Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
26-11-2024 03:04
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-11M148314P1129027%2FU-5FX49792RE3021723%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=EN-16ekWUmsZdcysMizUxr4GH62qwgI74YVYMg&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-11M148314P1129027%2FU-5FX49792RE3021723%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DEN-16ekWUmsZdcysMizUxr4GH62qwgI74YVYMg%22%7D%7D&flowContextData=WQHhQBMLYrYYijcFRdfW3Hoo0SqkaHRdTwBoPv0PvtCn7z86YmXYmpXrNt2Zv3JlspUG2dMWB4LEum4hcdcmZyyzptV1hLXslo162PdNyk0PIeeDo7KeeUmBg2w6UXf4iVKRxmPgg8Su0DGWuveshRlIpshTZzzXV7j_UnG_SfJtth0nDu1_mgWcB2poGfDzfHDYglqiPtlCTqp7GaDt47cyJ6Umg1VATbRzUlUZ4A25wc9z5Yp_4nb4XOXUEt3A9R55KFvzprf_JknRyRmqyjQdJzbP7yPZTSFJjdXE8cAXuKOEYo9wT2aArDWruVHOTUVKm_MfE9Ll2oSzct1XdN7bDzDxmvVCrnDpSXCKxb0gIJbLzUH_rUmRURp2eIdkXCYV3hXiC1rvtJPvqXDd3Xo_TqVubsHosb_MAfBzB8iMDlmj7P365Mlz1cphMNe5XeecGGrUhiy-wCh4ChHGlsxQIG9V1XEJIt93JTiHqjnImiiucVu1bT2th39wocogrUXb6F_CZFllwTciBhFgrgPhNh-1PLm7haJPR4XOt3Gnu52V&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=88b9f649-ab4b-11ef-b914-33ea289f0de4&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=88b9f649-ab4b-11ef-b914-33ea289f0de4&calc=f573732f3d529&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin
Resource
win10v2004-20241007-en
General
-
Target
https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-11M148314P1129027%2FU-5FX49792RE3021723%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=EN-16ekWUmsZdcysMizUxr4GH62qwgI74YVYMg&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-11M148314P1129027%2FU-5FX49792RE3021723%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DEN-16ekWUmsZdcysMizUxr4GH62qwgI74YVYMg%22%7D%7D&flowContextData=WQHhQBMLYrYYijcFRdfW3Hoo0SqkaHRdTwBoPv0PvtCn7z86YmXYmpXrNt2Zv3JlspUG2dMWB4LEum4hcdcmZyyzptV1hLXslo162PdNyk0PIeeDo7KeeUmBg2w6UXf4iVKRxmPgg8Su0DGWuveshRlIpshTZzzXV7j_UnG_SfJtth0nDu1_mgWcB2poGfDzfHDYglqiPtlCTqp7GaDt47cyJ6Umg1VATbRzUlUZ4A25wc9z5Yp_4nb4XOXUEt3A9R55KFvzprf_JknRyRmqyjQdJzbP7yPZTSFJjdXE8cAXuKOEYo9wT2aArDWruVHOTUVKm_MfE9Ll2oSzct1XdN7bDzDxmvVCrnDpSXCKxb0gIJbLzUH_rUmRURp2eIdkXCYV3hXiC1rvtJPvqXDd3Xo_TqVubsHosb_MAfBzB8iMDlmj7P365Mlz1cphMNe5XeecGGrUhiy-wCh4ChHGlsxQIG9V1XEJIt93JTiHqjnImiiucVu1bT2th39wocogrUXb6F_CZFllwTciBhFgrgPhNh-1PLm7haJPR4XOt3Gnu52V&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=88b9f649-ab4b-11ef-b914-33ea289f0de4&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=88b9f649-ab4b-11ef-b914-33ea289f0de4&calc=f573732f3d529&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133770639021506941" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4089630652-1596403869-279772308-1000\{78D9D4D3-03F0-430B-8C23-FFC0E9E67DE0} chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 3800 chrome.exe 3800 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3800 wrote to memory of 1128 3800 chrome.exe 84 PID 3800 wrote to memory of 1128 3800 chrome.exe 84 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 2664 3800 chrome.exe 85 PID 3800 wrote to memory of 228 3800 chrome.exe 86 PID 3800 wrote to memory of 228 3800 chrome.exe 86 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87 PID 3800 wrote to memory of 1920 3800 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-11M148314P1129027%2FU-5FX49792RE3021723%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=EN-16ekWUmsZdcysMizUxr4GH62qwgI74YVYMg&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-11M148314P1129027%2FU-5FX49792RE3021723%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DEN-16ekWUmsZdcysMizUxr4GH62qwgI74YVYMg%22%7D%7D&flowContextData=WQHhQBMLYrYYijcFRdfW3Hoo0SqkaHRdTwBoPv0PvtCn7z86YmXYmpXrNt2Zv3JlspUG2dMWB4LEum4hcdcmZyyzptV1hLXslo162PdNyk0PIeeDo7KeeUmBg2w6UXf4iVKRxmPgg8Su0DGWuveshRlIpshTZzzXV7j_UnG_SfJtth0nDu1_mgWcB2poGfDzfHDYglqiPtlCTqp7GaDt47cyJ6Umg1VATbRzUlUZ4A25wc9z5Yp_4nb4XOXUEt3A9R55KFvzprf_JknRyRmqyjQdJzbP7yPZTSFJjdXE8cAXuKOEYo9wT2aArDWruVHOTUVKm_MfE9Ll2oSzct1XdN7bDzDxmvVCrnDpSXCKxb0gIJbLzUH_rUmRURp2eIdkXCYV3hXiC1rvtJPvqXDd3Xo_TqVubsHosb_MAfBzB8iMDlmj7P365Mlz1cphMNe5XeecGGrUhiy-wCh4ChHGlsxQIG9V1XEJIt93JTiHqjnImiiucVu1bT2th39wocogrUXb6F_CZFllwTciBhFgrgPhNh-1PLm7haJPR4XOt3Gnu52V&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=88b9f649-ab4b-11ef-b914-33ea289f0de4&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=88b9f649-ab4b-11ef-b914-33ea289f0de4&calc=f573732f3d529&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3800 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb6b1bcc40,0x7ffb6b1bcc4c,0x7ffb6b1bcc582⤵PID:1128
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,3885103461403976755,15546283397792774862,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1892 /prefetch:22⤵PID:2664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,3885103461403976755,15546283397792774862,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2176 /prefetch:32⤵PID:228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,3885103461403976755,15546283397792774862,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2392 /prefetch:82⤵PID:1920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,3885103461403976755,15546283397792774862,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:12⤵PID:2212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,3885103461403976755,15546283397792774862,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:4848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4476,i,3885103461403976755,15546283397792774862,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4484 /prefetch:82⤵PID:4420
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4492,i,3885103461403976755,15546283397792774862,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:82⤵
- Modifies registry class
PID:4444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4712,i,3885103461403976755,15546283397792774862,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:4212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4020,i,3885103461403976755,15546283397792774862,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:12⤵PID:5020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,3885103461403976755,15546283397792774862,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5128 /prefetch:82⤵PID:2948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5560,i,3885103461403976755,15546283397792774862,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1132
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:2648
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:1280
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5ee32efffb888528efe673d657e52c030
SHA16259f6a6482c2f186b3c2101c592702993395564
SHA256fe95ac348d4aa89fbd0c590991d016786417068cc6c48545483800bd3e3e9995
SHA512e99955b4ad21e186e56fa1f5236993742fd5c75ce7f1c4091a92a38b796d13bffe75f150b244603c0b4103c7851b5423c50ee7f4a68d42f743f2e2b9e11b51b8
-
Filesize
215KB
MD52be38925751dc3580e84c3af3a87f98d
SHA18a390d24e6588bef5da1d3db713784c11ca58921
SHA2561412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b
SHA5121341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2
-
Filesize
984B
MD540ac74375d82168a2f26b9d07ce9c0fd
SHA1c8dd1128d2f28dde4b54b3a9bc80792870a255a7
SHA25614b75b9d6c93dc83e9f1a9f091e62363e342f811c6e80a0c0446b0be10fb3ba1
SHA512673441d0ff322fb4f87872fbd314e4d83236e0d1d9e92977e42d0a9cb8cd065989f5a4df0e5ba4b29d77af31e5a7ce14aff1c7613b2ce73c78af5af4b4e17387
-
Filesize
3KB
MD5fa2a4ec01aa3bb1a3c7fead98c08cd15
SHA194757e40b631581a8f5950fe95152a7b7fdd2a42
SHA25690618b2ae9667df7cc2df4c9dbfac27c96d1559414f3a830b3a153eac50dda8f
SHA512792238e3f8db6a930a9b9c4548b542bcbfef22b6b4bca7d3a016ea99cf5eee03b49d534fba91fe4f70cda07e49007335f86352830af8a43622b9661d90b600fa
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD578a29edd91585dd9499affa57f30ae15
SHA1bd71348ee1234c200d268f5f985cffe55b7382e6
SHA2561260c7347d82af27fe1c7992acada33ffb0df703c8d7b4cf025ed000b959d3aa
SHA512224d2e3db92ad3845668cd5efb3700c93a3f321904624ff2425fb11543545fbe1399188d0b2ecf629af1f76330beef43a14f5439ac9c758eec4a18303820d499
-
Filesize
1KB
MD56da4c8489eeb839ff70af4d1e015d487
SHA1043e52c3747cba895987b572162fa3922c7e4033
SHA256f674f8b44b0a168dc3814aa0b0463d1d8cf15a92b4648e1c4b0497dbb7c4af00
SHA5120e65c8ebc780e5851a918ae4bea1a7cb2acfe96fbc24fab58c475a72782f4c18b90d426ccdfb11bf27957814dcf2e2b5c4ac44c8e950b6db307b38f9182b7164
-
Filesize
1KB
MD54940885a2d703edf005433f740ed9bee
SHA11263dbcd1b4c4cc4084870d85387d30cdca421bd
SHA25674cc7419190ad7edfe052e892b5b71e495c3fb5068504eb3771274c52fae616c
SHA512bfe02063e2fde8bb7ec0915446c10996683d948c0e93329cf60bbb1604983025dc85ee4760c5ced365dc0f5efc593061b1753e33413d4d98adedf6c05fb2348b
-
Filesize
9KB
MD5ef9b3aee25f55cd6433638402e1086d2
SHA1a917b643bffca43dfb8c37175b5b9df6c6cbc854
SHA25686d1fdfd17575ef214a0cf74459f02e3276ad4a0546050188336c1d11d2e461e
SHA5129e2965470e3d6bba06599ca333e85199569616646ba141a9906d5ddafd9a7a94c6c2821cc27b11ed920125df9499d82bc47d22cd4dbcb589f16d47f400191c11
-
Filesize
9KB
MD5ab202bdb08d0c1377bc112e2ab1e28f1
SHA19cd4d6dc14c972ac19289b2a79c9574724b52851
SHA25655d8af6507594fe19a49c884a2dd6ccbeff016b045da1a99dc4a99eab6e952bd
SHA51242c9edf92d24adacb55b8dba14583ff5ef39ea62dc5cc45e12d93322ac4eac1c4a3e6a73b588fac70bd8c07ec347815f31efd9467c5a3758a7b41a57a61efbd1
-
Filesize
9KB
MD5fb427172b11b0ff4e22202555cce417b
SHA14f228c01d46bdfbee55db866575c8eca5202f35f
SHA25624f9ecdedbddb4decdab852be01462c839128f0e0a6c34761e6488e2d54e383c
SHA512eee07e4c09e67e13b1387d535b2d8481ca5a7fa7a3795ddcf765b19ce3e6d7b9ead3def76d3d91844e298191b0e9298237c8511a96c472e9f01c07109cb06424
-
Filesize
9KB
MD560acd2c57b6f0280cf4a2a1e13936c43
SHA17ec86707cf6311be8b0de2473331bd6566beeff0
SHA2560524d97f8f7e718f0fffa5f99b1c09ae00108435c007b3c1904d7a4152828e45
SHA512686e6626cd5a7e5d9a5f8f722d86a5ae9032353ce5e94651793268111bd6fd75eccdac7d89388f95555f1d8f11ca2ff96df1044d5cd32a68b6a337697b96298c
-
Filesize
9KB
MD571cad9d88b17d5928c5d81af10d14f3c
SHA1f04252154886f4a98409eac115d134b6bb50f60e
SHA256790baaf859ef7501b300dd51967f0427262f6857da811133b08dea1affd73aef
SHA512f201badab8e0914e4f9554a3aaf12fa50487d1696d2c3da4364495100a083739e90c671437d7962bfc5fa9c909ac2f1b512523110e4e60e380dc59c28a279b33
-
Filesize
9KB
MD5c3a9968fb9c72fbe82f92250df78e453
SHA1a56e8e36cd1ead42ee66be04129a45c5bf42c242
SHA25602024b602a8fe7cfa3dcada96910775cfc7975c903b53f014a29de19220574a4
SHA5120129aea7f7e698794ddb248744b2858ba4eb93196404e43f8e65af61abbf8760d0c0959641e197e3e986162bf7247de894766f18fcfebeee0ee715a0515d48d3
-
Filesize
9KB
MD5d2ea50cb480e79141ae2effffe1a4747
SHA1417afadf37f298070a2c71f36cab7d65948dc31f
SHA256b66874901edd4b215744eaf028287638c502e2c60d563755d5b2850b51a29c38
SHA5125a9ba29fd665dac9629b6d0cdb77f13097f631f380bedd35fe87c2215434e058f0b6fedde7701d99a62ddd47523d50b5ca204124789effa9ef1012087e945589
-
Filesize
9KB
MD53ab0fe92cb768ca416827e41b7ec3333
SHA173c57ffe7dec2948954f37de6f89bb4515b62bcd
SHA25694a377589b44833dbcc6a5b3334bd219345b280ac1d918cc423bbf8b9143d02a
SHA5129bb3542a2b942434c0859fbf383fcbcfe3c7880e34edecba6bd2638bbcf5bd517b8e1e20e7f39146d21cf1a1ed5cc17fa42a82e44044aecd6028bdec7cc8a970
-
Filesize
9KB
MD5a77fde5fefb5be7798f9c9a163a23ec8
SHA1c01a04feffceb8838820df81b097dfcd3eef47f2
SHA256c67349768fe48d4a4347812a10cabe59a512c0c4607e6d104e7406c86a5651dd
SHA51274b77fc56680f1ea7f78b91da36edbda933634b13fa36b04ddf3f001ca9fb80d6dd1bf1a3f4f15dce938afa67f3eab546df7cc79b7a3dc0adef478863f827e7a
-
Filesize
9KB
MD5aa48934ee984f22934886c86b38581cf
SHA12b4d08806d4d70c0454ce5f5ca4b9c591e912c4c
SHA2563daf605dcc37f930b453d7386d158ef51bceccf7fa01971642265c70d802d209
SHA512b6e6b8ec6b0d67f8d36f6fc031b47f402fd7f74e93dc32ef585e26bd2d25adf49047bc58270879be72af8a609ddf391746972824c566200ad30d94850d4ccff6
-
Filesize
116KB
MD581c3a0959966e36b0eee72408ab90ab9
SHA134742958ae61e0342a270bcae134eadd58c25f92
SHA2569f0d4e7615f2751b6b079d1c7ee3cdef5b0dcaedf92391b789fe0359380af59f
SHA512556bfb29a5576712dfade7354935bcddff3513f551f4edf3d13e55692d8320b258dcd7190f9f992ce558eac7130601b28a04ec7c5e1d4e1e22adc3cbac10bbf2
-
Filesize
116KB
MD5302ee2aa5b8ac63879ee73414859fa53
SHA197c5ab50e74a274e83b5f5ed6d41cddf7774b9cf
SHA2567929c367bfcd51c6707908f0350d861db9473ac4a2b17367a0b27ebfd941cc90
SHA51233813251441cdf28413fddcb4f7f311d56ea9b72b17690a84158b9597492107ae2327fc9e2418b5f57d39cb64f9e5548b70e9c206844c40179c6b2f35b0d3fd6