Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
30/05/2024, 01:53
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://click.egifter.com/?t=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZXNzYWdlaWQiOiIyYTM1MDkzOS1jNWRlLTQ5ZjctOTNlZS00YTdlNTQwNGM4NWEiLCJsaW5rIjoiaHR0cHM6Ly9jbGFpbXMuc3RvcmVkdmFsdWUuY29tL2NsYWltL2dpZnQvNjRiNDk0Y2ItZWEyYy00MzYzLWExMTAtMDA2NWUwOWZmMGZjL0lDSkpWUTVRVXdkQVV3MWVCQUZXV0VjQUF3WWZVVXhBWFVaU0N3SlhYZzFRV0VOTUFGb0lYMThBUVFGZFFWTUgwP2xhbmc9ZW4tVVMmY3VsdHVyZT1lbi1VUyIsImVudiI6ImVnbSJ9.YViUFURw11wT1fmwkwQLV2_KCXL0XYDPWL4nkLA_-RhEpgW_6M8VCa2AZ303JSCtfg9tnrk7WQF79OhlKG4J-hA6T7XKMnkPE8ByWjE7XnSIVHlsBvWPZpVMcBdYVehvPuu4QQPJHXRo4gEz20Dt-BQ0PJZj8JQtDAgWVGMfRjAR3EpAyE-qdkl_5RFJVaFQMUUnaMaeQLixvH1JmA_TtjDa_kFeysL2CeourHvhb0N1u4O_nTgIfGbh0tOL05niDq96MCgVqc1kkwzCW8_DGjHWTqM9FwFkJzKiVRKtqmvPYuR0dikjkFyegqP1JjAHskJUT_Ruqv4Sd4xC7Rwong
Resource
win10v2004-20240508-en
General
-
Target
https://click.egifter.com/?t=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZXNzYWdlaWQiOiIyYTM1MDkzOS1jNWRlLTQ5ZjctOTNlZS00YTdlNTQwNGM4NWEiLCJsaW5rIjoiaHR0cHM6Ly9jbGFpbXMuc3RvcmVkdmFsdWUuY29tL2NsYWltL2dpZnQvNjRiNDk0Y2ItZWEyYy00MzYzLWExMTAtMDA2NWUwOWZmMGZjL0lDSkpWUTVRVXdkQVV3MWVCQUZXV0VjQUF3WWZVVXhBWFVaU0N3SlhYZzFRV0VOTUFGb0lYMThBUVFGZFFWTUgwP2xhbmc9ZW4tVVMmY3VsdHVyZT1lbi1VUyIsImVudiI6ImVnbSJ9.YViUFURw11wT1fmwkwQLV2_KCXL0XYDPWL4nkLA_-RhEpgW_6M8VCa2AZ303JSCtfg9tnrk7WQF79OhlKG4J-hA6T7XKMnkPE8ByWjE7XnSIVHlsBvWPZpVMcBdYVehvPuu4QQPJHXRo4gEz20Dt-BQ0PJZj8JQtDAgWVGMfRjAR3EpAyE-qdkl_5RFJVaFQMUUnaMaeQLixvH1JmA_TtjDa_kFeysL2CeourHvhb0N1u4O_nTgIfGbh0tOL05niDq96MCgVqc1kkwzCW8_DGjHWTqM9FwFkJzKiVRKtqmvPYuR0dikjkFyegqP1JjAHskJUT_Ruqv4Sd4xC7Rwong
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133615076084573123" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{FD9797A7-DD50-4399-A7F2-3B2A6D4DB5B5} chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 952 chrome.exe 952 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4264 wrote to memory of 1148 4264 chrome.exe 83 PID 4264 wrote to memory of 1148 4264 chrome.exe 83 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 3412 4264 chrome.exe 84 PID 4264 wrote to memory of 4756 4264 chrome.exe 85 PID 4264 wrote to memory of 4756 4264 chrome.exe 85 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86 PID 4264 wrote to memory of 608 4264 