Analysis
-
max time kernel
600s -
max time network
592s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
29-08-2023 09:07
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://https%3A%2F%2Feur02.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fr20.rs6.net%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252Ftn.jsp%253Ff%253D001omafizeoy8SJAji27i1ch-iHKPAQNzJiBgKgNgYtSZsqEZvJG5ZYGTV4XxZNTGlDihcYZv1y49p0uo-NvIRpo700LKN3RVkOvlMLjQqLf7xzz9abur7mygyeaLWUZi9u4hsXA5imE5_AGCe5xldW2Q%253D%253D%2526c%253Du0oQewTliDhBvXFRlLU25pChO4bd6tq-DPFXFcfPnA8Px8X5ioz3xQ%253D%253D%2526ch%253DLg2ZZbteH38gszW6ZLD3t40VncMLL4c_Xkgqb0H5UFzrtUyf1g-F0g%253D%253D%2523YXN0cmlkbW96ZXNAZWF0b24uY29t%26data%3D05%257C01%257Castrid.mozes%2540danfoss.com%257Ce10af7721c664756dccc08dba7ea5be7%257C097464b8069c453e9254c17ec707310d%257C0%257C0%257C638288397234799677%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3Dkc7Y43KSNgonbsmVKXzNnGI7OmYQ3wOp0of7IRWTrwg%253D%26reserved%3D0&source=outlook&treatment=1819&form=MY02A7&qpc=6020388339382&oid=6c958a9c-4fd7-4a36-bf0d-248389fdd357&hubappid=8682d0fa-50b3-4ece-aa5b-e0b33f9919e2&hubappsubpath=%2Fmail%2FAAMmAHtFOENFMjIzMC05RUM4LTRBQzctQUM5RC00MDUwMTM4ODQ1RER9AC4AAAAAAIFkvcjbTrBCuOUpt7iGfikBAKWxDBIoI%252BFEpivsliifcrEAAAAAAQwAAA%253D%253D%2Fid%2FAAQmAHtFOENFMjIzMC05RUM4LTRBQzctQUM5RC00MDUwMTM4ODQ1RER9ABAAunY2%252BXgCLkCvu5Z%252B%252BXVjEw%253D%253D%2FitemId%2FAAMmAHtFOENFMjIzMC05RUM4LTRBQzctQUM5RC00MDUwMTM4ODQ1RER9AEYAAAAAAIFkvcjbTrBCuOUpt7iGfikHAKWxDBIoI%252BFEpivsliifcrEAAAAAAQwAAKWxDBIoI%252BFEpivsliifcrEAAfKTIv8AAA%253D%253D%2FimmutableItemId%2FAAkALgAAAAAAHYQDEapmEc2byACqAC%252FEWg0ApbEMEigj4USmK%252ByWKJ9ysQAB8pQpqAAA
Resource
win10v2004-20230703-en
General
-
Target
http://https%3A%2F%2Feur02.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fr20.rs6.net%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252Ftn.jsp%253Ff%253D001omafizeoy8SJAji27i1ch-iHKPAQNzJiBgKgNgYtSZsqEZvJG5ZYGTV4XxZNTGlDihcYZv1y49p0uo-NvIRpo700LKN3RVkOvlMLjQqLf7xzz9abur7mygyeaLWUZi9u4hsXA5imE5_AGCe5xldW2Q%253D%253D%2526c%253Du0oQewTliDhBvXFRlLU25pChO4bd6tq-DPFXFcfPnA8Px8X5ioz3xQ%253D%253D%2526ch%253DLg2ZZbteH38gszW6ZLD3t40VncMLL4c_Xkgqb0H5UFzrtUyf1g-F0g%253D%253D%2523YXN0cmlkbW96ZXNAZWF0b24uY29t%26data%3D05%257C01%257Castrid.mozes%2540danfoss.com%257Ce10af7721c664756dccc08dba7ea5be7%257C097464b8069c453e9254c17ec707310d%257C0%257C0%257C638288397234799677%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3Dkc7Y43KSNgonbsmVKXzNnGI7OmYQ3wOp0of7IRWTrwg%253D%26reserved%3D0&source=outlook&treatment=1819&form=MY02A7&qpc=6020388339382&oid=6c958a9c-4fd7-4a36-bf0d-248389fdd357&hubappid=8682d0fa-50b3-4ece-aa5b-e0b33f9919e2&hubappsubpath=%2Fmail%2FAAMmAHtFOENFMjIzMC05RUM4LTRBQzctQUM5RC00MDUwMTM4ODQ1RER9AC4AAAAAAIFkvcjbTrBCuOUpt7iGfikBAKWxDBIoI%252BFEpivsliifcrEAAAAAAQwAAA%253D%253D%2Fid%2FAAQmAHtFOENFMjIzMC05RUM4LTRBQzctQUM5RC00MDUwMTM4ODQ1RER9ABAAunY2%252BXgCLkCvu5Z%252B%252BXVjEw%253D%253D%2FitemId%2FAAMmAHtFOENFMjIzMC05RUM4LTRBQzctQUM5RC00MDUwMTM4ODQ1RER9AEYAAAAAAIFkvcjbTrBCuOUpt7iGfikHAKWxDBIoI%252BFEpivsliifcrEAAAAAAQwAAKWxDBIoI%252BFEpivsliifcrEAAfKTIv8AAA%253D%253D%2FimmutableItemId%2FAAkALgAAAAAAHYQDEapmEc2byACqAC%252FEWg0ApbEMEigj4USmK%252ByWKJ9ysQAB8pQpqAAA
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133377736541126486" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 244 chrome.exe 244 chrome.exe 3752 chrome.exe 3752 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe Token: SeShutdownPrivilege 244 chrome.exe Token: SeCreatePagefilePrivilege 244 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe 244 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 244 wrote to memory of 2580 244 chrome.exe 83 PID 244 wrote to memory of 2580 244 chrome.exe 83 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 2940 244 chrome.exe 86 PID 244 wrote to memory of 4360 244 chrome.exe 87 PID 244 wrote to memory of 4360 244 chrome.exe 87 PID 244 wrote to memory of 4368 244 chrome.exe 88 PID 244 wrote to memory of 4368 244 chrome.exe 88 PID 244 wrote to memory of 4368 244 chrome.exe 88 PID 244 wrote to memory of 4368 244 chrome.exe 88 PID 244 wrote to memory of 4368 244 chrome.exe 88 PID 244 wrote to memory of 4368 244 chrome.exe 88 PID 244 wrote to memory of 4368 244 chrome.exe 88 PID 244 wrote to memory of 4368 244 chrome.exe 88 PID 244 wrote to memory of 4368 244 chrome.exe 88 PID 244 wrote to memory of 4368 244 chrome.exe 88 PID 244 wrote to memory of 4368 244 chrome.exe 88 PID 244 wrote to memory of 4368 244 chrome.exe 88 PID 244 wrote to memory of 4368 244 chrome.exe 88 PID 244 wrote to memory of 4368 244 chrome.exe 88 PID 244 wrote to memory of 4368 244 chrome.exe 88 PID 244 wrote to memory of 4368 244 chrome.exe 88 PID 244 wrote to memory of 4368 244 chrome.exe 88 PID 244 wrote to memory of 4368 244 chrome.exe 88 PID 244 wrote to memory of 4368 244 chrome.exe 88 PID 244 wrote to memory of 4368 244 chrome.exe 88 PID 244 wrote to memory of 4368 244 chrome.exe 88 PID 244 wrote to memory of 4368 244 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://https%3A%2F%2Feur02.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fr20.rs6.net%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252F%252Ftn.jsp%253Ff%253D001omafizeoy8SJAji27i1ch-iHKPAQNzJiBgKgNgYtSZsqEZvJG5ZYGTV4XxZNTGlDihcYZv1y49p0uo-NvIRpo700LKN3RVkOvlMLjQqLf7xzz9abur7mygyeaLWUZi9u4hsXA5imE5_AGCe5xldW2Q%253D%253D%2526c%253Du0oQewTliDhBvXFRlLU25pChO4bd6tq-DPFXFcfPnA8Px8X5ioz3xQ%253D%253D%2526ch%253DLg2ZZbteH38gszW6ZLD3t40VncMLL4c_Xkgqb0H5UFzrtUyf1g-F0g%253D%253D%2523YXN0cmlkbW96ZXNAZWF0b24uY29t%26data%3D05%257C01%257Castrid.mozes%2540danfoss.com%257Ce10af7721c664756dccc08dba7ea5be7%257C097464b8069c453e9254c17ec707310d%257C0%257C0%257C638288397234799677%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3Dkc7Y43KSNgonbsmVKXzNnGI7OmYQ3wOp0of7IRWTrwg%253D%26reserved%3D0&source=outlook&treatment=1819&form=MY02A7&qpc=6020388339382&oid=6c958a9c-4fd7-4a36-bf0d-248389fdd357&hubappid=8682d0fa-50b3-4ece-aa5b-e0b33f9919e2&hubappsubpath=%2Fmail%2FAAMmAHtFOENFMjIzMC05RUM4LTRBQzctQUM5RC00MDUwMTM4ODQ1RER9AC4AAAAAAIFkvcjbTrBCuOUpt7iGfikBAKWxDBIoI%252BFEpivsliifcrEAAAAAAQwAAA%253D%253D%2Fid%2FAAQmAHtFOENFMjIzMC05RUM4LTRBQzctQUM5RC00MDUwMTM4ODQ1RER9ABAAunY2%252BXgCLkCvu5Z%252B%252BXVjEw%253D%253D%2FitemId%2FAAMmAHtFOENFMjIzMC05RUM4LTRBQzctQUM5RC00MDUwMTM4ODQ1RER9AEYAAAAAAIFkvcjbTrBCuOUpt7iGfikHAKWxDBIoI%252BFEpivsliifcrEAAAAAAQwAAKWxDBIoI%252BFEpivsliifcrEAAfKTIv8AAA%253D%253D%2FimmutableItemId%2FAAkALgAAAAAAHYQDEapmEc2byACqAC%252FEWg0ApbEMEigj4USmK%252ByWKJ9ysQAB8pQpqAAA1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:244 