Analysis
-
max time kernel
299s -
max time network
283s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
05-12-2024 19:06
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.paypal.com/signin/?returnUri=/myaccount/transfer/payRequest/U-09584045BD498740V/U-7AK40048SY131414Y?classicUrl=/US/cgi-bin/?cmd=_prq&id=UJ8cMtNtnR8osXBu987dZoV1KMO8Kn.CKcv6ZA&expId=p2p&onboardData={"signUpRequest":{"method":"get","url":"https://www.paypal.com/myaccount/transfer/guestLogin/payRequest/U-09584045BD498740V/U-7AK40048SY131414Y?classicUrl=/US/cgi-bin/?cmd=_prq&id=UJ8cMtNtnR8osXBu987dZoV1KMO8Kn.CKcv6ZA"}}&flowContextData=k3KkNbgd2F3whUTyipi2CMJLh_A_-ZYRjnLUkRjoT_j0HNsy89M3Jq9pftpBPMtxKyazfBl41ygLF6L-3nSQM3yKD_1JSLMZUnm3gJtmC_GW6MtRMZgxxLdzhM2UidzudErvOhqzUKOKhl1Uolhas5WHE4v4p4McejHNxcZVkLh-Y4orpy9guCt5hhIB4GnzEz4SubWTdzvc3cAY2OwiaKLLHK8NR5mzXmQp5fVf3iIsNKSvq_9V0izgPURkU3T8RWrY5gGBkFdWln_xY5pl8zRv8lmUI-keUYe0DqQBvKVK8GwV8qiU_5p8qjPHJVW9i-G3ZBZuZum2FKJqczC5erDfF4QBe8JLLYzKBGyYHnHI7fFyBoEDubHGzh8R01uh4xAe-iAkcUj76XG_hnIoA0TzvY15PrfT8E9VdnaJhGuNJ5c8GhmekMGGnVwrlvOcZBIva0&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=3bf303f1-b31d-11ef-81c6-bffe125023d8&ppid=RT000186&cnac=US&rsta=en_US(en-US)&unptid=3bf303f1-b31d-11ef-81c6-bffe125023d8&calc=f7859995fbf4b&unp_tpcid=requestmoney-notifications-requestee&page=main:email:RT000186&pgrp=main:email&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585,150948,104038&link_ref=www.paypal.com_signin
Resource
win10v2004-20241007-en
General
-
Target
https://www.paypal.com/signin/?returnUri=/myaccount/transfer/payRequest/U-09584045BD498740V/U-7AK40048SY131414Y?classicUrl=/US/cgi-bin/?cmd=_prq&id=UJ8cMtNtnR8osXBu987dZoV1KMO8Kn.CKcv6ZA&expId=p2p&onboardData={"signUpRequest":{"method":"get","url":"https://www.paypal.com/myaccount/transfer/guestLogin/payRequest/U-09584045BD498740V/U-7AK40048SY131414Y?classicUrl=/US/cgi-bin/?cmd=_prq&id=UJ8cMtNtnR8osXBu987dZoV1KMO8Kn.CKcv6ZA"}}&flowContextData=k3KkNbgd2F3whUTyipi2CMJLh_A_-ZYRjnLUkRjoT_j0HNsy89M3Jq9pftpBPMtxKyazfBl41ygLF6L-3nSQM3yKD_1JSLMZUnm3gJtmC_GW6MtRMZgxxLdzhM2UidzudErvOhqzUKOKhl1Uolhas5WHE4v4p4McejHNxcZVkLh-Y4orpy9guCt5hhIB4GnzEz4SubWTdzvc3cAY2OwiaKLLHK8NR5mzXmQp5fVf3iIsNKSvq_9V0izgPURkU3T8RWrY5gGBkFdWln_xY5pl8zRv8lmUI-keUYe0DqQBvKVK8GwV8qiU_5p8qjPHJVW9i-G3ZBZuZum2FKJqczC5erDfF4QBe8JLLYzKBGyYHnHI7fFyBoEDubHGzh8R01uh4xAe-iAkcUj76XG_hnIoA0TzvY15PrfT8E9VdnaJhGuNJ5c8GhmekMGGnVwrlvOcZBIva0&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=3bf303f1-b31d-11ef-81c6-bffe125023d8&ppid=RT000186&cnac=US&rsta=en_US(en-US)&unptid=3bf303f1-b31d-11ef-81c6-bffe125023d8&calc=f7859995fbf4b&unp_tpcid=requestmoney-notifications-requestee&page=main:email:RT000186&pgrp=main:email&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585,150948,104038&link_ref=www.paypal.com_signin
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133778992281910938" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4089630652-1596403869-279772308-1000\{FA1F5CA6-1BFB-40F0-82CC-C4CE40AD6C3F} chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 964 chrome.exe 964 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe 1772 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe Token: SeShutdownPrivilege 964 chrome.exe Token: SeCreatePagefilePrivilege 964 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe 964 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 964 wrote to memory of 1228 964 chrome.exe 82 PID 964 wrote to memory of 1228 964 chrome.exe 82 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 1928 964 chrome.exe 83 PID 964 wrote to memory of 2968 964 chrome.exe 84 PID 964 wrote to memory of 2968 964 chrome.exe 84 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85 PID 964 wrote to memory of 4832 964 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.paypal.com/signin/?returnUri=/myaccount/transfer/payRequest/U-09584045BD498740V/U-7AK40048SY131414Y?classicUrl=/US/cgi-bin/?cmd=_prq&id=UJ8cMtNtnR8osXBu987dZoV1KMO8Kn.CKcv6ZA&expId=p2p&onboardData={"signUpRequest":{"method":"get","url":"https://www.paypal.com/myaccount/transfer/guestLogin/payRequest/U-09584045BD498740V/U-7AK40048SY131414Y?classicUrl=/US/cgi-bin/?cmd=_prq&id=UJ8cMtNtnR8osXBu987dZoV1KMO8Kn.CKcv6ZA"}}&flowContextData=k3KkNbgd2F3whUTyipi2CMJLh_A_-ZYRjnLUkRjoT_j0HNsy89M3Jq9pftpBPMtxKyazfBl41ygLF6L-3nSQM3yKD_1JSLMZUnm3gJtmC_GW6MtRMZgxxLdzhM2UidzudErvOhqzUKOKhl1Uolhas5WHE4v4p4McejHNxcZVkLh-Y4orpy9guCt5hhIB4GnzEz4SubWTdzvc3cAY2OwiaKLLHK8NR5mzXmQp5fVf3iIsNKSvq_9V0izgPURkU3T8RWrY5gGBkFdWln_xY5pl8zRv8lmUI-keUYe0DqQBvKVK8GwV8qiU_5p8qjPHJVW9i-G3ZBZuZum2FKJqczC5erDfF4QBe8JLLYzKBGyYHnHI7fFyBoEDubHGzh8R01uh4xAe-iAkcUj76XG_hnIoA0TzvY15PrfT8E9VdnaJhGuNJ5c8GhmekMGGnVwrlvOcZBIva0&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=3bf303f1-b31d-11ef-81c6-bffe125023d8&ppid=RT000186&cnac=US&rsta=en_US(en-US)&unptid=3bf303f1-b31d-11ef-81c6-bffe125023d8&calc=f7859995fbf4b&unp_tpcid=requestmoney-notifications-requestee&page=main:email:RT000186&pgrp=main:email&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585,150948,104038&link_ref=www.paypal.com_signin1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:964 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff93b02cc40,0x7ff93b02cc4c,0x7ff93b02cc582⤵PID:1228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,157915943258276040,6598803776555837136,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1880 /prefetch:22⤵PID:1928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1684,i,157915943258276040,6598803776555837136,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2076 /prefetch:32⤵PID:2968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,157915943258276040,6598803776555837136,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2480 /prefetch:82⤵PID:4832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,157915943258276040,6598803776555837136,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:12⤵PID:1376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,157915943258276040,6598803776555837136,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:1816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4516,i,157915943258276040,6598803776555837136,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4496 /prefetch:82⤵PID:3260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4468,i,157915943258276040,6598803776555837136,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:82⤵
- Modifies registry class
PID:2568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4708,i,157915943258276040,6598803776555837136,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4720 /prefetch:12⤵PID:4532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4880,i,157915943258276040,6598803776555837136,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:12⤵PID:3144
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5128,i,157915943258276040,6598803776555837136,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5144 /prefetch:82⤵PID:4216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5132,i,157915943258276040,6598803776555837136,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5152 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1772
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:4920
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:3696
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD50355552c460accca1e61a0d191e4473e
SHA17382db909e8682326b3453049054f1a1da1c4604
SHA2569eaee7582f4265645f71bcda5fb5af7d17a57bd48680298c8ce15bdb0ea8cd23
SHA512892bee9badc59d8bee5ffc954ca6ecfeb9c45c3bc7d05f4e843e6d1bc6594d5584206ce63f7233632fc69cdd884db06bfcb50936de6ee7b0ec1789d6be42f619
-
Filesize
215KB
MD52be38925751dc3580e84c3af3a87f98d
SHA18a390d24e6588bef5da1d3db713784c11ca58921
SHA2561412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b
SHA5121341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2
-
Filesize
984B
MD5e07a03021cf4ff2b89ead9f6a746a449
SHA18100b037d3e3c61b5d8930b8f3164cd254374122
SHA25615359a8a5cb931d75d4075d7f0e561123ec14d41dba04333c44dd3b7039e9f58
SHA512f5092d1bb7a13a22b9ce55c4a25362b73ce0bedb61ca5258ce8b946f993e2693e38c08fb20ecc888b31915fcf20ebc1a46604483f79204dffa20a93ff4527e55
-
Filesize
3KB
MD5cf17532f762e7c284210e72a11f7584c
SHA1565ec47734ba3ea0faab3a477b0561a3edcbf970
SHA256950d383ed10f77bc0413bd55ac15c3198a1860194ee38489f05ea5c3adeedf64
SHA5127c087c516d3e295ffbb8dee438eb41af2a7dc49ed9d18fdad239e1f5f4d57b63148a91ad63c39f8454448b3ae32b5a765571ceaaeaddf122da82fcd239ef5c4c
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD56dc29530af4ec6542c05a64e6807e910
SHA1ae95b8a9f2014dea7a54bd5238b9973fed44e61b
SHA2568a511844741fd70bd9095af27cd18cff39a7f3a5ef5024f826a2ad081ad6fe61
SHA512076bf5e7f4a0fb36a8b6412c009cee6a5cd7183dbd33e220fe6c046ed4fff45a475990a8b430f4621364f5f4fa42c574c4818a8973a95d7e7205d796780ca411
-
Filesize
1KB
MD517a2e61281f72f9cf03520296935c17a
SHA12149c2df91fe6ca69baa8f0bcb64ecc96859701b
SHA25651cc29ba895f932e1cad70f307a1474ff9ba4f33389a0366cf7560b726338330
SHA512024281af614cfe555a1e0e774a6967aa7f8c14dd39f1635bf67161f76e96e00e74a7fdb4ea283f42aa5b9eca452c08cbbc5239e56a413cf8ab5b9d71a10b7d24
-
Filesize
1KB
MD54531ae7216d0a5faa8fa8d6971c260d0
SHA1a236ad045801675d772ecaf85074fa2c2085e0c3
SHA25670ecc4cf1fd39549a7941abb180ee23ad6429af05f842fc4c4347002854650de
SHA51241b38be5778ebc16d4a02ccb050293c3d0723796d00e66341ea2a2a1a334eb78642b51e5f403ef1f1b68a9c5cb5caa3c4df4d1a3ffdfcd377baa10daa506b09f
-
Filesize
9KB
MD5f2a4f0f7064be15ae79542660d638d0b
SHA197ffb11f1c33a296003080ecdaa4dceb13a703f7
SHA256347291f2e825eb6a8afc2b437aadf70938302e3c2096513c05d66a6df5627c98
SHA51233325ffa3a111d613f7330491817c4d79af7da17f0e719dbf3ac81e8777f0ff221fef44e565d27f5a7845d33d80ef9c7fd5ca035ad487579d66e9d19a6c191ec
-
Filesize
9KB
MD572f392977f22eb80f1d321c5aeef0674
SHA1010f80b62bbf1f955168bcad04c9c8f4579b4566
SHA256b6b83410eab095f0cd28b7981cd2e54c20540c6663c1dfc1328b25aa4413d5cc
SHA5126fa0848b0d85daf53df93f32105d272d527e0031e92ba5e8b8696862e7bf56703be5adbce50847e0ab1622ccb05afbcd0980c779c91ae4b1f277a70f0ade722c
-
Filesize
9KB
MD564c21012c1f120b481a58b309333bb57
SHA10da64825d922038846952b9416130544e9ad84f6
SHA256ca5cc249dd708727c83c388cca763c86ab5d932dfd5b22aa90bef8dd6e14ec9f
SHA512e7b7ac48ae13368f632152cb68c6b086031a44bbf08a2100280adce85d5bd794749b142568f3d03b574f9433479af66e374a30a6877a4c5d9912a99effed50bd
-
Filesize
9KB
MD513f3b6501cac8bb15b8cb19fc5b8b8bb
SHA1dd52f74f4238b9a7ea9c6da3d0145644b0fd96eb
SHA256e88fb97c698e704a489d4261360f86bb57dcdb2f8b96309e8103697fe8c73004
SHA5123e29bacbbae7a15418bfd13c47f779b6c5662fe27a91db0bc0e52f16dd5fdab17cbbd457caf8e5f715a3b284aed05f1d42eb6134f0c5e93a71d2abaeb25983c8
-
Filesize
9KB
MD58d857e9d9c2206541df946ffa47c899f
SHA1a60c62a9ee5e26a1224d5c7c66da6cb10ef460c4
SHA256fc7992c503bf9cd8aff7ac17b772c489178810922b339145e7697354dec88e9b
SHA5128e2c6c6613fb2dfe778128b1f275d49d9382eb1fdc8ec6ee2b196a78a2805a19eac0daedbfc1794ac73479eca9355e477c2d4ee295eae3d64794333f4f067cda
-
Filesize
9KB
MD59e6e717f83e44663513b1581dcfd2caf
SHA19a31d915e3e4f52cfc7c1b57db375e7ca57ead24
SHA256ccc4beb83de339d42ca058b85119adfceddc009c64adf2338f93ae810f12a238
SHA51281be1a48b47679286149dd26d0c84f3f8c21f97e89cba295dca46175ed55a2a658e3764359f24aa3f8aea1e1108bc50d8ab5aa5b5f0259d7e016a3f45b75f3b7
-
Filesize
9KB
MD5b929c04cb1c3f125badc95e819ab98c6
SHA1ca53662ee0b3c0d0f2e791d0c34bd5ef32eea2e3
SHA2567dcccc3f1a8bfd6a125ded280f45c227629e2a2f94d108627016e99e50cdd775
SHA5128a8637ddf80bbe83db67ef12d783155eb2fd52624bf4a4d1696048a274e4e85de5317b0fc26452f35842093e8944d82d8b84299d0e76096fe3277311ff32cfbb
-
Filesize
9KB
MD516bcdfcfa60a0b05bd803e8d438cff6c
SHA1271e5122dfc90e0dd0eb1cec29d226f07483aa8c
SHA2564ccf0885566857c0c812a709c315f5506d92e39e3b16b3cb43b73e88a60f4f87
SHA5120b44a1aff1ac8f5489e61b81b307d2a8f6be0a29d06a497e9337f67d77874653cd77f10e874ad2bc9d96ec787038870b920e5f7cbe5cb42b90f2a598f1e073cd
-
Filesize
9KB
MD5e81b3ab59845e3dce2f33fcacdb50193
SHA1ab7896bfc29855abc414c24297e7ea1a52991967
SHA25607df2125b916c2e91c86b80251aab1fb4ef08f70ad4a56003bd625c3253011cf
SHA5129754eade064dee8ba2441a826e602f0ab082bf0db3483b64e65dba48c99ff3461982050bc1e5c5f95fad958ce69fe644a5988aab1d512ccb94767aaf6a299cb2
-
Filesize
9KB
MD563e32e07768d9843041ce8a45acd9e84
SHA1a52a903a3e8fa2a12bc76fd494b76ca685e63238
SHA2564ec292c6d2dc9b1fed4e4e1d2b1a6eccd412225da109faf8c455e86bc06bf496
SHA51286786db76171f77396e6e34ef6089ccfdacb01153328148aa9b575e8b0ae76cce0ed538a0cd03683a1f8e1f1eaace0b906a4f09680bcdb9a7a25237c718bd039
-
Filesize
9KB
MD551b8e68770737c80b9df974cbe65f41e
SHA11fdb2cb80466dc534d01cc37f8ffd4d835f72929
SHA256e76ed627f84c3da918599d87c3afae87fe86ff0ea93b64dfa754a09e6730f43c
SHA512d3839ae622713b4094d5c02838c5e0225dd73c3fcb410c99fbe1a628158c285236a687bb29a29597bef0965e8d49daa1c26594f13c7c4f3481f9013ced25a402
-
Filesize
9KB
MD5a235e15f319cd16a44138dd8c6b8be44
SHA1895d672ee97d475d24833d3ccc88538141b2ffbb
SHA256f4795b21957e547f2867c1c26d671d94b946972c9253a7110d85ae4a1875d8e8
SHA512ff9d93691a67ca32a24e60a69b633041e20a66fd575aa3b27a810755d0ddfb29aaf96e9cbd522b43215feaabf71a84ba52c3fb76f9b902392f83bf97e3caefb0
-
Filesize
9KB
MD57a2809f672a5b2d6885283c31eb43dd6
SHA14b12746686d5270a687f2a29b2cfcaabf7d859f7
SHA256b89a2d6d2634a2a5b89f87aa7eece1b9ae6c37e3d36720dace30ce49afea19e9
SHA512547828a65def66ab9e3679cac18afdbfdce5da8bb92de16da8b3d204e622f73cab0d0ce6583943c69cd28ecf048088f7c666150b0098f90d30c4dbee959d87dd
-
Filesize
9KB
MD545186f3f0c037c480601f4830b000aa8
SHA143cf47907a9788d7da6763b4955d078d78c08945
SHA2561020b9be7eb9f64ed1c4436a1462e63f5fc6987d6f385f8edff5bbf94c7c3d31
SHA51215cd334837b55c80c6e1516d3f774ea59825630e3d94713f0b61f233ff695a88df574c3a7fdc37d064d012ab959922023e6ed29bbf58f754927bead1170520d1
-
Filesize
9KB
MD53eac065473e96df8a0b77162a46b554d
SHA141764b23a476945133e202d0884156130b54b607
SHA256c665971db4437fae008c7f3ad538cd3f5ae5e70ad7d2c89c286301507896fcb2
SHA512999050838c73fb49819dd50d2dea468898c5f708748a80ef1de21d1a40edc0a3377a78874e888e5246bfdb78db341707a9407bacb8c32a76823bb6503348d9b5
-
Filesize
9KB
MD505a45913f487dfeb018231edb6ecc825
SHA16067b58b9ba7e9e6e7617c63b91fcd8d46f5290e
SHA25637027b2123a466fbb24a1ceaa05ad13d55561ddae058f8eafcfec2546d020f7a
SHA5129b2cdfb2fdf93e7d3834dc155503602aa02d0c2e8a137450e4a9a40b3145f2d041ed5c4fd2546c9ee4e664faedc5ce9206779e14a8097e05973b784ef9975ad7
-
Filesize
9KB
MD5a5d40330f464d3c524789aaf894b78af
SHA10db4f9702ba3d9e8eadc449814e96878e95a21be
SHA25658f011f4aaff6f8574d502b308e7fef5f91957f999a8ed31672b85bdf36cf974
SHA512bb37b12c93c39cc1ea9060ca59952dfc8a0e44bd627b9f436c4dd63decd17966f1bcf1f5934a3962b2986fb15b1338300e5c7f35e68cd006c4c2a0979e159da4
-
Filesize
9KB
MD5f9e3079160491d05801c851a42a063f7
SHA11bf467ac355cee24c2681da41d5cc479de08424d
SHA2564786b094f30789aa48f0bb579db27e23fb934c52bd09f73b4893cce8e10101cb
SHA51213d462b9d927201d38075614b6e3b6b3fe0a61a22feb8c695d511ba524a39a4755a4cb0b5c4cbbba668175f0ea42f029773263e7231cdef88ae677b2daf2c18e
-
Filesize
9KB
MD5d14d91bf0dbc92ecfbd2e1e202641e43
SHA1aeb4d8ef2d295048a8d9665cf9d759b0e4df527a
SHA25624411e617d058b2925418c4179df98abdfbffe0e068e1006a993d62e8efce284
SHA512c3c5b2d902b8ce1dd9d208a2f2e8b7c25613abe54d8947c40f4d98fd35b0ebaeaf36fffe56cd0b4ee60a41a15e75cec8afecda60948bd34c039ec887fdd60f31
-
Filesize
9KB
MD5a123561cd47f15d4f22d36988037ec96
SHA19cc937e0fb5045ea8aab3ed57ee993bd244b3849
SHA256f98da9a873be07ddad3f80b5cd43db448b30c36641747abb6bfe472b4681c5ad
SHA512b720eb50fb96dead3fa2c883b8fc4fc0b83596782abf3cd3cbccc0a57c5fa7fa87c7472d766a7ce6bc0eb726581bb385083e1193c5194ac45c350cfe66c3d3e6
-
Filesize
116KB
MD571270e8d168cdd6ccfb88bcc3ede29ff
SHA10c58b0665395be851a846377aa0011448a79e38a
SHA256f1b6a0577977204053d6ce9f00156ad00101ff23b7adde0c64fe46c24ba58db3
SHA5123f191d0ab03f2e97c6a3f84198fdc1e9d4c0accf8e70fa8857a663309327d4b961817c8c8590a9ee1e5ac2eac75957a0d34c4786c1ab68dadd5c1fb972c330dd
-
Filesize
116KB
MD5471248522181d988504a0ea65d80dc1b
SHA1f89b77716712d30f226ae4196fdc109a36b9e26c
SHA256914f848e53fb651934ecf07f808206a9f883677b515311962732dcb07f3de37f
SHA5126b101b59735e66365c459f47f41c608d3ad7caf70dd47aea7b980fb4e4fba417e79208ad95dae0306a72a16fd8a28df06878e4b16d357c47291e8586daf832ab