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://click.egifter.com/?t=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZXNzYWdlaWQiOiIyYTM1MDkzOS1jNWRlLTQ5ZjctOTNlZS00YTdlNTQwNGM4NWEiLCJsaW5rIjoiaHR0cHM6Ly9jbGFpbXMuc3RvcmVkdmFsdWUuY29tL2NsYWltL2dpZnQvNjRiNDk0Y2ItZWEyYy00MzYzLWExMTAtMDA2NWUwOWZmMGZjL0lDSkpWUTVRVXdkQVV3MWVCQUZXV0VjQUF3WWZVVXhBWFVaU0N3SlhYZzFRV0VOTUFGb0lYMThBUVFGZFFWTUgwP2xhbmc9ZW4tVVMmY3VsdHVyZT1lbi1VUyIsImVudiI6ImVnbSJ9.YViUFURw11wT1fmwkwQLV2_KCXL0XYDPWL4nkLA_-RhEpgW_6M8VCa2AZ303JSCtfg9tnrk7WQF79OhlKG4J-hA6T7XKMnkPE8ByWjE7XnSIVHlsBvWPZpVMcBdYVehvPuu4QQPJHXRo4gEz20Dt-BQ0PJZj8JQtDAgWVGMfRjAR3EpAyE-qdkl_5RFJVaFQMUUnaMaeQLixvH1JmA_TtjDa_kFeysL2CeourHvhb0N1u4O_nTgIfGbh0tOL05niDq96MCgVqc1kkwzCW8_DGjHWTqM9FwFkJzKiVRKtqmvPYuR0dikjkFyegqP1JjAHskJUT_Ruqv4Sd4xC7Rwong1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4264 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b835ab58,0x7ff9b835ab68,0x7ff9b835ab782⤵PID:1148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1928,i,2622157117193993047,14834247325482857978,131072 /prefetch:22⤵PID:3412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1928,i,2622157117193993047,14834247325482857978,131072 /prefetch:82⤵PID:4756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1928,i,2622157117193993047,14834247325482857978,131072 /prefetch:82⤵PID:608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1928,i,2622157117193993047,14834247325482857978,131072 /prefetch:12⤵PID:2364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1928,i,2622157117193993047,14834247325482857978,131072 /prefetch:12⤵PID:3416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4132 --field-trial-handle=1928,i,2622157117193993047,14834247325482857978,131072 /prefetch:12⤵PID:4116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1928,i,2622157117193993047,14834247325482857978,131072 /prefetch:82⤵PID:3724
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4572 --field-trial-handle=1928,i,2622157117193993047,14834247325482857978,131072 /prefetch:82⤵PID:5016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1928,i,2622157117193993047,14834247325482857978,131072 /prefetch:82⤵
- Modifies registry class
PID:3176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1928,i,2622157117193993047,14834247325482857978,131072 /prefetch:82⤵PID:1976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1928,i,2622157117193993047,14834247325482857978,131072 /prefetch:82⤵PID:1396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1928,i,2622157117193993047,14834247325482857978,131072 /prefetch:82⤵PID:3916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1928,i,2622157117193993047,14834247325482857978,131072 /prefetch:82⤵PID:2160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3488 --field-trial-handle=1928,i,2622157117193993047,14834247325482857978,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:952
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4544
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD585f1fe3682e063b8492526293dffb214
SHA1283bb0760e1fce3900fcb1b014d337522f88a915
SHA25609282857838001ac69ecb824f4202b5d7895f4892714bc9f129fac579abc7faf
SHA512b9831a526020b699d5bfb0019a993620e3ae387a7986a402027b85a7140f51d1f11b632959ffd100190807fd461e16991bf6e530f7b9904b85b583ca73595caf
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
3KB
MD5913021538db5a16ff28bb00e0a0557ee
SHA1ae0cc5ea2a3308374d3dfd7d39f1846b26a3e1f2
SHA2560740e94f2a67011a37864a8d242ca4bae67ec0235abcb6addb36b9a45e28e3f6
SHA512eb655efba41cfecb29434be49d34c47604585652995fca207dc77ea3e963840f14235394f3cb88d07d9d0670e3978249f88a0ffc58877163f9b4e5b4dc757e7d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD509c5d01486f83127eb4449fd1e9f1954
SHA1e08f280c097c6b55c1b984b09a1f7ac6cdb59476
SHA2564c873b4bacee7d31ecdd616d9aba7be9bd6e156909480a6d8b0b9f38b53ca58b
SHA51269bf3212586f65ed3cf21bbeedfce498f5b5df5b747f5fca219e96efbff3df31a89984c8ac6a20515055c85cbd7427178fd28361f781207ede1cb4478e694717
-
Filesize
7KB
MD5b6ef36f19cc7da6fd1c40bd68e3c7b9e
SHA17958bdec9236ea0a04f1f395324aad7392cb4b94
SHA256f8c3d26a1122812ebaaffe0696efb5413aa42d106b69a83266fa2b575d4cf91c
SHA512de707833c9a9608e73053cf4864dcdd4e40ef3846d80ad300efa3541af8ce91ba1bfc0bfea0f386664a1d2ec0506a70ad8ca83b1c8debd656c2fe68a962e6d0b
-
Filesize
7KB
MD5118530fd982592c90b46fd52477ccd90
SHA1e010f3656a62aac2f1f5088a31da3e1b68316447
SHA256d6f89a1aeeafe8484f11c64ba12e4a82daf7cf795a204d554b0038bb2b03fe8b
SHA51298a4187f0d43beefa5609683d26352e559d413af2992d3b1a0b51498aa5d78005eadeaa61644b002ee6856e84d61613897f2b88eb20dafe362874f646ca343b5
-
Filesize
7KB
MD5764fa04fbe73a864b113ba5e4e29062e
SHA10859e7c382c27c3da8b1fad6ac83ecb40f8b1ec3
SHA2569c594d40e2a7eedf5896120e98ec6808aeaaaa06e157e03eaf008dfcf1dd5c24
SHA512d077b40838e885ef1775ae12c6e43e3a672f2b3ad9192214f5cea469fd9f04a6a951a2f446bd7fd963817e4b1694c524e65e0c5af8c647e9e837bd4159cf8926
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d5083a88cbcf969f746b9f6a19f288dff2462509\4322db17-8abb-470a-a7db-c3528bf24388\index-dir\the-real-index
Filesize96B
MD5fcbdd6115115706db44d496caa1583cc
SHA1df8e67c775d3573a1c497cffe7141685a59f7903
SHA25666cef83dac060ee7fe8dedace50546f748f2f06794a01d4abbf2b9206e47861c
SHA51278ded3b527d556b70033493973288eb946565a4c2ce1ff68729c277b5025dff1254c1d5f94b2092ea74d5898db6716f069f1d870d8f78307c04ba4e4f65b5c87
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d5083a88cbcf969f746b9f6a19f288dff2462509\4322db17-8abb-470a-a7db-c3528bf24388\index-dir\the-real-index~RFe57a345.TMP
Filesize48B
MD5beacb8532bbf6f225e64d7a55ef4f366
SHA1ce9cfabe804848d0ef3548b6df7b8287d89daf37
SHA256f32a900a50934bc554b7bea878b70ecd833115748a90573953ac306c2ac9e550
SHA512190cfb997dc8a6efb1d3e67886dd175a1a08e70a165c259f62a7a66f15d6c009f8fec30d27523bce4aa06ebb9796731ca9b941f028feb0f2ef4baa6f98c9c89e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d5083a88cbcf969f746b9f6a19f288dff2462509\index.txt
Filesize159B
MD5a232cf96c5e87268e5c709377fd2beaf
SHA144ba2a838cf63d720e4cd10416228d982f1455aa
SHA256c29b2735d74df00dab0540d3c970f5a3d8c52a41af9560b05d1cf0f8d4e96264
SHA512c92d108a633a8e10362dfbed228e384ff3fcd5524e70f0742f738b963edef30ec5341ae6b7b19ea69cb48a73de71c45e585a5dbf36ae3db6f258a9d9dc16eafd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d5083a88cbcf969f746b9f6a19f288dff2462509\index.txt~RFe57a374.TMP
Filesize165B
MD53b20aed4498cc0dcf95395bdd471eec7
SHA1c4681cc40ced9337debb00f62ae83fd08e4a9ec0
SHA2565a850298c24c7b24433f896feda947cffd0f2049ddddbac9ddaaba620a3409ce
SHA5122ba23bf5f249da68ab467117281d568ff0bc43d7280bf27366022288a9d0f6c44963124d3da9292da04d44b442ddb9336e5a6bfb195b7bce954c221233c619bb
-
Filesize
257KB
MD57afa8ddba50aa2070b41ce2516248cd8
SHA1c0a90f45578ea3e2994e8d39eed887528db9bd7a
SHA25635a1d572d2d56542cc169a45397e3b50a246f39d275f06c5ca37c4f163ff892e
SHA512cb9b7a3614cd4176dd3a258613e3bc72d5fd45b1057b2eecdefb9d0bf64f930e0d13143190c2d837fd461c0ea4d7d733cb69e235f01f3629926de3d3dbd10a63
-
Filesize
257KB
MD5b0ffd47eabd47f88bfa3ebcac37c04a8
SHA17a0f8dfbc2229a94617990feb919226f9a897638
SHA2562af745a27cb786a61e9e7879dbcd10878388c3c7163f132069e893e125b5c4dd
SHA5124f5c2e0de415cd2c2718561a36f7aa7a5587fbf3bece0564881d01c71577efa6ec8df9506f74412c304f9898e6b761e9f20090fa4b6faed3afef3e3b0a396549
-
Filesize
257KB
MD5c64884cea38b54a2fab4b1cff37b32fc
SHA1f717091992c49047a57e83e92850aa74a4d06d16
SHA25612dcd786ef36011fe03a22cbc3bb73023f8f6702491f911f63fd9e6e72bd7c2e
SHA512c5d0716bed0fe81152b00bb7d5fac23faf909a337a727356aa5b90b581311eb50a3812cda2c1c3035fc63ff2050f2624380b0fa5de761bc33378e27dbc1aa140
-
Filesize
277KB
MD599137de0e7fd6086e48dfbf86215c5cf
SHA1a4d6665c7bda000bd7af8d786eb346e8b931f43b
SHA256847900076c799b3023b767c594d2e1c620d0fc8c09270a78e4d14957ad947626
SHA5125d5fdb74d2261536280bdd51c4c46610588eeaef0c6c7df279c785a042f7c85fa526a15441cdeee1d49994b2250aa20b03c708deb843803749e9bc1ea6cf5a6c
-
Filesize
93KB
MD5b9e6d95320de34cee84f331e8ede7072
SHA12ecd7f65d27e9368e8271e20ca9c88598573c81b
SHA256b99f8b98a5067afadd0b2731d31e4acb7d0d1e5025ff41ed26a3f509431c1dab
SHA51227dc13d06a6e3127f2b92b288d130dffa3b4eb0289d51ca5dcbabfb7245acfaa807158d832b7cd586b8771de2272d185c1b90cdfa5cb809ebe51d297e58c9b5e
-
Filesize
90KB
MD5e4fdd771a9efb37c05cc65f0e7b40a41
SHA141a03720f1ba80cbfffb6868465cb9dc933b184c
SHA25665ccac194da1645bbf96694f3f03559ef3823024094c52b6deb1dbb0225a16f2
SHA51267cd939e068f4d709064aa22e4b0141a024caeda07d738505eac7b55e03c35d5b9413dc4a014d291c9e02ce7b5590fc14b8caf55799f0002cc3a0653201aeaed