Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
22-11-2024 17:18
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.paypal.com/invoice/payerView/details/INV2-4LS4-7E54-WL7M-3MS9?locale.x=en_US&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000238&utm_unptid=b6cddc8c-9533-11ef-a03b-95edd980ddda&ppid=RT000238&cnac=US&rsta=en_US%28en-US%29&unptid=b6cddc8c-9533-11ef-a03b-95edd980ddda&calc=f775624d07ae6&unp_tpcid=invoice-buyer-notification&page=main%3Aemail%3ART000238&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.288.0&tenant_name=&xt=145585%2C134644%2C150948%2C104038&link_ref=details_inv2-4ls4-7e54-wl7m-3ms9
Resource
win10v2004-20241007-en
General
-
Target
https://www.paypal.com/invoice/payerView/details/INV2-4LS4-7E54-WL7M-3MS9?locale.x=en_US&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000238&utm_unptid=b6cddc8c-9533-11ef-a03b-95edd980ddda&ppid=RT000238&cnac=US&rsta=en_US%28en-US%29&unptid=b6cddc8c-9533-11ef-a03b-95edd980ddda&calc=f775624d07ae6&unp_tpcid=invoice-buyer-notification&page=main%3Aemail%3ART000238&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.288.0&tenant_name=&xt=145585%2C134644%2C150948%2C104038&link_ref=details_inv2-4ls4-7e54-wl7m-3ms9
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133767695156720455" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
chrome.exechrome.exepid Process 2120 chrome.exe 2120 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
Processes:
chrome.exepid Process 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid Process Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe -
Suspicious use of FindShellTrayWindow 37 IoCs
Processes:
chrome.exepid Process 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid Process 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid Process procid_target PID 2120 wrote to memory of 3528 2120 chrome.exe 85 PID 2120 wrote to memory of 3528 2120 chrome.exe 85 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 920 2120 chrome.exe 86 PID 2120 wrote to memory of 4392 2120 chrome.exe 87 PID 2120 wrote to memory of 4392 2120 chrome.exe 87 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88 PID 2120 wrote to memory of 4900 2120 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.paypal.com/invoice/payerView/details/INV2-4LS4-7E54-WL7M-3MS9?locale.x=en_US&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000238&utm_unptid=b6cddc8c-9533-11ef-a03b-95edd980ddda&ppid=RT000238&cnac=US&rsta=en_US%28en-US%29&unptid=b6cddc8c-9533-11ef-a03b-95edd980ddda&calc=f775624d07ae6&unp_tpcid=invoice-buyer-notification&page=main%3Aemail%3ART000238&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.288.0&tenant_name=&xt=145585%2C134644%2C150948%2C104038&link_ref=details_inv2-4ls4-7e54-wl7m-3ms91⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2120 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xdc,0xe0,0xd4,0xd8,0x104,0x7ffc1efacc40,0x7ffc1efacc4c,0x7ffc1efacc582⤵PID:3528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1768,i,13377414644859775100,1705404234677449707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1776 /prefetch:22⤵PID:920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1832,i,13377414644859775100,1705404234677449707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:32⤵PID:4392
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,13377414644859775100,1705404234677449707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2424 /prefetch:82⤵PID:4900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,13377414644859775100,1705404234677449707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:12⤵PID:844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,13377414644859775100,1705404234677449707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:12⤵PID:4436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4584,i,13377414644859775100,1705404234677449707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:12⤵PID:3620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5056,i,13377414644859775100,1705404234677449707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:82⤵PID:712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5076,i,13377414644859775100,1705404234677449707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:22⤵PID:4904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5116,i,13377414644859775100,1705404234677449707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5148 /prefetch:12⤵PID:5072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5184,i,13377414644859775100,1705404234677449707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5204 /prefetch:22⤵PID:2428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5416,i,13377414644859775100,1705404234677449707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5384 /prefetch:12⤵PID:4624
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5528,i,13377414644859775100,1705404234677449707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5376 /prefetch:22⤵PID:1004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5448,i,13377414644859775100,1705404234677449707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5192 /prefetch:12⤵PID:3396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4468,i,13377414644859775100,1705404234677449707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:82⤵PID:2400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5700,i,13377414644859775100,1705404234677449707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5536 /prefetch:12⤵PID:4488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5920,i,13377414644859775100,1705404234677449707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5812 /prefetch:12⤵PID:468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5292,i,13377414644859775100,1705404234677449707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4376 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3876
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:3632
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4628
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40B
MD5800547b40b40a6d57a70b74809b450fa
SHA1310a064c7ba82120f80af50892dcbe61b53f9d70
SHA256a562ff4b14badc73b0804883bf4ccfd9972e485123de5e5949981794f66ed936
SHA51239630e3b5069d0c66ea44069358cf01f180bf25103968f77d483a27deb7e91e796a1718ce9af2f438bebe8207537e735cd402d649e2adfa2ca7748faae2db949
-
Filesize
649B
MD57a692d639285bd9a34789e85db201705
SHA17bed82a46e9c9c1c3169dc11529242a843c40b14
SHA256f02c104bc0d4000638528132f541a3fd2d7da7cc4bb314f0f4fc48e4c7588ee3
SHA5129965a54828df6559056b9812e91c619d9f72eba2ab2ec224645f65a35658add624f5fc7bebfbc6c2b052421341d416f996f85ccb0c844c1513cf3ffd73121f7d
-
Filesize
215KB
MD52be38925751dc3580e84c3af3a87f98d
SHA18a390d24e6588bef5da1d3db713784c11ca58921
SHA2561412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b
SHA5121341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2
-
Filesize
888B
MD56f855dec867f8784058bccd60fd66c2f
SHA1efede70068a34d4d43559ee3ed56283867e4a534
SHA2561fe6c3a5a3237585aa9ff065f6c4d2174f8ce726e2bab0aa8b7ee2ae8ce41fc3
SHA512c52b27429f0f2209ed4e1cb00a462f5b90edd773f64755065a27583eee5bd863f9364eb25985403dbccf1846cc96752c8098560fbe4066fdff270ecc2d826e0c
-
Filesize
4KB
MD523712b1be0c0be8d1fe1933eb48e4912
SHA100ef179b4052f287aa4b0125efa640c65c5a6811
SHA2565d7510d91c76de1ab55d1e7070827644d1489d09227aa85b1b2f3bb5240fb2d7
SHA512d057142bda2d63d15de5c7b467c4f585d8d26d0c5f42c0420662e520266c4ff848067029b7091425e4b82620179c586843fcbfa0b93c848bcb4b69df2b2053c5
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD59fd40d377238e33410b54df501a56c3d
SHA1ff9e8619b3d57f1f9a105d3ef2e741b68679fdb4
SHA25604ef97f521cfdb04c0c7a151ba1881cc906f5279ab7f91817bccc78cb74ccebf
SHA512b1b33893dd5b288cfe7bab27a3860b7fa5cc05f081e37f0d1be1666f97b2ba19187694006f4253651670525819d8a5bdf597b4ed975a9768737bd793fc34c992
-
Filesize
1KB
MD536d2f4abf5b1f86505a3b790ad9439d0
SHA198a3efc702fa837fe456f68d5162c263a644fb8f
SHA256137298782c246eeabc926f1fd854f5f9ebcf812aca450c94afd71d3684910950
SHA5126d1867b8bbd1953f03007af3202123bec948d686d7eddaebd8fd6910f1630e7a871e4f2c375b3cdf0d7e34047948387f08bb88fa7bbe2e93926bb683a3ffd080
-
Filesize
1KB
MD5a0e601ac8194540d063b79e326667e1d
SHA11b648e96453f9027a5478585a8cb2d69a4b4a1a4
SHA25627337f5bdb887378a04c0f1f917698e96646f29649725019310e66abad4bf603
SHA512802af7b7554764c0e057acadc7fde2d3d468e98d87ba5ab1c8c47d72d7dac834d82e976c7d7ca177844f877516d2568f9608e7192158873a2bce8e4520c079c6
-
Filesize
1KB
MD5cb7fbfa3e563d1aa8e8ac6dcdcc08836
SHA116911323b07388f8ab2a5a15df5205b00ae6dd20
SHA256b919b31f55f87aaaf321dd46247c8013bb5474cbba137d42fa8dd9369527ce66
SHA512a818f9b583731840bf3c24895330c60d09eb746d934b2e58d08df877769d33cbabfa85a10f6fd6a3a4118d1b9cc578832531ae09b043607a4c21c75021a512ac
-
Filesize
10KB
MD51ba0cccaaf356e1caffdbd0d2f6f9a2d
SHA11d9430bea746bdc7dd8a55e16f6a6d0a4e613c86
SHA2563342fd0a00550745ca7a8187bc5cecb85602397c976d7caeee2cae88a107e914
SHA512b9c6acd7a8208537e1f992a4f4db5c023bbeda23c0acfa5c95e35aa8b7bfb421e892e6e709b8b83b66fee290691ef3394c55f34d7e4520b6dbcfff4f8bfe6e4f
-
Filesize
10KB
MD5a6f3033d3a786982fc6f93c31ab73219
SHA10c22bb95c86151f4f4fc5d29ee212e55c3544c3a
SHA25682ae2ae2f87a23b88af4433f43eed6215544e8c795afa99cb43ff181dc4b902c
SHA512f783923804cb4a896fac0ea77ed1e8830c2bbb3b7fa6736d01c69e6006531a544e24d71bbc783cdc01329948c352b8c6b7d8444be8282ba5bb2f88f7a87001da
-
Filesize
10KB
MD518c1573ed59e5d6b66891b9f89ae1c24
SHA1c185a521853f121a54d72a4e1a334e3f7e768c1f
SHA256cb43e4885cc08004401ff35bcc1d26d363991da432fadd790a66679e0028b0e9
SHA51255d1a91d003570af528a2a414c3bef03abfc9a62d62f3931045b88276fc4523b2f698d92871b5356e08770b7bcf613c8209b5bfcba97471aed87bff9df84e854
-
Filesize
10KB
MD5e3f1b55e8e21384057b54a4a2ad4c93c
SHA193eeb4a9b88642814eadafb06e2ee6d611b06a78
SHA2568af051177e40994459311120f868325b5c425a0f04ca436b3fec4f44fa31a617
SHA51231a29b6c43b5d6b312219684bef9649c4eb3bf337bbd4b5f3ffc431e726c3d9fc8f6513e7bc4e05fc6202479dd43a6ad39ad634cd13e3ca00e6819e8e3e7936c
-
Filesize
10KB
MD51e574ec9577334395f25091570af028e
SHA1d17cdb7459a64577a25bd7b9d9a1f2b3c373e96e
SHA2562c2d5089fcccd7def6eaad07aed4989961b9309a9aeee2ed17cd30dbbbcdc8ed
SHA512319d9a4313b51df91207bd0aa349f3e89395ee241d1a9249872511707d8174f0bd11784f45914b1b84f4ab1e0524531e85f945f4cc40ba4a88d9f65e9e045d83
-
Filesize
10KB
MD58f6145fb5936bba874942aa313f6b912
SHA1c3ad2720b93076676b6e90c474c9cdc13b5e22f7
SHA2568841657bef4c8ec594232d55d5c9ee52d33a787db822b4e71d1517d047f07715
SHA5122acd297fff0e5ef4b7c90ae9e2ea1cc2b979dca9a6ca9e363e761a0d4fc7843a56d444f06b51584044e1a756603dfed28054b44c9639affd4c610dcf881d151b
-
Filesize
9KB
MD5b6f256ac5cc3313fd41a7fb610bddaf9
SHA1e47f28e9907dd91a4eb7b69ff0b9f248b944f00f
SHA256ef08e28fbf7d21aab734a6f60b4c4d7fa34675a2acd1e51178a00749a18508bd
SHA51263e93024ef2ee6df83a92126b7f24f8b05dbfbd5bc1eea5e9409cca374cdf21a14477cebcd0480d90eeedfc107c758435bcad08bf485c615b1a923fce0f895a2
-
Filesize
9KB
MD59ed4ba6115b7dfa5b21b1c9ab001a66b
SHA195a050cb0ed21f4287d95a40edc49d8ec67bd123
SHA2569ddfe5507dd7b2975619a75cd7ecfbe4e122bf3604df0a25beb57b80e97d5cae
SHA512f513ea26d6a7903e09a32f100febe08d5f0047f7d71ec318c7fdb78456e872d25cfdcd4f43ac8d91a4333228a2907f7b844a2d2bfca26597e3a5beb06d62840e
-
Filesize
9KB
MD5dba58aac9d13bc64613382a0f0a64a98
SHA117b356d532d329d1681e9ba1510fe942cc67bc49
SHA256953dd31c28b803e400205f883aab5a7e0330d37097937b39fd242898fa5f1fcb
SHA512761bc76b33c77ccbb7010da50cf832d6a0b696f24dee8d06d346ab31f8135dc34430a7b9a803f3a5200f1e523713a23602ab180773866ce38066531c0b012053
-
Filesize
10KB
MD5669d9c3c73bdf0099159fff4a6c6260b
SHA1acf78ef707fd02a1f2336d8a71ccaff8cf37204c
SHA2566a7d79adc786ea4b294bca70a50c69efc334a29358618b9e490dc430b63466a0
SHA512e7fd626820fce0eebcfef520c4f5b0df3f51e8ffcf7433f37158306e7226f639f4e6c2f291257bf4fd7ace73dec76c0eb1c92c7133ce67c7475447d1a70726d2
-
Filesize
116KB
MD559af459e41a64b404148ad3d26b7ad58
SHA13a8c5c4d76b5684e9c2f634fce9eaed7ada464a1
SHA25604532cf2399f5f53a98c0ace39bc80134b49b17e394ac17a9758f2112aa01d28
SHA51209db3dc1e592ee78cf875d80a803b77bef34b91f1862560cacc2a0b073525c20026d89ff728b6c145d014959b509b4548a75780483a71864f14c1671286ead70
-
Filesize
116KB
MD50904e9c325ddacc1afcf2abd14e8c57f
SHA152fc11b9ba91cc79705ffbb34cf2fc74ea8e8f36
SHA256b33e5702f417eeea229c0a489922a7740d65c10f0933cbc5199eae0a6157da2b
SHA512ddc9be510cc5773c44959c5a98e780eb1bf7402c1f2b324039be3e7c3355c3b7ac429d27b981bafedb7aca190983c49337362e455757ed89491121177c9c592d
-
Filesize
116KB
MD5f8d825cff9ae38058dcd3064f28c55dd
SHA1d617f22ee9db444057017d7663bcfbde3ce30ba1
SHA25602e45aac760de96f1eeacdbb87940463b21ed14da9cc92ea97a9707da2d66d0d
SHA512e37f92ca945b8312aded72a22f3f34b89ee18436dad7cf841cd9bee8bf03647b5e47a5f1031f691b43aeddc9c892c3c896a0119a6944b0ffe97c7eb1d4a29b09
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e