrote to memory of 2952 2156 chrome.exe 33 PID 2156 wrote to memory of 2952 2156 chrome.exe 33 PID 2156 wrote to memory of 2232 2156 chrome.exe 34 PID 2156 wrote to memory of 2232 2156 chrome.exe 34 PID 2156 wrote to memory of 2232 2156 chrome.exe 34 PID 2156 wrote to memory of 2232 2156 chrome.exe 34 PID 2156 wrote to memory of 2232 2156 chrome.exe 34 PID 2156 wrote to memory of 2232 2156 chrome.exe 34 PID 2156 wrote to memory of 2232 2156 chrome.exe 34 PID 2156 wrote to memory of 2232 2156 chrome.exe 34 PID 2156 wrote to memory of 2232 2156 chrome.exe 34 PID 2156 wrote to memory of 2232 2156 chrome.exe 34 PID 2156 wrote to memory of 2232 2156 chrome.exe 34 PID 2156 wrote to memory of 2232 2156 chrome.exe 34 PID 2156 wrote to memory of 2232 2156 chrome.exe 34 PID 2156 wrote to memory of 2232 2156 chrome.exe 34 PID 2156 wrote to memory of 2232 2156 chrome.exe 34 PID 2156 wrote to memory of 2232 2156 chrome.exe 34 PID 2156 wrote to memory of 2232 2156 chrome.exe 34 PID 2156 wrote to memory of 2232 2156 chrome.exe 34 PID 2156 wrote to memory of 2232 2156 chrome.exe 34
Processes
-
C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\sample\mirror\mirror.exe"C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\sample\mirror\mirror.exe"1⤵PID:2872
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2156 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6bd9758,0x7fef6bd9768,0x7fef6bd97782⤵PID:2032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1200 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:22⤵PID:1604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1564 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:82⤵PID:2952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1680 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:82⤵PID:2232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:12⤵PID:2652
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:12⤵PID:2596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1460 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:22⤵PID:752
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3316 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:12⤵PID:2304
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3468 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:82⤵PID:2472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3584 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:82⤵PID:2212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:82⤵PID:2164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3924 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:12⤵PID:2276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2400 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:12⤵PID:2904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4016 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:12⤵PID:1604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2360 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:12⤵PID:864
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3860 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:12⤵PID:2280
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:82⤵PID:2488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:82⤵PID:3016
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2420
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55d6902c3319a0a2d289be1a77d1d5bb4
SHA183fb67e36031ce82b9f1b2af6724069b7d51ffad
SHA2568cb92f946f49c4cd900c8d7a106e272fc2832ba181338296f28b8a4fe13abbc2
SHA5126ff845e310c21a4e334c60f11e8d7afa0fcaac7c273d989d0c281c95b1d831c81d608ff98210e250ed1828ae17495fabbadee59a7cd2cdf782377db033aa37da
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59e821dbbb99cd0efde07d0dfaac43432
SHA158f9073dfa6c096f5c70a14b62f0be4cbdeb0d20
SHA256c67c6b3df526618514f01b39bbadd64bdc5fb1b278c137725293f846db9afc42
SHA512d2010d9aff0d3c62055cfbe5a0125a6658195d02dac9ee5d64dafa3b8572292afd85bf7ff3082fdf112c19b455ed3e30b05363ef080597517b7993a1563c0042
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57daf46878e0d9bd684ebc4026ee82a27
SHA1e197d1f5bbc4e634a64af79d091a289cff347459
SHA25633e0db2a8f70e7f2e59c132a0cc546b18b3f805a3c819f3869fcbd59a4ba7445
SHA5124cb00c8dda52213330dff04cbce70dbcd9dd239b5103af86738627528b252f9b6a0f54c9742f612ba524b1a7855b2c02e6719e1dacd65135dbbe3eaaecbec8e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54fa58d7699c6ab13f37611950409c4ff
SHA1ce21fcfcb5287c86e322f9625f46c47d635a66a4
SHA256fc7328344d522d5705d09b155bac39d782003fa4bafa977516226aaf0d7022e9
SHA5120c1fb4de3463ba4e29881dbb5d56cd4c42d732c08c0848611ef6f0644d495335ea81d2e71a4baa60bccda1097a1626fab266254ef05fd77e26654a271f1b2f74
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f05b20ce22698c84719d7b752fb7884b
SHA113b001c5e6b818616d33fda7aaf28de4160d8e05
SHA256c706f8c84733c626a7ee228d37dc988ae2eb1871c558d399d0c28bc87a379dc4
SHA512e498c90f4a5e02f435edc873558b35d71882cba93fe7e5343bb453187db7699724a8e709693b6fdb141ce505b00dafc8b3e3ea0f080b45a4a4632a039ea54c04
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58c1424121d6b1d36ad77d9571010b664
SHA1e14a5c06bb621289e315379262827768dc33e696
SHA256370e40701a292dcbc742dc2960d6b843100bfed2be1c0ca7d99d4ee2ea6ea715
SHA512dc66cc6116f5a7635eb70c566a2c62f850d49f9ee1ce3539786fde6fc9aaeee6eb90ca2b82764c7d9dc39d87776c7b0826c344ac7255ae4c15de0a46cc58a407
-
Filesize
348KB
MD524bad796e220feb15d5d6c16377dd324
SHA1806d3fa2e3fdf4583d89074f875ee86533a7022c
SHA256565292e0a8eb80cef2c89f41dd71fde97470c50aa4cdeab21e3ec77124fa5774
SHA5129e9b3f7723071b528dcf9d925902a37a1818f8820531246cba5a42836f711d933d18eff255d723d62990ce078446a030c94780f21c4fb29236eaeda7b2a9b7be
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\94f2f4b3-4af7-4a50-be99-47beb49be05c.tmp
Filesize6KB
MD5ffc91fa236f883d9c025ca43aa31b10a
SHA1d0a5f0aea33b6dbce5bba7828f904bbce7b0f57e
SHA256dcd6ac65b7a589d9957300f864ff7ddad7b3bd8ab7616cf97d72270d6633ca3a
SHA5128f7fd87146506c38788978b98d8ea8ac705e9ce5a77514d7f8755b3b997bad6b3817bc64cb6db39b0753f48fcf806baf689344584a7f2145ede818622220885a
-
Filesize
240B
MD5abb46e00c8efd3ecd16c28ce8e1e6d49
SHA1b95f6d593212c988d827fec2427e8cb0bb1da8df
SHA256e5a719c7dc31d0496d81c477c78ce70399d0f5a0d1ce149765ed9e24bf411ae4
SHA5129f682d06b720450c8a76c307a9bc5425783f57169db698c1479d1d30fa9c60f389a3b7c828df4b32e48829d99d29b911b9106d4f89eac2da03680e4a07d76651
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
363B
MD54c676043e04d09149d4a9a4e61b2965b
SHA1f9490cdbb0595f0f7aba6edc3f564f5dffadb7b4
SHA256416669bac6733c70f5c42771d6cb17dc103d16fb2373bbe4a2166515697d60ae
SHA512a6aa1ecbebe866c26cc5f1ac9736387e77cb609a0d4b8fb0fe72fd328da39aa23ff7cb60d6d98ac438a43d08dcf35a3b3c088e8d53d0561fec8798efb8d9456f
-
Filesize
363B
MD531d5353749fc23b611988e958318f791
SHA1f52513c04236261ac5117af110600ef87049552e
SHA2564b10a3669b6194b1558850daaf66d983963ab747aa6923d05afd1c978c9687c4
SHA512d701c347a3f4cd4e326fcb1425d758ad1e4eafcbeac948a961ad6423eab122734086bba200cc2722670f5c097eb330dd9d2ffecb28438b75af2d1e699fc5babf
-
Filesize
5KB
MD5919a436a28ea84fa69e395f166864d3a
SHA1494ea9e4807bdc11b47c9718af914c603e2b21f9
SHA256ca0865ccd42bd44e4bbd0e25e76d408ae4bfdf4be53c62eea95e8d9c9d7b4da4
SHA512c700f2e8c736cd7267dc4781602b8c4cd4417ebc8e8123e6a3cefed1d3381efc2ff5f102a4957b4853f8bd565eebc91cb1dd20207ee9c7d69c291cce0f0125ff
-
Filesize
6KB
MD508eec3d34533b238ea9e4c65fdc964c9
SHA1b57df18513d2fdc36ce598cf270a2927b9efde7f
SHA256ebf557aea26981707cecaaed797c8aaf965db54ed37cdc940f76de9df4ba6534
SHA5122dc89a4ea98e0b15163a0598134e5b7fed6b6dbf436b9b646188dcf4db1ab31b101642c54809de9ee73e1c33798ea288bb0bbd7da51f4143189c4647aad34e00
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
170KB
MD57ebe0cb21aa007d4c304691d9819a832
SHA141ea660d3b755b190cba90ee41a13c780d111bc5
SHA2565ea798a432a9890d7c4f22af59a543027a6a76f01bfd8a87e4027d04ab54ed5a
SHA512d32f9284c8cccbeea84f17f7d1ceaa373f597e1c505b00548fbf0871fcc49dea0b18a133d2a54b01ed38fe488f953ca1f3c11b0585d400b7496bda188424e557
-
Filesize
393KB
MD5bb929ace940f64e230435ce2a36f221f
SHA1a9230c472d7ea48767ccdbf00aac63ede7158833
SHA256d70aeca29ed79ea55a265a99ddbced359f07a8f270bebffddf2a88d1258e4a16
SHA512d6104fcf4f5371edda502ffc9b0f813d98032734c2c4e463f9a16c3efc9c732242741e5705af10971dfb85a7f1c137631ce5cb62d892aabfee83c2e19ba8eaab
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b