Analysis
-
max time kernel
297s -
max time network
310s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
21-07-2021 21:06
General
-
Target
https://interactive-share.com/thank.php?ujrqemt=ibgdmw&clrtjbpiqe=vrsznbgbdsxgxhw&id=386c6270702f6a546731744e6c30716b59643533474b336875584955414f49784d4a7273596250564639754b6f46707032787978463850656150716d6631563657773d3d&voetzdi=huvwypxsph
-
Sample
210721-lmxqgsr9wx
Score
8/10
Malware Config
Signatures
-
Executes dropped EXE 4 IoCs
-
Loads dropped DLL 7 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://interactive-share.com/thank.php?ujrqemt=ibgdmw&clrtjbpiqe=vrsznbgbdsxgxhw&id=386c6270702f6a546731744e6c30716b59643533474b336875584955414f49784d4a7273596250564639754b6f46707032787978463850656150716d6631563657773d3d&voetzdi=huvwypxsph1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffe0b864f50,0x7ffe0b864f60,0x7ffe0b864f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1492 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1696 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2856 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4852 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6336 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6464 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6468 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6464 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6620 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6636 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6724 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6616 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6452 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel --force-configure-user-settings2⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff60a2ca890,0x7ff60a2ca8a0,0x7ff60a2ca8b03⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe" --reenable-autoupdates --channel --system-level --verbose-logging2⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff7e001a890,0x7ff7e001a8a0,0x7ff7e001a8b03⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6832 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6372 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6888 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5852 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6796 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5548 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5576 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5628 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5424 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5616 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5684 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5588 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5364 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5144 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7264 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7236 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7396 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7512 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7564 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7380 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7928 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8180 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8308 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8176 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3736 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8544 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8564 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8580 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8792 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8404 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8928 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=772 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7952 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7980 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1468 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2432 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=8388 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2416 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1332 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8404 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\91.266.200\software_reporter_tool.exe"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\91.266.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=qIqYBgUnEWhaOkCeedjFum3e9iro3i5FewGyTK3i --registry-suffix=ESET --srt-field-trial-group-name=Off2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\91.266.200\software_reporter_tool.exe"c:\users\admin\appdata\local\google\chrome\user data\swreporter\91.266.200\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=91.266.200 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff648283270,0x7ff648283280,0x7ff6482832903⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\91.266.200\software_reporter_tool.exe"c:\users\admin\appdata\local\google\chrome\user data\swreporter\91.266.200\software_reporter_tool.exe" --use-crash-handler-with-id="\\.\pipe\crashpad_4740_RNDSZKBAKTKBEGLT" --sandboxed-process-id=2 --init-done-notifier=716 --sandbox-mojo-pipe-token=5138537230563683775 --mojo-platform-channel-handle=692 --engine=23⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\91.266.200\software_reporter_tool.exe"c:\users\admin\appdata\local\google\chrome\user data\swreporter\91.266.200\software_reporter_tool.exe" --use-crash-handler-with-id="\\.\pipe\crashpad_4740_RNDSZKBAKTKBEGLT" --sandboxed-process-id=3 --init-done-notifier=916 --sandbox-mojo-pipe-token=3802339559523063230 --mojo-platform-channel-handle=9123⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1464 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1480,9831961496193750155,2848873533191823231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1012 /prefetch:82⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datMD5
64d8029d1faf8e4ceeebdb318176c653
SHA17a7357cbbb18132d56685dd54a05b21a7ff46340
SHA25616825b78635576bc5746c29ecb81a5ba6d178a4b9d0dfadc0af963929b762939
SHA512395cc0e839d7a2af94fe3dfc0cef393d611bdaae31a6ab5d838f15dc341bd21bf1366d8b1c5eda1cd1b18763da5d54044537545a8761cbb86b29701890fb21db
-
C:\Users\Admin\AppData\Local\Temp\chrome_installer.logMD5
7966c01f7ff26f7d6253654bcd8f602f
SHA191395ba19e4c5ee5e585a0da9df569827cdb2a95
SHA2566148b49f01bea2ff4541d3fa243e2511650050463c817d337f6c0ae7cffd1f1a
SHA5129700a9ad54582078f84aeee6ad98d328f686bc032e88b58a7bfdb9eca213a57eb17fabb0841c40313ae726993dd4f9c0e8d49b7ef9ec0bdfe2a46ad0a49124fe
-
C:\Windows\TEMP\Crashpad\settings.datMD5
09057a1d8bd485f44dfbd37be1792f58
SHA1d989c4a67b10988f7cce671ab80d8771e0cfd4aa
SHA2569038f8d5fed933a6df8678bf15878314d3256834caab09f2c5a76f0c25069858
SHA512421a78d61f9e09f7d97153ac56a5367cfb78c4da45a649c95ff3c02d0af022253c676af084cdec63e067bcdbf7ae96e5a98a25d9c7e34b1bee49281841d5f04e
-
\??\pipe\crashpad_4456_LSUIICPGTPUVGXZCMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\crashpad_744_UOFBXQDZABXTTWWIMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/224-154-0x0000000000000000-mapping.dmp
-
memory/1184-129-0x0000000000000000-mapping.dmp
-
memory/1348-288-0x0000000000000000-mapping.dmp
-
memory/1532-116-0x0000000000000000-mapping.dmp
-
memory/2300-238-0x0000000000000000-mapping.dmp
-
memory/2320-330-0x0000000000000000-mapping.dmp
-
memory/2712-147-0x0000000000000000-mapping.dmp
-
memory/2836-122-0x0000000000000000-mapping.dmp
-
memory/3164-137-0x0000000000000000-mapping.dmp
-
memory/3392-150-0x0000000000000000-mapping.dmp
-
memory/3656-160-0x0000000000000000-mapping.dmp
-
memory/3856-360-0x0000000000000000-mapping.dmp
-
memory/3988-140-0x0000000000000000-mapping.dmp
-
memory/4036-123-0x00007FFE15130000-0x00007FFE15131000-memory.dmpFilesize
4KB
-
memory/4036-121-0x0000000000000000-mapping.dmp
-
memory/4076-377-0x0000000000000000-mapping.dmp
-
memory/4088-227-0x0000000000000000-mapping.dmp
-
memory/4116-280-0x0000000000000000-mapping.dmp
-
memory/4140-458-0x00007FFE15130000-0x00007FFE15131000-memory.dmpFilesize
4KB
-
memory/4140-222-0x0000000000000000-mapping.dmp
-
memory/4140-459-0x00007FFE14F20000-0x00007FFE14F21000-memory.dmpFilesize
4KB
-
memory/4140-474-0x00000225FAC80000-0x00000225FACC0000-memory.dmpFilesize
256KB
-
memory/4140-473-0x00000225FAC80000-0x00000225FAC81000-memory.dmpFilesize
4KB
-
memory/4244-315-0x0000000000000000-mapping.dmp
-
memory/4388-177-0x0000000000000000-mapping.dmp
-
memory/4412-368-0x0000000000000000-mapping.dmp
-
memory/4444-234-0x0000000000000000-mapping.dmp
-
memory/4456-231-0x0000000000000000-mapping.dmp
-
memory/4464-255-0x0000000000000000-mapping.dmp
-
memory/4500-295-0x0000000000000000-mapping.dmp
-
memory/4612-320-0x0000000000000000-mapping.dmp
-
memory/4632-183-0x0000000000000000-mapping.dmp
-
memory/4640-240-0x0000000000000000-mapping.dmp
-
memory/4660-250-0x0000000000000000-mapping.dmp
-
memory/4668-245-0x0000000000000000-mapping.dmp
-
memory/4672-350-0x0000000000000000-mapping.dmp
-
memory/4804-325-0x0000000000000000-mapping.dmp
-
memory/4820-187-0x0000000000000000-mapping.dmp
-
memory/4824-365-0x0000000000000000-mapping.dmp
-
memory/4848-192-0x0000000000000000-mapping.dmp
-
memory/4848-265-0x0000000000000000-mapping.dmp
-
memory/4856-258-0x0000000000000000-mapping.dmp
-
memory/4892-300-0x0000000000000000-mapping.dmp
-
memory/4924-197-0x0000000000000000-mapping.dmp
-
memory/4940-305-0x0000000000000000-mapping.dmp
-
memory/4960-353-0x0000000000000000-mapping.dmp
-
memory/4976-202-0x0000000000000000-mapping.dmp
-
memory/4980-310-0x0000000000000000-mapping.dmp
-
memory/4996-345-0x0000000000000000-mapping.dmp
-
memory/5004-207-0x0000000000000000-mapping.dmp
-
memory/5016-370-0x0000000000000000-mapping.dmp
-
memory/5028-270-0x0000000000000000-mapping.dmp
-
memory/5044-340-0x0000000000000000-mapping.dmp
-
memory/5056-275-0x0000000000000000-mapping.dmp
-
memory/5060-285-0x0000000000000000-mapping.dmp
-
memory/5080-212-0x0000000000000000-mapping.dmp
-
memory/5108-217-0x0000000000000000-mapping.dmp
-
memory/5116-335-0x0000000000000000-mapping.dmp
-
memory/5232-385-0x0000000000000000-mapping.dmp
-
memory/5316-392-0x0000000000000000-mapping.dmp
-
memory/5416-399-0x0000000000000000-mapping.dmp
-
memory/5504-405-0x0000000000000000-mapping.dmp
-
memory/5556-408-0x0000000000000000-mapping.dmp
-
memory/5608-412-0x0000000000000000-mapping.dmp
-
memory/5664-416-0x0000000000000000-mapping.dmp
-
memory/5872-420-0x0000000000000000-mapping.dmp
-
memory/5940-425-0x0000000000000000-mapping.dmp
-
memory/6008-430-0x0000000000000000-mapping.dmp
-
memory/6072-434-0x0000000000000000-mapping.dmp