Overview
overview
7Static
static
7Buff Achie...er.exe
windows10-2004-x64
5$PLUGINSDI...p.html
windows10-2004-x64
1$PLUGINSDI...x.html
windows10-2004-x64
1$PLUGINSDI...app.js
windows10-2004-x64
3$PLUGINSDI...uts.js
windows10-2004-x64
3$PLUGINSDI...dle.js
windows10-2004-x64
3$PLUGINSDI...min.js
windows10-2004-x64
3$PLUGINSDI...ons.js
windows10-2004-x64
3$PLUGINSDI...ics.js
windows10-2004-x64
3$PLUGINSDI...nds.js
windows10-2004-x64
3$PLUGINSDI...ies.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...der.js
windows10-2004-x64
3$PLUGINSDI...ils.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...t.json
windows10-2004-x64
3Analysis
-
max time kernel
160s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
07/06/2024, 16:59
Behavioral task
behavioral1
Sample
Buff Achievement Tracker - Installer.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/app/cmp.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/app/index.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/app/js/app.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/app/js/block_inputs.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/app/js/libs/cmp.bundle.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/app/js/libs/jquery-1.10.2.min.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/app/js/models/notifications.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/app/js/utils/analytics.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/app/js/utils/commands.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/app/js/utils/cookies.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/app/js/utils/modal-events-delegate.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/app/js/utils/strings-loader.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/app/js/utils/utils.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/app/js/windows/cri/cri-controller.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/app/js/windows/cri/template.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/app/js/windows/finish-with-recommended-app/finish-with-recommended-app-controller.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/app/js/windows/finish-with-recommended-app/template.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/app/js/windows/finish/finish-controller.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/app/js/windows/finish/template.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/app/js/windows/main/main-controller.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/app/js/windows/main/template.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/app/js/windows/modal/modal-controller.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/app/js/windows/privacy/privacy-controller.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/app/js/windows/privacy/template.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/app/js/windows/progress/progress-1-controller.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/app/js/windows/progress/template.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/app/js/windows/settings/settings-controller.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/app/js/windows/settings/template.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/app/js/windows/welcome/template.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/app/js/windows/welcome/welcome-controller.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/app/manifest.json
Resource
win10v2004-20240426-en
General
-
Target
$PLUGINSDIR/app/index.html
-
Size
20KB
-
MD5
c7b752acf6d1e10f3aca2c67b1ccf4d3
-
SHA1
ab793cb43e0c2b5af0fdcbf90d0d29d5d3e164f7
-
SHA256
69b9f99f6611f953d94984ac35bdaf9e9817f689e1e3614976bebe3465c613fc
-
SHA512
120addd79b7ade4f35b426c02631c8167d81080fde30a01b989453113f7547784e525d53bede41ede0c9b3caca8513060753ba51f75bf6936d32ee597d642576
-
SSDEEP
192:8sdqpDNDPkFHmY74+/qmtRCtmK8W9I2gHHMlxh8B39LJ/Hab48JgJnc5w/93mJ8D:+WNaM8UnbjPk89+mppHL
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133622532853445106" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1952 chrome.exe 1952 chrome.exe 4680 chrome.exe 4680 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1952 chrome.exe 1952 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe Token: SeShutdownPrivilege 1952 chrome.exe Token: SeCreatePagefilePrivilege 1952 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe 1952 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1952 wrote to memory of 4288 1952 chrome.exe 89 PID 1952 wrote to memory of 4288 1952 chrome.exe 89 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3888 1952 chrome.exe 92 PID 1952 wrote to memory of 3792 1952 chrome.exe 93 PID 1952 wrote to memory of 3792 1952 chrome.exe 93 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94 PID 1952 wrote to memory of 4116 1952 chrome.exe 94
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\index.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1952 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb251ab58,0x7ffdb251ab68,0x7ffdb251ab782⤵PID:4288
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1780,i,12616499797924143386,8464430354922617165,131072 /prefetch:22⤵PID:3888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1780,i,12616499797924143386,8464430354922617165,131072 /prefetch:82⤵PID:3792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1780,i,12616499797924143386,8464430354922617165,131072 /prefetch:82⤵PID:4116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1780,i,12616499797924143386,8464430354922617165,131072 /prefetch:12⤵PID:1608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1780,i,12616499797924143386,8464430354922617165,131072 /prefetch:12⤵PID:3092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 --field-trial-handle=1780,i,12616499797924143386,8464430354922617165,131072 /prefetch:82⤵PID:1000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4376 --field-trial-handle=1780,i,12616499797924143386,8464430354922617165,131072 /prefetch:82⤵PID:4992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 --field-trial-handle=1780,i,12616499797924143386,8464430354922617165,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4680
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1720
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3452,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4444 /prefetch:81⤵PID:4588
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5faeaedaf957534e7e714ca2b94a8d497
SHA1980cc17de60e90cd08e7dc605f921585f07d4911
SHA2565b29ef56fb071c821475942512731eb0775f503d01463b8c1885c3045aece4d1
SHA51223c7a56bb545bc6279321de3365badb572b8a5decd3f81d180b63a4bdabb1b2b2d8203aeb71ca449010fd4b6a7ad110abf67ce89eb48412ee83961023fb1a4b9
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
524B
MD5fd801c4f25a57f5e807aa229eb128248
SHA1b7403c55f64663b8f2f53bff32addc8af62164c1
SHA2564075f90d0f6cc3cd1b3a3e6761493100fb18f716d7986e280389f15fed311439
SHA5127274c05c12c18d289872b68289c7e8d1e60c31a7f3480b45da388c78a0d832a4e424c029ca4359d69697a3b42cf44ce6784ac706899360615db022d02a2bbbed
-
Filesize
7KB
MD5353023914c1e69124fd7849a92fc732c
SHA1b3e0afc381f04614a6506c80676ac443070aed24
SHA2561a6fe666f82813b3da32652d611cbd44e61b21933b68817994f7fab57ae3fac7
SHA512896254d4ce705b05ca5e56144910b7f626243a831c17e0abbb5d0d300c4c7769254cc71243286c56fc902f3d7dc3a83b4d1d5459b96514d0db67afa5dd588023
-
Filesize
255KB
MD59e95d03284d295ad73edeefa193a1ecb
SHA1b70d94b1ce605679f0da17e1189fa53aafc61f42
SHA256b7e3affe7bd0f3cadc7ea32716ca94883908764d2f9275366138a48bc58841ea
SHA512edef664c3aba9d8818c83fc5ea062c13b33a0a4730027b926996144e96b3e930ddbc5164512c8b60af9a6a405738b276eeb3957678976a91ef959c43514fcfc6