Overview
overview
7Static
static
7Buff Achie...er.exe
windows10-2004-x64
5$PLUGINSDI...p.html
windows10-2004-x64
1$PLUGINSDI...x.html
windows10-2004-x64
1$PLUGINSDI...app.js
windows10-2004-x64
3$PLUGINSDI...uts.js
windows10-2004-x64
3$PLUGINSDI...dle.js
windows10-2004-x64
3$PLUGINSDI...min.js
windows10-2004-x64
3$PLUGINSDI...ons.js
windows10-2004-x64
3$PLUGINSDI...ics.js
windows10-2004-x64
3$PLUGINSDI...nds.js
windows10-2004-x64
3$PLUGINSDI...ies.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...der.js
windows10-2004-x64
3$PLUGINSDI...ils.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...t.json
windows10-2004-x64
3Analysis
-
max time kernel
123s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
07/06/2024, 16:59
Behavioral task
behavioral1
Sample
Buff Achievement Tracker - Installer.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/app/cmp.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/app/index.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/app/js/app.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/app/js/block_inputs.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/app/js/libs/cmp.bundle.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/app/js/libs/jquery-1.10.2.min.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/app/js/models/notifications.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/app/js/utils/analytics.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/app/js/utils/commands.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/app/js/utils/cookies.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/app/js/utils/modal-events-delegate.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/app/js/utils/strings-loader.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/app/js/utils/utils.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/app/js/windows/cri/cri-controller.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/app/js/windows/cri/template.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/app/js/windows/finish-with-recommended-app/finish-with-recommended-app-controller.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/app/js/windows/finish-with-recommended-app/template.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/app/js/windows/finish/finish-controller.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/app/js/windows/finish/template.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/app/js/windows/main/main-controller.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/app/js/windows/main/template.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/app/js/windows/modal/modal-controller.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/app/js/windows/privacy/privacy-controller.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/app/js/windows/privacy/template.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/app/js/windows/progress/progress-1-controller.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/app/js/windows/progress/template.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/app/js/windows/settings/settings-controller.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/app/js/windows/settings/template.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/app/js/windows/welcome/template.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/app/js/windows/welcome/welcome-controller.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/app/manifest.json
Resource
win10v2004-20240426-en
General
-
Target
$PLUGINSDIR/app/cmp.html
-
Size
5KB
-
MD5
d7b8b31b190e552677589cfd4cbb5d8e
-
SHA1
09ffb3c63991d5c932c819393de489268bd3ab88
-
SHA256
6c21e8c07ce28327dca05f873d73fe85d5473f9b22a751a4d3d28931f5d0c74f
-
SHA512
32794507a4b9a12e52ceb583222cb93300e38c634a72ea3f51a0189127aba60cf476fb7918942355a4f826185d7071e876cb40348ba34cf5d1ca7e9546ccb310
-
SSDEEP
48:t9rc0/GLAoShbEHaLKNGiNQtvmolOGR36tgtr/GTvJP8AscaV4LiMt7ByBZXGz+p:4VLjHa2NGiivmmpWsBVutFwAk5vSG
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133622532830472825" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1828 chrome.exe 1828 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1124 chrome.exe 1124 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1124 wrote to memory of 740 1124 chrome.exe 81 PID 1124 wrote to memory of 740 1124 chrome.exe 81 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 5048 1124 chrome.exe 85 PID 1124 wrote to memory of 3608 1124 chrome.exe 86 PID 1124 wrote to memory of 3608 1124 chrome.exe 86 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87 PID 1124 wrote to memory of 228 1124 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\cmp.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1124 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcaaecab58,0x7ffcaaecab68,0x7ffcaaecab782⤵PID:740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1928,i,15424900266118247799,3783619391359539932,131072 /prefetch:22⤵PID:5048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1928,i,15424900266118247799,3783619391359539932,131072 /prefetch:82⤵PID:3608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2180 --field-trial-handle=1928,i,15424900266118247799,3783619391359539932,131072 /prefetch:82⤵PID:228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1928,i,15424900266118247799,3783619391359539932,131072 /prefetch:12⤵PID:448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1928,i,15424900266118247799,3783619391359539932,131072 /prefetch:12⤵PID:2116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=1928,i,15424900266118247799,3783619391359539932,131072 /prefetch:82⤵PID:4616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4244 --field-trial-handle=1928,i,15424900266118247799,3783619391359539932,131072 /prefetch:82⤵PID:2856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4564 --field-trial-handle=1928,i,15424900266118247799,3783619391359539932,131072 /prefetch:82⤵PID:3100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1928,i,15424900266118247799,3783619391359539932,131072 /prefetch:82⤵PID:3032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1928,i,15424900266118247799,3783619391359539932,131072 /prefetch:82⤵PID:2772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4712 --field-trial-handle=1928,i,15424900266118247799,3783619391359539932,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1828
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4044
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5e6c897330a5391f4d2c62f8f3f4935b0
SHA1654151f945a42bb9a51abfb3008d204e54c83ffa
SHA2568935a2d0f4bc685c98b5aa536c4d9dd9a5994fd075fef060845d2b03b98d744d
SHA512b03e0c0aca150eb32c29f82ce0792a4a5089be9fafb62dff02b97161ea393b5330fc42b5541609a4100b00966a14b8c5e2d780e7d3811844afd2aa41272576ab
-
Filesize
1KB
MD53e00fd2799a44b0f751f478f9e4a1113
SHA1cc97492f805410501468fec31079b51e1c1d2706
SHA256375a6980e881963bc4d0a379cc576091eddbbf4641abea6005a72bd7140ea0dd
SHA512704460a7b2da97932700bf5218e9e5d1a2ad495738ecf136a4b736bf8725d07a6841c2e80fc4517b6b07d2fa2c2c78d778fab101dc842082c06d94cba0cd67b6
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
524B
MD543670f38bba430eba8761b2128376e89
SHA1d153e8927cfc4dd4ca668a0a52a4a92d15277cd6
SHA256156cfb44f473af08157cbbfbf4d1200ef9677c206de5cc977a9fea955766415d
SHA5123dc577cf003d4ba45de83df5524eb18016de6b40d06081aa03e2ed59283012d8d6baadc4cce3895ab4ecff9237aed968dc9b487ff6cc94cbc2709421c025c103
-
Filesize
7KB
MD5ecd9dde6d1fe9f20f6c18e8e2c23c788
SHA1e9ef0a3822aec30942ab07e2df049d18c6b6d281
SHA256fa8942215685ee613d7ec242860635dd8193f39590abaf0fb410450e960363e6
SHA512b7955845c92073710307949b93ab258b6624abb71b647e3222665a6899cc6adb614178979e2563c60338a7e810301ad8e6f6dec52df2fc91878b4be967b4a063
-
Filesize
131KB
MD5ab00e9e0d2af71b4b3c43009e39fd375
SHA1644289ff9b7eefb15783655188ed9d30d488cb03
SHA2565cfcd657bd35b4339ca0bf0098564c748e9f13343d1ba3dc366903319073d7fc
SHA512480efdc5b30127a5479a027ce30447fea67b76e5883e3a8d2bd0dff0b547ac8ec29617dfaa4c0e2fafc7f4cfb8eb641f4bf2286ab7b599d69a90738ac0d69082
-
Filesize
131KB
MD5e69627921fc3bf07f0bffe93924674bc
SHA1566f6b4dc72c2d641b5ce9a5bf59c63c30f05e94
SHA256f061f033a1e3214e08b97604dc355941b5777964d164f4f6ae69bdb3f6fd8c48
SHA512c20b60739da157848540fed6949c34838c0a30f3dba1becd786452536fac2c8747ed5c434fd2773acadd22072502195fa8326272413e8e155bed077dda2c2db2
-
Filesize
132KB
MD56dc3aa706c2ea3bd616f105ddee40c11
SHA19d15c0c740ac85b469d956d066b4ad82be431e30
SHA256c2db49f8dfb757ba8a368070d33272fcb5ccb0d5cf0fdc19e3e5581753d9a27e
SHA512a7778ca9e087dcb68bfc926a007f0c9d8658667bf768e00c27b071ce1af0e1397888927b7db5b4115a87f33401160e6c47e678b2dfd682d33df52736715f10cf
-
Filesize
156KB
MD566f99be60515f62f309fd6422f062461
SHA1b898b6b0a9a388666062f0f1c3002bbbd1c1361d
SHA256397aca146e9d8619322e74e12f867c338306e6870cac98d7bbad20410d31839f
SHA512a9646ea65d19561004b33665afbed7f03bd3c01f9bd18b6e8e4d98e9d9c7adcf7db9e0dc4426f325ebdb516ba22c23422efa6fc17433f472e0782ff1c5eab0cf
-
Filesize
91KB
MD56703ecb12afb75851ff5bf7867b149ab
SHA18b6f9a9912554b14369b0e601cefb129c258e12f
SHA256c708ec75be995e28e4e67107a5a4929cb61189392c6b0f5dc24fba6d73851eff
SHA51285ac37eb6962b705940881f1a6743d3f32d47fc402c461037a7346f74fb1409364dfe6c27dc4e62648c9884da43dc3756b098c62ccd42f35df3dff4a2ed70f20
-
Filesize
88KB
MD537cd7692209b36353bf280ca2cb2b592
SHA1b6bf56a52349990aba497b61f72c2813025edfd2
SHA256d9e69fc69b934a8e9e9fe16b7dc1acf6869ae06c1bd829421c7e87256e429ecb
SHA5128cd67899995174852f6346e9d89017c86f08aca5918e6501c838f15b55428546a8e3f94329038316aa79ff998a644ef2b095d4547e3f272105733a3ca465d7ad