Overview
overview
10Static
static
102222-main/Build.exe
windows7_x64
102222-main/Build.exe
windows10_x64
102222-main/...se.dll
windows7_x64
12222-main/...se.dll
windows10_x64
12222-main/OTC.dll
windows7_x64
12222-main/OTC.dll
windows10_x64
12222-main/OTC2.dll
windows7_x64
12222-main/OTC2.dll
windows10_x64
12222-main/aurora.dll
windows7_x64
12222-main/aurora.dll
windows10_x64
12222-main/...ty.dll
windows7_x64
12222-main/...ty.dll
windows10_x64
32222-main/gan.exe
windows7_x64
102222-main/gan.exe
windows10_x64
102222-main/mySThe.exe
windows7_x64
102222-main/mySThe.exe
windows10_x64
102222-main/myporno.exe
windows7_x64
102222-main/myporno.exe
windows10_x64
82222-main/pandora.dll
windows7_x64
12222-main/pandora.dll
windows10_x64
102222-main/pass.exe
windows7_x64
102222-main/pass.exe
windows10_x64
102222-main/petya.exe
windows7_x64
62222-main/petya.exe
windows10_x64
62222-main/sheyhST.exe
windows7_x64
102222-main/sheyhST.exe
windows10_x64
102222-main/...io.exe
windows7_x64
102222-main/...io.exe
windows10_x64
72222-main/test.exe
windows7_x64
32222-main/test.exe
windows10_x64
32222-main/token.exe
windows7_x64
62222-main/token.exe
windows10_x64
6Analysis
-
max time kernel
145s -
max time network
159s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
30-07-2021 07:53
Behavioral task
behavioral1
Sample
2222-main/Build.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
2222-main/Build.exe
Resource
win10v20210408
Behavioral task
behavioral3
Sample
2222-main/NanoSense.dll
Resource
win7v20210410
Behavioral task
behavioral4
Sample
2222-main/NanoSense.dll
Resource
win10v20210410
Behavioral task
behavioral5
Sample
2222-main/OTC.dll
Resource
win7v20210408
Behavioral task
behavioral6
Sample
2222-main/OTC.dll
Resource
win10v20210410
Behavioral task
behavioral7
Sample
2222-main/OTC2.dll
Resource
win7v20210408
Behavioral task
behavioral8
Sample
2222-main/OTC2.dll
Resource
win10v20210410
Behavioral task
behavioral9
Sample
2222-main/aurora.dll
Resource
win7v20210408
Behavioral task
behavioral10
Sample
2222-main/aurora.dll
Resource
win10v20210410
Behavioral task
behavioral11
Sample
2222-main/fatality.dll
Resource
win7v20210410
Behavioral task
behavioral12
Sample
2222-main/fatality.dll
Resource
win10v20210408
Behavioral task
behavioral13
Sample
2222-main/gan.exe
Resource
win7v20210410
Behavioral task
behavioral14
Sample
2222-main/gan.exe
Resource
win10v20210408
Behavioral task
behavioral15
Sample
2222-main/mySThe.exe
Resource
win7v20210410
Behavioral task
behavioral16
Sample
2222-main/mySThe.exe
Resource
win10v20210408
Behavioral task
behavioral17
Sample
2222-main/myporno.exe
Resource
win7v20210410
Behavioral task
behavioral18
Sample
2222-main/myporno.exe
Resource
win10v20210410
Behavioral task
behavioral19
Sample
2222-main/pandora.dll
Resource
win7v20210408
Behavioral task
behavioral20
Sample
2222-main/pandora.dll
Resource
win10v20210410
Behavioral task
behavioral21
Sample
2222-main/pass.exe
Resource
win7v20210408
Behavioral task
behavioral22
Sample
2222-main/pass.exe
Resource
win10v20210410
Behavioral task
behavioral23
Sample
2222-main/petya.exe
Resource
win7v20210408
Behavioral task
behavioral24
Sample
2222-main/petya.exe
Resource
win10v20210410
Behavioral task
behavioral25
Sample
2222-main/sheyhST.exe
Resource
win7v20210410
Behavioral task
behavioral26
Sample
2222-main/sheyhST.exe
Resource
win10v20210408
Behavioral task
behavioral27
Sample
2222-main/stpastio.exe
Resource
win7v20210410
Behavioral task
behavioral28
Sample
2222-main/stpastio.exe
Resource
win10v20210408
Behavioral task
behavioral29
Sample
2222-main/test.exe
Resource
win7v20210410
Behavioral task
behavioral30
Sample
2222-main/test.exe
Resource
win10v20210408
Behavioral task
behavioral31
Sample
2222-main/token.exe
Resource
win7v20210410
Behavioral task
behavioral32
Sample
2222-main/token.exe
Resource
win10v20210410
General
-
Target
2222-main/test.exe
-
Size
50KB
-
MD5
934b148407a5f93bbeed3d5b2c91edde
-
SHA1
208fa687dea4cae2bd7a15907834ce107aea2683
-
SHA256
00a6aee5810a2f37be3722b8c05c363e9954e782f49e558f451c4097bbd6f217
-
SHA512
4cd3d836a122a19888f4be5541c158aa8add24b6276d8d9ee3a120ea2d3cc9ceb72c284ae41d3fa8d30b6c4bbfd18fe97ef451293222b9b9c23d125d3a882c2c
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes:
chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exepid process 496 chrome.exe 496 chrome.exe 2876 chrome.exe 2876 chrome.exe 4652 chrome.exe 4652 chrome.exe 1232 chrome.exe 1232 chrome.exe 3828 chrome.exe 3828 chrome.exe 4648 chrome.exe 4648 chrome.exe 5088 chrome.exe 5088 chrome.exe 5088 chrome.exe 5088 chrome.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
Processes:
chrome.exepid process 2876 chrome.exe 2876 chrome.exe 2876 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
test.execmd.exechrome.exedescription pid process target process PID 996 wrote to memory of 2640 996 test.exe cmd.exe PID 996 wrote to memory of 2640 996 test.exe cmd.exe PID 996 wrote to memory of 2640 996 test.exe cmd.exe PID 2640 wrote to memory of 2876 2640 cmd.exe chrome.exe PID 2640 wrote to memory of 2876 2640 cmd.exe chrome.exe PID 2876 wrote to memory of 3000 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 3000 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 1196 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 496 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 496 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 3908 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 3908 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 3908 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 3908 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 3908 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 3908 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 3908 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 3908 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 3908 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 3908 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 3908 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 3908 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 3908 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 3908 2876 chrome.exe chrome.exe PID 2876 wrote to memory of 3908 2876 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2222-main\test.exe"C:\Users\Admin\AppData\Local\Temp\2222-main\test.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:996 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\814B.tmp\test.bat" "C:\Users\Admin\AppData\Local\Temp\2222-main\test.exe""2⤵
- Suspicious use of WriteProcessMemory
PID:2640 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2876 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ff885794f50,0x7ff885794f60,0x7ff885794f704⤵PID:3000
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1548 /prefetch:24⤵PID:1196
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1824 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
PID:496 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 /prefetch:84⤵PID:3908
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2592 /prefetch:14⤵PID:1632
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:14⤵PID:1000
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:14⤵PID:2204
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:14⤵PID:680
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:14⤵PID:1784
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:14⤵PID:2248
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4912 /prefetch:84⤵PID:4424
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
PID:4652 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6324 /prefetch:84⤵PID:4772
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6460 /prefetch:84⤵PID:4824
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6328 /prefetch:84⤵PID:4876
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6476 /prefetch:84⤵PID:4928
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6616 /prefetch:84⤵PID:4980
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6592 /prefetch:84⤵PID:5032
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6444 /prefetch:84⤵PID:5084
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6620 /prefetch:84⤵PID:4064
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5144 /prefetch:84⤵PID:4288
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel --force-configure-user-settings4⤵PID:4460
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff622d0a890,0x7ff622d0a8a0,0x7ff622d0a8b05⤵PID:4500
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6652 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
PID:1232 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6312 /prefetch:84⤵PID:1224
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6356 /prefetch:84⤵PID:4660
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6424 /prefetch:84⤵PID:4688
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6396 /prefetch:84⤵PID:4488
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6392 /prefetch:84⤵PID:4820
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6408 /prefetch:84⤵PID:4824
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6416 /prefetch:84⤵PID:4952
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6648 /prefetch:84⤵PID:4928
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6324 /prefetch:84⤵PID:5040
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4168 /prefetch:84⤵PID:4748
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6908 /prefetch:84⤵PID:4448
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6364 /prefetch:84⤵PID:4088
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6400 /prefetch:84⤵PID:4540
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6304 /prefetch:84⤵PID:4668
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7044 /prefetch:84⤵PID:2856
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7068 /prefetch:84⤵PID:4896
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7092 /prefetch:84⤵PID:4980
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7116 /prefetch:84⤵PID:4920
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7040 /prefetch:84⤵PID:4112
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4048 /prefetch:84⤵PID:1224
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5744 /prefetch:84⤵PID:4212
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5760 /prefetch:84⤵PID:2176
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5792 /prefetch:84⤵PID:1548
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5824 /prefetch:84⤵PID:4932
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5592 /prefetch:84⤵PID:2020
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6836 /prefetch:84⤵PID:4752
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3528 /prefetch:84⤵PID:4740
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:14⤵PID:5104
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:14⤵PID:4488
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:14⤵PID:5052
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6996 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
PID:3828 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:84⤵PID:3396
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
PID:4648 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2140 /prefetch:84⤵PID:4088
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4988 /prefetch:84⤵PID:4764
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6884 /prefetch:24⤵
- Suspicious behavior: EnumeratesProcesses
PID:5088 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1516,15166152720052553339,1157170737670009850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5976 /prefetch:84⤵PID:4836
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
34ac213c5d072467016d676b79783c81
SHA1a08224d365ab79c0bb3189b08565c8a72139a1bb
SHA2566788ff076b0b0fca15541f0f6b90c135d5f51b36db9d5117f5da7be78e372a44
SHA5127aef8888fc779c355ed09292c373f240efbac10f19d74fdd34ed2444009adf7d75f209610a07d7bb3e5ebc06cc96ef8c2d93c4238f0f0116452f4779fd463917
-
MD5
42ac200380fe0e83e8530221a5338973
SHA1ce274c74a88d33f002831a3858180ea0e0dd97c8
SHA25620a0c6fec7dd212aad286fde1bfaf9a26805adac4d694cf1c90ce1920b75f49f
SHA512f846ad20777266854b69c6bf5f3f8c3b7db7a1ab5306bb4f6b7ba46446cf9b99e654bf1f6c244ba813d2a369432a7564ec2e87e819ed4ca8710ab986ef8bb439
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e