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0x40,0x114,0x7ff8fcf89758,0x7ff8fcf89768,0x7ff8fcf897782⤵PID:2580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1864,i,16993293278258560089,16454067874177849954,131072 /prefetch:22⤵PID:2940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1864,i,16993293278258560089,16454067874177849954,131072 /prefetch:82⤵PID:4360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1864,i,16993293278258560089,16454067874177849954,131072 /prefetch:82⤵PID:4368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1864,i,16993293278258560089,16454067874177849954,131072 /prefetch:12⤵PID:1436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1864,i,16993293278258560089,16454067874177849954,131072 /prefetch:12⤵PID:3376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4604 --field-trial-handle=1864,i,16993293278258560089,16454067874177849954,131072 /prefetch:12⤵PID:4952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1864,i,16993293278258560089,16454067874177849954,131072 /prefetch:82⤵PID:3872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4952 --field-trial-handle=1864,i,16993293278258560089,16454067874177849954,131072 /prefetch:82⤵PID:1308
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1864,i,16993293278258560089,16454067874177849954,131072 /prefetch:82⤵PID:1960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1864,i,16993293278258560089,16454067874177849954,131072 /prefetch:82⤵PID:2176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3888 --field-trial-handle=1864,i,16993293278258560089,16454067874177849954,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3752
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1952 --field-trial-handle=1864,i,16993293278258560089,16454067874177849954,131072 /prefetch:12⤵PID:1504
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5388 --field-trial-handle=1864,i,16993293278258560089,16454067874177849954,131072 /prefetch:82⤵PID:3440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2912 --field-trial-handle=1864,i,16993293278258560089,16454067874177849954,131072 /prefetch:82⤵PID:3240
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3172 --field-trial-handle=1864,i,16993293278258560089,16454067874177849954,131072 /prefetch:12⤵PID:924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5472 --field-trial-handle=1864,i,16993293278258560089,16454067874177849954,131072 /prefetch:82⤵PID:3228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5572 --field-trial-handle=1864,i,16993293278258560089,16454067874177849954,131072 /prefetch:82⤵PID:1656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4032 --field-trial-handle=1864,i,16993293278258560089,16454067874177849954,131072 /prefetch:12⤵PID:516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3060 --field-trial-handle=1864,i,16993293278258560089,16454067874177849954,131072 /prefetch:82⤵PID:4136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5532 --field-trial-handle=1864,i,16993293278258560089,16454067874177849954,131072 /prefetch:82⤵PID:4960
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4812
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
54KB
MD525449daa0ff1fa21971d0809dc0aef21
SHA19a2a66f3361b711ce1f18291f73d89f683bd3046
SHA256767f170b3b7d4f9f3bb3326e1a893a0fe55b5c792cb56dc3b5e77a38ebc206b3
SHA5124cd6751240ff79fcbb3fcef29c6f69706dda6630ba992a990ef9c5ac293f1cfdc7e8d5434936483a0dc674e38400712f5bbd581715475ef75992593419f13617
-
Filesize
1KB
MD5b8b1a056ec24733bbe81fac1453149c8
SHA1960050a25fb12cd88b23a3cf1dd67f72736ec867
SHA2568405864b8d79c6805dd304513c82b93e8f085a9a3e123a81fb8d4efc861b9f60
SHA51210061ee8ccabcd1767d5c114fdd6da260727d95550256b5e10ea9b745ddd3cc1cae1ff899eebda5fa8b2549852331fa1906558390421d340a8a43283ed827d52
-
Filesize
1KB
MD5e3d68ee77253c16fdc8f4b72d380edc7
SHA176090cf990a488b9324910c076cb6e0d43a008ab
SHA256e94a0bd032d22eeb32ed9770dffecea440bfebf687479dac2232a409f0bee23c
SHA512436b1e8bc10942ca9eb080baefb1f9fcf976fa6cb57404705db61bc1cfa9e5a2e8c68eebfcb106986a59e8fcecd8ac7829a50646fcabf2897b5bfcfba2cf7e7f
-
Filesize
1KB
MD5e4e6a4083830afdf70d7c60fa4b8a83b
SHA12c9ca179a394edf82caab88a0d863d4acafdba0d
SHA256b338a143608441c956e694291116375942713be233247bd87e9a59c84b529bc2
SHA5129e4aef562844c0c0285632f822c4f2e1a97983a35590451ad877fb7a5e24226e715283ed132cd83babe9ff8ec70f695e92f91307eab0249e32bf57d84a4c740c
-
Filesize
371B
MD5c6edd852e5460191b0d6e6c7916bcbd9
SHA13e732f49b9d951d939c8a022134e82233c5d7424
SHA256ede06dbd9796d2472579aaef021dedb923a2e3b5980a9b87cc49ddb355f5bc9a
SHA512aebf1b7079292b158d526343c745c38824b5f28be1f48930a6c6562daf9b05df5173b8c2c0ee94b4b988bb31ed857d3ee1224d23d61c279452a79a1dd19795a2
-
Filesize
371B
MD57ea1bac28fc2dd4d4a97b7409c021bc8
SHA1c060612050381deddac1d16417bdd58d26e6adfc
SHA25668d2b368b547b4a03000bb7d2484a7a66fb067e64772df1aad3a83639af6cdd6
SHA51200a51c2900937f560351495113629c4f0d25e63d7b8eb4b37d292f541595692d975310be3275adb03515382c789b07991d807660c111357b7c8d9ae0f95a6e8f
-
Filesize
6KB
MD5bde5acb4dc24ce1c0d5130a008f2e259
SHA12869f27952cab0a2669e41fcd9122a885b84dc05
SHA256e0640b168f07b15d0d41d1f650e89cd889ab2a0b5122cab3d5b88dc5f600efc8
SHA512ca2d2f801606c5fd2d51a354ad77f63f60ebb48a8f863a6dca71fb7a4da01293f2e8f32351c6cdf721438650b0f0954f5f0e80054f6e13daf96314943d9e413a
-
Filesize
6KB
MD521732308b9b8f0421641d8a94ea0ee41
SHA1dcc65f97181b9b02e07c34cd0fc70e6400b47b71
SHA2560a8272d9e5d1e5ffbe60061c4113d2e00b296f00fdb1a385d417249916da20b0
SHA5124a35e36b80024b2a7efdb3602601665aeed6300f7c19be5fbbc27ecca694455a120ab380a9538af412a9034a09331757d8823f68dc48127dcbbe6e9a320f66cf
-
Filesize
6KB
MD50bbc6ac1c9eb71a28bdda9ee246c13a2
SHA1bd78ed0ceb095373b5a5722fbcd078fd15543de2
SHA25688081ef2c786ab133f050a923e588e5fce8ba054b1dcbe6602b02dd15c545223
SHA5125e671826d7337da452c138ef1b8a095086852ff10042368ae4e623eeb4ddf2d573aec1a3686ca04d3b44c2b978e27e65eb7485b5ed81cc46950754b35c027d88
-
Filesize
87KB
MD5cc13f277c9623ec50c077a9cea52c1a8
SHA1e66c1f9115b170b52f918ee43f0aaf2cbb9b7554
SHA256deabf495e154981214c55addf70467a275b0a16d9acb4859f2596aa4111f4161
SHA512c41449c6dee9400c4d29794dbe4c4f6b944ebca9ba2a60604a7d82997cd26ead850879bf8ab4cf6802b15e6146b4dfb4ac31867e7147fdfebbc71899e86a893c
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd