Overview
overview
7Static
static
4pcsx2-v1.6...er.exe
windows7-x64
7pcsx2-v1.6...er.exe
windows10-2004-x64
7$PLUGINSDIR/INetC.dll
windows7-x64
3$PLUGINSDIR/INetC.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$TEMP/PCSX...de.pdf
windows7-x64
1$TEMP/PCSX...de.pdf
windows10-2004-x64
1$TEMP/PCSX...L.html
windows7-x64
1$TEMP/PCSX...L.html
windows10-2004-x64
1$TEMP/PCSX...AQ.pdf
windows7-x64
1$TEMP/PCSX...AQ.pdf
windows10-2004-x64
1$TEMP/PCSX...ll.dll
windows7-x64
1$TEMP/PCSX...ll.dll
windows10-2004-x64
1$TEMP/PCSX...ll.dll
windows7-x64
1$TEMP/PCSX...ll.dll
windows10-2004-x64
1$TEMP/PCSX...X2.dll
windows7-x64
1$TEMP/PCSX...X2.dll
windows10-2004-x64
1$TEMP/PCSX...E2.dll
windows7-x64
1$TEMP/PCSX...E2.dll
windows10-2004-x64
1$TEMP/PCSX...E4.dll
windows7-x64
1$TEMP/PCSX...E4.dll
windows10-2004-x64
1$TEMP/PCSX...ad.dll
windows7-x64
1$TEMP/PCSX...ad.dll
windows10-2004-x64
1$TEMP/PCSX...-X.dll
windows7-x64
1$TEMP/PCSX...-X.dll
windows10-2004-x64
1$TEMP/PCSX...ll.dll
windows7-x64
1$TEMP/PCSX...ll.dll
windows10-2004-x64
1Analysis
-
max time kernel
599s -
max time network
489s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-es -
resource tags
arch:x64arch:x86image:win10v2004-20240412-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
22-04-2024 19:58
Behavioral task
behavioral1
Sample
pcsx2-v1.6.0-windows-32bit-installer.exe
Resource
win7-20240221-es
Behavioral task
behavioral2
Sample
pcsx2-v1.6.0-windows-32bit-installer.exe
Resource
win10v2004-20240412-es
Behavioral task
behavioral3
Sample
$PLUGINSDIR/INetC.dll
Resource
win7-20240221-es
Behavioral task
behavioral4
Sample
$PLUGINSDIR/INetC.dll
Resource
win10v2004-20240412-es
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-es
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-es
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240215-es
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240412-es
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-es
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240412-es
Behavioral task
behavioral11
Sample
$TEMP/PCSX2 1.6.0/Docs/Configuration_Guide.pdf
Resource
win7-20240221-es
Behavioral task
behavioral12
Sample
$TEMP/PCSX2 1.6.0/Docs/Configuration_Guide.pdf
Resource
win10v2004-20240412-es
Behavioral task
behavioral13
Sample
$TEMP/PCSX2 1.6.0/Docs/GPL.html
Resource
win7-20240221-es
Behavioral task
behavioral14
Sample
$TEMP/PCSX2 1.6.0/Docs/GPL.html
Resource
win10v2004-20240412-es
Behavioral task
behavioral15
Sample
$TEMP/PCSX2 1.6.0/Docs/PCSX2_FAQ.pdf
Resource
win7-20240220-es
Behavioral task
behavioral16
Sample
$TEMP/PCSX2 1.6.0/Docs/PCSX2_FAQ.pdf
Resource
win10v2004-20240412-es
Behavioral task
behavioral17
Sample
$TEMP/PCSX2 1.6.0/Plugins/DEV9null.dll
Resource
win7-20231129-es
Behavioral task
behavioral18
Sample
$TEMP/PCSX2 1.6.0/Plugins/DEV9null.dll
Resource
win10v2004-20240412-es
Behavioral task
behavioral19
Sample
$TEMP/PCSX2 1.6.0/Plugins/FWnull.dll
Resource
win7-20231129-es
Behavioral task
behavioral20
Sample
$TEMP/PCSX2 1.6.0/Plugins/FWnull.dll
Resource
win10v2004-20240412-es
Behavioral task
behavioral21
Sample
$TEMP/PCSX2 1.6.0/Plugins/GSdx32-AVX2.dll
Resource
win7-20240221-es
Behavioral task
behavioral22
Sample
$TEMP/PCSX2 1.6.0/Plugins/GSdx32-AVX2.dll
Resource
win10v2004-20240412-es
Behavioral task
behavioral23
Sample
$TEMP/PCSX2 1.6.0/Plugins/GSdx32-SSE2.dll
Resource
win7-20240215-es
Behavioral task
behavioral24
Sample
$TEMP/PCSX2 1.6.0/Plugins/GSdx32-SSE2.dll
Resource
win10v2004-20240412-es
Behavioral task
behavioral25
Sample
$TEMP/PCSX2 1.6.0/Plugins/GSdx32-SSE4.dll
Resource
win7-20231129-es
Behavioral task
behavioral26
Sample
$TEMP/PCSX2 1.6.0/Plugins/GSdx32-SSE4.dll
Resource
win10v2004-20240412-es
Behavioral task
behavioral27
Sample
$TEMP/PCSX2 1.6.0/Plugins/LilyPad.dll
Resource
win7-20240221-es
Behavioral task
behavioral28
Sample
$TEMP/PCSX2 1.6.0/Plugins/LilyPad.dll
Resource
win10v2004-20240412-es
Behavioral task
behavioral29
Sample
$TEMP/PCSX2 1.6.0/Plugins/Spu2-X.dll
Resource
win7-20240220-es
Behavioral task
behavioral30
Sample
$TEMP/PCSX2 1.6.0/Plugins/Spu2-X.dll
Resource
win10v2004-20240412-es
Behavioral task
behavioral31
Sample
$TEMP/PCSX2 1.6.0/Plugins/USBnull.dll
Resource
win7-20231129-es
Behavioral task
behavioral32
Sample
$TEMP/PCSX2 1.6.0/Plugins/USBnull.dll
Resource
win10v2004-20240412-es
General
-
Target
$TEMP/PCSX2 1.6.0/Docs/GPL.html
-
Size
66KB
-
MD5
57d074f08a68b718e897b8abdce2cc2b
-
SHA1
580010894e04c4f6b9203ebb5e5c569ebce12b2e
-
SHA256
a99594610965f8b21c68eba36c0c58204fcc20bde0351df7735eacb4db4a1efa
-
SHA512
e74eba7556cfa4d951fc9f171afc5f14c9afd70e4e9b5f90e69dc3b11a28f802d0110a01272a0a7b14fbcf0b3d54361f5f720d75c7c5b3388d8eb23fbf491e77
-
SSDEEP
768:esMAtFFezqdgi6OcToucw3YrQmtBDj74rqIuJrvuATIv5pqaC1fS8Pq0EA:eEtFBg5TcsYyWIu1TSqaC1D1h
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133582900873725744" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 804 chrome.exe 804 chrome.exe 3320 chrome.exe 3320 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exepid process 804 chrome.exe 804 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe Token: SeShutdownPrivilege 804 chrome.exe Token: SeCreatePagefilePrivilege 804 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe 804 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 804 wrote to memory of 4740 804 chrome.exe chrome.exe PID 804 wrote to memory of 4740 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 1016 804 chrome.exe chrome.exe PID 804 wrote to memory of 3204 804 chrome.exe chrome.exe PID 804 wrote to memory of 3204 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe PID 804 wrote to memory of 2924 804 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\$TEMP\PCSX2 1.6.0\Docs\GPL.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:804 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed28cab58,0x7ffed28cab68,0x7ffed28cab782⤵PID:4740
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1908,i,148961598229868639,4383305996482637409,131072 /prefetch:22⤵PID:1016
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1908,i,148961598229868639,4383305996482637409,131072 /prefetch:82⤵PID:3204
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1908,i,148961598229868639,4383305996482637409,131072 /prefetch:82⤵PID:2924
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1908,i,148961598229868639,4383305996482637409,131072 /prefetch:12⤵PID:1020
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1908,i,148961598229868639,4383305996482637409,131072 /prefetch:12⤵PID:3996
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1908,i,148961598229868639,4383305996482637409,131072 /prefetch:82⤵PID:3148
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1908,i,148961598229868639,4383305996482637409,131072 /prefetch:82⤵PID:1152
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 --field-trial-handle=1908,i,148961598229868639,4383305996482637409,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3320
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4608
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD57c2ff555be51afc7c290110921dc9b7d
SHA1056941ccab1229b147044ff53e1982d49f176f4c
SHA256de62aa7f980465f6fba5cc6a3815a086e53e5a626c549300fca7678121882331
SHA5125001d02d6180ef30b0ef2c92d5137eba6d069f97bcc6783a90b58914e84ab6bbf2b7ff8f0e853a45285c8353bb66b926b1f4069fd53732be188b4bc82334c81e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e4f0957f-3b47-4da8-ba01-0b69ab5293af.tmpFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD562ca5c6bbece386c9cfa24677c03ffad
SHA16655d1477b7eb25a87ec4887da7891f691c1b14c
SHA25675abadbbea755cffb7a201efce5ace5744d931665f53794dc2f730a760c0419d
SHA512fd5982252ca05b2b58c39942900559893c424113b7d0f14f047d5fd14ca476c2e4a4350d2afd54de871870251a1e68160ff3e85dd996a5f3b17033b7ed14569e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d53f10a4-873e-411a-a20b-be6456abf6a9.tmpFilesize
250KB
MD50949c3c991f0e47a8d81852bc35bea2a
SHA159695d492ab5712b63241728e45571e593f29615
SHA2566f75cdaa7a301e8a2c5eb55930c7b2d597dd82c40cc3544fed4d6470734c6134
SHA51202c50e8d418630ad4dc91c8f48b0c2bf2b41778e7e65aada757fc7405c1ca0c88c1e591d4ad160510a6a6775b4f77e31494c284aa8f658127bd8afe6d3b1f01d
-
\??\pipe\crashpad_804_OVISAVKEXMQULFYEMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e