Overview

overview

1

Static

static

URLScan

urlscan

https://www.diompika...

windows10_x64

1

Analysis

  • max time kernel
    144s
  • max time network
    157s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    21-07-2021 20:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.diompika.org/ast-affidavit-of-loss-and-indemnity-agreement/

  • Sample

    210721-sf8e486b3x

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.diompika.org/ast-affidavit-of-loss-and-indemnity-agreement/
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:808
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffa10cb4f50,0x7ffa10cb4f60,0x7ffa10cb4f70
      2⤵
        PID:2152
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1640 /prefetch:2
        2⤵
          PID:3264
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1688 /prefetch:8
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1020
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 /prefetch:8
          2⤵
            PID:3064
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2816 /prefetch:1
            2⤵
              PID:2824
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2824 /prefetch:1
              2⤵
                PID:196
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
                2⤵
                  PID:3476
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
                  2⤵
                    PID:1276
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
                    2⤵
                      PID:2252
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
                      2⤵
                        PID:2220
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4864 /prefetch:8
                        2⤵
                          PID:4228
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4404
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6372 /prefetch:8
                          2⤵
                            PID:4624
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6500 /prefetch:8
                            2⤵
                              PID:4676
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6524 /prefetch:8
                              2⤵
                                PID:4696
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6536 /prefetch:8
                                2⤵
                                  PID:4780
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6940 /prefetch:8
                                  2⤵
                                    PID:4808
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6936 /prefetch:8
                                    2⤵
                                      PID:4892
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7176 /prefetch:8
                                      2⤵
                                        PID:4920
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6384 /prefetch:8
                                        2⤵
                                          PID:4996
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6416 /prefetch:8
                                          2⤵
                                            PID:5020
                                          • C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe
                                            "C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel --force-configure-user-settings
                                            2⤵
                                              PID:5076
                                              • C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe
                                                "C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff732b9a890,0x7ff732b9a8a0,0x7ff732b9a8b0
                                                3⤵
                                                  PID:3356
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:8
                                                2⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:4248
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6088 /prefetch:8
                                                2⤵
                                                  PID:4344
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5788 /prefetch:8
                                                  2⤵
                                                    PID:4412
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6248 /prefetch:8
                                                    2⤵
                                                      PID:4640
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6232 /prefetch:8
                                                      2⤵
                                                        PID:4156
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5588 /prefetch:8
                                                        2⤵
                                                          PID:4168
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5600 /prefetch:8
                                                          2⤵
                                                            PID:4688
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5612 /prefetch:8
                                                            2⤵
                                                              PID:4832
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5624 /prefetch:8
                                                              2⤵
                                                                PID:4912
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6868 /prefetch:8
                                                                2⤵
                                                                  PID:5064
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6988 /prefetch:8
                                                                  2⤵
                                                                    PID:4696
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6980 /prefetch:8
                                                                    2⤵
                                                                      PID:5100
                                                                    • C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe
                                                                      "C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe" --reenable-autoupdates --channel --system-level --verbose-logging
                                                                      2⤵
                                                                        PID:4272
                                                                        • C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe
                                                                          "C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff6d14ea890,0x7ff6d14ea8a0,0x7ff6d14ea8b0
                                                                          3⤵
                                                                            PID:4928
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7016 /prefetch:8
                                                                          2⤵
                                                                            PID:4448
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6592 /prefetch:8
                                                                            2⤵
                                                                              PID:368
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6672 /prefetch:8
                                                                              2⤵
                                                                                PID:4868
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7436 /prefetch:8
                                                                                2⤵
                                                                                  PID:4948
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7552 /prefetch:8
                                                                                  2⤵
                                                                                    PID:2360
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7688 /prefetch:8
                                                                                    2⤵
                                                                                      PID:4716
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7820 /prefetch:8
                                                                                      2⤵
                                                                                        PID:4120
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7952 /prefetch:8
                                                                                        2⤵
                                                                                          PID:4148
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8076 /prefetch:8
                                                                                          2⤵
                                                                                            PID:4284
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8200 /prefetch:8
                                                                                            2⤵
                                                                                              PID:4920
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8212 /prefetch:8
                                                                                              2⤵
                                                                                                PID:4124
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8460 /prefetch:8
                                                                                                2⤵
                                                                                                  PID:4436
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8476 /prefetch:8
                                                                                                  2⤵
                                                                                                    PID:904
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8488 /prefetch:8
                                                                                                    2⤵
                                                                                                      PID:4800
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8500 /prefetch:8
                                                                                                      2⤵
                                                                                                        PID:4624
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8512 /prefetch:8
                                                                                                        2⤵
                                                                                                          PID:5072
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:5232
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8304 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:5324
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8504 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:5412
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8888 /prefetch:8
                                                                                                                2⤵
                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                PID:5512
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
                                                                                                                2⤵
                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                PID:5564
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4668 /prefetch:8
                                                                                                                2⤵
                                                                                                                  PID:5628
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=160 /prefetch:8
                                                                                                                  2⤵
                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                  PID:5660
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4792 /prefetch:8
                                                                                                                  2⤵
                                                                                                                    PID:5752
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2076 /prefetch:1
                                                                                                                    2⤵
                                                                                                                      PID:5816
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:5916
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
                                                                                                                        2⤵
                                                                                                                          PID:6000
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4004 /prefetch:8
                                                                                                                          2⤵
                                                                                                                            PID:6076
                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4196 /prefetch:2
                                                                                                                            2⤵
                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                            PID:6132
                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4664 /prefetch:8
                                                                                                                            2⤵
                                                                                                                              PID:5204
                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4196 /prefetch:8
                                                                                                                              2⤵
                                                                                                                                PID:4568
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3673568289969307492,265068960450332675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 /prefetch:8
                                                                                                                                2⤵
                                                                                                                                  PID:4344

                                                                                                                              Network

                                                                                                                              MITRE ATT&CK Matrix ATT&CK v6

                                                                                                                              Initial Access

                                                                                                                              Execution

                                                                                                                              Persistence

                                                                                                                              Privilege Escalation

                                                                                                                              Defense Evasion

                                                                                                                              Credential Access

                                                                                                                              Discovery

                                                                                                                              Query Registry

                                                                                                                              1
                                                                                                                              T1012

                                                                                                                              System Information Discovery

                                                                                                                              1
                                                                                                                              T1082

                                                                                                                              Lateral Movement

                                                                                                                              Collection

                                                                                                                              Exfiltration

                                                                                                                              Command and Control

                                                                                                                              Impact

                                                                                                                              Replay Monitor

                                                                                                                              Loading Replay Monitor...

                                                                                                                              Downloads

                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                                                                                                                MD5

                                                                                                                                277cc5b210b62a981887c52a8adad148

                                                                                                                                SHA1

                                                                                                                                824aeccdea9dde643f31f5c0cd3ce6e2e67e7bfb

                                                                                                                                SHA256

                                                                                                                                8148b86be7af30f61be56daaf1bcdb8d610b9204be6dba6aac10035feea17afe

                                                                                                                                SHA512

                                                                                                                                27221d2894c758a7bd7a9628fc4a5c876e5f97a852b16df4de62d1a894a55de3d9bcfe7874b40b6bb9d0c68573a7d521cfc25ef4101c1be9beaceac38f803cbf

                                                                                                                                Download Submit
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\chrome_installer.log
                                                                                                                                MD5

                                                                                                                                d55d7056b0231585301ebd3c20e479b9

                                                                                                                                SHA1

                                                                                                                                9dc0572cff1ac2621e9c0d43d795a8f798f4ef07

                                                                                                                                SHA256

                                                                                                                                8be861cc631df4efb34fe138023de66d489b81e3c5edcc2908c13b884d457fd4

                                                                                                                                SHA512

                                                                                                                                c3d213b7ac993d1a4e3855d684c2b1613b3b93e35313c7484647308a8dd8ea6b3ae3c0d706085c9ce3778b158d48f3046b28fe86dd2bd5930ae09d2e8cb035a4

                                                                                                                                Download Submit
                                                                                                                              • C:\Windows\TEMP\Crashpad\settings.dat
                                                                                                                                MD5

                                                                                                                                09057a1d8bd485f44dfbd37be1792f58

                                                                                                                                SHA1

                                                                                                                                d989c4a67b10988f7cce671ab80d8771e0cfd4aa

                                                                                                                                SHA256

                                                                                                                                9038f8d5fed933a6df8678bf15878314d3256834caab09f2c5a76f0c25069858

                                                                                                                                SHA512

                                                                                                                                421a78d61f9e09f7d97153ac56a5367cfb78c4da45a649c95ff3c02d0af022253c676af084cdec63e067bcdbf7ae96e5a98a25d9c7e34b1bee49281841d5f04e

                                                                                                                                Download Submit
                                                                                                                              • \??\pipe\crashpad_5076_AHLDBWCBKWNBLNFO
                                                                                                                                MD5

                                                                                                                                d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                SHA1

                                                                                                                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                SHA256

                                                                                                                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                SHA512

                                                                                                                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                Download Submit
                                                                                                                              • \??\pipe\crashpad_808_VEZZHWYYZAZHRHCI
                                                                                                                                MD5

                                                                                                                                d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                SHA1

                                                                                                                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                SHA256

                                                                                                                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                SHA512

                                                                                                                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                Download Submit
                                                                                                                              • memory/196-139-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/368-306-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/904-363-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/1020-122-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/1276-149-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/2152-116-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/2220-162-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/2252-155-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/2360-325-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/2824-132-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/3064-127-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/3264-125-0x00007FFA1CF40000-0x00007FFA1CF41000-memory.dmp
                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download
                                                                                                                              • memory/3264-121-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/3356-234-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/3476-144-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4120-335-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4124-353-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4148-340-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4156-255-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4168-260-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4228-176-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4248-238-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4272-296-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4284-345-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4344-242-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4404-183-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4412-246-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4436-360-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4448-300-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4624-373-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4624-187-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4640-252-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4676-192-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4688-265-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4696-195-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4696-287-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4716-330-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4780-202-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4800-368-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4808-207-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4832-270-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4868-315-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4892-212-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4912-274-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4920-348-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4920-217-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4928-307-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4948-320-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/4996-222-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/5020-227-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/5064-282-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/5072-378-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/5076-231-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/5100-292-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/5232-385-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/5324-392-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/5412-399-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/5512-405-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/5564-408-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/5628-412-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/5660-416-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/5752-420-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/5816-425-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/5916-432-0x0000000000000000-mapping.dmp
                                                                                                                                Download
                                                                                                                              • memory/6000-439-0x0000000000000000-mapping.dmp
                                                                                                                                Download