Analysis
-
max time kernel
151s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
09-04-2023 07:25
Behavioral task
behavioral1
Sample
d9debe7e5f375b0805f2ba69d72ea7dc.exe
Resource
win7-20230220-en
General
-
Target
d9debe7e5f375b0805f2ba69d72ea7dc.exe
-
Size
1.4MB
-
MD5
d9debe7e5f375b0805f2ba69d72ea7dc
-
SHA1
0ca9f4e0aa6c5d325d1327fd05431bc1aa991087
-
SHA256
96b5469438c87bd1db7e3628aa8dccf5bbcbc187e39bba8c7e2a89859d4ab096
-
SHA512
a2160ffa3eba8b6d15c3e99d9d739c3aab2c62dd6ab8f0400376e3f3d434eb172e88003e3d4b6afb66c01207f85011586e2644db46b4bf506b5c5c28c82c25a0
-
SSDEEP
24576:PGU0HpRGUYHKaPUM0Hay69NgA+iVvRuPpND5TqJ6y5eXt7dRfE5hAS+:OpEUIvUkN9jkpjweXt7785iL
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Drops file in Program Files directory 10 IoCs
Processes:
d9debe7e5f375b0805f2ba69d72ea7dc.exedescription ioc process File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png d9debe7e5f375b0805f2ba69d72ea7dc.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js d9debe7e5f375b0805f2ba69d72ea7dc.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js d9debe7e5f375b0805f2ba69d72ea7dc.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json d9debe7e5f375b0805f2ba69d72ea7dc.exe File opened for modification C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js d9debe7e5f375b0805f2ba69d72ea7dc.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html d9debe7e5f375b0805f2ba69d72ea7dc.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js d9debe7e5f375b0805f2ba69d72ea7dc.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js d9debe7e5f375b0805f2ba69d72ea7dc.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js d9debe7e5f375b0805f2ba69d72ea7dc.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js d9debe7e5f375b0805f2ba69d72ea7dc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Kills process with taskkill 1 IoCs
Processes:
taskkill.exepid process 2360 taskkill.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133254987275307941" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 4432 chrome.exe 4432 chrome.exe 3028 chrome.exe 3028 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
chrome.exepid process 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
d9debe7e5f375b0805f2ba69d72ea7dc.exetaskkill.exechrome.exedescription pid process Token: SeCreateTokenPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeAssignPrimaryTokenPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeLockMemoryPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeIncreaseQuotaPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeMachineAccountPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeTcbPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeSecurityPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeTakeOwnershipPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeLoadDriverPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeSystemProfilePrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeSystemtimePrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeProfSingleProcessPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeIncBasePriorityPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeCreatePagefilePrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeCreatePermanentPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeBackupPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeRestorePrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeShutdownPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeDebugPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeAuditPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeSystemEnvironmentPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeChangeNotifyPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeRemoteShutdownPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeUndockPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeSyncAgentPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeEnableDelegationPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeManageVolumePrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeImpersonatePrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeCreateGlobalPrivilege 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: 31 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: 32 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: 33 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: 34 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: 35 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe Token: SeDebugPrivilege 2360 taskkill.exe Token: SeShutdownPrivilege 4432 chrome.exe Token: SeCreatePagefilePrivilege 4432 chrome.exe Token: SeShutdownPrivilege 4432 chrome.exe Token: SeCreatePagefilePrivilege 4432 chrome.exe Token: SeShutdownPrivilege 4432 chrome.exe Token: SeCreatePagefilePrivilege 4432 chrome.exe Token: SeShutdownPrivilege 4432 chrome.exe Token: SeCreatePagefilePrivilege 4432 chrome.exe Token: SeShutdownPrivilege 4432 chrome.exe Token: SeCreatePagefilePrivilege 4432 chrome.exe Token: SeShutdownPrivilege 4432 chrome.exe Token: SeCreatePagefilePrivilege 4432 chrome.exe Token: SeShutdownPrivilege 4432 chrome.exe Token: SeCreatePagefilePrivilege 4432 chrome.exe Token: SeShutdownPrivilege 4432 chrome.exe Token: SeCreatePagefilePrivilege 4432 chrome.exe Token: SeShutdownPrivilege 4432 chrome.exe Token: SeCreatePagefilePrivilege 4432 chrome.exe Token: SeShutdownPrivilege 4432 chrome.exe Token: SeCreatePagefilePrivilege 4432 chrome.exe Token: SeShutdownPrivilege 4432 chrome.exe Token: SeCreatePagefilePrivilege 4432 chrome.exe Token: SeShutdownPrivilege 4432 chrome.exe Token: SeCreatePagefilePrivilege 4432 chrome.exe Token: SeShutdownPrivilege 4432 chrome.exe Token: SeCreatePagefilePrivilege 4432 chrome.exe Token: SeShutdownPrivilege 4432 chrome.exe Token: SeCreatePagefilePrivilege 4432 chrome.exe Token: SeShutdownPrivilege 4432 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe 4432 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
d9debe7e5f375b0805f2ba69d72ea7dc.execmd.exechrome.exedescription pid process target process PID 368 wrote to memory of 3424 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe cmd.exe PID 368 wrote to memory of 3424 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe cmd.exe PID 368 wrote to memory of 3424 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe cmd.exe PID 3424 wrote to memory of 2360 3424 cmd.exe taskkill.exe PID 3424 wrote to memory of 2360 3424 cmd.exe taskkill.exe PID 3424 wrote to memory of 2360 3424 cmd.exe taskkill.exe PID 368 wrote to memory of 4432 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe chrome.exe PID 368 wrote to memory of 4432 368 d9debe7e5f375b0805f2ba69d72ea7dc.exe chrome.exe PID 4432 wrote to memory of 488 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 488 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1896 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1488 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 1488 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 2648 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 2648 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 2648 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 2648 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 2648 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 2648 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 2648 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 2648 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 2648 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 2648 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 2648 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 2648 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 2648 4432 chrome.exe chrome.exe PID 4432 wrote to memory of 2648 4432 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d9debe7e5f375b0805f2ba69d72ea7dc.exe"C:\Users\Admin\AppData\Local\Temp\d9debe7e5f375b0805f2ba69d72ea7dc.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:368 -
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im chrome.exe2⤵
- Suspicious use of WriteProcessMemory
PID:3424 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im chrome.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2360 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4432 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff865809758,0x7ff865809768,0x7ff8658097783⤵PID:488
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1816,i,11615545925093857880,10815334578908866949,131072 /prefetch:23⤵PID:1896
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1816,i,11615545925093857880,10815334578908866949,131072 /prefetch:83⤵PID:1488
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1816,i,11615545925093857880,10815334578908866949,131072 /prefetch:83⤵PID:2648
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3208 --field-trial-handle=1816,i,11615545925093857880,10815334578908866949,131072 /prefetch:13⤵PID:1400
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3336 --field-trial-handle=1816,i,11615545925093857880,10815334578908866949,131072 /prefetch:13⤵PID:1444
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3972 --field-trial-handle=1816,i,11615545925093857880,10815334578908866949,131072 /prefetch:13⤵PID:3216
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5116 --field-trial-handle=1816,i,11615545925093857880,10815334578908866949,131072 /prefetch:13⤵PID:4916
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4112 --field-trial-handle=1816,i,11615545925093857880,10815334578908866949,131072 /prefetch:83⤵PID:444
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5276 --field-trial-handle=1816,i,11615545925093857880,10815334578908866949,131072 /prefetch:83⤵PID:436
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1816,i,11615545925093857880,10815334578908866949,131072 /prefetch:83⤵PID:4728
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 --field-trial-handle=1816,i,11615545925093857880,10815334578908866949,131072 /prefetch:83⤵PID:5028
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4976 --field-trial-handle=1816,i,11615545925093857880,10815334578908866949,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:3028
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:560
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
786B
MD59ffe618d587a0685d80e9f8bb7d89d39
SHA18e9cae42c911027aafae56f9b1a16eb8dd7a739c
SHA256a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e
SHA512a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12
-
Filesize
6KB
MD5362695f3dd9c02c83039898198484188
SHA185dcacc66a106feca7a94a42fc43e08c806a0322
SHA25640cfea52dbc50a8a5c250c63d825dcaad3f76e9588f474b3e035b587c912f4ca
SHA512a04dc31a6ffc3bb5d56ba0fb03ecf93a88adc7193a384313d2955701bd99441ddf507aa0ddfc61dfc94f10a7e571b3d6a35980e61b06f98dd9eee424dc594a6f
-
Filesize
13KB
MD54ff108e4584780dce15d610c142c3e62
SHA177e4519962e2f6a9fc93342137dbb31c33b76b04
SHA256fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a
SHA512d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2
-
Filesize
20KB
MD5ba9402921cad402c92b27f51ddbfedbd
SHA1d03049626c21941d50b5b318d0c5437d0a1a0ba1
SHA256d00c41a7801f6f52a047b768958d8f2cfaea1788450466d46743d166b7d798a2
SHA5120cd1c0dc870d1991d5dc11c6f9e2e5f9bacf65171d1c6ac7301d6d50cfebf36ad1042908d3c5c90d38ff3f449b8e87a4adc6a3b7cd02f6461cd04901b87be28b
-
Filesize
3KB
MD5c31f14d9b1b840e4b9c851cbe843fc8f
SHA1205e3a99dc6c0af0e2f4450ebaa49ebde8e76bb4
SHA25603601415885fd5d8967c407f7320d53f4c9ca2ec33bbe767d73a1589c5e36c54
SHA5122c3d7ed5384712a0013a2ebbc526e762f257e32199651192742282a9641946b6aea6235d848b1e8cb3b0f916f85d3708a14717a69cbcf081145bc634d11d75aa
-
Filesize
84KB
MD5a09e13ee94d51c524b7e2a728c7d4039
SHA10dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
SHA256160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
SHA512f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a
-
Filesize
604B
MD523231681d1c6f85fa32e725d6d63b19b
SHA1f69315530b49ac743b0e012652a3a5efaed94f17
SHA25603164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a
SHA51236860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2
-
Filesize
268B
MD50f26002ee3b4b4440e5949a969ea7503
SHA131fc518828fe4894e8077ec5686dce7b1ed281d7
SHA256282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d
SHA5124290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11
-
Filesize
1KB
MD505bfb082915ee2b59a7f32fa3cc79432
SHA1c1acd799ae271bcdde50f30082d25af31c1208c3
SHA25604392a223cc358bc79fcd306504e8e834d6febbff0f3496f2eb8451797d28aa1
SHA5126feea1c8112ac33d117aef3f272b1cc42ec24731c51886ed6f8bc2257b91e4d80089e8ca7ce292cc2f39100a7f662bcc5c37e5622a786f8dc8ea46b8127152f3
-
Filesize
1KB
MD5f2a857adea024c1e7be0096b5d66dd17
SHA1cc83fa592d056d9200d272a96036888a109c5a42
SHA256030cdb49f80883fbd0a2fe89cd9b4c5275b547840ea14fe01edc130f2ece3e37
SHA5127d0669e95e502a14a425e55b8626b88f54ab220d10b530069b7b6f487d9e45eed39a053698dfad3a4cc42d4d34e8d919cb5daa0ed1cf493fb952387a818ef037
-
Filesize
874B
MD538f9bac7f48ac2138fe6cfbe054efcb4
SHA173c68faeb98270f14a2a9992fb4d12221788bff3
SHA256fa4a74f6b659c240b6c8bbedf76cc2869d711b2885387dedb55296da5945555b
SHA512760f8f63c1661c1cf3828416d9d906097884eff9e70fd688c76a1a9070643e2f33415650e03e9d78fadb0b750e6dad7e9204e0d15d753fe74de963bd4452eb48
-
Filesize
874B
MD514c37ce9e0a2f56e450bdafbcb45c504
SHA1bf3163913b8ce84c4d69f9c8c77768e7c9a544f5
SHA25620ad1a9cf8d605dd62524b18f1aa42f4999189d2b0a18beafe8f1f3d1e7bba87
SHA5120903480b0578c2f70755c098cad446e4a2fd93436a0f740bcb182c2a170b2f8f388d6fdebfeac541ad3bfca563dd30b859fd2faad60a97b954f8714c5b0b35c5
-
Filesize
874B
MD54aa9268d3dfff598829b666bafe5f781
SHA13a031afb33fcc2052fc048ce8dd8bef016497aa4
SHA256a2f001e86f5c8e4d2e4f55b62eb25f0b249235e89ffb8b09668b2f5de478e848
SHA5128e0604c0bd259fc4ab55636f1f7f22f5b31b7715f6dfb661c5dcf672f374067d1268fd3d6e2f205ccb4fc52e2470bf29d80e864dd37a906b84ff816eabf7bad6
-
Filesize
874B
MD58a223d08fc7f128472030450930d9fc9
SHA139fb27aaad0ce9d2c830ac90ea04532d5b3e2b43
SHA25628e3851e1c7b004fca29129812b069d24dac289cb2bf59226bafb03014bb4161
SHA512b707099ed264fc3fdde6ba3b4411c61ff77df7944bd3a4c66a9ae6984105be815d7b9fa4759ee230049883597c800d133c5077e55f09868825aa34ffd35f7a62
-
Filesize
5KB
MD5becf6050b2d93f8287323d038c495690
SHA1f8832f2883ecd1f2d82e480724363641242ec6d4
SHA256776fcbae41a18c07b7bf19071eedba602e6bcaf184b0ba7192b5fc2577eed7e7
SHA512145aa8f07e8e81d9f0884591f624e1df8a6fce5221b301fafed8a306554dd034484713e96ad5eff743089de3460a9abc0888fe7db74b1fedac316ce8a7e93bb0
-
Filesize
5KB
MD53c62618323cd19ee92a50c870f07887d
SHA173892ba214b2cb630561cf57c176c5082facebe8
SHA256894b80de1fa3f6216043687a4b7b7e97e86af4ef3ba76496a10643ebd63cf71a
SHA512ae695314efaca6f78a8c85864b903da91cbbd56150e5e1645f755c2fe5dfc31c84634d09464a8831b5b8170b9b71653fb20bab0352e93e08cc5c0f41118d54e6
-
Filesize
5KB
MD5e048b4b45579008d90368ee2229cab72
SHA1f1b4a0239986457e83f6ccf9a9ec289e01296027
SHA256b4712a12f481dd9eca94906b38f0a35aee9041022660b97b5f260490331855f3
SHA512f1393fd31cd5d0ca26dea9f6a8851df43241a3339c4c149e06f508af39a1b35167df61e8e615376a06a6f73d566ef66bf10c5b7de4e8993eda020d6ccd875955
-
Filesize
11KB
MD52bd089522b71dd2e6569cf4dbd69b222
SHA1a2b4409d48376f611aa238341e60f4a19f9625f6
SHA256147f6798ad4cbc68c2404f343db9a3cd4140c3a503233d9c5bf92be4500c6009
SHA512359037169c91a500df98a13aae3194d1685ba503e6d9545d7473574cb38265821bb364f45b7138c1b81e087e73c8aca8b17837e6510a575571eb78735845152c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c597c9df-4fb1-48ca-9828-bf90d8a2d26d.tmp
Filesize11KB
MD550946888df1f28e14cbd7501be8b3640
SHA120f08ff5e25de15c6b2c859b58086f5094bbd471
SHA256a164bb0407892cfaf0c338fdc6b0444ecaecf26c62a6ae0550bf7ecf5c1b5547
SHA512893c1dd7b8b5f4f2fcbdfcb1030dc5c162cdb326aad6186cb35bb602eaac7697052c13ddba9c1a5cf6f61146cc58945b6515d933f6a109254f81509d27af1201
-
Filesize
200KB
MD5af72d2c643d1a0abc7b50fdfb8444387
SHA12cfed7b5a01ab9550074c1f7d1d83e0026baf0e6
SHA2564502304b442af5928d5adb0d9d881d2f59eb67311616a4dfa74681b341a90267
SHA512626e5067050425f884e9a5488cad2cae4895ed25816de71af648a48b24ff239316bec5d7cbd5a1aeadfb0c37a02b7ee71b8c0427f9b29c95277fb15a28a2a0f0
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e