Analysis
-
max time kernel
317s -
max time network
317s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13-11-2024 09:08
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://is.gd/CRosAG
Resource
win10v2004-20241007-en
General
-
Target
https://is.gd/CRosAG
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133759625445421870" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4716 chrome.exe 4716 chrome.exe 2712 chrome.exe 2712 chrome.exe 2712 chrome.exe 2712 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
pid Process 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe Token: SeShutdownPrivilege 4716 chrome.exe Token: SeCreatePagefilePrivilege 4716 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe 4716 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4716 wrote to memory of 3776 4716 chrome.exe 83 PID 4716 wrote to memory of 3776 4716 chrome.exe 83 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 5036 4716 chrome.exe 84 PID 4716 wrote to memory of 2316 4716 chrome.exe 85 PID 4716 wrote to memory of 2316 4716 chrome.exe 85 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86 PID 4716 wrote to memory of 452 4716 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://is.gd/CRosAG1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4716 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffff6e0cc40,0x7ffff6e0cc4c,0x7ffff6e0cc582⤵PID:3776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1896 /prefetch:22⤵PID:5036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2172 /prefetch:32⤵PID:2316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2412 /prefetch:82⤵PID:452
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:12⤵PID:1228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:716
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4508,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4464 /prefetch:12⤵PID:3908
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3168,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:4764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4468,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:82⤵PID:1516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4816,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4412 /prefetch:12⤵PID:3088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3440,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:12⤵PID:4312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4968,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4864 /prefetch:12⤵PID:3176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4340,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3456 /prefetch:12⤵PID:1516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4808,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3504 /prefetch:12⤵PID:5004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3536,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5040 /prefetch:12⤵PID:2284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4948,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3392 /prefetch:12⤵PID:2208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5016,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4960 /prefetch:12⤵PID:3924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4940,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4892 /prefetch:12⤵PID:608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5080,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3840 /prefetch:12⤵PID:2984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5048,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:12⤵PID:3860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4584,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4972 /prefetch:12⤵PID:2552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4952,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:868
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=3472,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4864 /prefetch:12⤵PID:4936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4484,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4036 /prefetch:12⤵PID:2984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5104,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:12⤵PID:4768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5288,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5324 /prefetch:82⤵PID:2244
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5264,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5268 /prefetch:82⤵PID:4984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4560,i,14800658086980351168,781685724335097929,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4412 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2712
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:3144
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4948
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD545cdde6ff97ba7797b16d125f0181537
SHA14621dcca1c80f69f15bb2caab3137dccd5ccb286
SHA2566e3f90eeef8408ec28ab57309b34efbd54d9c01de4f162b2d6b9ea8a91289a77
SHA5125e36d9bc4466871e609fd52979718a9eec262d13f3520db10f6e0569e9c533304c6208fea33e3ef81fe40985043a959f12107e642fe3f9ed5cc522d73297a849
-
Filesize
1KB
MD526e17b5b87d78cac02babab59b411f20
SHA122e8da23753c235a67c204dff33d35aad6ee10fc
SHA2560439c3fd84d43903e1efcfe2f927335026c962de0fedf6c8a5e444d33655fba2
SHA51204a7ad2c9ac19a1677e6fbe78945a1c8be6be3e85da2dc7efca592919b8c1a90a7a4650ed9d432a023603b714e4988b1f8495e5e064ba5699abbc5288aa2c821
-
Filesize
2KB
MD5dbd8aa08f76ba6ccbe3da4a6e19d8b78
SHA19a8d3c00cf8333ea85936e435a0c909e93d371cf
SHA25651fbee87c20ca373232cb6d582ab30169a51f1389645fdf7d3e161dc8264aab8
SHA5125a7ff320eb282467001cbbb8c944343a522d3ae9b1283cc6bedc50e1aea3af214d6a3618724f13a5c07b5394e9661068c6b085e813aa372e6a0c1b43913564ae
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD52a3ba21761b4e41b0b367c09c5d2e2ef
SHA172870d35b171fe6bab9157a82c44ad9682dad5aa
SHA256b408f717bf62fc8d583c330b72f2c1424a94772c90b439aed7e878c6edf10b6b
SHA51276c7664b03f025982e4fcd70e57c81c1dd6d5dba6c441a721777cd439fb5c156b03f0beb5c08ca4e08900ba6d13ea7a53bf1a1fee7d6d538a264b727a024650b
-
Filesize
10KB
MD592dcdb4d1e3e44ca7402f3549f8b247e
SHA1a334b7186c17f2a19a01fbee050db3db59f29715
SHA2563b929e9a517b0ea5f6ff9569ecab0fc7e3505cd35fd1c215d7bb40e13ad4e609
SHA512b7499d44cccf892387656bf10fec010ea8b1e6687c4575484215cba4f304d28143378367b5fefc2a5f06d21284db93fe469d659aeb17e5df8910b53e21588d55
-
Filesize
10KB
MD5886a15bb7adeab85a7975afae3c693ec
SHA1e9f33e91e26864be9cfe9c138b9968abb5ab4a08
SHA25654c8828c5c3448a8054c96c7bce453c58cfefc3bb3e04442fb34fce3c88f06bd
SHA5121ffb7a1627200c5dc24dc75990c72a03b3178da6d15597d662a3850a0079ba35dc435bf3555b45df6c79b930b8352c30fcb303a5fb4873bc42f33cff8c9f2072
-
Filesize
10KB
MD52e3a9f1060ed489a77228a64240523a6
SHA195da12013dae182835ce01f036eaf1a84ab9077c
SHA2560c13341c8689db0e9028233d8dd51ccfa4188ca3d98029b51a8ae780268c9b44
SHA51217cf84471d10f3dee1704ed623164f5d0ff4479963daf7346fe0552163c67d1f689eb6fa01aa0a4a9239a08aee5f00f05435da7c474066af36976aeea1a3ec7b
-
Filesize
10KB
MD5358a11ce14d1722b66d3f3a64995c460
SHA1a95d44c391be1cf20bbaafabb62ee5138dc97846
SHA25669d59ca7333f8023f6fd19d87e528739cce398c41940308eaa13dc1e38a56684
SHA5126c67aa1d9ceda8766ebe2cc485384e4addb721e61a800837130c2ae79abe460c3ed7b94da319b693bcfaf21648f78f6f7c41c8d11fcd4ae55f6cfa0872cb3e8b
-
Filesize
10KB
MD557a4b555f284ce7a4daca1ad80bac368
SHA1b95d4540f55eaec70fe8e94ce1174aa87b0357e9
SHA256aefeab192cce4307e4935aeb6331e35a7ff0f8968787e38b943784165376bbfe
SHA51264cc33f9761312ebba6a4a6250106f90c4cd690360bd4f9f0418604cac60ff82907007fd83c4c4a381ade0d29378bdb1b22c1737e994535547ad328434fd4f1d
-
Filesize
10KB
MD581594fb9b3116a57a5cb53c3bdbcb6c5
SHA19ee3ae8e99c60f130a524bb0d69b5403845dff5e
SHA2561d83927a5a8f5ac7d4224ee6b022e0977bc0f655429425074fd181cb8d69a926
SHA512c2e41a4c0fda1047fdafafe7de0c4b4b5762699c4c44ef4c2b95fa1bce0595b0c7f0a5c5da4386985a21f26efe95cb85ba70ed14c7e4cdd66789ff72a73e9ee4
-
Filesize
9KB
MD5f915ef1515586871d257bcaf70375686
SHA1adebb41c4796cdf5d30a81be066a05625f24f74d
SHA256b957b3b0a2ea36b875a15a291740787e758565946eaf04ce0dc521685a5c7fa8
SHA512d73f7943a5e50b35c5b442d59d673d9ff614b79d75abf647dcf894555e6fd415635e036c588e21532113b8bab5026ce686c3706c2de6e27fd184e4ddd0a34768
-
Filesize
10KB
MD59657754021731a1b3660a56f8d4edfe5
SHA16020ab6a14977c7fb29179e9443c5cdc0cb8f8d3
SHA256498862f9d5459b45e81b260eef9b94ab11f5b5e36b86df71151a9d65b1568941
SHA512d6aadf94ae4ad13158b7ef1748ff0285f56483554fd0ecd7b591c11dfb72bbbf0411b952eabae1b8022af1143a0347d3a57b4ca704da1c1cea757b2179f78911
-
Filesize
10KB
MD510767d920ce4caa6f0c7c7dec4461ddf
SHA10ed1de2232f93f3834b759eeca7ffd555da1cad6
SHA256185b424c27d1e53e46545a0b572cbf11fe8c6dab508b01a179f3436bfc672dfb
SHA5123e2573de9230034985fc26601b5141b7228aeebbba59c443ea2f792ce00a1ec962ca410f63603e6ad84c5cac511dabd5237e07a47210df238f4f9d71952a3293
-
Filesize
10KB
MD58ff9487e4d3c600f1da503d425951c07
SHA17ed737cb858ebd0e62616476358c3d19a9de2003
SHA256355757344d59d96c96fecea4e6a50ed61ce2beeeae8cd422ab8accbd8808646d
SHA512f0382dfe65ce1f23d98d4feee21e66724fdd57874ed6912220f36247d98321c8196704b5d210e984847b8fff42564548d72fcd24b2682f59b10e95a417dd8799
-
Filesize
10KB
MD5de6027f0e372a522fafc7effc257b35e
SHA11fa3d6155b8b289c59448061ea36c096a90ae6c1
SHA2565985acadf71c05ea4e5fc7adb76e0467500f7ff6c3635f0be27653c6987eaeb1
SHA512be2473bf726047e6f45212f6660baf0d8d1efb724ecea574b9886ff6d1398f2d970ae02cb060930fed1108697747776812ae713751e72be0e21b01a69fc2da09
-
Filesize
10KB
MD5c086efe42aa130f0478e18dc636261cd
SHA1fa6f6ae7d7d59c9b25dc4d08a404376d00ac3d08
SHA256fd1d301c4b81bc345001817740217a3f9de4e841d6127c2fe4a81e623b5b0010
SHA51288ae66da0b5d343cd827cc2089830af168d47f4c546fd61bfcae934318d36e59bea0b85a5c2bd35b359abfcd38a28753482a7038589cafcda29447df6072d08c
-
Filesize
10KB
MD52ba588ff3ce2abe966d5e5ae32dcd9fd
SHA1d17ec356e48f8cabc296c1e1aae2084462e98e4a
SHA256e6871b36919b6be0839b675c5307eaea980066b4334dd22aa6799032479a2054
SHA5122608953323b3ca3c269b8396e27e2883fbe3bd67a6ab0e81acf771a6370548aade116914cb5ea593e191e29684520d000f54cadfe3e8d92de089d63ebfa27681
-
Filesize
10KB
MD5199d6aac41b12e66c96ce3eec359744f
SHA1fd18c860568dda8ffed6757456194b8a9650c14e
SHA25644eecbd42e25aedcd646a6f64885e0db6bd19d69ec3cc666725b57084d1e528b
SHA5126587e42769785efd51c78f675f060125c8e9b40c08c35e3ab3246d68fe8d8d0a7f92e957e0857a03e53775637c1b7df0f397a77d6898d9ed7974c23e411d88cd
-
Filesize
9KB
MD5fe74a401e069c04bbe45f40de6a2d269
SHA1bfa3e556b2f91d79be4e7f01fc19f497f9645872
SHA256803fe407f9a45434f90e2b20405f85caa764854684c3731a9afe4ae9def4085d
SHA5120a0b174c0c498609bba37f558b48ee1760f97baac8bdbb263501b24b9d6568f1d71eda7df7d6414a37ba2ca1105ba92424839b5a635ba9968c838f566455e195
-
Filesize
10KB
MD546178977558fbb966d3b6c5c4bd2d4fd
SHA1c59a19c7a5a5f92c0514c286860d48605b55468e
SHA256142132a62b954d91c80a8dcac0ed90dda5b321e3f5f70a313ac0f42975e9781a
SHA512b2f4100e8c123de01c71d283e019c8b22f665f755004daef184e4c6b68097ec2a66c872cad02d6777bb1dbb559d9dce67c32f8bcb2bcb426dce98af4407bfe11
-
Filesize
10KB
MD559d818c4ee869e9d6d5d35c6ec33dfe4
SHA15fcf28d3bcf15b16025404b5037b0585304eb9ba
SHA2562abe7f7d3bc48260834b360bb84b6d947100e53a3b4749801903df204ccc5617
SHA5122ab4abce86b9b0c15f9f033ed7a0afbb55c395f6cf096e8d7cca9c84aaafb35758bf3a15a04bd7107910ed72a29f080e470458f6afec9bb9f9e6b67ea42badbe
-
Filesize
10KB
MD5ca43ebc4415e038f56a45f12242454d0
SHA15342fef17a68407c45e4a3b59d1fd8787161ea93
SHA25667425f94d37c8b1cc4037b92196f437b25435bc89a8810c46e48c20a8d442715
SHA512270bebf688977869fb176754010d4a5dd2d8bcd78e7b275e78f48195bd94f45aeba75456c3dc7b92d8ea77850d765eb0c839b2191f480668cf892f6dc06e6c3a
-
Filesize
10KB
MD588efeddb91c94ca5d72c82447ed6cc8f
SHA16d558a4ec7824a7f861172ab238a70471a45e825
SHA25690ee768fcde240fd611bab1b5263c6d034073685d12f538116804da005265652
SHA512cd168511ce9092dd68726eee9b9b8bd77f556c429093d52d2114b20fe808abafc2865aa06197bee8196731cf9569a9edb8e503ad1dbbf6644022ea4b1d8519c1
-
Filesize
9KB
MD52f061d4a2069b0a987468a37957690ab
SHA1d86ea3203d6fcbb617c4f5749848bf18c936f5dc
SHA2565555e2dd688210876224a48675fed3d20917484955441f971690b480a5e12f9a
SHA5125493de52ef1af29154565c6fcea6a59ab3d64b6034da94763b5a37d5efe33a5c0c6887b801c384a991a0e3272c9a55298edf01c3fd6bb0ac89a3136ed4816495
-
Filesize
9KB
MD57fb9fa615f0ddc10a3656528f5feb9ab
SHA17056e70f2f3aadc50bd9d2a8d40101740877c32e
SHA256ca367d883577bab595bc1425b4c5b6942dcae4e724d8c80fc357fa4cb2eb4264
SHA51203750317d5ac05bf1478bf15a92a7329827b88999cba38defddc34374369e4d385faf6aa08838701851b95f2bb0b301aba769780a487464f7c2a893eab951bed
-
Filesize
116KB
MD588f31f168128cdc13b976d80a01870e0
SHA1925553239efab49f2cf9443f9e662aeff168071c
SHA25699f4b69a360edb7f01266274dc9e7755ff1da7f5075005680dba86f96085283a
SHA5122dd795c088006e4147d2803b2d0df8e8c638548ca76d4a6e46e10ebbf537b4e1b185ffb66e51f8b2a5f1391b7b87aaf5556fb04f78316b36b7488eb5e36c85ae
-
Filesize
116KB
MD5aae7d304485c6abd5a9c72b7f2b8b643
SHA10c87d5483746bd1ccc39051ffbea8643eeeb6a81
SHA2561171453a1c43c9cfed3224fe4b63d87fab39d3384a23353b3fe7edcd1c788c2e
SHA512bc457dd82d246ac1209b7aebf81995630d1d97cb954eb68b78394b276196a093c97cee8cc1b51010db104569c8968fec3f0db48b9f68442f6786dbe405a07d5f
-
Filesize
116KB
MD555711aedc5ca9c7a917d4e0103947dea
SHA1825292a9c64cfa8090b2de4c9db6753d83deafee
SHA256f93d5eadcc3530aec815fb37c99c85c953508b5768e2cc24fb9b0055d707a9ba
SHA5122105626e9032d430f61ce231adb0fb62a6d97739b2e0e6e93b1e8a99cdc1bc36ad3e3ca03c9ff703bd3aa0791d7e454bbcf799ce7563ad981b7dfc8001456f12