Overview
overview
6Static
static
3Evon.zip
windows10-1703-x64
1Evon/Evon....re.dll
windows10-1703-x64
3Evon/FluxAPI.dll
windows10-1703-x64
1Evon/Fluxt...PI.dll
windows10-1703-x64
1Evon/KrnlAPI.dll
windows10-1703-x64
1Evon/Oxygen API.dll
windows10-1703-x64
1Evon/bin/Monaco.html
windows10-1703-x64
6Evon/bin/v...ain.js
windows10-1703-x64
1Evon/bin/v...bat.js
windows10-1703-x64
1Evon/bin/v...fee.js
windows10-1703-x64
1Evon/bin/v...cpp.js
windows10-1703-x64
1Evon/bin/v...arp.js
windows10-1703-x64
1Evon/bin/v...csp.js
windows10-1703-x64
1Evon/bin/v...css.js
windows10-1703-x64
1Evon/bin/v...ile.js
windows10-1703-x64
1Evon/bin/v...arp.js
windows10-1703-x64
1Evon/bin/v.../go.js
windows10-1703-x64
1Evon/bin/v...ars.js
windows10-1703-x64
1Evon/bin/v...tml.js
windows10-1703-x64
1Evon/bin/v...ini.js
windows10-1703-x64
1Evon/bin/v...ava.js
windows10-1703-x64
1Evon/bin/v...ess.js
windows10-1703-x64
1Evon/bin/v...lua.js
windows10-1703-x64
1Evon/bin/v...own.js
windows10-1703-x64
1Evon/bin/v...dax.js
windows10-1703-x64
1Evon/bin/v...sql.js
windows10-1703-x64
1Evon/bin/v...e-c.js
windows10-1703-x64
1Evon/bin/v...6x.svg
windows10-1703-x64
1Evon/bin/v...6x.svg
windows10-1703-x64
1Evon/bin/v...in.css
windows10-1703-x64
3Evon/bin/v...te.svg
windows10-1703-x64
1Evon/version.data
windows10-1703-x64
3Analysis
-
max time kernel
600s -
max time network
495s -
platform
windows10-1703_x64 -
resource
win10-20230220-es -
resource tags
arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows -
submitted
26/05/2023, 11:27
Static task
static1
Behavioral task
behavioral1
Sample
Evon.zip
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral2
Sample
Evon/Evon.exe.WebView2/EBWebView/Speech Recognition/1.15.0.1/Microsoft.CognitiveServices.Speech.core.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral3
Sample
Evon/FluxAPI.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral4
Sample
Evon/Fluxteam_net_API.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral5
Sample
Evon/KrnlAPI.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral6
Sample
Evon/Oxygen API.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral7
Sample
Evon/bin/Monaco.html
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral8
Sample
Evon/bin/vs/base/worker/workerMain.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral9
Sample
Evon/bin/vs/basic-languages/bat/bat.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral10
Sample
Evon/bin/vs/basic-languages/coffee/coffee.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral11
Sample
Evon/bin/vs/basic-languages/cpp/cpp.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral12
Sample
Evon/bin/vs/basic-languages/csharp/csharp.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral13
Sample
Evon/bin/vs/basic-languages/csp/csp.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral14
Sample
Evon/bin/vs/basic-languages/css/css.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral15
Sample
Evon/bin/vs/basic-languages/dockerfile/dockerfile.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral16
Sample
Evon/bin/vs/basic-languages/fsharp/fsharp.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral17
Sample
Evon/bin/vs/basic-languages/go/go.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral18
Sample
Evon/bin/vs/basic-languages/handlebars/handlebars.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral19
Sample
Evon/bin/vs/basic-languages/html/html.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral20
Sample
Evon/bin/vs/basic-languages/ini/ini.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral21
Sample
Evon/bin/vs/basic-languages/java/java.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral22
Sample
Evon/bin/vs/basic-languages/less/less.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral23
Sample
Evon/bin/vs/basic-languages/lua/lua.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral24
Sample
Evon/bin/vs/basic-languages/markdown/markdown.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral25
Sample
Evon/bin/vs/basic-languages/msdax/msdax.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral26
Sample
Evon/bin/vs/basic-languages/mysql/mysql.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral27
Sample
Evon/bin/vs/basic-languages/objective-c/objective-c.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral28
Sample
Evon/bin/vs/editor/contrib/suggest/media/String_16x.svg
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral29
Sample
Evon/bin/vs/editor/contrib/suggest/media/String_inverse_16x.svg
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral30
Sample
Evon/bin/vs/editor/editor.main.css
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral31
Sample
Evon/bin/vs/editor/standalone/browser/quickOpen/symbol-sprite.svg
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral32
Sample
Evon/version.data
Resource
win10-20230220-es
windows10-1703-x64
General
-
Target
Evon/bin/vs/editor/contrib/suggest/media/String_16x.svg
-
Size
4KB
-
MD5
48e754cb54c78a85dcc9aaea9a27847e
-
SHA1
8d79b23037deb6586e4954305dcb4caee14afbd2
-
SHA256
d1aa361f33564e8f9d527a01a66c7ce35d73f23417432e80ddf51f562770ee79
-
SHA512
f6d902b5c73b59636cb71d4019ff45cb77532bf22aab28a8314697e24a62163a94140c97495ad5ce421c09c26e4bcbfe5a815eae27e945c51ccd80c2ba9c3a77
-
SSDEEP
48:CnN6wkEX+c9Vlt4AFCj93Z0hDC7hSBnukNyhDFtrJGuG2XvS+yZCahDC7hSBnhKm:zJWFCMcfkCFGE6+yZCacJImkArbbqrAm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133295747411893762" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1172 chrome.exe 1172 chrome.exe 4304 chrome.exe 4304 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1172 chrome.exe 1172 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1172 wrote to memory of 1268 1172 chrome.exe 66 PID 1172 wrote to memory of 1268 1172 chrome.exe 66 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4448 1172 chrome.exe 69 PID 1172 wrote to memory of 4636 1172 chrome.exe 68 PID 1172 wrote to memory of 4636 1172 chrome.exe 68 PID 1172 wrote to memory of 4644 1172 chrome.exe 70 PID 1172 wrote to memory of 4644 1172 chrome.exe 70 PID 1172 wrote to memory of 4644 1172 chrome.exe 70 PID 1172 wrote to memory of 4644 1172 chrome.exe 70 PID 1172 wrote to memory of 4644 1172 chrome.exe 70 PID 1172 wrote to memory of 4644 1172 chrome.exe 70 PID 1172 wrote to memory of 4644 1172 chrome.exe 70 PID 1172 wrote to memory of 4644 1172 chrome.exe 70 PID 1172 wrote to memory of 4644 1172 chrome.exe 70 PID 1172 wrote to memory of 4644 1172 chrome.exe 70 PID 1172 wrote to memory of 4644 1172 chrome.exe 70 PID 1172 wrote to memory of 4644 1172 chrome.exe 70 PID 1172 wrote to memory of 4644 1172 chrome.exe 70 PID 1172 wrote to memory of 4644 1172 chrome.exe 70 PID 1172 wrote to memory of 4644 1172 chrome.exe 70 PID 1172 wrote to memory of 4644 1172 chrome.exe 70 PID 1172 wrote to memory of 4644 1172 chrome.exe 70 PID 1172 wrote to memory of 4644 1172 chrome.exe 70 PID 1172 wrote to memory of 4644 1172 chrome.exe 70 PID 1172 wrote to memory of 4644 1172 chrome.exe 70 PID 1172 wrote to memory of 4644 1172 chrome.exe 70 PID 1172 wrote to memory of 4644 1172 chrome.exe 70
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\Evon\bin\vs\editor\contrib\suggest\media\String_16x.svg1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1172 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd90209758,0x7ffd90209768,0x7ffd902097782⤵PID:1268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 --field-trial-handle=1808,i,15349730791685577179,7509948540026657516,131072 /prefetch:82⤵PID:4636
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1808,i,15349730791685577179,7509948540026657516,131072 /prefetch:22⤵PID:4448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1808,i,15349730791685577179,7509948540026657516,131072 /prefetch:82⤵PID:4644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1808,i,15349730791685577179,7509948540026657516,131072 /prefetch:12⤵PID:4844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1808,i,15349730791685577179,7509948540026657516,131072 /prefetch:12⤵PID:1432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1808,i,15349730791685577179,7509948540026657516,131072 /prefetch:82⤵PID:2176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1808,i,15349730791685577179,7509948540026657516,131072 /prefetch:82⤵PID:3048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3732 --field-trial-handle=1808,i,15349730791685577179,7509948540026657516,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4304
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3716
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5ccd1fda67ceda6afcf8deadcc56832a7
SHA1f33bf7c634abae8d2264fa157c95c9fbafb6db31
SHA256f5f79d6b1d87bd5897ca3e8ef4fb2a5667d67d14b6ffa6d63053eb3e6d6a258a
SHA51255cc86fb6a3afe32d271485c06f7f64d265af745c3bc7ce166f5cbf4906107d58b1e013af2351ff027cd30fc944820000ee6a7e2ab7d171b36b76fda823ac31b
-
Filesize
5KB
MD580c1ed6cbb7c428ff19ab69fcf42a20a
SHA12532e02004c282101a623a4f3b4b6c6272b777fa
SHA25659726742f5c244e56c10b76b236e9fe3bf62bdd476028abab294436362f55524
SHA51212b9c435fc1ae2d3ba4d9dc18180187e9f3cc9d3bc23301320d45d0b48de7db6a29d11662461fbf946f2c12933cfa3cf958efd54c1a9daed5c1bea32dca6fcc5
-
Filesize
5KB
MD581558208a348dc08879f5d8a1addce45
SHA163ee952443befb1eb1cdde21d11bedacfff7bd8e
SHA256d499ca7ad3111766cebb51f1bab6d90127ed8112bca8788c6e41063ca3aaf99e
SHA512068b4d7f8416881b9296df59acfbbe8cc5c3c297a3e866e295eeb01123c89c3c1c4f6ef2009b980e35944cea3cd1beaae3d866cdea3147c3620c040b9b89fe34
-
Filesize
153KB
MD5d974a5eb68303c02305121fc33dec595
SHA1da89cbf3a0a576e568b5d907c9b4994fb6ea7898
SHA25601ba7b615f7aded64dbb234d5e54f693882db465832aefa1ac966b49b41338eb
SHA51233a810487cf2d6bd6ae6aa79bb659ba2a5297761c3169261ed3d363b893b07bfbd6b272720119b209379eca0b458e853f918f4e78e1ab32637e1d4fa2c040f11
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd