Analysis
-
max time kernel
601s -
max time network
602s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
19/01/2022, 20:28
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://1drv.ms/u/s!Aqdwe8MZEQc5b9Gbj2Cuj7NoiDo?e=fC5KAj
Resource
win10-en-20211208
0 signatures
0 seconds
General
-
Target
https://1drv.ms/u/s!Aqdwe8MZEQc5b9Gbj2Cuj7NoiDo?e=fC5KAj
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000_Classes\Local Settings chrome.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3556 EXCEL.EXE -
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 4040 chrome.exe 4040 chrome.exe 2664 chrome.exe 2664 chrome.exe 1140 chrome.exe 1140 chrome.exe 2124 chrome.exe 2124 chrome.exe 860 chrome.exe 860 chrome.exe 360 chrome.exe 360 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 2368 chrome.exe 2368 chrome.exe 3664 chrome.exe 3664 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeRestorePrivilege 2748 7zG.exe Token: 35 2748 7zG.exe Token: SeSecurityPrivilege 2748 7zG.exe Token: SeSecurityPrivilege 2748 7zG.exe -
Suspicious use of FindShellTrayWindow 37 IoCs
pid Process 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2748 7zG.exe -
Suspicious use of SendNotifyMessage 26 IoCs
pid Process 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe 2664 chrome.exe -
Suspicious use of SetWindowsHookEx 22 IoCs
pid Process 3556 EXCEL.EXE 3556 EXCEL.EXE 3556 EXCEL.EXE 3556 EXCEL.EXE 3556 EXCEL.EXE 3556 EXCEL.EXE 3556 EXCEL.EXE 3556 EXCEL.EXE 3556 EXCEL.EXE 3556 EXCEL.EXE 3556 EXCEL.EXE 3556 EXCEL.EXE 3556 EXCEL.EXE 3556 EXCEL.EXE 3556 EXCEL.EXE 3556 EXCEL.EXE 3556 EXCEL.EXE 3556 EXCEL.EXE 3556 EXCEL.EXE 3556 EXCEL.EXE 3556 EXCEL.EXE 3556 EXCEL.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2664 wrote to memory of 2704 2664 chrome.exe 68 PID 2664 wrote to memory of 2704 2664 chrome.exe 68 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 1700 2664 chrome.exe 70 PID 2664 wrote to memory of 4040 2664 chrome.exe 69 PID 2664 wrote to memory of 4040 2664 chrome.exe 69 PID 2664 wrote to memory of 3992 2664 chrome.exe 71 PID 2664 wrote to memory of 3992 2664 chrome.exe 71 PID 2664 wrote to memory of 3992 2664 chrome.exe 71 PID 2664 wrote to memory of 3992 2664 chrome.exe 71 PID 2664 wrote to memory of 3992 2664 chrome.exe 71 PID 2664 wrote to memory of 3992 2664 chrome.exe 71 PID 2664 wrote to memory of 3992 2664 chrome.exe 71 PID 2664 wrote to memory of 3992 2664 chrome.exe 71 PID 2664 wrote to memory of 3992 2664 chrome.exe 71 PID 2664 wrote to memory of 3992 2664 chrome.exe 71 PID 2664 wrote to memory of 3992 2664 chrome.exe 71 PID 2664 wrote to memory of 3992 2664 chrome.exe 71 PID 2664 wrote to memory of 3992 2664 chrome.exe 71 PID 2664 wrote to memory of 3992 2664 chrome.exe 71 PID 2664 wrote to memory of 3992 2664 chrome.exe 71 PID 2664 wrote to memory of 3992 2664 chrome.exe 71 PID 2664 wrote to memory of 3992 2664 chrome.exe 71 PID 2664 wrote to memory of 3992 2664 chrome.exe 71 PID 2664 wrote to memory of 3992 2664 chrome.exe 71 PID 2664 wrote to memory of 3992 2664 chrome.exe 71
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://1drv.ms/u/s!Aqdwe8MZEQc5b9Gbj2Cuj7NoiDo?e=fC5KAj1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2664 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7fffea124f50,0x7fffea124f60,0x7fffea124f702⤵PID:2704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1864 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1548 /prefetch:22⤵PID:1700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2356 /prefetch:82⤵PID:3992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2932 /prefetch:12⤵PID:3676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2924 /prefetch:12⤵PID:756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4084 /prefetch:82⤵PID:428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:12⤵PID:2480
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4564 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:12⤵PID:1540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4208 /prefetch:82⤵PID:1728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4520 /prefetch:82⤵PID:2208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5432 /prefetch:82⤵PID:1896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5308 /prefetch:82⤵PID:3064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5244 /prefetch:82⤵PID:2080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:82⤵PID:616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4396 /prefetch:82⤵PID:2108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4352 /prefetch:82⤵PID:428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3540 /prefetch:82⤵PID:2428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4948 /prefetch:82⤵PID:3896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1440 /prefetch:12⤵PID:1424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:3696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 /prefetch:82⤵PID:1964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2460 /prefetch:82⤵PID:1448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2440 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:82⤵PID:360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4700 /prefetch:82⤵PID:3068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4728 /prefetch:82⤵PID:3892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4680 /prefetch:82⤵PID:3840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1444 /prefetch:82⤵PID:2472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4904 /prefetch:82⤵PID:2108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3176 /prefetch:82⤵PID:944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3284 /prefetch:82⤵PID:3616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4068 /prefetch:82⤵PID:2080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5568 /prefetch:82⤵PID:3356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5252 /prefetch:82⤵PID:2444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:82⤵PID:712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2440 /prefetch:82⤵PID:1528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,11401119501821304215,6982888903857335812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4348 /prefetch:82⤵PID:3560
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3552
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap19363:92:7zEvent60751⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2748
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Downloads\OFFER[2022.01.19_17-49].xll"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3556