Overview
overview
4Static
static
3Graillon-F...de.pdf
windows10-1703-x64
1Graillon-F...de.pdf
windows11-21h2-x64
1Graillon-F...et.pdf
windows10-1703-x64
1Graillon-F...et.pdf
windows11-21h2-x64
1Graillon-F...on2.so
windows10-1703-x64
3Graillon-F...on2.so
windows11-21h2-x64
3Graillon-F...n 2.so
windows10-1703-x64
3Graillon-F...n 2.so
windows11-21h2-x64
3Graillon-F...n 2.so
windows10-1703-x64
3Graillon-F...n 2.so
windows11-21h2-x64
3Graillon-F....0.pkg
windows10-1703-x64
3Graillon-F....0.pkg
windows11-21h2-x64
3Graillon-F....0.exe
windows10-1703-x64
4Graillon-F....0.exe
windows11-21h2-x64
4$PLUGINSDI...em.dll
windows10-1703-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PROGRAMFI... 2.dll
windows10-1703-x64
1$PROGRAMFI... 2.dll
windows11-21h2-x64
1$PROGRAMFI... 2.dll
windows10-1703-x64
1$PROGRAMFI... 2.dll
windows11-21h2-x64
1$PROGRAMFI...64.dll
windows10-1703-x64
1$PROGRAMFI...64.dll
windows11-21h2-x64
1$_26_/Aubu...64.dll
windows10-1703-x64
1$_26_/Aubu...64.dll
windows11-21h2-x64
1$_27_/Aubu... 2.dll
windows10-1703-x64
3$_27_/Aubu... 2.dll
windows11-21h2-x64
3$_28_/Grai...64.dll
windows10-1703-x64
1$_28_/Grai...64.dll
windows11-21h2-x64
1Graillon-F...e.html
windows10-1703-x64
1Graillon-F...e.html
windows11-21h2-x64
1Resubmissions
07-07-2024 20:29
240707-y91taaxgjk 407-07-2024 20:21
240707-y48lyaxflq 420-04-2024 11:56
240420-n355bagg7x 4Analysis
-
max time kernel
149s -
max time network
143s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
07-07-2024 20:21
Static task
static1
Behavioral task
behavioral1
Sample
Graillon-FREE-2.8/Graillon 2 User's Guide.pdf
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral2
Sample
Graillon-FREE-2.8/Graillon 2 User's Guide.pdf
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
Graillon-FREE-2.8/Graillon Datasheet.pdf
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral4
Sample
Graillon-FREE-2.8/Graillon Datasheet.pdf
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
Graillon-FREE-2.8/Linux/Linux-64b-LV2-FREE/Auburn Sounds Graillon 2.lv2/AuburnSoundsGraillon2.so
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral6
Sample
Graillon-FREE-2.8/Linux/Linux-64b-LV2-FREE/Auburn Sounds Graillon 2.lv2/AuburnSoundsGraillon2.so
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
Graillon-FREE-2.8/Linux/Linux-64b-VST2-FREE/Auburn Sounds Graillon 2.so
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral8
Sample
Graillon-FREE-2.8/Linux/Linux-64b-VST2-FREE/Auburn Sounds Graillon 2.so
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
Graillon-FREE-2.8/Linux/Linux-64b-VST3-FREE/Auburn Sounds Graillon 2.vst3/Contents/x86_64-linux/Auburn Sounds Graillon 2.so
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral10
Sample
Graillon-FREE-2.8/Linux/Linux-64b-VST3-FREE/Auburn Sounds Graillon 2.vst3/Contents/x86_64-linux/Auburn Sounds Graillon 2.so
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
Graillon-FREE-2.8/Mac/Graillon-2-FREE-2.8.0.pkg
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral12
Sample
Graillon-FREE-2.8/Mac/Graillon-2-FREE-2.8.0.pkg
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
Graillon-FREE-2.8/Windows/Graillon-2-FREE-2.8.0.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral14
Sample
Graillon-FREE-2.8/Windows/Graillon-2-FREE-2.8.0.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
$PLUGINSDIR/System.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral16
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
$PROGRAMFILES/Common Files/VST3/Auburn Sounds Graillon 2.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral18
Sample
$PROGRAMFILES/Common Files/VST3/Auburn Sounds Graillon 2.dll
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
$PROGRAMFILES64/Common Files/Avid/Audio/Plug-Ins/Auburn Sounds Graillon 2.aaxplugin/Contents/x64/Auburn Sounds Graillon 2.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral20
Sample
$PROGRAMFILES64/Common Files/Avid/Audio/Plug-Ins/Auburn Sounds Graillon 2.aaxplugin/Contents/x64/Auburn Sounds Graillon 2.dll
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
$PROGRAMFILES64/Common Files/VST3/Auburn Sounds Graillon 2-64.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral22
Sample
$PROGRAMFILES64/Common Files/VST3/Auburn Sounds Graillon 2-64.dll
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral23
Sample
$_26_/Auburn Sounds Graillon 2-64.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral24
Sample
$_26_/Auburn Sounds Graillon 2-64.dll
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
$_27_/Auburn Sounds Graillon 2.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral26
Sample
$_27_/Auburn Sounds Graillon 2.dll
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral27
Sample
$_28_/Graillon 2/Graillon 2_x64.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral28
Sample
$_28_/Graillon 2/Graillon 2_x64.dll
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral29
Sample
Graillon-FREE-2.8/license.html
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral30
Sample
Graillon-FREE-2.8/license.html
Resource
win11-20240704-en
windows11-21h2-x64
General
-
Target
Graillon-FREE-2.8/license.html
-
Size
5KB
-
MD5
6c32024856003d2fa55133b17b6c7cde
-
SHA1
d12d861c31d0e9620f3bfb521e0280b6099ced2b
-
SHA256
9145868c8fa75bdb51f30e7b81ff941737ccd9d7535d0a4e5ca3bdb9da2686d3
-
SHA512
dfbaec21f86870b2822e3bf44bf54c371cd6ddd67875b901d2575a0c7ebfa506dcba4ae022e4ad286f28c88672ac1fb252771b1d3f4f977f8151b36dc19183f5
-
SSDEEP
96:4U2VNNT8OwnR7XVUNAjzbdZnLtm5EitdgZX5/+8vPQXn1Zro9/HWh:4n3cnR7lcAjPtmCZXYIYXXo9U
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133648575255057858" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 4920 chrome.exe 4920 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3408 chrome.exe 3408 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3408 wrote to memory of 4588 3408 chrome.exe 72 PID 3408 wrote to memory of 4588 3408 chrome.exe 72 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 4276 3408 chrome.exe 74 PID 3408 wrote to memory of 1900 3408 chrome.exe 75 PID 3408 wrote to memory of 1900 3408 chrome.exe 75 PID 3408 wrote to memory of 168 3408 chrome.exe 76 PID 3408 wrote to memory of 168 3408 chrome.exe 76 PID 3408 wrote to memory of 168 3408 chrome.exe 76 PID 3408 wrote to memory of 168 3408 chrome.exe 76 PID 3408 wrote to memory of 168 3408 chrome.exe 76 PID 3408 wrote to memory of 168 3408 chrome.exe 76 PID 3408 wrote to memory of 168 3408 chrome.exe 76 PID 3408 wrote to memory of 168 3408 chrome.exe 76 PID 3408 wrote to memory of 168 3408 chrome.exe 76 PID 3408 wrote to memory of 168 3408 chrome.exe 76 PID 3408 wrote to memory of 168 3408 chrome.exe 76 PID 3408 wrote to memory of 168 3408 chrome.exe 76 PID 3408 wrote to memory of 168 3408 chrome.exe 76 PID 3408 wrote to memory of 168 3408 chrome.exe 76 PID 3408 wrote to memory of 168 3408 chrome.exe 76 PID 3408 wrote to memory of 168 3408 chrome.exe 76 PID 3408 wrote to memory of 168 3408 chrome.exe 76 PID 3408 wrote to memory of 168 3408 chrome.exe 76 PID 3408 wrote to memory of 168 3408 chrome.exe 76 PID 3408 wrote to memory of 168 3408 chrome.exe 76 PID 3408 wrote to memory of 168 3408 chrome.exe 76 PID 3408 wrote to memory of 168 3408 chrome.exe 76
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Graillon-FREE-2.8\license.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3408 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcdeac9758,0x7ffcdeac9768,0x7ffcdeac97782⤵PID:4588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1804,i,16612175350854965386,1968348464388435177,131072 /prefetch:22⤵PID:4276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1864 --field-trial-handle=1804,i,16612175350854965386,1968348464388435177,131072 /prefetch:82⤵PID:1900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1804,i,16612175350854965386,1968348464388435177,131072 /prefetch:82⤵PID:168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2832 --field-trial-handle=1804,i,16612175350854965386,1968348464388435177,131072 /prefetch:12⤵PID:1848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2840 --field-trial-handle=1804,i,16612175350854965386,1968348464388435177,131072 /prefetch:12⤵PID:4052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1804,i,16612175350854965386,1968348464388435177,131072 /prefetch:82⤵PID:1420
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1804,i,16612175350854965386,1968348464388435177,131072 /prefetch:82⤵PID:3100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1804,i,16612175350854965386,1968348464388435177,131072 /prefetch:82⤵PID:2652
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3764 --field-trial-handle=1804,i,16612175350854965386,1968348464388435177,131072 /prefetch:82⤵PID:4396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3680 --field-trial-handle=1804,i,16612175350854965386,1968348464388435177,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4920
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2952
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
677B
MD539a66e08b90129921d2df9da4185928e
SHA1ef215cac9718c8e34d550bd49419aa384855b03e
SHA25617adfc64668b443c82b1f27adc43f73fe92ced33fba18960f5c03d962b19dfdf
SHA512d6f665f679d57cb83e32deda89626052136a8c2289b175b76488617271db29347538d5fc40f25de589fa49d4058d859f62a1ddeaa06001190db06739be56f16f
-
Filesize
6KB
MD5e1823666345317d66d8fb1d6c273afae
SHA14ee9649229a1bfd3581817fd3ed6c9fbecf97dd2
SHA25621961d0e3f85823678047065160d9faa422998245dc8f186e0065af04e7c46d4
SHA5124a6efc14368e1e5a3d6829e8a95ab21d3710a31aeca0e03f2a54d339b4c2dfeca90191c9dab9e009b1598acc56b46e52ff16484e9c3682bbdc3cad7c04d385b4
-
Filesize
6KB
MD5b560f9690dcf63ae93411aad522b5cb1
SHA10cd1b9e9058be4664be420d383a789f2524a3b14
SHA2560bc804735ba4115050d17ed1c0900348995760e15f03a38c6fcf504d4356fbe1
SHA512cfc372a1ddf838587ca2d239b2a19c4d932a022e3023c88c0bc9d1c7d1fc5dcb29a08c00c8fcc227eb4fadfe9930e18a51e55bfcb57691a39f3e2916c9669560
-
Filesize
138KB
MD5b3d20eae8020ecbc9b842dd338ad62e1
SHA1314e43918c60a1bc3d21b95343d86e6bd6091b27
SHA256da78a426264590996af7a0c73090cc676e6d98be6cebe25840450b0aa637d677
SHA512dfc1f3a937c70aa3be7e303dbc3686a32c41845ceceee7312157e17f97e9bbb9c882992b3ee89fee45a957478096523bed88f8b6db48d2d7b212b96105714c4c
-
Filesize
138KB
MD590e50c713744dd1f0c37e6ce273dc32d
SHA18fa330c6e9aa47fa9ba51e40a079f9daa14aa8c1
SHA256fded79fe4ab3933990880721d934a6d4fe456ec73cff05ae9df603af771abe9f
SHA512165f7affd78504d52ff4f46590f3dcd6c2dfa467445e898308b678b7214ecb2e9728607014065b9bb4c9b66769f8be075a5d745b507976209d0d5387eb9a6e2d
-
Filesize
137KB
MD59102c99c4c27521ad9e65adf870b26c5
SHA170d6e88610d0c1d46259c75fe3f4a0d82eba3724
SHA256259a3c7082bffee3acdf127af0df6e4f51f843d1b7e79aace56d330540fbbc0d
SHA5120b1d862b360bf6dfd399d7bf7175c59830e27f094858970e3c02ce1e5f6be575bf40efe3a9d4eedfb2663cb690168db7ec768187a900ce08992fb171671b2664
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd