Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
11-04-2023 09:34
Behavioral task
behavioral1
Sample
34e399b27b7692adc98320c285ca6c15.exe
Resource
win7-20230220-en
General
-
Target
34e399b27b7692adc98320c285ca6c15.exe
-
Size
1.4MB
-
MD5
34e399b27b7692adc98320c285ca6c15
-
SHA1
7f5b3ac1c873d333177bef853bfdd1ff3094d291
-
SHA256
6f21df339b77595c9a46f1d5f1a5b2e75fb0a94074436595f8d152f4fa54becf
-
SHA512
fc8ecfd726e8972628f1cb733b60a3fb07218b518d18cd75248493d0da5cd37a99c67e79798081d4b509e84cc72b19d82b5115f62047e0712eba77374a58b8d2
-
SSDEEP
24576:4GU0HpRGUYHKaPUM0Hqy69NgA+iVvRuPpND5TqJ6y5eXt7dRPV5hcSq:jpEUIvU0N9jkpjweXt77952H
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Drops file in Program Files directory 10 IoCs
Processes:
34e399b27b7692adc98320c285ca6c15.exedescription ioc process File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png 34e399b27b7692adc98320c285ca6c15.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js 34e399b27b7692adc98320c285ca6c15.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js 34e399b27b7692adc98320c285ca6c15.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js 34e399b27b7692adc98320c285ca6c15.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js 34e399b27b7692adc98320c285ca6c15.exe File opened for modification C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js 34e399b27b7692adc98320c285ca6c15.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html 34e399b27b7692adc98320c285ca6c15.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js 34e399b27b7692adc98320c285ca6c15.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js 34e399b27b7692adc98320c285ca6c15.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json 34e399b27b7692adc98320c285ca6c15.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Kills process with taskkill 1 IoCs
Processes:
taskkill.exepid process 1492 taskkill.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133256864680271382" chrome.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
chrome.exechrome.exepid process 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 1988 chrome.exe 1988 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
chrome.exepid process 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
34e399b27b7692adc98320c285ca6c15.exetaskkill.exechrome.exedescription pid process Token: SeCreateTokenPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeAssignPrimaryTokenPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeLockMemoryPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeIncreaseQuotaPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeMachineAccountPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeTcbPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeSecurityPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeTakeOwnershipPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeLoadDriverPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeSystemProfilePrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeSystemtimePrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeProfSingleProcessPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeIncBasePriorityPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeCreatePagefilePrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeCreatePermanentPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeBackupPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeRestorePrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeShutdownPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeDebugPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeAuditPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeSystemEnvironmentPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeChangeNotifyPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeRemoteShutdownPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeUndockPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeSyncAgentPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeEnableDelegationPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeManageVolumePrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeImpersonatePrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeCreateGlobalPrivilege 4208 34e399b27b7692adc98320c285ca6c15.exe Token: 31 4208 34e399b27b7692adc98320c285ca6c15.exe Token: 32 4208 34e399b27b7692adc98320c285ca6c15.exe Token: 33 4208 34e399b27b7692adc98320c285ca6c15.exe Token: 34 4208 34e399b27b7692adc98320c285ca6c15.exe Token: 35 4208 34e399b27b7692adc98320c285ca6c15.exe Token: SeDebugPrivilege 1492 taskkill.exe Token: SeShutdownPrivilege 4040 chrome.exe Token: SeCreatePagefilePrivilege 4040 chrome.exe Token: SeShutdownPrivilege 4040 chrome.exe Token: SeCreatePagefilePrivilege 4040 chrome.exe Token: SeShutdownPrivilege 4040 chrome.exe Token: SeCreatePagefilePrivilege 4040 chrome.exe Token: SeShutdownPrivilege 4040 chrome.exe Token: SeCreatePagefilePrivilege 4040 chrome.exe Token: SeShutdownPrivilege 4040 chrome.exe Token: SeCreatePagefilePrivilege 4040 chrome.exe Token: SeShutdownPrivilege 4040 chrome.exe Token: SeCreatePagefilePrivilege 4040 chrome.exe Token: SeShutdownPrivilege 4040 chrome.exe Token: SeCreatePagefilePrivilege 4040 chrome.exe Token: SeShutdownPrivilege 4040 chrome.exe Token: SeCreatePagefilePrivilege 4040 chrome.exe Token: SeShutdownPrivilege 4040 chrome.exe Token: SeCreatePagefilePrivilege 4040 chrome.exe Token: SeShutdownPrivilege 4040 chrome.exe Token: SeCreatePagefilePrivilege 4040 chrome.exe Token: SeShutdownPrivilege 4040 chrome.exe Token: SeCreatePagefilePrivilege 4040 chrome.exe Token: SeShutdownPrivilege 4040 chrome.exe Token: SeCreatePagefilePrivilege 4040 chrome.exe Token: SeShutdownPrivilege 4040 chrome.exe Token: SeCreatePagefilePrivilege 4040 chrome.exe Token: SeShutdownPrivilege 4040 chrome.exe Token: SeCreatePagefilePrivilege 4040 chrome.exe Token: SeShutdownPrivilege 4040 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe 4040 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
34e399b27b7692adc98320c285ca6c15.execmd.exechrome.exedescription pid process target process PID 4208 wrote to memory of 3028 4208 34e399b27b7692adc98320c285ca6c15.exe cmd.exe PID 4208 wrote to memory of 3028 4208 34e399b27b7692adc98320c285ca6c15.exe cmd.exe PID 4208 wrote to memory of 3028 4208 34e399b27b7692adc98320c285ca6c15.exe cmd.exe PID 3028 wrote to memory of 1492 3028 cmd.exe taskkill.exe PID 3028 wrote to memory of 1492 3028 cmd.exe taskkill.exe PID 3028 wrote to memory of 1492 3028 cmd.exe taskkill.exe PID 4208 wrote to memory of 4040 4208 34e399b27b7692adc98320c285ca6c15.exe chrome.exe PID 4208 wrote to memory of 4040 4208 34e399b27b7692adc98320c285ca6c15.exe chrome.exe PID 4040 wrote to memory of 3836 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 3836 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4408 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 2592 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 2592 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4564 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4564 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4564 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4564 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4564 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4564 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4564 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4564 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4564 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4564 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4564 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4564 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4564 4040 chrome.exe chrome.exe PID 4040 wrote to memory of 4564 4040 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\34e399b27b7692adc98320c285ca6c15.exe"C:\Users\Admin\AppData\Local\Temp\34e399b27b7692adc98320c285ca6c15.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4208 -
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im chrome.exe2⤵
- Suspicious use of WriteProcessMemory
PID:3028 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im chrome.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1492 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4040 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffcad549758,0x7ffcad549768,0x7ffcad5497783⤵PID:3836
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=1840,i,11624318116234368128,12216026456614656278,131072 /prefetch:23⤵PID:4408
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1840,i,11624318116234368128,12216026456614656278,131072 /prefetch:83⤵PID:2592
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1840,i,11624318116234368128,12216026456614656278,131072 /prefetch:83⤵PID:4564
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3184 --field-trial-handle=1840,i,11624318116234368128,12216026456614656278,131072 /prefetch:13⤵PID:4808
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1840,i,11624318116234368128,12216026456614656278,131072 /prefetch:13⤵PID:5108
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3860 --field-trial-handle=1840,i,11624318116234368128,12216026456614656278,131072 /prefetch:13⤵PID:4712
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5056 --field-trial-handle=1840,i,11624318116234368128,12216026456614656278,131072 /prefetch:13⤵PID:1416
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5212 --field-trial-handle=1840,i,11624318116234368128,12216026456614656278,131072 /prefetch:83⤵PID:3336
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5344 --field-trial-handle=1840,i,11624318116234368128,12216026456614656278,131072 /prefetch:83⤵PID:4228
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5332 --field-trial-handle=1840,i,11624318116234368128,12216026456614656278,131072 /prefetch:83⤵PID:996
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 --field-trial-handle=1840,i,11624318116234368128,12216026456614656278,131072 /prefetch:83⤵PID:1052
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1840,i,11624318116234368128,12216026456614656278,131072 /prefetch:83⤵PID:4208
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2992 --field-trial-handle=1840,i,11624318116234368128,12216026456614656278,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:1988
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:736
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
786B
MD59ffe618d587a0685d80e9f8bb7d89d39
SHA18e9cae42c911027aafae56f9b1a16eb8dd7a739c
SHA256a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e
SHA512a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12
-
Filesize
6KB
MD5362695f3dd9c02c83039898198484188
SHA185dcacc66a106feca7a94a42fc43e08c806a0322
SHA25640cfea52dbc50a8a5c250c63d825dcaad3f76e9588f474b3e035b587c912f4ca
SHA512a04dc31a6ffc3bb5d56ba0fb03ecf93a88adc7193a384313d2955701bd99441ddf507aa0ddfc61dfc94f10a7e571b3d6a35980e61b06f98dd9eee424dc594a6f
-
Filesize
13KB
MD54ff108e4584780dce15d610c142c3e62
SHA177e4519962e2f6a9fc93342137dbb31c33b76b04
SHA256fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a
SHA512d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2
-
Filesize
20KB
MD5490a058a5f4a3e8482bc49735209d325
SHA11914dd11d8b24a64fa9dd3f6b97a173bbc890eb6
SHA2563244f32bb213ecbe31458bcdeec7ef1e898d4ac9c3801e5bab92ca289109991f
SHA512770f487e34fc18548131ffc52add10e923482cee3f0ac16b8f7180c06e7a3d0b5a0d29211b56b913574bf3ba9eba2f865db4fa48efaf387bc2037a27745d44a7
-
Filesize
3KB
MD5c31f14d9b1b840e4b9c851cbe843fc8f
SHA1205e3a99dc6c0af0e2f4450ebaa49ebde8e76bb4
SHA25603601415885fd5d8967c407f7320d53f4c9ca2ec33bbe767d73a1589c5e36c54
SHA5122c3d7ed5384712a0013a2ebbc526e762f257e32199651192742282a9641946b6aea6235d848b1e8cb3b0f916f85d3708a14717a69cbcf081145bc634d11d75aa
-
Filesize
84KB
MD5a09e13ee94d51c524b7e2a728c7d4039
SHA10dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
SHA256160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
SHA512f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a
-
Filesize
604B
MD523231681d1c6f85fa32e725d6d63b19b
SHA1f69315530b49ac743b0e012652a3a5efaed94f17
SHA25603164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a
SHA51236860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2
-
Filesize
268B
MD50f26002ee3b4b4440e5949a969ea7503
SHA131fc518828fe4894e8077ec5686dce7b1ed281d7
SHA256282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d
SHA5124290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11
-
Filesize
1KB
MD505bfb082915ee2b59a7f32fa3cc79432
SHA1c1acd799ae271bcdde50f30082d25af31c1208c3
SHA25604392a223cc358bc79fcd306504e8e834d6febbff0f3496f2eb8451797d28aa1
SHA5126feea1c8112ac33d117aef3f272b1cc42ec24731c51886ed6f8bc2257b91e4d80089e8ca7ce292cc2f39100a7f662bcc5c37e5622a786f8dc8ea46b8127152f3
-
Filesize
1KB
MD5d1bdc41dd55a1600aa44886821e1bc08
SHA1d5b4cf56b168bb54cc8450b9c4a32592b9d4e74c
SHA25635abca80a6a5565c96cab9e33841b60ccec1ab8ac3e8733efda8511f58bed7e2
SHA5124c1624894bdda9227191f7115f76c551bdc368aae84685ff3f3b4c712bc77862b81f7181c2850407481d239d9b0254471e01d9a141bc48f3ad5170782f59c52b
-
Filesize
874B
MD519f7299807d5e284200555b31f0670d5
SHA1729b814afaf583f196dc123f727e5a38c1631dd9
SHA256def24c5533f9800bb7a23b06b0309044c92b488830fbb929b01da507ae2bd6f5
SHA51269ea75d9a78ad404b3525fd7a1241a1853c6a5bd73cec3a0fba1b8af03d6e0cb65e451bea3758aa9b36b1765c88b6b52689dcc4982a66d4731df6f2d02d3ede8
-
Filesize
874B
MD5ddb655d08b043abc6efb7b3bdadb631e
SHA1127713c0f46871306746c3add504ab8c4062a4a6
SHA256801c7c25c64c1fe49e57179b3d2577c1b54539c4c6eb9a1c713e979a4f0e4b62
SHA51260db79cfe5f110cc72883820689b99ad11b5d1a38b15e8d38d34b7f6dde6eb41d79ba7e8ccd2573a352be6d3660d88da75c4976a58c41299b9ced7611f226960
-
Filesize
874B
MD57bc4921a0837c88fa138821635ab80cd
SHA14ee1178bf87e43057832f32f2c6d2fd22e1db9cb
SHA256fc14cca42a062c7134f3f06c807e4c42dd9ef2973fac696701dda0876dc43edc
SHA5128cbd28bdc875b6b1062f5771424f2bba1475440f111179200c1dc8c4ded643e03136ec26b5ca9672a7d916cef5e09d95601012424517e96b20b2dd33d4087625
-
Filesize
874B
MD525fdda8e086f1a6226861323cb6c8c99
SHA1fc687f79c47eb6f80f26b4ac2a8be42e055cd00a
SHA25603b99c21c78a436415d3589e2baaacb15d069c4340a7046c1435b2ddd444d2ee
SHA512ede874b28d23a656cb20ddf85fb839775f7d36f4d69f23cc7a57ad86e55db348cde3d3f67dfe8a83d71f0dce4d2f1ae7bf910ed233d2bff76d8e773c98c1dd15
-
Filesize
6KB
MD5f8fd0172093695ba2ed8adfb44b58a26
SHA1e7758474b73b087d4162d88ce30a13c8adf2c071
SHA2565a1860318a55cded7e2d77685cf482eec86f8ec1dfb5896a0843f41c4cb35bcf
SHA512eff1abebe9e47cc673c42818e59d44e7342bf197de2354008f4b0431d476331382d21fa75499a3386bafe8454a85a95eb92565dbe5ecae5110845451b0047d12
-
Filesize
6KB
MD5c5c2fc4f1c22693845aa373c203fd947
SHA13d18d80b5a5f2d2a7a111c5328d1eb54806cd785
SHA25614b7cbc2b8b85ee20436536eb7e8f3b8f2fa9b7adc93eefe80b6fd9a6c7c1ffe
SHA5126303e71d2e77d0a07deffb12816a938bef45208f3f456daf19b907671bb5afdf955344cf20337e01468432824f13786ec6a383a4ee1d568874cf88fa7d84df5c
-
Filesize
16KB
MD56065f2f2841e056b648742b96f23533c
SHA1ff00abfc1427177624cc4bf0ada3e0d082f02141
SHA25632aba359f1b91e23a972b738c9d8132d001743afc653bda5a0adeab1648ab78a
SHA51287a5d64fdca9cbacb8fdc031db31ac4825e6df7951bdf1652516379404f3aa13ff94578e8887623fd00c358a3c58c81dd0d6d85699482599f7599e05e21fbd76
-
Filesize
16KB
MD5f7ebdc83f7461f09ba86936e634d8626
SHA193b0cfa4e57428437318d1f1e8d5c70f68f20f65
SHA256bf1be3148edee5f68407fc7e9ee20cac3c3bb3691ce777904ccf9fb90be26f84
SHA51202fd62312cfb7c370a05366495b19f71d277a4d4660941e6d210ac15ca0652b0ec06ec24ccb2e5ee4251c62da9b76ff1603448b317b236ce44d0682a91b9813b
-
Filesize
199KB
MD5d27fdb2c0d23d98f291e63c5762a78e3
SHA1dd41bdb7a0a3154c36556704fd9701568e3c0b39
SHA256d972bbab708f88e81716c156f944923fc8a048e42022da83eee0e7804ca0f28e
SHA512156f3aead2765e909d61293d6f1feb3f70f4bae9a9f691d620e1501ea7f3f569162ec47e7347d5ec8f92775f242d8b7800ceaeeaf977495792a40b37e0561764
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e