Overview
overview
7Static
static
6Dokan.exe
windows7-x64
7Dokan.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PROGRAMFI...ME.url
windows7-x64
6$PROGRAMFI...ME.url
windows10-2004-x64
6$PROGRAMFI...tl.exe
windows7-x64
1$PROGRAMFI...tl.exe
windows10-2004-x64
3$PROGRAMFI...ard.js
windows7-x64
3$PROGRAMFI...ard.js
windows10-2004-x64
3$PROGRAMFI...pt.vbs
windows7-x64
1$PROGRAMFI...pt.vbs
windows10-2004-x64
1$PROGRAMFI...er.exe
windows7-x64
1$PROGRAMFI...er.exe
windows10-2004-x64
3$PROGRAMFI...or.exe
windows7-x64
3$PROGRAMFI...or.exe
windows10-2004-x64
3$PROGRAMFI...ME.url
windows7-x64
6$PROGRAMFI...ME.url
windows10-2004-x64
6$PROGRAMFI...tl.exe
windows7-x64
1$PROGRAMFI...tl.exe
windows10-2004-x64
1$PROGRAMFI...ard.js
windows7-x64
3$PROGRAMFI...ard.js
windows10-2004-x64
3$PROGRAMFI...pt.vbs
windows7-x64
1$PROGRAMFI...pt.vbs
windows10-2004-x64
1$PROGRAMFI...er.exe
windows7-x64
1$PROGRAMFI...er.exe
windows10-2004-x64
1$PROGRAMFI...or.exe
windows7-x64
1$PROGRAMFI...or.exe
windows10-2004-x64
1$SYSDIR/dokan.dll
windows7-x64
3$SYSDIR/dokan.dll
windows10-2004-x64
3$SYSDIR/dokannp.dll
windows7-x64
3$SYSDIR/dokannp.dll
windows10-2004-x64
3Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
07/11/2024, 21:32
Behavioral task
behavioral1
Sample
Dokan.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Dokan.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PROGRAMFILES/Dokan/DokanLibrary/README.url
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PROGRAMFILES/Dokan/DokanLibrary/README.url
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PROGRAMFILES/Dokan/DokanLibrary/dokanctl.exe
Resource
win7-20240729-en
Behavioral task
behavioral8
Sample
$PROGRAMFILES/Dokan/DokanLibrary/dokanctl.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PROGRAMFILES/Dokan/DokanLibrary/include/fuse/ScopeGuard.js
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PROGRAMFILES/Dokan/DokanLibrary/include/fuse/ScopeGuard.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PROGRAMFILES/Dokan/DokanLibrary/include/fuse/fuse_opt.vbs
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
$PROGRAMFILES/Dokan/DokanLibrary/include/fuse/fuse_opt.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PROGRAMFILES/Dokan/DokanLibrary/mounter.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$PROGRAMFILES/Dokan/DokanLibrary/mounter.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$PROGRAMFILES/Dokan/DokanLibrary/sample/mirror/mirror.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$PROGRAMFILES/Dokan/DokanLibrary/sample/mirror/mirror.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/README.url
Resource
win7-20241010-en
Behavioral task
behavioral18
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/README.url
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/dokanctl.exe
Resource
win7-20241023-en
Behavioral task
behavioral20
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/dokanctl.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/include/fuse/ScopeGuard.js
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/include/fuse/ScopeGuard.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/include/fuse/fuse_opt.vbs
Resource
win7-20240729-en
Behavioral task
behavioral24
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/include/fuse/fuse_opt.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/mounter.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/mounter.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/sample/mirror/mirror.exe
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
$PROGRAMFILES64/Dokan/DokanLibrary/sample/mirror/mirror.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
$SYSDIR/dokan.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
$SYSDIR/dokan.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
$SYSDIR/dokannp.dll
Resource
win7-20241023-en
Behavioral task
behavioral32
Sample
$SYSDIR/dokannp.dll
Resource
win10v2004-20241007-en
General
-
Target
$PROGRAMFILES/Dokan/DokanLibrary/sample/mirror/mirror.exe
-
Size
33KB
-
MD5
6acbc945f2d080370369e635b0dbf34e
-
SHA1
94ced85b00dd5c35b8c0089f8f55168fb9236856
-
SHA256
9fb18147d2d0fbe0ca4380b046ec4c8b4e9c768563496f55af3f7ab030e11b08
-
SHA512
cf0b7d7ce7ccd21165e64eef7dac607870fbf9a9ca77789befb81b19554c6a8715f3941cede865427a92208db14fbed8eda6bfa826cb73024c73b2e52bc76793
-
SSDEEP
384:tzTNGajG5cxPcazjBb7IRRFg0yk/+pK7lq9pehABt7OCnYPLDHxF6A:tzJj1xEaeRF2kAxP1tCCGmA
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mirror.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133754888873669940" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4216 chrome.exe 4216 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe Token: SeShutdownPrivilege 4216 chrome.exe Token: SeCreatePagefilePrivilege 4216 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe 4216 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4216 wrote to memory of 3420 4216 chrome.exe 99 PID 4216 wrote to memory of 3420 4216 chrome.exe 99 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 112 4216 chrome.exe 100 PID 4216 wrote to memory of 1840 4216 chrome.exe 101 PID 4216 wrote to memory of 1840 4216 chrome.exe 101 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102 PID 4216 wrote to memory of 2020 4216 chrome.exe 102
Processes
-
C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\sample\mirror\mirror.exe"C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\sample\mirror\mirror.exe"1⤵
- System Location Discovery: System Language Discovery
PID:4804
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4216 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffeaae3cc40,0x7ffeaae3cc4c,0x7ffeaae3cc582⤵PID:3420
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1832 /prefetch:22⤵PID:112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2396 /prefetch:32⤵PID:1840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2424 /prefetch:82⤵PID:2020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:4020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3300,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3704,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4584 /prefetch:12⤵PID:2992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4592,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4728 /prefetch:82⤵PID:4504
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4612,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4700 /prefetch:82⤵PID:2016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4388,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:82⤵PID:1188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5104,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4736 /prefetch:82⤵PID:2692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5168,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5236 /prefetch:12⤵PID:232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:82⤵PID:3088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5160,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5344 /prefetch:82⤵PID:2760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5204,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5476 /prefetch:82⤵PID:3652
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5464,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5452 /prefetch:82⤵PID:2704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5556,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5460 /prefetch:22⤵PID:5112
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:220
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4488
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD513410596120b90a034d38d535ec0aba2
SHA1641e2f49456046a68556de1bec3ffd5d49484657
SHA256feb81cf0841a53db18bd45bcfbf2bfc01c635a1cca218e7c5dc5bae3e16065e3
SHA5127227f667dff9990b402f79fcc4d35a847cf4a69d5c3ee286d5dd2855164800d933917499c57864417af26e0674e6e98a59fe059fbed39cc49cba368f34f3d37f
-
Filesize
215KB
MD5e579aca9a74ae76669750d8879e16bf3
SHA10b8f462b46ec2b2dbaa728bea79d611411bae752
SHA2566e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
Filesize851B
MD507ffbe5f24ca348723ff8c6c488abfb8
SHA16dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA2566895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA5127ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
Filesize854B
MD54ec1df2da46182103d2ffc3b92d20ca5
SHA1fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA2566c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
354B
MD5035a4b79d3efed97f6e08e7816c238bb
SHA1692b97fe6a44da0cf18faf4c90cac50bb1f40699
SHA2566ab97b8f81d25447b32d066b5548c92d8741c33d65e5635cc3746219bf887000
SHA5127ac604eadaaa53348f4827da8766853150a1b05fb1b80e4ffcc46b348341e84b92ca66a5ad03e6717fb0201a4acf5f78861286a066ffbfebef509f5126c2427c
-
Filesize
9KB
MD599555fb6baf9fc19c0372999f99f1759
SHA1e26822adebdc7b07276533b70702bf6537758f29
SHA2567b55e88323cba4c0506e239a81c85a0696d0cf46e7f0959ef362cb9223da34e0
SHA512b2ebc3408cc2856874ad8914131dbce1098aeb1f96a0d367d3d9ed9cd0b01c0e13e573789a8f2921f6c6a6d3187980cf91b1137129695fb090d2cbfac280e905
-
Filesize
9KB
MD55e663ede4575dea4b86fc461e383f742
SHA1dcce24a5b221e13c36da66061285975c4b67c3c3
SHA256c7addff64fbf421060ce0a6c8d90d1ddc968891f1d73cd929514509efc66d6c0
SHA51268aaf44481fa169f352213fe7767dd22e0995020d46f715b306fe81449ecbedfa0dd1f931bfce3c479cbf8ac004ff9bfb5dcd5948ecae50f968f9cd4d1137b28
-
Filesize
9KB
MD590509acab01a211a2077f8f86fce6bbe
SHA1f8bbabb0efca4f08dfb11393d45dce68b7fce194
SHA256c7ce7f9aa8c5b04469bba82235061d64169e9c1589ada2f00fdc34cb0f473067
SHA512cdf104615ff81c557e6d9ca3013f70350929c1bda5089f6da95a31a6bbc7361807af6d95452c5fdcb5158e84b84aeafe29140d3fb163e9d41c71df2d4c030644
-
Filesize
15KB
MD502df381b4bacfcdce7be8fa8df9a3f78
SHA140d28d0335670920334130980ba927dbda498340
SHA256cad7f5c1a04adc9cedd1a205bc2648732ca11f614a6fbc284b0cfff87d284140
SHA5120e623cdda5baa7421f3abec8bafd8035c496f257422615831bdec82657c7e43fff753f914a027cd74ef3a3c5df887101a12c3cf143587fe835cf569307eaa5d2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5597dcbf87ac45c66545609bfa90d14e3
SHA1bd0a507c410daf3a34375e2c0888a53a8d4393b0
SHA256c4a4dcfd31724e7ae55c2f7b5375e7bbdcf0f390b4f8a14211e0c12be2c2535a
SHA512468e259ee2010ad8c0d5da44d2547c8d7c33d93c3542ad7f91ec606f7a2c25794a8a503ccac27e5d24044c698c24a6364d6f2078237d49ddfa6e5228f4c810f4
-
Filesize
232KB
MD5cb0894e5509d76b4baf8560e74cb34ee
SHA1d54ad4a6cf381141d38bfe75cf66b1e83b386d45
SHA256b74e92fa23159df1b2272df1ce8152602d2138613fd90060e11be7168ca7c144
SHA51268e7852fbc112fa7fdb07a78fbdc6134bafda17c87a72e8d775c421d76398e7c7b0bf6c3805afdc43a67eee535bb65b06cd6ee9bc755a82abeb2ff357db4a813
-
Filesize
232KB
MD5b1e3de3a9f3b8cb2ca36c56a84d483cb
SHA19f09141941b3cc015c9039dccf42763dff85d446
SHA2560f6e9176f2cb73094766b57e4fa188920cf66294f6a80ec7ab4c9dfd288171ca
SHA512dddf75e4fea1d0965a2817f632032ac8c3122c4e7bdbfc77d59a2f254569548735fb27d7655b220ad7028814f2ef62ad4853988bc0a2503a63789b5afa4e9b06
-
Filesize
132KB
MD5da75bb05d10acc967eecaac040d3d733
SHA195c08e067df713af8992db113f7e9aec84f17181
SHA25633ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA51256533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef
-
Filesize
711B
MD5558659936250e03cc14b60ebf648aa09
SHA132f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA2562445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA5121632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727