Resubmissions
11-08-2023 22:34
230811-2hba4aba2z 10Analysis
-
max time kernel
103s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
11-08-2023 22:34
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://gofile.io/d/aNewJO
Resource
win10v2004-20230703-en
General
-
Target
https://gofile.io/d/aNewJO
Malware Config
Extracted
mercurialgrabber
https://discordapp.com/api/webhooks/1137732376970141788/BSr_PjmFVxqp7BblluwN-skaCKmhCEBuP-YwdA2hmT3jW_c5O5Bp1veikMRnN19SZlMv
Signatures
-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133362668966597424" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Modifies registry class 1 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 4108 chrome.exe 4108 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 49 IoCs
Processes:
chrome.exepid process 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exeGerador.exedescription pid process Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeDebugPrivilege 6256 Gerador.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe Token: SeCreatePagefilePrivilege 4108 chrome.exe Token: SeShutdownPrivilege 4108 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
Processes:
chrome.exepid process 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe 4108 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 4108 wrote to memory of 1984 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1984 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 1876 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 2928 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 2928 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 4740 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 4740 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 4740 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 4740 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 4740 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 4740 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 4740 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 4740 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 4740 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 4740 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 4740 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 4740 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 4740 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 4740 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 4740 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 4740 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 4740 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 4740 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 4740 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 4740 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 4740 4108 chrome.exe chrome.exe PID 4108 wrote to memory of 4740 4108 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/aNewJO1⤵
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4108 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cdea9758,0x7ff9cdea9768,0x7ff9cdea97782⤵PID:1984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:22⤵PID:1876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:82⤵PID:4740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:82⤵PID:2928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:1916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:4680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4636 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3484 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4852 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:4644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5280 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:4816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5460 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:1324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5632 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:2796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3772 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:3336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5956 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:4904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6684 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:82⤵PID:2064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:82⤵PID:220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6872 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:1976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6452 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:82⤵PID:1748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7556 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:2008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8524 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:1892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=8132 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:2880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=8116 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:4920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=8072 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:4204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7536 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:4916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6572 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:4500
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7036 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:3308
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7432 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:3736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=7172 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:3276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=7128 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:2084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=9068 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:5940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6684 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:6060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=9172 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:6136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=9328 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:1916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6572 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:6508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8992 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:6608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=9552 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:6600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=10068 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:1644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=10176 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:5016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=10132 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:3904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=9732 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:6200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=10168 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:3728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=10164 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9268 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:6220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=10204 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:5672
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9624 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:5668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9928 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:5632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9736 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:6280
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7784 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:6216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=3396 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:6528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=2624 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:1972
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=1644 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:6524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9500 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:6724
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=9896 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:6324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10248 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:6612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=9804 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:6780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=10612 --field-trial-handle=1888,i,10331763577608086845,17810945100826018204,131072 /prefetch:12⤵PID:7148
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2212
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3352
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Gerador.zip\Gerador.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Gerador.zip\Gerador.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6256
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5222ea7e1f2fd0e66900c47643e13915d
SHA1e1d1745ba3e047c3fc46f89e40ed959a352dac65
SHA256bfe4e7b94ef19a26f6bf5ff256926b0286c45c3ac2fb044994d3cd9aeff0ce42
SHA512e82818cfbc9c9f47381e45e33454d9df0ad3990f4ac4e03cc275e151b96d06295dea75dbec1820d7a95353c5d1ffe2426053388b1c9851b4986e357a5850efa5
-
Filesize
15KB
MD5d3acb850e6805a105bc5d19ffd3e55f6
SHA1779e587b8f7e984156ad50a75370eb448fffad6e
SHA25612436b419399f874bd532c1c00e3838844d1fd59f8ed335fa2a86dc86fa34f71
SHA51270923a99861c774a77000586e0f04d96a9cbd5c0a1f41a8f142b41c418e0ffe75176584cd96616bf8db111d0f728f81cd9d120599d06831ecd39857be5922e3e
-
Filesize
5KB
MD5b9f485ee208d673a22856a442bcd34c9
SHA1e7e0fddaca4fa289c1e498015da30fe1ce61ad24
SHA256aff6316ddf09d17fa8043f8b4c358cbd3c1483387c3a7a82a7c59c3674e0782c
SHA512903cdcd3fead4239335a9640bc2aab1f1a4735e867ae57ab82b9937486679af37e1f681a8d49b3e647cafc726387e792109aa7a0054cd8ae1660103d93aad548
-
Filesize
5KB
MD592169a460031769b157df60d56296dd9
SHA18d69e562158802f4e29697d31f176c3e7da6cf74
SHA256e37f0da7fc917de7dc78e087c93b9a26193ad880840c00b400ce2ae17c5de517
SHA512ff6497ee5f48747fe917a97f10240cf101bf892c21a87a45a953d804f704331c81f51e728c35a05ef927cfcb1494ddf02c5f7eed9d95012b803105ad5441210d
-
Filesize
4KB
MD59002aa7b289a221c3fcea70886d1023e
SHA146802aedf253b6a9829f3389d35e83b4ee8a2255
SHA2563a27d7108e585c0f8fb15d90e9ba06f8ebc43d0ae1768c55eb8a63163112c0ef
SHA51251d787f5f819e692de869e2c82cb9e527e64e2d46661570b186214edd21b668486d52afc88532262770525702f37e4055a9121613215aa3978920042d86a2f0b
-
Filesize
5KB
MD52cfeed86b9eeb7caefa6015867d4b829
SHA1b8bf99283b0682d5f63aca19abf7d9e0535ed9c8
SHA256b1b5b524c8101bab0872b66fb4dc2aaf6a4b4749c5ead6d22fd47051f435423a
SHA5120ce4f246e5845c057fb19943c77ff208f2a878b7f8ef5c80b4594aba994e5ed39db359180849600318784b1964ee032e2607569c71b9d071aa48737cd1c6065b
-
Filesize
6KB
MD525fabb989778ccfc97418f9b1f179260
SHA19d572fa9e1b8864a9a3e078bf8492edbb7c20ad3
SHA256e1476417fed1cc9bfb1b7810f96576c75f729a11163ff6b962a272469c46447e
SHA512e15942899427310f5a48e96c825797bd9df700f13fd052d8c48b26ff563d6d4c5679ff7319160e563c257f61f4182e184870264b45bf2bd2b4e1c9aa2c0d7d36
-
Filesize
87KB
MD5a530a0b56e051410794f6d04c8aa04d1
SHA175ac2c703986e2ac78d04eece453cf1b7cc5dbd7
SHA256b89645e7d2a5a4ea557b174820061efb948dce1ebd4a57fc284d848a854cdf8b
SHA5128366db02e4506e8df1140bd0bfa3989c4de732dd8c33328d5b4e59989b7afa27cf4e023b29f1ad3c7dd9a332001d7bfe8759bf26abef5aa6cd3e5c576e005966
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
18KB
MD52054de7c18d981858987e6f7e64fd808
SHA1ace760b85ad37fa12a3e65f3bfb0529362537bcf
SHA2567bf8b31e20e0d651fc7ec648cde247ee0a5319c3ce80ddfa99e018dc784306f5
SHA512c805d8b4f595e7fea85705908d0147ab7e774a9eecc6d35e3185b651884cfd8120941b97798b8969bffd3e41acc95b5a8357c3aed67b293a6f3355913ad053d4
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e