bitrat | ed857cb8db7feb60827f28be33098db83bb25fa2191b133eedc5b4b29907abd5

General

Target

5effe6792620b5d512905695003baa3f.exe
Size

2.3MB
MD5

5effe6792620b5d512905695003baa3f
SHA1

0a98f5acfcd5a0efb4989d4513b6b8861438777d
SHA256

ed857cb8db7feb60827f28be33098db83bb25fa2191b133eedc5b4b29907abd5
SHA512

67630485b4cd44a612274c146aabef67b5d0f0c0ddfb0f8c34367985e43ccef25cd35d8583952bc73281b5fedb9d8e05a67ad326cdfae9c67ae858ce2c2c1a09

Score

10^/10

bitrat persistence suricata trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

91.243.32.131:80

Attributes

communication_password
202cb962ac59075b964b07152d234b70
install_dir
Defenderzone
install_file
syspro.exe
tor_process
tor

Signatures

BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
trojan bitrat
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata
Downloads MZ/PE file
Executes dropped EXE 2 IoCs

Processes:

syspro.exe9hX33N80.exe

pid process

2816 syspro.exe
2820 9hX33N80.exe

pid	process
2816	syspro.exe
2820	9hX33N80.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

5effe6792620b5d512905695003baa3f.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Windows\CurrentVersion\Run\syspro = "C:\\Users\\Admin\\AppData\\Local\\Defenderzone\\syspro.exe"	5effe6792620b5d512905695003baa3f.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs

Processes:

5effe6792620b5d512905695003baa3f.exe

pid	process
2652	5effe6792620b5d512905695003baa3f.exe
2652	5effe6792620b5d512905695003baa3f.exe
2652	5effe6792620b5d512905695003baa3f.exe
2652	5effe6792620b5d512905695003baa3f.exe
2652	5effe6792620b5d512905695003baa3f.exe
2652	5effe6792620b5d512905695003baa3f.exe
2652	5effe6792620b5d512905695003baa3f.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

5effe6792620b5d512905695003baa3f.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exe

pid	process
2652	5effe6792620b5d512905695003baa3f.exe
2652	5effe6792620b5d512905695003baa3f.exe
3348	chrome.exe
3348	chrome.exe
2976	chrome.exe
2976	chrome.exe
1416	chrome.exe
1416	chrome.exe
3560	chrome.exe
3560	chrome.exe
4092	chrome.exe
4092	chrome.exe
2988	chrome.exe
2988	chrome.exe
2748	chrome.exe
2748	chrome.exe
3600	chrome.exe
3600	chrome.exe
1692	chrome.exe
1692	chrome.exe
2796	chrome.exe
2796	chrome.exe
2844	chrome.exe
2844	chrome.exe
2284	chrome.exe
2284	chrome.exe
1036	chrome.exe
1036	chrome.exe
3600	chrome.exe
3600	chrome.exe
3152	chrome.exe
3152	chrome.exe
820	chrome.exe
820	chrome.exe
3232	chrome.exe
3232	chrome.exe
3704	chrome.exe
3704	chrome.exe
1772	chrome.exe
1772	chrome.exe
1856	chrome.exe
1856	chrome.exe
2124	chrome.exe
2124	chrome.exe
680	chrome.exe
680	chrome.exe
2232	chrome.exe
2232	chrome.exe
3792	chrome.exe
3792	chrome.exe
2760	chrome.exe
2760	chrome.exe
3412	chrome.exe
3412	chrome.exe
3052	chrome.exe
3052	chrome.exe
1456	chrome.exe
1456	chrome.exe
4128	chrome.exe
4128	chrome.exe
4160	chrome.exe
4160	chrome.exe
4192	chrome.exe
4192	chrome.exe

Suspicious behavior: RenamesItself 3 IoCs

Processes:

5effe6792620b5d512905695003baa3f.exe

pid process

2652 5effe6792620b5d512905695003baa3f.exe
2652 5effe6792620b5d512905695003baa3f.exe
2652 5effe6792620b5d512905695003baa3f.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

5effe6792620b5d512905695003baa3f.exe

description pid process

Token: SeShutdownPrivilege 2652 5effe6792620b5d512905695003baa3f.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

chrome.exe

pid process

3348 chrome.exe
3348 chrome.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

5effe6792620b5d512905695003baa3f.exe

pid process

2652 5effe6792620b5d512905695003baa3f.exe
2652 5effe6792620b5d512905695003baa3f.exe

description	pid	process
Token: SeShutdownPrivilege	2652	5effe6792620b5d512905695003baa3f.exe

pid	process
3348	chrome.exe
3348	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

5effe6792620b5d512905695003baa3f.exechrome.exe

description	pid	process	target process
PID 2652 wrote to memory of 3348	2652	5effe6792620b5d512905695003baa3f.exe	chrome.exe
PID 2652 wrote to memory of 3348	2652	5effe6792620b5d512905695003baa3f.exe	chrome.exe
PID 3348 wrote to memory of 1568	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 1568	3348	chrome.exe	chrome.exe
PID 2652 wrote to memory of 2816	2652	5effe6792620b5d512905695003baa3f.exe	syspro.exe
PID 2652 wrote to memory of 2816	2652	5effe6792620b5d512905695003baa3f.exe	syspro.exe
PID 2652 wrote to memory of 2816	2652	5effe6792620b5d512905695003baa3f.exe	syspro.exe
PID 2652 wrote to memory of 2820	2652	5effe6792620b5d512905695003baa3f.exe	9hX33N80.exe
PID 2652 wrote to memory of 2820	2652	5effe6792620b5d512905695003baa3f.exe	9hX33N80.exe
PID 2652 wrote to memory of 2820	2652	5effe6792620b5d512905695003baa3f.exe	9hX33N80.exe
PID 3348 wrote to memory of 336	3348	chrome.exe	ctfmon.exe
PID 3348 wrote to memory of 336	3348	chrome.exe	ctfmon.exe
PID 3348 wrote to memory of 1416	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 1416	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 2976	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 2976	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 3560	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 3560	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 2988	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 2988	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 4092	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 4092	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 2748	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 2748	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 3600	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 3600	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 1692	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 1692	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 2796	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 2796	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 2844	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 2844	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 2284	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 2284	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 1036	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 1036	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 3600	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 3600	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 3152	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 3152	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 820	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 820	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 3232	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 3232	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 3704	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 3704	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 1772	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 1772	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 1856	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 1856	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 2124	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 2124	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 680	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 680	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 2232	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 2232	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 3792	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 3792	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 2760	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 2760	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 3412	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 3412	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 3052	3348	chrome.exe	chrome.exe
PID 3348 wrote to memory of 3052	3348	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\5effe6792620b5d512905695003baa3f.exe
"C:\Users\Admin\AppData\Local\Temp\5effe6792620b5d512905695003baa3f.exe"
1⤵
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2652

C:\Program Files\Google\Chrome\Application\chrome.exe
--user-data-dir=C:\Users\Admin\AppData\Local\Temp\JUTn88f1e1ZCzayB --no-first-run --run-without-sandbox-for-testing --no-default-browser-check --enable-native-gpu-memory-buffers --no-sandbox --allow-no-sandbox-job --use-gl=egl --noerrdialogs --log-level=0 --test-type --disable-gpu-sandbox --new-window https://www.youtube.com/watch?v=lEnjFNlsb5I&t=13s
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\JUTn88f1e1ZCzayB /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\JUTn88f1e1ZCzayB\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\JUTn88f1e1ZCzayB --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xd4,0xd8,0xdc,0xb0,0xe0,0x7ff8ad1b4f50,0x7ff8ad1b4f60,0x7ff8ad1b4f70
3⤵
PID:1568

C:\Windows\system32\ctfmon.exe
ctfmon.exe
3⤵
PID:336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=network --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=1676 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --disable-gpu-sandbox --no-sandbox --log-level=0 --noerrdialogs --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAgAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=egl --log-level=0 --mojo-platform-channel-handle=1616 --allow-no-sandbox-job /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=2088 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-sandbox --log-level=0 --test-type --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --noerrdialogs --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2600 --allow-no-sandbox-job /prefetch:1
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-sandbox --log-level=0 --test-type --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --noerrdialogs --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2592 --allow-no-sandbox-job /prefetch:1
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --disable-gpu-sandbox --no-sandbox --log-level=0 --noerrdialogs --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAgAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --log-level=0 --mojo-platform-channel-handle=3104 --allow-no-sandbox-job /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=3712 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-sandbox --log-level=0 --test-type --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --disable-gpu-compositing --lang=en-US --noerrdialogs --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 --allow-no-sandbox-job /prefetch:1
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=audio --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4256 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=video_capture --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4200 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4316 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4684 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4808 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4828 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4848 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4884 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4868 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4792 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4804 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4224 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4424 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4412 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4496 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4292 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4488 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4112 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4168 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4148 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4972 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4864 --allow-no-sandbox-job /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=5004 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4064 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4036 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=5024 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=3892 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=3968 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=3928 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=3948 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=5092 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4008 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=3804 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4796 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4856 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=5156 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=5180 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=5204 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=5108 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=3888 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-sandbox --log-level=0 --test-type --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --disable-gpu-compositing --lang=en-US --noerrdialogs --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-sandbox --log-level=0 --test-type --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --disable-gpu-compositing --lang=en-US --noerrdialogs --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=5108 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=5192 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-sandbox --log-level=0 --test-type --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --disable-gpu-compositing --lang=en-US --noerrdialogs --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 --allow-no-sandbox-job /prefetch:1
3⤵
PID:5028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-sandbox --log-level=0 --test-type --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --disable-gpu-compositing --lang=en-US --noerrdialogs --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4364 --allow-no-sandbox-job /prefetch:1
3⤵
PID:5084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4816 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=4792 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=656 --allow-no-sandbox-job /prefetch:8
3⤵
PID:4416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=2892 --allow-no-sandbox-job /prefetch:8
3⤵
PID:3928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-sandbox --log-level=0 --test-type --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --disable-gpu-compositing --lang=en-US --noerrdialogs --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 --allow-no-sandbox-job /prefetch:1
3⤵
PID:3256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=egl --noerrdialogs --log-level=0 --mojo-platform-channel-handle=656 --allow-no-sandbox-job /prefetch:8
3⤵
PID:1456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1604,2058889627646769513,12925487844160546815,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --disable-gpu-sandbox --no-sandbox --log-level=0 --noerrdialogs --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAwAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --log-level=0 --mojo-platform-channel-handle=4060 --allow-no-sandbox-job /prefetch:2
3⤵
PID:4248

C:\Users\Admin\AppData\Local\Defenderzone\syspro.exe
"C:\Users\Admin\AppData\Local\Defenderzone\syspro.exe"
2⤵
- Executes dropped EXE
PID:2816

C:\Users\Admin\AppData\Local\Temp\9hX33N80.exe
"C:\Users\Admin\AppData\Local\Temp\9hX33N80.exe"
2⤵
- Executes dropped EXE
PID:2820

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Defenderzone\syspro.exe
MD5
5effe6792620b5d512905695003baa3f

SHA1
0a98f5acfcd5a0efb4989d4513b6b8861438777d

SHA256
ed857cb8db7feb60827f28be33098db83bb25fa2191b133eedc5b4b29907abd5

SHA512
67630485b4cd44a612274c146aabef67b5d0f0c0ddfb0f8c34367985e43ccef25cd35d8583952bc73281b5fedb9d8e05a67ad326cdfae9c67ae858ce2c2c1a09

Download Submit
C:\Users\Admin\AppData\Local\Temp\9hX33N80.exe
MD5
ca42e05f9d53c7ec9383307c1ea282bb

SHA1
ed0efa1b59b461dcda08121a39411bee72f6b4cb

SHA256
63a7295e66183379580db16d0d191bb261ccc9edb982980051291c8bdf6c4ade

SHA512
4a1e3655a93f5e29ac7191eb3249b5b5a61b90353e78cc0bae4e81008aaff43bd9db4c2fde0c5ffcdae5e7eb87dfccffd4a1f383c78f5d40d52cbc4d61890196

Download Submit
C:\Users\Admin\AppData\Local\Temp\JUTn88f1e1ZCzayB\Crashpad\settings.dat
MD5
c13f56e7e92b40bf0c8ebed5afd82f11

SHA1
49f5339c9c96411298c8994095653cddddc6d435

SHA256
dae18a7e0e279904ed61e2e17d22bd0e4a24f6a30aafd8ee66623b8058102741

SHA512
389ce2064023b5183917402f297d3b7d659d985a49f0292a00ebebffdb0b8f3a8cd8167d224637e63223770f329bbc245355d902abebbe924e3cba59c1ac8063

Download Submit
\??\pipe\crashpad_3348_AIQQWCXGBWKDPSFV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/336-129-0x0000000000000000-mapping.dmp

Download
memory/2652-119-0x0000000000400000-0x0000000000842000-memory.dmp

Filesize
4.3MB

Download
memory/2652-121-0x0000000075D80000-0x0000000075F42000-memory.dmp

Filesize
1.8MB

Download
memory/2652-122-0x0000000000401000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/2652-123-0x0000000000401000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/2652-124-0x0000000075BF0000-0x0000000075CE1000-memory.dmp

Filesize
964KB

Download
memory/2652-125-0x00000000766F0000-0x0000000076C74000-memory.dmp

Filesize
5.5MB

Download
memory/2652-120-0x0000000000401000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/2652-115-0x00000000008B0000-0x00000000009FA000-memory.dmp

Filesize
1.3MB

Download
memory/2652-118-0x00000000001E0000-0x00000000001E2000-memory.dmp

Filesize
8KB

Download
memory/2652-117-0x0000000000400000-0x0000000000842000-memory.dmp

Filesize
4.3MB

Download
memory/2652-116-0x0000000000400000-0x0000000000842000-memory.dmp

Filesize
4.3MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads