Overview
overview
7Static
static
7Buff Achie...er.exe
windows10-2004-x64
7$PLUGINSDI...p.html
windows10-2004-x64
1$PLUGINSDI...x.html
windows10-2004-x64
1$PLUGINSDI...app.js
windows10-2004-x64
1$PLUGINSDI...uts.js
windows10-2004-x64
1$PLUGINSDI...dle.js
windows10-2004-x64
1$PLUGINSDI...min.js
windows10-2004-x64
1$PLUGINSDI...nel.js
windows10-2004-x64
1$PLUGINSDI...ons.js
windows10-2004-x64
1$PLUGINSDI...ics.js
windows10-2004-x64
1$PLUGINSDI...nds.js
windows10-2004-x64
1$PLUGINSDI...ies.js
windows10-2004-x64
1$PLUGINSDI...ate.js
windows10-2004-x64
1$PLUGINSDI...der.js
windows10-2004-x64
1$PLUGINSDI...ils.js
windows10-2004-x64
1$PLUGINSDI...ler.js
windows10-2004-x64
1$PLUGINSDI...ate.js
windows10-2004-x64
1$PLUGINSDI...ler.js
windows10-2004-x64
1$PLUGINSDI...ate.js
windows10-2004-x64
1$PLUGINSDI...ler.js
windows10-2004-x64
1$PLUGINSDI...ate.js
windows10-2004-x64
1$PLUGINSDI...ler.js
windows10-2004-x64
1$PLUGINSDI...ate.js
windows10-2004-x64
1$PLUGINSDI...ler.js
windows10-2004-x64
1$PLUGINSDI...ler.js
windows10-2004-x64
1$PLUGINSDI...ate.js
windows10-2004-x64
1$PLUGINSDI...ler.js
windows10-2004-x64
1$PLUGINSDI...ate.js
windows10-2004-x64
1$PLUGINSDI...ler.js
windows10-2004-x64
1$PLUGINSDI...ate.js
windows10-2004-x64
1$PLUGINSDI...ate.js
windows10-2004-x64
1$PLUGINSDI...ler.js
windows10-2004-x64
1Analysis
-
max time kernel
1799s -
max time network
1759s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
22-02-2024 18:21
Behavioral task
behavioral1
Sample
Buff Achievement Tracker - Installer.exe
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
$PLUGINSDIR/app/cmp.html
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/app/index.html
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/app/js/app.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/app/js/block_inputs.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/app/js/libs/cmp.bundle.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/app/js/libs/jquery-1.10.2.min.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/app/js/libs/mixpanel.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/app/js/models/notifications.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/app/js/utils/analytics.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$PLUGINSDIR/app/js/utils/commands.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
$PLUGINSDIR/app/js/utils/cookies.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$PLUGINSDIR/app/js/utils/modal-events-delegate.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
$PLUGINSDIR/app/js/utils/strings-loader.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$PLUGINSDIR/app/js/utils/utils.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
$PLUGINSDIR/app/js/windows/cri/cri-controller.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
$PLUGINSDIR/app/js/windows/cri/template.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
$PLUGINSDIR/app/js/windows/finish-with-recommended-app/finish-with-recommended-app-controller.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
$PLUGINSDIR/app/js/windows/finish-with-recommended-app/template.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
$PLUGINSDIR/app/js/windows/finish/finish-controller.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
$PLUGINSDIR/app/js/windows/finish/template.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
$PLUGINSDIR/app/js/windows/main/main-controller.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
$PLUGINSDIR/app/js/windows/main/template.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
$PLUGINSDIR/app/js/windows/modal/modal-controller.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
$PLUGINSDIR/app/js/windows/privacy/privacy-controller.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
$PLUGINSDIR/app/js/windows/privacy/template.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
$PLUGINSDIR/app/js/windows/progress/progress-1-controller.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
$PLUGINSDIR/app/js/windows/progress/template.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
$PLUGINSDIR/app/js/windows/settings/settings-controller.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
$PLUGINSDIR/app/js/windows/settings/template.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
$PLUGINSDIR/app/js/windows/welcome/template.js
Resource
win10v2004-20240221-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
$PLUGINSDIR/app/js/windows/welcome/welcome-controller.js
Resource
win10v2004-20240221-en
windows10-2004-x64
General
-
Target
$PLUGINSDIR/app/index.html
-
Size
20KB
-
MD5
2822a4d01b4f0d0299207626845c6ce2
-
SHA1
a02ca32d5eb26ea382692acf4973dbc3b230dfd0
-
SHA256
1f16a65e36c0ee3ec05c4478b12552e89b5ab5cb4863e69823912ee6c429161b
-
SHA512
9f8fd6a8f8a6c915a3c826b66cdf6d5e49a920c5cff9f71ce09d9f8009177a8a9ace886920575b5d14dfca2d6a0f275851162d6b206aa65cfb75bba94e86571e
-
SSDEEP
192:8sdqpDNDPkFHmY74+/qmtRCtmK8W9I2gHHMlxh8B39LJ/Hab48JgJnc5w/93mJ8G:+WNaM8UnbjPkZ9+mppH3
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133530997254656845" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2496 chrome.exe 2496 chrome.exe 1948 chrome.exe 1948 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2496 chrome.exe 2496 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeCreatePagefilePrivilege 2496 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2496 wrote to memory of 1736 2496 chrome.exe 51 PID 2496 wrote to memory of 1736 2496 chrome.exe 51 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 1880 2496 chrome.exe 90 PID 2496 wrote to memory of 3640 2496 chrome.exe 92 PID 2496 wrote to memory of 3640 2496 chrome.exe 92 PID 2496 wrote to memory of 4196 2496 chrome.exe 91 PID 2496 wrote to memory of 4196 2496 chrome.exe 91 PID 2496 wrote to memory of 4196 2496 chrome.exe 91 PID 2496 wrote to memory of 4196 2496 chrome.exe 91 PID 2496 wrote to memory of 4196 2496 chrome.exe 91 PID 2496 wrote to memory of 4196 2496 chrome.exe 91 PID 2496 wrote to memory of 4196 2496 chrome.exe 91 PID 2496 wrote to memory of 4196 2496 chrome.exe 91 PID 2496 wrote to memory of 4196 2496 chrome.exe 91 PID 2496 wrote to memory of 4196 2496 chrome.exe 91 PID 2496 wrote to memory of 4196 2496 chrome.exe 91 PID 2496 wrote to memory of 4196 2496 chrome.exe 91 PID 2496 wrote to memory of 4196 2496 chrome.exe 91 PID 2496 wrote to memory of 4196 2496 chrome.exe 91 PID 2496 wrote to memory of 4196 2496 chrome.exe 91 PID 2496 wrote to memory of 4196 2496 chrome.exe 91 PID 2496 wrote to memory of 4196 2496 chrome.exe 91 PID 2496 wrote to memory of 4196 2496 chrome.exe 91 PID 2496 wrote to memory of 4196 2496 chrome.exe 91 PID 2496 wrote to memory of 4196 2496 chrome.exe 91 PID 2496 wrote to memory of 4196 2496 chrome.exe 91 PID 2496 wrote to memory of 4196 2496 chrome.exe 91
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\index.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2496 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeb5619758,0x7ffeb5619768,0x7ffeb56197782⤵PID:1736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1884,i,5678076106763834246,3062685596829435517,131072 /prefetch:22⤵PID:1880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1884,i,5678076106763834246,3062685596829435517,131072 /prefetch:82⤵PID:4196
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1884,i,5678076106763834246,3062685596829435517,131072 /prefetch:82⤵PID:3640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1884,i,5678076106763834246,3062685596829435517,131072 /prefetch:12⤵PID:1236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1884,i,5678076106763834246,3062685596829435517,131072 /prefetch:12⤵PID:4000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1884,i,5678076106763834246,3062685596829435517,131072 /prefetch:82⤵PID:4644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1884,i,5678076106763834246,3062685596829435517,131072 /prefetch:82⤵PID:4364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3744 --field-trial-handle=1884,i,5678076106763834246,3062685596829435517,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1948
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1712
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5ea781c2a6efdac25ea5444af5f63237e
SHA1c24260e0eec85095f65e0566f3f210b943aa06d6
SHA256d1021a3b9ac3132a58a434a21b6985150b9aece3323e6f747af79aa17a62e682
SHA512ca428e704595c6a17d7a8634e8693ae74c1e178a721f46d92ac01d92c543f5c3a608cd19be2d7fe151fa202946b6bdc41216c720719575f4c776bf73f0a698bf
-
Filesize
537B
MD50d1b282612e49e2e6359a7d52bc0ab59
SHA1023aa0a797c7fe507c3ca4d6f20a9dfad4fabb9a
SHA25627458b4bc008264509d30b2cb71a8d06e06c726ebc5107522a5ff3e6d4cf6162
SHA51272afcfa9e62716a3dc7c5fa06031c54a8f260fa4c50ef090b8d8fde1dbc1da95ded82be80ba18f7ad0da2d70634a5d10087a22dd9bfa5a999ca65654e126a6e4
-
Filesize
6KB
MD50b6682de820cdcde3e5d84f8f19f12f7
SHA1d5736de65be77931d71592fce512a1fc4da1d509
SHA25624e4b18741b023a38ff94628ae79559f01927ba606eda04291a69ae6b104e91e
SHA512e1d1963ceebefb9e64552af8d1ff3000e415acfd6505e9028d673fc3496ad120ba66735dad7229ea254b049323a9ca22b3ef555e8e4b561051af6a25dfaea4fd
-
Filesize
6KB
MD521ed6e0d3d4cfe56fb6c4abf8e3adda2
SHA1ba5a1b98c16bfadc580fb489c4af864d797fb1d4
SHA256e1407077118b6ae72d64a2cfecb8cd9c65d7d3c6b43133dc9040d8fd31588c58
SHA512aa1acd60ecd8ee4613b33d9e3cbd826b67513b306700fd72e99e5df20d89a16f43112b9ef59127b9ee996e3f602a33ffb79d07ead6dd69b2999caf8ea993813b
-
Filesize
130KB
MD5dc3a357fe117aa45edc1271273bde42f
SHA1a7f16b242bbb2c809c1d7dd032e53d8e0f071515
SHA256f0d60c3cec4af4cb36f7a2d7a16aedbcee6790ed02297b3e85a9fca797f3dab2
SHA512ec1a92068b905dc6ca454165fed1793781e70256beae9896cd457810cc2e1f4616b82e4f186effc976d6db5fb2d6a58c1bd1b5238861bfa845c1cf675ff00164
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd