Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20241023-en -
resource tags
arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system -
submitted
08-11-2024 20:12
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-39802972J9575333G%2FU-7T069770U2704051P%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=oei-drVRr9rsyDcR9UC-g.13eQlJJBK-HLurLw&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-39802972J9575333G%2FU-7T069770U2704051P%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3Doei-drVRr9rsyDcR9UC-g.13eQlJJBK-HLurLw%22%7D%7D&flowContextData=SoF6VBSU4IGJUHF1He_bi6wpATEWTFScq8JpLvGK9U-hJE9U-XdJDdA_7snfK7S546MIj5ZMot-rBu2dPLy1gqrUpq1tVG2ltr6S1Bjn3LNubdQM7ry4ci-d0YdfvDQUGgveuaMGhbUqO9HUgxOChRU-89MDD8XZzYAqWc4889jLo1Fdg5cpgugDiQg6WbPXC1y5GkcQwbah_9qjdAmhbFo9B3qkWCb0QZkaUIdwZpgjjgI6ANzs800dKuv9udPIAhT_KVeIkQ9iNEdfCG0_97yt38yPnaag9Cs8KoHyxSsPPWnUdF5wOGQUoqxzpAWmYbNQ4KEQDbxRyFIz6JRH59VGjYL3gm9K7q636xXooAV2C-eOxIn2s4AF6UXRh7b2fvkPrJmcGIRvLPgJkot6c_jSnkcwJp45Y02o43dFrW3vIN7OsMSFu_ABl7czTozlWrleGJlZncZvmtTnsUKQKUrOfeTdnKZURrgwxZ3_dWpkxTvrtngzxN5t6LBAou-FXFHjiJj9G14CaulydnOA_1ROlD_5T261I2C--w2ZiGiFoHjH&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=d483d143-9dfd-11ef-9d5f-c5a232c47278&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=d483d143-9dfd-11ef-9d5f-c5a232c47278&calc=f49369598d553&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.292.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin
Resource
win11-20241023-en
General
-
Target
https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-39802972J9575333G%2FU-7T069770U2704051P%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=oei-drVRr9rsyDcR9UC-g.13eQlJJBK-HLurLw&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-39802972J9575333G%2FU-7T069770U2704051P%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3Doei-drVRr9rsyDcR9UC-g.13eQlJJBK-HLurLw%22%7D%7D&flowContextData=SoF6VBSU4IGJUHF1He_bi6wpATEWTFScq8JpLvGK9U-hJE9U-XdJDdA_7snfK7S546MIj5ZMot-rBu2dPLy1gqrUpq1tVG2ltr6S1Bjn3LNubdQM7ry4ci-d0YdfvDQUGgveuaMGhbUqO9HUgxOChRU-89MDD8XZzYAqWc4889jLo1Fdg5cpgugDiQg6WbPXC1y5GkcQwbah_9qjdAmhbFo9B3qkWCb0QZkaUIdwZpgjjgI6ANzs800dKuv9udPIAhT_KVeIkQ9iNEdfCG0_97yt38yPnaag9Cs8KoHyxSsPPWnUdF5wOGQUoqxzpAWmYbNQ4KEQDbxRyFIz6JRH59VGjYL3gm9K7q636xXooAV2C-eOxIn2s4AF6UXRh7b2fvkPrJmcGIRvLPgJkot6c_jSnkcwJp45Y02o43dFrW3vIN7OsMSFu_ABl7czTozlWrleGJlZncZvmtTnsUKQKUrOfeTdnKZURrgwxZ3_dWpkxTvrtngzxN5t6LBAou-FXFHjiJj9G14CaulydnOA_1ROlD_5T261I2C--w2ZiGiFoHjH&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=d483d143-9dfd-11ef-9d5f-c5a232c47278&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=d483d143-9dfd-11ef-9d5f-c5a232c47278&calc=f49369598d553&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.292.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
Processes:
chrome.exedescription ioc process File opened for modification C:\Windows\SystemTemp chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133755703590448691" chrome.exe -
Modifies registry class 1 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4248760313-3670024077-2384670640-1000\{95DFCDB7-577C-4AC4-A897-17BEA3C29910} chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
chrome.exechrome.exepid process 1936 chrome.exe 1936 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
chrome.exepid process 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe Token: SeShutdownPrivilege 1936 chrome.exe Token: SeCreatePagefilePrivilege 1936 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
chrome.exepid process 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe 1936 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 1936 wrote to memory of 1188 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 1188 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2004 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2732 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 2732 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe PID 1936 wrote to memory of 3444 1936 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-39802972J9575333G%2FU-7T069770U2704051P%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=oei-drVRr9rsyDcR9UC-g.13eQlJJBK-HLurLw&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-39802972J9575333G%2FU-7T069770U2704051P%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3Doei-drVRr9rsyDcR9UC-g.13eQlJJBK-HLurLw%22%7D%7D&flowContextData=SoF6VBSU4IGJUHF1He_bi6wpATEWTFScq8JpLvGK9U-hJE9U-XdJDdA_7snfK7S546MIj5ZMot-rBu2dPLy1gqrUpq1tVG2ltr6S1Bjn3LNubdQM7ry4ci-d0YdfvDQUGgveuaMGhbUqO9HUgxOChRU-89MDD8XZzYAqWc4889jLo1Fdg5cpgugDiQg6WbPXC1y5GkcQwbah_9qjdAmhbFo9B3qkWCb0QZkaUIdwZpgjjgI6ANzs800dKuv9udPIAhT_KVeIkQ9iNEdfCG0_97yt38yPnaag9Cs8KoHyxSsPPWnUdF5wOGQUoqxzpAWmYbNQ4KEQDbxRyFIz6JRH59VGjYL3gm9K7q636xXooAV2C-eOxIn2s4AF6UXRh7b2fvkPrJmcGIRvLPgJkot6c_jSnkcwJp45Y02o43dFrW3vIN7OsMSFu_ABl7czTozlWrleGJlZncZvmtTnsUKQKUrOfeTdnKZURrgwxZ3_dWpkxTvrtngzxN5t6LBAou-FXFHjiJj9G14CaulydnOA_1ROlD_5T261I2C--w2ZiGiFoHjH&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=d483d143-9dfd-11ef-9d5f-c5a232c47278&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=d483d143-9dfd-11ef-9d5f-c5a232c47278&calc=f49369598d553&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.292.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1936 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3685cc40,0x7fff3685cc4c,0x7fff3685cc582⤵PID:1188
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,10629266724178014009,5034398842041937653,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1920 /prefetch:22⤵PID:2004
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1756,i,10629266724178014009,5034398842041937653,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1960 /prefetch:32⤵PID:2732
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,10629266724178014009,5034398842041937653,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2272 /prefetch:82⤵PID:3444
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,10629266724178014009,5034398842041937653,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3104 /prefetch:12⤵PID:3480
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,10629266724178014009,5034398842041937653,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3140 /prefetch:12⤵PID:4080
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4420,i,10629266724178014009,5034398842041937653,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4432 /prefetch:82⤵PID:1316
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4440,i,10629266724178014009,5034398842041937653,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4584 /prefetch:82⤵
- Modifies registry class
PID:3200 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4608,i,10629266724178014009,5034398842041937653,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4652 /prefetch:12⤵PID:4492
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4840,i,10629266724178014009,5034398842041937653,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4824 /prefetch:12⤵PID:788
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5072,i,10629266724178014009,5034398842041937653,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5108 /prefetch:82⤵PID:3476
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5272,i,10629266724178014009,5034398842041937653,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5292 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3476
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:2456
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:804
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5b5ad5caaaee00cb8cf445427975ae66c
SHA1dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA51292f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f
-
Filesize
4B
MD5f49655f856acb8884cc0ace29216f511
SHA1cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA2567852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8
-
Filesize
1008B
MD5d222b77a61527f2c177b0869e7babc24
SHA13f23acb984307a4aeba41ebbb70439c97ad1f268
SHA25680dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff
-
Filesize
649B
MD501a705aa93bed403b85d0000a758cab9
SHA1357b1dc1afdcb58a3c7988f2b54550dd5cdf4257
SHA25628498f7733a3915f5bae86d26fa725690fe3a7b25d5febd4551b0c86a1fbf1a0
SHA512a5934faede3c057d3c1acf2e2d4f9bc077e51bbaf12d94281fd021ca0b48b1cef802a08ab5cf9ae71214aa01400ef8215f8770bd2000bc6f456aa8993d03fbd6
-
Filesize
215KB
MD5e579aca9a74ae76669750d8879e16bf3
SHA10b8f462b46ec2b2dbaa728bea79d611411bae752
SHA2566e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640
-
Filesize
984B
MD510d97b2cd0577d01062445bda164c4c9
SHA122520c5f84c1c9d6bfc37d6066b513320688e606
SHA2565d99757d5cef67d0f6b3d31ad5b86ad84073e1f16964e1ab26b40aabf0cc958a
SHA5124742204c8fa8e023deb99c5c5e59a270bf6478630f936c108c488d274e64a163de4e9c7d7a4fe7057d7fd70f77e91ae5a308cd25c1133c340a4ea468c25043f4
-
Filesize
4KB
MD587647681afc98029f2262c0f12e71462
SHA1a14063068bd11fcb44b3be53f0642ab678a4199c
SHA256557fbe26c2070485a92a63ef45aa7b235ed456ba53f79e135514f34c140554c4
SHA512e095ae3681bd4c7578fcddc4b301f3d090b0c2d8cfb49ee3f86ba58d148c26bd7cce544b444ee844f7e91f4d9f8188bb3925403fcb8d0d5fb36cec31e6dfebc6
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD57f608ebb44a86af87b9c4a4fed5df3df
SHA1e35ab10e27e1e8f5a9c416ddae5d4e0eceb63ca7
SHA25640bacc6740a1541278dff6a8b7c3abc94f3d7879a7f28ebc393cd70478d1a40e
SHA512e3fa1a1309e0ac48c9c6995d19e0392b89b0c85c1b723e880760ebc1c2e35a9d3de9c6985ab7ee0f5514d8ce624431edaf01325641b55c24586f2a9bb6af7c5e
-
Filesize
1KB
MD57d759becd7aa897d58f7aa13846d1fbe
SHA1e296dec5bfb5f4673a3cfd355197fe19f63ccc8e
SHA256c32501de44850a306e8caa60dfab35056dea33a6631a07b947cbb44f49045772
SHA512eea4e7a82925028b84a65e8854770aff1b55f3a45ff2783934ae4cdae86a49b0797618e457006d7010693c836b945ee8afd95457759fe7b3c762f42f521d6139
-
Filesize
1KB
MD53c1d9521e3d5202bccc622a5e772face
SHA1fbc20a86dd09887240b9a54500025713b583d72d
SHA256b5b78cb97f347529e2dbb9c052412ba94d5c8825c71f3f28226c74dedc4c2e39
SHA512d7ebfb26837487df555b98f1984d9cee0515dfdf52429245a6118c208aea3480c14b84ba7f7c99b816d66b903aec02d0acc0a8a8f7635ec84da11c9f9119f142
-
Filesize
1KB
MD552b9799efb84939a5e53b8c614f993f7
SHA1075cb0fce3461dc220e92b30a10f32bbe6940597
SHA256d9f65ef57c8e16622d1a1a742304b17a7af3a3251978822b6ea7a625bc255355
SHA512cdc7b496ad6ec9454511b65a57a91704f37a7b19e22da92de15a94ab3df78990563ebdb8eaa8d8e223c1d2319fd900d7df05fb5af4031a88bd5fc96d3d0c9300
-
Filesize
1KB
MD545fb2ddc32d895946cce9f6f2e127931
SHA10a086019dbac13c7784c4ee155fef90e06bff6a7
SHA2564e7d2a98726eedce1f61d8efd59e52499a130f1c257dcc18f66ab6bea1ce4d10
SHA512c630d93196f12768fb797a806a6fa56c923aefc81032374101f51c6b4bb6cea2d1c31af3b6d9ad3825dd1d1f4492aa5b0aa688714ac66609f0e0f8e212b0ba5c
-
Filesize
9KB
MD5a56d5989764489ef6dd177fb029a6796
SHA136ffe2c2de7727fd78b2e33ff5638fdf31a6a207
SHA256a2809698bddbca922f7e4e21e18ae3b950e034dc38ef435ecefa66d7869ed796
SHA51210a37ee05ba53fc6efe39b3d419ad9ff924d1d81da14b78159f3545bb4c7865fb76fdf1ec336781c98cba102f818d9b19727ddbbc47bbcb7272bb960dd9fa171
-
Filesize
9KB
MD5e6c7bf9848166b225db94af8b9c3f36a
SHA1e42b15213b9327f7b7a6eb13fa1b61f4208641df
SHA256274a8e4b3a55715fe66fae04c959e1ff8d4b676f8be4bb1820fff8df06bb572f
SHA512346fcb5e82cbd47c8817e136bb7cdc4808896344e37a791d9f002860795b4f70e1edbe86fc824ab29e5554dcbe28cf49b70338a919a1bf66b32038ff18b46803
-
Filesize
9KB
MD52cdbe67b39fa94fd920c1d385a4fb401
SHA13d1418bd7b736139b4984cc74776ed47a01beb54
SHA2563224d189d0563e1410ac998bcffdd8a0ceba5af0bddb0c2a1f2dc672f621737f
SHA51230b0e164a6b14b580eae0e9921b3b87f1b4b0d43a5bce775def325a8a114110bc67ee18a72df61a5089b67b2c9ca4335fb1e0e3621d9d7cbdf6c08dea865e7d2
-
Filesize
9KB
MD5da3b89871be82ca8e8957c775dff4e07
SHA1413f1dccb290046d3c31a477dd79a9c349881cdf
SHA2569097abb12fb76c6ba920f443034ac61fd5e6cced5e18af48ea73f835bad15d0b
SHA5120214ab3d63c35a3e1af992e651037c9d8e1492e78e59b6d4064a27821da8fa471fe180fdbb5896ba7d889a68af423fdb1083e0f7489194ef4313a492a2bd0320
-
Filesize
9KB
MD5c34c2af3a77153b8814b022833040e84
SHA145feb84d88051cddf20d1884f22c2b5e912e66a1
SHA2561b5fcb7babf3e1bcb35d72730a33e12b3d6d487f50527747d95c38f514ca3cb5
SHA512459ab3358ad737e756101decadd357464338ec11c112986c2b930ee75507708848f332805ac301321e73f563bb5cfb27cb80d4481f318d6be3f034fc45f7b59f
-
Filesize
9KB
MD5aeaf583efb93af1736383d77edb3286b
SHA14eebe1b15bee38320a755b581a9438f1dd54d2e1
SHA2569c7af3034c545b260ff98ec065471dcdd69194cdfae55e9b75eb0b020bf107a6
SHA5128aa1bcc93a9cd05c2e5f44f6d63f1e615050d2ce9e4ecf5fa8221e6c512dbc759a78addcdc2a9572219827d01ffb8dea7f04c3b1296f071e653a8fe8c209631e
-
Filesize
9KB
MD56f161e6f86bfe3b3cde880d288d5c069
SHA1cc63da48a58a0a7642beff2ae1ba5ba0a10e1902
SHA256777f91be2d3fc12caa53fcd5cca710722a0799e70ef63b496f9304e2deac63fa
SHA512050b273416a338c2d96dc641f26d68f5ca08df4bd176e6a1dbc0f27926f99f80f97739d8f3fbe1c425ac91597aa0483d44672098292e988545be38b0e03dcf25
-
Filesize
9KB
MD54fe715e657705ba8f5a09d26eddf613a
SHA1e5cbaec4b03de45c40a883b43195070593bc9451
SHA2563e19d9596ff3bde973ffa8a7f4513e936681b9af365f1d951ee2bf5f78779ee4
SHA5128739eebb3fb045d55ca36a12e97594ff3c72daceb38880f7a1b6425ea8f227d83b98b468db37819b65fc5b76fb4ee0cb05113b2d6cddf258ee8ed34b67c90b23
-
Filesize
9KB
MD57e220e6a6fcea1029e5afaaaba6b876e
SHA193c5473b83b093a7d23fb78dff8d9669a8a1c5c3
SHA25609e949aff36038a774e3e7aed061c750e41ad79e3f6c61e2a2b6aa50bd36b1bc
SHA5127552f574119c0740e66321102f3b18f4e8f1a4c1fc79efa958e36969ed5c137a3a21e0436981e00dbee029f5b05cddd2baa85a412c146b06000a9918c2610bb5
-
Filesize
9KB
MD59e26b89711b6c8daa6789f1339262f5a
SHA1a8484bf1513e7e90ae8d428b544f2bb86a7bce56
SHA25689e4e598b57fe224f1e0f9b634535f3779562213511b0a8411a70051c3b369b6
SHA51234671075cc4c7174b3675923451cfec4a5514d8762e6cc68e52e9e85ac1650db675a8790366c9638bd14be888cf96cdea02714f870546cf4c861dee6945512d3
-
Filesize
118KB
MD59435ea6bbfe34b55e85d7542c8a500db
SHA14309b0ba5eec302b7484edbd5870824e616ed245
SHA2561f758fa2d57749b8129b9b8acc46a054dff11ccb831d122ddb520ede83d90442
SHA512ebe59e9b78b67d9d46d50ffae9d0c942678df3f459ef1e2146653568275481effd0eeea377dc7a1f654a3ff48741288a0290f0e138054bbccb88aae4beae0035
-
Filesize
118KB
MD5ac2d6b4cbc996bfac5032e15e5f5a188
SHA189ee7f143ded938faac50cb1c27b1af3c3b2b57a
SHA256e60ff059914bc4449b6d2a96bdb75371f9f97560872418f6fb7e52f9dcafa7f1
SHA51296f18a6dbaa473ddfb1a0bad9ef01ebbf5d661d650e9251d163db86781e56db231e6dd9c37abe8fec71b15e58e8ded2a8da7a552dcd4c0b5a7668e41a62d5884
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e