Overview
overview
6Static
static
3Evon.zip
windows10-1703-x64
1Evon/Evon....re.dll
windows10-1703-x64
3Evon/FluxAPI.dll
windows10-1703-x64
1Evon/Fluxt...PI.dll
windows10-1703-x64
1Evon/KrnlAPI.dll
windows10-1703-x64
1Evon/Oxygen API.dll
windows10-1703-x64
1Evon/bin/Monaco.html
windows10-1703-x64
6Evon/bin/v...ain.js
windows10-1703-x64
1Evon/bin/v...bat.js
windows10-1703-x64
1Evon/bin/v...fee.js
windows10-1703-x64
1Evon/bin/v...cpp.js
windows10-1703-x64
1Evon/bin/v...arp.js
windows10-1703-x64
1Evon/bin/v...csp.js
windows10-1703-x64
1Evon/bin/v...css.js
windows10-1703-x64
1Evon/bin/v...ile.js
windows10-1703-x64
1Evon/bin/v...arp.js
windows10-1703-x64
1Evon/bin/v.../go.js
windows10-1703-x64
1Evon/bin/v...ars.js
windows10-1703-x64
1Evon/bin/v...tml.js
windows10-1703-x64
1Evon/bin/v...ini.js
windows10-1703-x64
1Evon/bin/v...ava.js
windows10-1703-x64
1Evon/bin/v...ess.js
windows10-1703-x64
1Evon/bin/v...lua.js
windows10-1703-x64
1Evon/bin/v...own.js
windows10-1703-x64
1Evon/bin/v...dax.js
windows10-1703-x64
1Evon/bin/v...sql.js
windows10-1703-x64
1Evon/bin/v...e-c.js
windows10-1703-x64
1Evon/bin/v...6x.svg
windows10-1703-x64
1Evon/bin/v...6x.svg
windows10-1703-x64
1Evon/bin/v...in.css
windows10-1703-x64
3Evon/bin/v...te.svg
windows10-1703-x64
1Evon/version.data
windows10-1703-x64
3Analysis
-
max time kernel
613s -
max time network
618s -
platform
windows10-1703_x64 -
resource
win10-20230220-es -
resource tags
arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows -
submitted
26/05/2023, 11:27
Static task
static1
Behavioral task
behavioral1
Sample
Evon.zip
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral2
Sample
Evon/Evon.exe.WebView2/EBWebView/Speech Recognition/1.15.0.1/Microsoft.CognitiveServices.Speech.core.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral3
Sample
Evon/FluxAPI.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral4
Sample
Evon/Fluxteam_net_API.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral5
Sample
Evon/KrnlAPI.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral6
Sample
Evon/Oxygen API.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral7
Sample
Evon/bin/Monaco.html
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral8
Sample
Evon/bin/vs/base/worker/workerMain.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral9
Sample
Evon/bin/vs/basic-languages/bat/bat.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral10
Sample
Evon/bin/vs/basic-languages/coffee/coffee.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral11
Sample
Evon/bin/vs/basic-languages/cpp/cpp.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral12
Sample
Evon/bin/vs/basic-languages/csharp/csharp.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral13
Sample
Evon/bin/vs/basic-languages/csp/csp.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral14
Sample
Evon/bin/vs/basic-languages/css/css.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral15
Sample
Evon/bin/vs/basic-languages/dockerfile/dockerfile.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral16
Sample
Evon/bin/vs/basic-languages/fsharp/fsharp.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral17
Sample
Evon/bin/vs/basic-languages/go/go.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral18
Sample
Evon/bin/vs/basic-languages/handlebars/handlebars.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral19
Sample
Evon/bin/vs/basic-languages/html/html.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral20
Sample
Evon/bin/vs/basic-languages/ini/ini.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral21
Sample
Evon/bin/vs/basic-languages/java/java.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral22
Sample
Evon/bin/vs/basic-languages/less/less.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral23
Sample
Evon/bin/vs/basic-languages/lua/lua.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral24
Sample
Evon/bin/vs/basic-languages/markdown/markdown.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral25
Sample
Evon/bin/vs/basic-languages/msdax/msdax.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral26
Sample
Evon/bin/vs/basic-languages/mysql/mysql.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral27
Sample
Evon/bin/vs/basic-languages/objective-c/objective-c.js
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral28
Sample
Evon/bin/vs/editor/contrib/suggest/media/String_16x.svg
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral29
Sample
Evon/bin/vs/editor/contrib/suggest/media/String_inverse_16x.svg
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral30
Sample
Evon/bin/vs/editor/editor.main.css
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral31
Sample
Evon/bin/vs/editor/standalone/browser/quickOpen/symbol-sprite.svg
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral32
Sample
Evon/version.data
Resource
win10-20230220-es
windows10-1703-x64
General
-
Target
Evon/bin/vs/editor/standalone/browser/quickOpen/symbol-sprite.svg
-
Size
20KB
-
MD5
649fb0a55b0e0fc9d79e6b7872a14c10
-
SHA1
b33619c9dfd65d3f2e5a5fcb767a752123d51607
-
SHA256
fcc3026b97068f3d9e1743d36ca26b96ffdbcd2841fa9d804caccc4f249911c8
-
SHA512
3fb4b07e9313b69c84f887c9ca0464e4c8d06a98a8f2ad7d0b48452d068bd526004c21633d0279b4b5e17ad882acf8c7e99b4c3e7650be43b495b670a87d0cbd
-
SSDEEP
384:cyPJZCcKWPJuCNoSmvcar1PNY6g2HdSjEc3/WD3:DCdCNkvcaQ6x9SjES/W7
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133295819904551979" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3984 chrome.exe 3984 chrome.exe 4976 chrome.exe 4976 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3984 chrome.exe 3984 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe Token: SeShutdownPrivilege 3984 chrome.exe Token: SeCreatePagefilePrivilege 3984 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe 3984 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3984 wrote to memory of 4076 3984 chrome.exe 66 PID 3984 wrote to memory of 4076 3984 chrome.exe 66 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2180 3984 chrome.exe 69 PID 3984 wrote to memory of 2076 3984 chrome.exe 68 PID 3984 wrote to memory of 2076 3984 chrome.exe 68 PID 3984 wrote to memory of 372 3984 chrome.exe 70 PID 3984 wrote to memory of 372 3984 chrome.exe 70 PID 3984 wrote to memory of 372 3984 chrome.exe 70 PID 3984 wrote to memory of 372 3984 chrome.exe 70 PID 3984 wrote to memory of 372 3984 chrome.exe 70 PID 3984 wrote to memory of 372 3984 chrome.exe 70 PID 3984 wrote to memory of 372 3984 chrome.exe 70 PID 3984 wrote to memory of 372 3984 chrome.exe 70 PID 3984 wrote to memory of 372 3984 chrome.exe 70 PID 3984 wrote to memory of 372 3984 chrome.exe 70 PID 3984 wrote to memory of 372 3984 chrome.exe 70 PID 3984 wrote to memory of 372 3984 chrome.exe 70 PID 3984 wrote to memory of 372 3984 chrome.exe 70 PID 3984 wrote to memory of 372 3984 chrome.exe 70 PID 3984 wrote to memory of 372 3984 chrome.exe 70 PID 3984 wrote to memory of 372 3984 chrome.exe 70 PID 3984 wrote to memory of 372 3984 chrome.exe 70 PID 3984 wrote to memory of 372 3984 chrome.exe 70 PID 3984 wrote to memory of 372 3984 chrome.exe 70 PID 3984 wrote to memory of 372 3984 chrome.exe 70 PID 3984 wrote to memory of 372 3984 chrome.exe 70 PID 3984 wrote to memory of 372 3984 chrome.exe 70
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\Evon\bin\vs\editor\standalone\browser\quickOpen\symbol-sprite.svg1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3984 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbe0be9758,0x7ffbe0be9768,0x7ffbe0be97782⤵PID:4076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1864 --field-trial-handle=1796,i,4404809319349478392,13737949717903930904,131072 /prefetch:82⤵PID:2076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1796,i,4404809319349478392,13737949717903930904,131072 /prefetch:22⤵PID:2180
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1796,i,4404809319349478392,13737949717903930904,131072 /prefetch:82⤵PID:372
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1796,i,4404809319349478392,13737949717903930904,131072 /prefetch:12⤵PID:2968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1796,i,4404809319349478392,13737949717903930904,131072 /prefetch:12⤵PID:4856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1796,i,4404809319349478392,13737949717903930904,131072 /prefetch:82⤵PID:3748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1796,i,4404809319349478392,13737949717903930904,131072 /prefetch:82⤵PID:3712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1796,i,4404809319349478392,13737949717903930904,131072 /prefetch:82⤵PID:3752
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 --field-trial-handle=1796,i,4404809319349478392,13737949717903930904,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4976
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3892
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9f7725eb-60cf-40b3-b0ef-b8959cef9605.tmp
Filesize5KB
MD5996760e8123485feb2c37055c753879d
SHA17dff0d686584fee803e72b2ed9ad7b3e0be78d17
SHA25609e4f35fe42121ff3597d85889041a66d5afc5f5e861a2939a31c16480cc8990
SHA5124f6cbe19148b0195bc8cc7f8e0e35087394cbe3b1341271d25fee0813e002be4a0bfde53782a6cfef006036828092d89b5aeefc5f1a9dc1fe5aa02e7a342c0af
-
Filesize
688B
MD547001b4b13ebb0c822faa8717e0941ae
SHA1a17e4745b98068dbdac30c0268077ce0ee41ae9d
SHA256410c1c5e4f4edca51dbe05f54d73fa032035fbf2fa5fdee1c7c455999c04425c
SHA5121ad3bf25d583504b3f76b3d392b817666064842861c03037d7c94d04f61c8cf18aa5eb9d95abb3d8313e9869942202ef571232f6f05dd70dd46673aaf80d1798
-
Filesize
884B
MD5e359d58c03d803a5e99314f1ed29c379
SHA1ff0541bb7a87cb4ffec4dd070b71fe6fbb7ce949
SHA2568ec9d6698a4e5de99b14b067775732302386313ca5ef5e50b2011ef36058b419
SHA512b2437dce4b1a7de0ca66ec07409ca7846b5d0b11842ee383224744e2c573f658b6ce3a0bf27beb5107f084e5e1039973056bff9e84cd44658e25a140499cbbc7
-
Filesize
1KB
MD5bcd53aaece5c7deafe675bacbf8eb4e8
SHA19bfe0a03329fa6978d8cd8f0ea8d57765dd8e125
SHA2565cb6aa00e7458b50e3c42a5fd1ae3e44fe1f40fd683fae7a0631e6257436322e
SHA5123ca9f1c008cfe61b7b219dbcd8a3faf0d5045482905f033e2df8aaf98bb6fcad58d2c73b868d43b4d492c8dbe2497143efe5ee615c5af1c0aceb21bd41ead0fa
-
Filesize
5KB
MD5a57b742529a5230628969d1d41ff32fd
SHA1045311fd217a8f10f9b803136e1afdd0fb9759de
SHA256e88ff6939f87f1732f279184b982320ae34b2ac42519deab91315b4130aa93ce
SHA5129e4a3d38561b2e8b23ea0d0bfa11c9cd48091c917c5545971dcd2c0949eb9eba1dde84c415984ad7a8427eb3eb2e64a4837747a241d3d1f01ef8952d36a5d5b2
-
Filesize
5KB
MD5643b07fbcea8a9d775ee21719d0b0e61
SHA1e2a5b0741a79ab85acaa8c99c900fc3fc11f6cea
SHA256eab82068f40fe900045a78e4a2cec0916f540588a6ad959c5369cc0d79271b69
SHA51270eef511fc3b2b0036c44014b22b288506f12d1bddd6f608d3e569e6d5e5e3c020a8dc300a3945f0eaca074a250c22e537b2aa9d0284d8a59b41104cd2783298
-
Filesize
12KB
MD582120043b403d7cd9be28dde0be56dbc
SHA1fd4c127ea23822253f355b67f8d5cd924c5bfad7
SHA25633fbb15e52e914a63e33a375b36bab522bc0b49c1032916d90195706297f246e
SHA5120bf873383a6388b623b1a3c186cd4fa02765272cd2e004be65e794a3ced2de9aaeebc4d58356c2fdb069eb5ac41f7a7107b0075baa2d251e1cdd9567d4abb577
-
Filesize
153KB
MD5e1da6a79953b970dc1187e1b4f3b545d
SHA1f5b91ef5cf9918546e8bda9ed66da2ffe72eb1e3
SHA256b87f5c7bb081e6e675825546abca9502b88f62186a48b19d7dbdf993612fcd08
SHA51251bc68a568dbfcef1785ddc4d4d21c0f412458b74b8ba81d63fe9839861897bd53863e6dece5bc8468056739ebf6a3ecf8b0f2e0f7cb533b5bc6b7221810da37
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd