Analysis
-
max time kernel
70s -
max time network
69s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
04-12-2024 15:37
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-5X491803SL042784K%2FU-7BT05144HU448631F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=zYWucjU8YtyVuBa5ZME2Y9iNjKKbC19cWSZJ6g&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-5X491803SL042784K%2FU-7BT05144HU448631F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DzYWucjU8YtyVuBa5ZME2Y9iNjKKbC19cWSZJ6g%22%7D%7D&flowContextData=Hq9q7LfNBg7IP6VhjHbwpWtP7vFfYJCHlsz0POP7SG3QSfPaiWIEKAvayak29_a25bu4eFLa4izjnqtzz-0uXAksU6gOipiqOjW4hl2YcBf5eJ7MeoXzY1g7sMokvB1G2VFlhXTMvhIlSuRtmmMgVtbWW-P5m6RZ3GjaXY2um9BR9UCw2kZtGRCOJwL7nPldsVCQLc0lF4a7bnDIHETf-rwvZxwcAaL1rZkgKjXmrZiXa6MobTi0LuIo4rOuRg5r2z8fuxDO6IrHw7dP6HI3NwcienrOPTwJqAi1JDHxhjDjn53acDOCTbMK89m9Wzz7BMFomr7bjRML_d3wRmu5m1gYVHwCMapaavP_NzXWsywLkLesP0UbZ7hFjE2wKENOyM9fxnqxfgU5fRxFVQrzoIuoZ2ggKnmVmL6mAfO-WA5VH6Ttkv8GTFRsRrAu4wRsmve5u-w58exDzB1IAX8DO81GLGPSX4NuGMjj240iHyRsmmuzPSVSILQJql7qZokPkuCjcjFKm2S2zQpVwMlZWwEY05518VMwQuzpn6D746WgP7PUa-PsGKcg2l0owTdqSUL4H0&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=d08aae25-accc-11ef-81c6-5555764bdec2&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=d08aae25-accc-11ef-81c6-5555764bdec2&calc=f1373693a984c&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin
Resource
win10v2004-20241007-en
General
-
Target
https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-5X491803SL042784K%2FU-7BT05144HU448631F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=zYWucjU8YtyVuBa5ZME2Y9iNjKKbC19cWSZJ6g&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-5X491803SL042784K%2FU-7BT05144HU448631F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DzYWucjU8YtyVuBa5ZME2Y9iNjKKbC19cWSZJ6g%22%7D%7D&flowContextData=Hq9q7LfNBg7IP6VhjHbwpWtP7vFfYJCHlsz0POP7SG3QSfPaiWIEKAvayak29_a25bu4eFLa4izjnqtzz-0uXAksU6gOipiqOjW4hl2YcBf5eJ7MeoXzY1g7sMokvB1G2VFlhXTMvhIlSuRtmmMgVtbWW-P5m6RZ3GjaXY2um9BR9UCw2kZtGRCOJwL7nPldsVCQLc0lF4a7bnDIHETf-rwvZxwcAaL1rZkgKjXmrZiXa6MobTi0LuIo4rOuRg5r2z8fuxDO6IrHw7dP6HI3NwcienrOPTwJqAi1JDHxhjDjn53acDOCTbMK89m9Wzz7BMFomr7bjRML_d3wRmu5m1gYVHwCMapaavP_NzXWsywLkLesP0UbZ7hFjE2wKENOyM9fxnqxfgU5fRxFVQrzoIuoZ2ggKnmVmL6mAfO-WA5VH6Ttkv8GTFRsRrAu4wRsmve5u-w58exDzB1IAX8DO81GLGPSX4NuGMjj240iHyRsmmuzPSVSILQJql7qZokPkuCjcjFKm2S2zQpVwMlZWwEY05518VMwQuzpn6D746WgP7PUa-PsGKcg2l0owTdqSUL4H0&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=d08aae25-accc-11ef-81c6-5555764bdec2&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=d08aae25-accc-11ef-81c6-5555764bdec2&calc=f1373693a984c&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133778002750794234" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3756129449-3121373848-4276368241-1000\{D2B4BBFF-87D9-4900-B1FD-5718190A2BAB} chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 116 chrome.exe 116 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe Token: SeShutdownPrivilege 116 chrome.exe Token: SeCreatePagefilePrivilege 116 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe 116 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 116 wrote to memory of 2540 116 chrome.exe 82 PID 116 wrote to memory of 2540 116 chrome.exe 82 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 1472 116 chrome.exe 83 PID 116 wrote to memory of 4012 116 chrome.exe 84 PID 116 wrote to memory of 4012 116 chrome.exe 84 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85 PID 116 wrote to memory of 2800 116 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-5X491803SL042784K%2FU-7BT05144HU448631F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=zYWucjU8YtyVuBa5ZME2Y9iNjKKbC19cWSZJ6g&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-5X491803SL042784K%2FU-7BT05144HU448631F%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DzYWucjU8YtyVuBa5ZME2Y9iNjKKbC19cWSZJ6g%22%7D%7D&flowContextData=Hq9q7LfNBg7IP6VhjHbwpWtP7vFfYJCHlsz0POP7SG3QSfPaiWIEKAvayak29_a25bu4eFLa4izjnqtzz-0uXAksU6gOipiqOjW4hl2YcBf5eJ7MeoXzY1g7sMokvB1G2VFlhXTMvhIlSuRtmmMgVtbWW-P5m6RZ3GjaXY2um9BR9UCw2kZtGRCOJwL7nPldsVCQLc0lF4a7bnDIHETf-rwvZxwcAaL1rZkgKjXmrZiXa6MobTi0LuIo4rOuRg5r2z8fuxDO6IrHw7dP6HI3NwcienrOPTwJqAi1JDHxhjDjn53acDOCTbMK89m9Wzz7BMFomr7bjRML_d3wRmu5m1gYVHwCMapaavP_NzXWsywLkLesP0UbZ7hFjE2wKENOyM9fxnqxfgU5fRxFVQrzoIuoZ2ggKnmVmL6mAfO-WA5VH6Ttkv8GTFRsRrAu4wRsmve5u-w58exDzB1IAX8DO81GLGPSX4NuGMjj240iHyRsmmuzPSVSILQJql7qZokPkuCjcjFKm2S2zQpVwMlZWwEY05518VMwQuzpn6D746WgP7PUa-PsGKcg2l0owTdqSUL4H0&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=d08aae25-accc-11ef-81c6-5555764bdec2&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=d08aae25-accc-11ef-81c6-5555764bdec2&calc=f1373693a984c&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:116 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc3d67cc40,0x7ffc3d67cc4c,0x7ffc3d67cc582⤵PID:2540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1984,i,3839162605513948893,8153632128852737132,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1980 /prefetch:22⤵PID:1472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,3839162605513948893,8153632128852737132,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:32⤵PID:4012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,3839162605513948893,8153632128852737132,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1808 /prefetch:82⤵PID:2800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,3839162605513948893,8153632128852737132,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:12⤵PID:3368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,3839162605513948893,8153632128852737132,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:1196
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3120,i,3839162605513948893,8153632128852737132,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4388 /prefetch:12⤵PID:3968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4672,i,3839162605513948893,8153632128852737132,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4660 /prefetch:82⤵PID:3012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4644,i,3839162605513948893,8153632128852737132,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:82⤵
- Modifies registry class
PID:4656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4372,i,3839162605513948893,8153632128852737132,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:12⤵PID:4140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5136,i,3839162605513948893,8153632128852737132,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5148 /prefetch:82⤵PID:2968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5628,i,3839162605513948893,8153632128852737132,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:3752
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:4176
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:1452
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5337296201a71e78ed93fffadb294e4ce
SHA1b3efabb0b769d149b64b708be7444c2e9a096223
SHA2565dd2cd13c690577cf3a7685a140aa1a97fe58b45807ea9dcbb77eb9d87247017
SHA51274a2ab0250f74e4a3b75ad18acb45b5e09e3f19aab7a901f23819d6b84792745b822899def04461cbeb0bdd82c111d2ada195f0b4895c3a0cab41ff3c69a6edf
-
Filesize
24KB
MD5b37a53936d7389f2a2e055ede0c3e5b2
SHA12afe81360be9872da3f6144927f4fab2141d9070
SHA256eb4e27f9ccb1d9ced22f07b30aaaae2cf7c4f3f6968f9d2be4d75ae9ace68a34
SHA512aff3a3d1096c5bda3ffdf6b7b64b9c65085c8866d5898f3af943a0a6237499a700800f122b867817ce9db637cd345a2cad66b97f4caacbbe93203dfd95c1679d
-
Filesize
41KB
MD5e319c7af7370ac080fbc66374603ed3a
SHA14f0cd3c48c2e82a167384d967c210bdacc6904f9
SHA2565ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132
SHA5124681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011
-
Filesize
215KB
MD52be38925751dc3580e84c3af3a87f98d
SHA18a390d24e6588bef5da1d3db713784c11ca58921
SHA2561412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b
SHA5121341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2
-
Filesize
2KB
MD59bf2224cfa439dc3e98944e225297f6b
SHA1a157b6734db3774f6775f822ca1143a95607cb2c
SHA256c7fe72e107297eca35be7cc5d0f951f01585fdfdadb7639da34f15929afbff9f
SHA5122c4b616a4281f24f635373b8018c26b229e84eb4800fe494db4e5af58e537f07ce2c90ef3a9bf46a8d9310540c9319c41080a453c8d92867429d808dcacdf652
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD55811bba8f11fcd0a355eddaa1f082552
SHA1979da352ad7cb25f16c3d46e024537c211863044
SHA256be73f73f283473b9c637e4beb955ee140a6392b1014342a375960523875aa5d6
SHA512a21deeecee54c82855a40475fec0f40e17c2ab0ede07522d33dbfc1989fe081ba58b1225553fbcea7e9bf239d7f2108edc14d5e842e4f5d31814891c5e473b38
-
Filesize
1KB
MD5a5bbc3a54aac1de4e476be18b9e81612
SHA110d23773a9b226b880716e5fe02781a762e2e682
SHA256b058f92652a6ba3deac461c25e8cf389ae7d003784937ebdadd009975ac847c1
SHA512dc3288372c16ea56cbc56bca0e627e4be9698812a8657e8f03b571f5ff2bcf4a6193b9a0ddb25709c73ed93a58cc0d1ba68a3a18afa9aec6d7827a842bdc825e
-
Filesize
1KB
MD502849ba461c5640dca82172fd90b73a9
SHA10a6bce9b1985c426b7a5c86cbaaa0c2c3122750a
SHA256615fda09e79085389e4b3cc61839d6e48e32fd735ca9895cf393216c6029eb02
SHA5129adf0d188d32c52ebf8bf9063c075c8367716de83e3e3d28703adc48dc9360c35d02c7fe9011849156a6035dad4050d45458f09914589264bff1857f1c0ff023
-
Filesize
1KB
MD5a5340d138c5a94bcdb447a2cc029106b
SHA1a660561f1d22fb8ce229dad5d282018de3de00f3
SHA2564b6c9610cb94670861a28ba6115eaa0b1360f468b85c044cc80ea092afb954e8
SHA512a35727031b4607ea7cce3c0a48ad8fa6db25c75e8d4af349dc1a3233c678d7d084b2deca010e09a0bd94a94bbec35e635e912d8b7f994939a4a31eee546a2595
-
Filesize
10KB
MD5ff97533effce1b82cc918a8b8770231d
SHA16c708125c0f0041d67b2d300bda3d452620fd7fe
SHA256597204d50688994a891abe01d6904df6ddcd93373276d74dc5569cb731ac8bb3
SHA5125af423d6e9936c5e23db40d5765b65cd87451d63ae174604e7f54e0d61e2717fe5b57d5269821026a37bd30734852ce1c17523d791bc7316336d69b6f0773c66
-
Filesize
9KB
MD5e29175ff60baa9bed9173d0c4aa22d9b
SHA1d21e5cb42c451f22114e16530e532fcf00139c32
SHA256340199f6d6f1a8fcb4389f43994cb80ea11270a83f85ef5e6a84994438cf0685
SHA51254a779d4bd54cf7fd74f073229bcf700a8af12126c25861cf84b1f8db351907d07de5f087224a9798fbb0e4050418a17d0db9250a8adcd2eb79a412e38876dc5
-
Filesize
9KB
MD58d3b0d766371a91011f0f4e6af8fa253
SHA1ecacfd52488f9b2d1b09e758333036a7c2e3c6d4
SHA256532d779ab027daf1fc74dcd3cffd2c2b61a5ae46aba116d0f9b04cfe099d8a20
SHA512c7f43bab900128c478c534742b945d16a0a131c80cd5bf82afef52c0069a7a2d3bc4ea9c9b855838fc15f9067e4663197b58ed970d52dbbb74b0c1de962c23cb
-
Filesize
9KB
MD547360eea66068fa61b7035299e7862dd
SHA1862dd86267883ce382a3c346d8399720e8b95d93
SHA256409fc9c242fd6f9d64c2a6d9b6c5b5b3aafedd14ce55f11d6535c1406f7ab42d
SHA51288c294afbe12a5dc0a6333e6a5093211afc08d5c07f1d2719f4638a5b0307d57577951d5b5174011e9ba5b91ea22d2ed0c06a0a9268f173787be55a698fbf8b1
-
Filesize
9KB
MD51ebe378518108beab741e9810123e7fd
SHA11464b853e7b4d079ad523fcc41bbbbaf78db9422
SHA25654ea6f1baa23e2ec8155d7b3b6a482164ddaed7a17b7bcc4e8c955d9dd2c3218
SHA5126c59badfba42ea8d66cd353e6ac12141b549d0ecd23691539e22837c5157d1339d70f3ecc1f3f7e35f449b44fd3fbae5170bb50dc23531a49903f0af42d9da12
-
Filesize
116KB
MD59b3d62feb72082dff258cb39ccc84224
SHA142146fcb0c97245abdf19caf9d11278960c6643d
SHA2568789884d0575cfae747d3e81b8ff769895994c3a13283f2f2171dcabffc53d45
SHA51205b47128577550aefc804c2bbe721e5d039ed4328671b90ad8b31d4d983fc58bc55439705a2166e72f6a8e4a345df8670057140c72850a34b89905d82cec6871
-
Filesize
116KB
MD5be97710fa1c6e8c2fbe5070c6821ce2f
SHA17d49151bbced0af11dd46bef98fec5e0fb9d5b78
SHA2561489dd1903673b520136adb29d3624386a80d6e73f7ca64ef4f45954f5dc9689
SHA512f8d09db8c14f4138362af88ca2486b994310518afc281071f99e64cdca6169dd7ba03de715a8416324ad9a6744862cf45540111b6b77ac1bee484be334a52ec8
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84