Analysis
-
max time kernel
151s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
11-04-2023 11:54
Behavioral task
behavioral1
Sample
988b262d2e2ac000b368646fe7de1a42.exe
Resource
win7-20230220-en
General
-
Target
988b262d2e2ac000b368646fe7de1a42.exe
-
Size
1.4MB
-
MD5
988b262d2e2ac000b368646fe7de1a42
-
SHA1
750f1a3ff587474b76023831de3db6420daaa954
-
SHA256
de9d367b9e27f1bb4aea0010b370719e7b5147ba4a733a956180ec8142210c4a
-
SHA512
dab5770241f257fe722a24fc24f6dadf522fa60595d000a6591fc7c4d5e40fde016213915f2668e755fdb5d97ddc05e1938a9526c00f6e9e8790862452768008
-
SSDEEP
24576:0GU0HpRGUYHKaPUM0Hqy69NgA+iVvRuPpND5TqJ6y5eXt7dRHA5hESq:/pEUIvU0N9jkpjweXt77g5OH
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Drops file in Program Files directory 10 IoCs
Processes:
988b262d2e2ac000b368646fe7de1a42.exedescription ioc process File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js 988b262d2e2ac000b368646fe7de1a42.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js 988b262d2e2ac000b368646fe7de1a42.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js 988b262d2e2ac000b368646fe7de1a42.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json 988b262d2e2ac000b368646fe7de1a42.exe File opened for modification C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js 988b262d2e2ac000b368646fe7de1a42.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html 988b262d2e2ac000b368646fe7de1a42.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png 988b262d2e2ac000b368646fe7de1a42.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js 988b262d2e2ac000b368646fe7de1a42.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js 988b262d2e2ac000b368646fe7de1a42.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js 988b262d2e2ac000b368646fe7de1a42.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Kills process with taskkill 1 IoCs
Processes:
taskkill.exepid process 264 taskkill.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133256948738878856" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 3696 chrome.exe 3696 chrome.exe 4036 chrome.exe 4036 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
chrome.exepid process 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
988b262d2e2ac000b368646fe7de1a42.exetaskkill.exechrome.exedescription pid process Token: SeCreateTokenPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeAssignPrimaryTokenPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeLockMemoryPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeIncreaseQuotaPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeMachineAccountPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeTcbPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeSecurityPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeTakeOwnershipPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeLoadDriverPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeSystemProfilePrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeSystemtimePrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeProfSingleProcessPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeIncBasePriorityPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeCreatePagefilePrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeCreatePermanentPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeBackupPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeRestorePrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeShutdownPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeDebugPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeAuditPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeSystemEnvironmentPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeChangeNotifyPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeRemoteShutdownPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeUndockPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeSyncAgentPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeEnableDelegationPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeManageVolumePrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeImpersonatePrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeCreateGlobalPrivilege 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: 31 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: 32 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: 33 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: 34 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: 35 4872 988b262d2e2ac000b368646fe7de1a42.exe Token: SeDebugPrivilege 264 taskkill.exe Token: SeShutdownPrivilege 3696 chrome.exe Token: SeCreatePagefilePrivilege 3696 chrome.exe Token: SeShutdownPrivilege 3696 chrome.exe Token: SeCreatePagefilePrivilege 3696 chrome.exe Token: SeShutdownPrivilege 3696 chrome.exe Token: SeCreatePagefilePrivilege 3696 chrome.exe Token: SeShutdownPrivilege 3696 chrome.exe Token: SeCreatePagefilePrivilege 3696 chrome.exe Token: SeShutdownPrivilege 3696 chrome.exe Token: SeCreatePagefilePrivilege 3696 chrome.exe Token: SeShutdownPrivilege 3696 chrome.exe Token: SeCreatePagefilePrivilege 3696 chrome.exe Token: SeShutdownPrivilege 3696 chrome.exe Token: SeCreatePagefilePrivilege 3696 chrome.exe Token: SeShutdownPrivilege 3696 chrome.exe Token: SeCreatePagefilePrivilege 3696 chrome.exe Token: SeShutdownPrivilege 3696 chrome.exe Token: SeCreatePagefilePrivilege 3696 chrome.exe Token: SeShutdownPrivilege 3696 chrome.exe Token: SeCreatePagefilePrivilege 3696 chrome.exe Token: SeShutdownPrivilege 3696 chrome.exe Token: SeCreatePagefilePrivilege 3696 chrome.exe Token: SeShutdownPrivilege 3696 chrome.exe Token: SeCreatePagefilePrivilege 3696 chrome.exe Token: SeShutdownPrivilege 3696 chrome.exe Token: SeCreatePagefilePrivilege 3696 chrome.exe Token: SeShutdownPrivilege 3696 chrome.exe Token: SeCreatePagefilePrivilege 3696 chrome.exe Token: SeShutdownPrivilege 3696 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe 3696 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
988b262d2e2ac000b368646fe7de1a42.execmd.exechrome.exedescription pid process target process PID 4872 wrote to memory of 3568 4872 988b262d2e2ac000b368646fe7de1a42.exe cmd.exe PID 4872 wrote to memory of 3568 4872 988b262d2e2ac000b368646fe7de1a42.exe cmd.exe PID 4872 wrote to memory of 3568 4872 988b262d2e2ac000b368646fe7de1a42.exe cmd.exe PID 3568 wrote to memory of 264 3568 cmd.exe taskkill.exe PID 3568 wrote to memory of 264 3568 cmd.exe taskkill.exe PID 3568 wrote to memory of 264 3568 cmd.exe taskkill.exe PID 4872 wrote to memory of 3696 4872 988b262d2e2ac000b368646fe7de1a42.exe chrome.exe PID 4872 wrote to memory of 3696 4872 988b262d2e2ac000b368646fe7de1a42.exe chrome.exe PID 3696 wrote to memory of 4984 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 4984 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 3740 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 4936 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 4936 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 1312 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 1312 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 1312 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 1312 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 1312 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 1312 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 1312 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 1312 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 1312 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 1312 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 1312 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 1312 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 1312 3696 chrome.exe chrome.exe PID 3696 wrote to memory of 1312 3696 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\988b262d2e2ac000b368646fe7de1a42.exe"C:\Users\Admin\AppData\Local\Temp\988b262d2e2ac000b368646fe7de1a42.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4872 -
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im chrome.exe2⤵
- Suspicious use of WriteProcessMemory
PID:3568 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im chrome.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:264 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3696 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffed9d49758,0x7ffed9d49768,0x7ffed9d497783⤵PID:4984
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1872,i,13957384428884662425,4048496989731592446,131072 /prefetch:23⤵PID:3740
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1872,i,13957384428884662425,4048496989731592446,131072 /prefetch:83⤵PID:4936
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 --field-trial-handle=1872,i,13957384428884662425,4048496989731592446,131072 /prefetch:83⤵PID:1312
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3148 --field-trial-handle=1872,i,13957384428884662425,4048496989731592446,131072 /prefetch:13⤵PID:1240
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3280 --field-trial-handle=1872,i,13957384428884662425,4048496989731592446,131072 /prefetch:13⤵PID:1728
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3808 --field-trial-handle=1872,i,13957384428884662425,4048496989731592446,131072 /prefetch:13⤵PID:4228
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4976 --field-trial-handle=1872,i,13957384428884662425,4048496989731592446,131072 /prefetch:13⤵PID:4324
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5248 --field-trial-handle=1872,i,13957384428884662425,4048496989731592446,131072 /prefetch:83⤵PID:4624
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1872,i,13957384428884662425,4048496989731592446,131072 /prefetch:83⤵PID:3036
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5480 --field-trial-handle=1872,i,13957384428884662425,4048496989731592446,131072 /prefetch:83⤵PID:3804
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 --field-trial-handle=1872,i,13957384428884662425,4048496989731592446,131072 /prefetch:83⤵PID:4528
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 --field-trial-handle=1872,i,13957384428884662425,4048496989731592446,131072 /prefetch:83⤵PID:540
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1872,i,13957384428884662425,4048496989731592446,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:4036
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1104
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
786B
MD59ffe618d587a0685d80e9f8bb7d89d39
SHA18e9cae42c911027aafae56f9b1a16eb8dd7a739c
SHA256a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e
SHA512a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12
-
Filesize
6KB
MD5362695f3dd9c02c83039898198484188
SHA185dcacc66a106feca7a94a42fc43e08c806a0322
SHA25640cfea52dbc50a8a5c250c63d825dcaad3f76e9588f474b3e035b587c912f4ca
SHA512a04dc31a6ffc3bb5d56ba0fb03ecf93a88adc7193a384313d2955701bd99441ddf507aa0ddfc61dfc94f10a7e571b3d6a35980e61b06f98dd9eee424dc594a6f
-
Filesize
13KB
MD54ff108e4584780dce15d610c142c3e62
SHA177e4519962e2f6a9fc93342137dbb31c33b76b04
SHA256fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a
SHA512d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2
-
Filesize
20KB
MD599ba374c567e2168c670b8989df6f171
SHA18c2d6788e28ec86c86adde7c7c70feef951b1095
SHA25624ace24505b72b2dcfb65f69c842c0cc22ec530dfc3c11bbbd124d33e17a94c1
SHA5126b2fbd20aaaa264dbc460c210caf3d7cc44f059364d3a8441d2d87c437774e72fdcd4d2253123b30fc920307c72dd4eca3facbac4e48357f83fd4a1ca132f923
-
Filesize
3KB
MD5c31f14d9b1b840e4b9c851cbe843fc8f
SHA1205e3a99dc6c0af0e2f4450ebaa49ebde8e76bb4
SHA25603601415885fd5d8967c407f7320d53f4c9ca2ec33bbe767d73a1589c5e36c54
SHA5122c3d7ed5384712a0013a2ebbc526e762f257e32199651192742282a9641946b6aea6235d848b1e8cb3b0f916f85d3708a14717a69cbcf081145bc634d11d75aa
-
Filesize
84KB
MD5a09e13ee94d51c524b7e2a728c7d4039
SHA10dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
SHA256160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
SHA512f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a
-
Filesize
604B
MD523231681d1c6f85fa32e725d6d63b19b
SHA1f69315530b49ac743b0e012652a3a5efaed94f17
SHA25603164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a
SHA51236860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2
-
Filesize
268B
MD50f26002ee3b4b4440e5949a969ea7503
SHA131fc518828fe4894e8077ec5686dce7b1ed281d7
SHA256282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d
SHA5124290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11
-
Filesize
1KB
MD505bfb082915ee2b59a7f32fa3cc79432
SHA1c1acd799ae271bcdde50f30082d25af31c1208c3
SHA25604392a223cc358bc79fcd306504e8e834d6febbff0f3496f2eb8451797d28aa1
SHA5126feea1c8112ac33d117aef3f272b1cc42ec24731c51886ed6f8bc2257b91e4d80089e8ca7ce292cc2f39100a7f662bcc5c37e5622a786f8dc8ea46b8127152f3
-
Filesize
1KB
MD58c49058878509d6900980f353207f924
SHA188f0f559cd5b3b2ccbe62df38be29161530657c1
SHA25643881c1b1c419f269b0da0970e815d352435314eaa0b0ae57d47a75ae53cc76f
SHA512917e386154bf2f94cc674adf4d5142569c1633a2e336a6595ec7368abde83dd9e3ff461acb413a1ff9cac7ed4f3b7da80dff25fcd00300fbf2d5513037f4e6cb
-
Filesize
874B
MD5f0f3e613c13f89e552d6a9e4d801bfae
SHA1af5323219a19744649631581724be921df6340e8
SHA256821bbd455a6c82b13e98dc95ce1c2b894c85ed6eb846278d28dcb31ac0e8b6c4
SHA51264bcfc0088619f4427aef697b7d9830cbc109909ce7f129b8456d4fedd94726dd063e8de9e050eb58f6675f9cc49b29a7e6f3853747bc1d8adf4c9ad51dc115c
-
Filesize
874B
MD5700660289f5ba0d228b7947451e18d33
SHA1cdae62e1034eef0011586c204bbf6b500b066d0c
SHA2566b7416b0876df1cefbfc40b19ecacbad2da19dc16a19b7c058546ad9dea47c11
SHA5122362bb3a137d81b466568e861c0001f39a27aaf0a87bbbd1850609dee70339e3c5582420196f549e7394b27769e890eaa4411c9f98aa60cca805c84426c04aec
-
Filesize
874B
MD58168557bff2739b43ea1c0fab0ffcbaa
SHA111fc44d7c86d2838b8dfbaac38edb1aa0f253471
SHA256fc75469a74a7fae3264bf38992d5ba9d40e394354358bdf6098600574bab385d
SHA5128f53d3a4b830d5eda678c302da2ae40f162477153d539ca34f5bdac9bf8d4e933c14f9db2e08c24b3e66627a22450e6fc205c4c6e5b2fe38d11ec1b2a444c416
-
Filesize
874B
MD5219eaea4f09bb96701a1f28dc2ade334
SHA1e4162ea94cfafaaee2d6bac9de3b3af5712c5d10
SHA2568fa53348fd2fd1e547df11118e8762cb31d94b0ec46cbb6ee1ba0709ce22e836
SHA512c78d8f473c3968bb80ef3800dcb949f094141ec8bfd5806c6ba6dbf04974a39d61208a3d89ddb77d9a11cdafeabcb56991dfb3e4353466b2c4655b8f76866322
-
Filesize
6KB
MD57a71bf92a628a8c631eff9789e908e0d
SHA10661473d6ef0755c6148e01ef04778eb3497c888
SHA256da074d638b82e8ee2bfe0ea9595bdca58e470f868fdbdf073380ae682189cdfd
SHA5129d2d3d8b43f0e25e5f7504d1a7f587b9dbe0699103bff92a70abc7ae4c1005dc3e1abd2ad8bd7e68c62b6739455f5ce4f497add9c849f8c778e4f0babebe876f
-
Filesize
6KB
MD518415dd4b1fd7d029795ff124488c22c
SHA115209b375d474f2abf067caa0286586edd8547aa
SHA256934a738509e91630ed8274ec9843194409f0b2fe1f4c861329eedabcfcd32918
SHA512e835a5562d15f2de3d5549e380b0577e2b4a8fe2947a43e39878a48fbb427f62a5b67da4695a515aa84964086d8b1b7dde7a0f66392e045228d32e2d36c6cf6e
-
Filesize
16KB
MD5973e33d24ebbe8b07ab002a2daf45f85
SHA1e763b14aba9e85db3be16d8e3b141c6a0ced99c9
SHA25610e1df46fbc34b42ec83784b6f1acad7a1acaa8c4701b92190b6b8f31de98e51
SHA5128423fc5e8519a5057ce6aa4d61416e801d9ffccb552ce654dec99eef04981e843da0cc6106646ae8c70b09b2c4b6dfd1fa345173f71ffe7d9835e2cc05e42207
-
Filesize
16KB
MD5d34411e853d64d7e4bbea19305285506
SHA11fb2f8a22b61704f2793da4cd8da1481b535d12e
SHA256115a7dc1dda3181b0d4c61acedb6de2fcf2e4cb9a008eea70d5457b8e5fd2d79
SHA5127bf8f2c9419257349ceb3aa643a2f9e9e67740b05f66e8accbc37ea3e757187efde00067c7430fe28bc0e9e4aa8a1e571a40d8ec577b389b3d1fbd6f160c2738
-
Filesize
199KB
MD592d2b42bc87d9b9f873c49ac0c084456
SHA136dd766d90245567414a1d7cb8fa3d84377926cf
SHA25626a39ea5bd9ead283d73fd0c0c21bd973991184c9a08ac0a6dc5a3eb8328dfa4
SHA51261aab7777406a13f26daf681e79a4c15bd1595b524bc8b364a04b14aa7b42d557578d11c3840eac29e9e771f6539001724ff8309514d9822d5c0b6684556f311
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e