Resubmissions
21-03-2022 13:55
220321-q8g1sacga6 1021-03-2022 11:51
220321-n1kqlacagm 1021-03-2022 10:00
220321-l1zteabbb6 6Analysis
-
max time kernel
176s -
max time network
177s -
platform
windows10_x64 -
resource
win10-20220223-en -
submitted
21-03-2022 11:51
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.dropbox.com/l/scl/AACtpUiQTixzQIRngXdTqzZ5ommdP0xkRRU
Resource
win10-20220223-en
windows10_x64
0 signatures
0 seconds
General
-
Target
https://www.dropbox.com/l/scl/AACtpUiQTixzQIRngXdTqzZ5ommdP0xkRRU
Score
10/10
Malware Config
Extracted
Path
C:\Users\Admin\AppData\Local\Temp\3592_180497726\english_wikipedia.txt
Family
prometheus
Ransom Note
the
of
and
in
was
is
for
as
on
with
by
he
at
from
his
an
were
are
which
doc
https
also
or
has
had
first
one
their
its
after
new
who
they
two
her
she
been
other
when
time
during
there
into
school
more
may
years
over
only
year
most
would
world
city
some
where
between
later
three
state
such
then
national
used
made
known
under
many
university
united
while
part
season
team
these
american
than
film
second
born
south
became
states
war
through
being
including
both
before
north
high
however
people
family
early
history
album
area
them
series
against
until
since
district
county
name
work
life
group
music
following
number
company
several
four
called
played
released
career
league
game
government
house
each
based
day
same
won
use
station
club
international
town
located
population
general
college
east
found
age
march
end
september
began
home
public
church
line
june
river
member
system
place
century
band
july
york
january
october
song
august
best
former
british
party
named
held
village
show
local
november
took
service
december
built
another
major
within
along
members
five
single
due
although
small
old
left
final
large
include
building
served
president
received
games
death
february
main
third
set
children
own
order
species
park
law
air
published
road
died
book
men
women
army
often
according
education
central
country
division
english
top
included
development
french
community
among
water
play
side
list
times
near
late
form
original
different
center
power
led
students
german
moved
court
six
land
council
island
u.s.
record
million
research
art
established
award
street
military
television
given
region
support
western
production
non
political
point
cup
period
business
title
started
various
election
using
england
role
produced
become
program
works
field
total
office
class
written
association
radio
union
level
championship
director
few
force
created
department
founded
services
married
though
per
n't
site
open
act
short
society
version
royal
present
northern
worked
professional
full
returned
joined
story
france
european
currently
language
social
california
india
days
design
st.
further
round
australia
wrote
san
project
control
southern
railway
board
popular
continued
free
battle
considered
video
common
position
living
half
playing
recorded
red
post
described
average
records
special
modern
appeared
announced
areas
rock
release
elected
others
example
term
opened
similar
formed
route
census
current
schools
originally
lake
developed
race
himself
forces
addition
information
upon
province
match
event
songs
result
events
win
eastern
track
lead
teams
science
human
construction
minister
germany
awards
available
throughout
training
style
body
museum
australian
health
seven
signed
chief
eventually
appointed
sea
centre
debut
tour
points
media
light
range
character
across
features
families
largest
indian
network
less
performance
players
refer
europe
sold
festival
usually
taken
despite
designed
committee
process
return
official
episode
institute
stage
followed
performed
japanese
personal
thus
arts
space
low
months
includes
china
study
middle
magazine
leading
japan
groups
aircraft
featured
federal
civil
rights
model
coach
canadian
books
remained
eight
type
independent
completed
capital
academy
instead
kingdom
organization
countries
studies
competition
sports
size
above
section
finished
gold
involved
reported
management
systems
industry
directed
market
fourth
movement
technology
bank
ground
campaign
base
lower
sent
rather
added
provided
coast
grand
historic
valley
conference
bridge
winning
approximately
films
chinese
awarded
degree
russian
shows
native
female
replaced
municipality
square
studio
medical
data
african
successful
mid
bay
attack
previous
operations
spanish
theatre
student
republic
beginning
provide
ship
primary
owned
writing
tournament
culture
introduced
texas
related
natural
parts
governor
reached
ireland
units
senior
decided
italian
whose
higher
africa
standard
income
professor
placed
regional
los
buildings
championships
active
novel
energy
generally
interest
via
economic
previously
stated
itself
channel
below
operation
leader
traditional
trade
structure
limited
runs
prior
regular
famous
saint
navy
foreign
listed
artist
catholic
airport
results
parliament
collection
unit
officer
goal
attended
command
staff
commission
lived
location
plays
commercial
places
foundation
significant
older
medal
self
scored
companies
highway
activities
programs
wide
musical
notable
library
numerous
paris
towards
individual
allowed
plant
property
annual
contract
whom
highest
initially
required
earlier
assembly
artists
rural
seat
practice
defeated
ended
soviet
length
spent
manager
press
associated
author
issues
additional
characters
lord
zealand
policy
engine
township
noted
historical
complete
financial
religious
mission
contains
nine
recent
represented
pennsylvania
administration
opening
secretary
lines
report
executive
youth
closed
theory
writer
italy
angeles
appearance
feature
queen
launched
legal
terms
entered
issue
edition
singer
greek
majority
background
source
anti
cultural
complex
changes
recording
stadium
islands
operated
particularly
basketball
month
uses
port
castle
mostly
names
fort
selected
increased
status
earth
subsequently
pacific
cover
variety
certain
goals
remains
upper
congress
becoming
studied
irish
nature
particular
loss
caused
chart
dr.
forced
create
era
retired
material
review
rate
singles
referred
larger
individuals
shown
provides
products
speed
democratic
poland
parish
olympics
cities
themselves
temple
wing
genus
households
serving
cost
wales
stations
passed
supported
view
cases
forms
actor
male
matches
males
stars
tracks
females
administrative
median
effect
biography
train
engineering
camp
offered
chairman
houses
mainly
19th
surface
therefore
nearly
score
ancient
subject
prime
seasons
claimed
experience
specific
jewish
failed
overall
believed
plot
troops
greater
spain
consists
broadcast
heavy
increase
raised
separate
campus
1980s
appears
presented
lies
composed
recently
influence
fifth
nations
creek
references
elections
britain
double
cast
meaning
earned
carried
producer
latter
housing
brothers
attempt
article
response
border
remaining
nearby
direct
ships
value
workers
politician
academic
label
1970s
commander
rule
fellow
residents
authority
editor
transport
dutch
projects
responsible
covered
territory
flight
races
defense
tower
emperor
albums
facilities
daily
stories
assistant
managed
primarily
quality
function
proposed
distribution
conditions
prize
journal
code
vice
newspaper
corps
highly
constructed
mayor
critical
secondary
corporation
rugby
regiment
ohio
appearances
serve
allow
nation
multiple
discovered
directly
scene
levels
growth
elements
acquired
1990s
officers
physical
20th
latin
host
jersey
graduated
arrived
issued
literature
metal
estate
vote
immediately
quickly
asian
competed
extended
produce
urban
1960s
promoted
contemporary
global
formerly
appear
industrial
types
opera
ministry
soldiers
commonly
mass
formation
smaller
typically
drama
shortly
density
senate
effects
iran
polish
prominent
naval
settlement
divided
basis
republican
languages
distance
treatment
continue
product
mile
sources
footballer
format
clubs
leadership
initial
offers
operating
avenue
officially
columbia
grade
squadron
fleet
percent
farm
leaders
agreement
likely
equipment
website
mount
grew
method
transferred
intended
renamed
iron
asia
reserve
capacity
politics
widely
activity
advanced
relations
scottish
dedicated
crew
founder
episodes
lack
amount
build
efforts
concept
follows
ordered
leaves
positive
economy
entertainment
affairs
memorial
ability
illinois
communities
color
text
railroad
scientific
focus
comedy
serves
exchange
environment
cars
direction
organized
firm
description
agency
analysis
purpose
destroyed
reception
planned
revealed
infantry
architecture
growing
featuring
household
candidate
removed
situated
models
knowledge
solo
technical
organizations
assigned
conducted
participated
largely
purchased
register
gained
combined
headquarters
adopted
potential
protection
scale
approach
spread
independence
mountains
titled
geography
applied
safety
mixed
accepted
continues
captured
rail
defeat
principal
recognized
lieutenant
mentioned
semi
owner
joint
liberal
actress
traffic
creation
basic
notes
unique
supreme
declared
simply
plants
sales
massachusetts
designated
parties
jazz
compared
becomes
resources
titles
concert
learning
remain
teaching
versions
content
alongside
revolution
sons
block
premier
impact
champions
districts
generation
estimated
volume
image
sites
account
roles
sport
quarter
providing
zone
yard
scoring
classes
presence
performances
representatives
hosted
split
taught
origin
olympic
claims
critics
facility
occurred
suffered
municipal
damage
defined
resulted
respectively
expanded
platform
draft
opposition
expected
educational
ontario
climate
reports
atlantic
surrounding
performing
reduced
ranked
allows
birth
nominated
younger
newly
kong
positions
theater
philadelphia
heritage
finals
disease
sixth
laws
reviews
constitution
tradition
swedish
theme
fiction
rome
medicine
trains
resulting
existing
deputy
environmental
labour
classical
develop
fans
granted
receive
alternative
begins
nuclear
fame
buried
connected
identified
palace
falls
letters
combat
sciences
effort
villages
inspired
regions
towns
conservative
chosen
animals
labor
attacks
materials
yards
steel
representative
orchestra
peak
entitled
officials
returning
reference
northwest
imperial
convention
examples
ocean
publication
painting
subsequent
frequently
religion
brigade
fully
sides
acts
cemetery
relatively
oldest
suggested
succeeded
achieved
application
programme
cells
votes
promotion
graduate
armed
supply
flying
communist
figures
literary
netherlands
korea
worldwide
citizens
1950s
faculty
draw
stock
seats
occupied
methods
unknown
articles
claim
holds
authorities
audience
sweden
interview
obtained
covers
settled
transfer
marked
allowing
funding
challenge
southeast
unlike
crown
rise
portion
transportation
sector
phase
properties
edge
tropical
standards
institutions
philosophy
legislative
hills
brand
fund
conflict
unable
founding
refused
attempts
metres
permanent
starring
applications
creating
effective
aired
extensive
employed
enemy
expansion
billboard
rank
battalion
multi
vehicle
fought
alliance
category
perform
federation
poetry
bronze
bands
entry
vehicles
bureau
maximum
billion
trees
intelligence
greatest
screen
refers
commissioned
gallery
injury
confirmed
setting
treaty
adult
americans
broadcasting
supporting
pilot
mobile
writers
programming
existence
squad
minnesota
copies
korean
provincial
sets
defence
offices
agricultural
internal
core
northeast
retirement
factory
actions
prevent
communications
ending
weekly
containing
functions
attempted
interior
weight
bowl
recognition
incorporated
increasing
ultimately
documentary
derived
attacked
lyrics
mexican
external
churches
centuries
metropolitan
selling
opposed
personnel
mill
visited
presidential
roads
pieces
norwegian
controlled
18th
rear
influenced
wrestling
weapons
launch
composer
locations
developing
circuit
specifically
studios
shared
canal
wisconsin
publishing
approved
domestic
consisted
determined
comic
establishment
exhibition
southwest
fuel
electronic
cape
converted
educated
melbourne
hits
wins
producing
norway
slightly
occur
surname
identity
represent
constituency
funds
proved
links
structures
athletic
birds
contest
users
poet
institution
display
receiving
rare
contained
guns
motion
piano
temperature
publications
passenger
contributed
toward
cathedral
inhabitants
architect
exist
athletics
muslim
courses
abandoned
signal
successfully
disambiguation
tennessee
dynasty
heavily
maryland
jews
representing
budget
weather
missouri
introduction
faced
pair
chapel
reform
height
vietnam
occurs
motor
cambridge
lands
focused
sought
patients
shape
invasion
chemical
importance
communication
selection
regarding
homes
voivodeship
maintained
borough
failure
aged
passing
agriculture
oregon
teachers
flow
philippines
trail
seventh
portuguese
resistance
reaching
negative
fashion
scheduled
downtown
universities
trained
skills
scenes
views
notably
typical
incident
candidates
engines
decades
composition
commune
chain
inc.
austria
sale
values
employees
chamber
regarded
winners
registered
task
investment
colonial
swiss
user
entirely
flag
stores
closely
entrance
laid
journalist
coal
equal
causes
turkish
quebec
techniques
promote
junction
easily
dates
kentucky
singapore
residence
violence
advance
survey
humans
expressed
passes
streets
distinguished
qualified
folk
establish
egypt
artillery
visual
improved
actual
finishing
medium
protein
switzerland
productions
operate
poverty
neighborhood
organisation
consisting
consecutive
sections
partnership
extension
reaction
factor
costs
bodies
device
ethnic
racial
flat
objects
chapter
improve
musicians
courts
controversy
membership
merged
wars
expedition
interests
arab
comics
gain
describes
mining
bachelor
crisis
joining
decade
1930s
distributed
habitat
routes
arena
cycle
divisions
briefly
vocals
directors
degrees
object
recordings
installed
adjacent
demand
voted
causing
businesses
ruled
grounds
starred
drawn
opposite
stands
formal
operates
persons
counties
compete
wave
israeli
ncaa
resigned
brief
greece
combination
demographics
historian
contain
commonwealth
musician
collected
argued
louisiana
session
cabinet
parliamentary
electoral
loan
profit
regularly
conservation
islamic
purchase
17th
charts
residential
earliest
designs
paintings
survived
moth
items
goods
grey
anniversary
criticism
images
discovery
observed
underground
progress
additionally
participate
thousands
reduce
elementary
owners
stating
iraq
resolution
capture
tank
rooms
hollywood
finance
queensland
reign
maintain
iowa
landing
broad
outstanding
circle
path
manufacturing
assistance
sequence
gmina
crossing
leads
universal
shaped
kings
attached
medieval
ages
metro
colony
affected
scholars
oklahoma
coastal
soundtrack
painted
attend
definition
meanwhile
purposes
trophy
require
marketing
popularity
cable
mathematics
mississippi
represents
scheme
appeal
distinct
factors
acid
subjects
roughly
terminal
economics
senator
diocese
prix
contrast
argentina
czech
wings
relief
stages
duties
16th
novels
accused
whilst
equivalent
charged
measure
documents
couples
request
danish
defensive
guide
devices
statistics
credited
tries
passengers
allied
frame
puerto
peninsula
concluded
instruments
wounded
differences
associate
forests
afterwards
replace
requirements
aviation
solution
offensive
ownership
inner
legislation
hungarian
contributions
actors
translated
denmark
steam
depending
aspects
assumed
injured
severe
admitted
determine
shore
technique
arrival
measures
translation
debuted
delivered
returns
rejected
separated
visitors
damaged
storage
accompanied
markets
industries
losses
gulf
charter
strategy
corporate
socialist
somewhat
significantly
physics
mounted
satellite
experienced
constant
relative
pattern
restored
belgium
connecticut
partners
harvard
retained
networks
protected
mode
artistic
parallel
collaboration
debate
involving
journey
linked
salt
authors
components
context
occupation
requires
occasionally
policies
tamil
ottoman
revolutionary
hungary
poem
versus
gardens
amongst
audio
makeup
frequency
meters
orthodox
continuing
suggests
legislature
coalition
guitarist
eighth
classification
practices
soil
tokyo
instance
limit
coverage
considerable
ranking
colleges
cavalry
centers
daughters
twin
equipped
broadway
narrow
hosts
rates
domain
boundary
arranged
12th
whereas
brazilian
forming
rating
strategic
competitions
trading
covering
baltimore
commissioner
infrastructure
origins
replacement
praised
disc
collections
expression
ukraine
driven
edited
austrian
solar
ensure
premiered
successor
wooden
operational
hispanic
concerns
rapid
prisoners
childhood
meets
influential
tunnel
employment
tribe
qualifying
adapted
temporary
celebrated
appearing
increasingly
depression
adults
cinema
entering
laboratory
script
flows
romania
accounts
fictional
pittsburgh
achieve
monastery
franchise
formally
tools
newspapers
revival
sponsored
processes
vienna
springs
missions
classified
13th
annually
branches
lakes
gender
manner
advertising
normally
maintenance
adding
characteristics
integrated
decline
modified
strongly
critic
victims
malaysia
arkansas
nazi
restoration
powered
monument
hundreds
depth
15th
controversial
admiral
criticized
brick
honorary
initiative
output
visiting
birmingham
progressive
existed
carbon
1920s
credits
colour
rising
hence
defeating
s
URLs
https
http
Signatures
-
Prometheus Ransomware
Ransomware family mostly targeting manufacturing industry and claims to be affiliated with REvil.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Suspicious behavior: EnumeratesProcesses 22 IoCs
pid Process 2120 chrome.exe 2120 chrome.exe 3592 chrome.exe 3592 chrome.exe 776 chrome.exe 776 chrome.exe 4048 chrome.exe 4048 chrome.exe 2448 chrome.exe 2448 chrome.exe 1740 chrome.exe 1740 chrome.exe 3992 chrome.exe 3992 chrome.exe 3848 chrome.exe 3848 chrome.exe 3568 chrome.exe 3568 chrome.exe 3488 chrome.exe 3488 chrome.exe 3488 chrome.exe 3488 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
pid Process 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe 3592 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3592 wrote to memory of 3600 3592 chrome.exe 42 PID 3592 wrote to memory of 3600 3592 chrome.exe 42 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2472 3592 chrome.exe 44 PID 3592 wrote to memory of 2120 3592 chrome.exe 43 PID 3592 wrote to memory of 2120 3592 chrome.exe 43 PID 3592 wrote to memory of 3756 3592 chrome.exe 45 PID 3592 wrote to memory of 3756 3592 chrome.exe 45 PID 3592 wrote to memory of 3756 3592 chrome.exe 45 PID 3592 wrote to memory of 3756 3592 chrome.exe 45 PID 3592 wrote to memory of 3756 3592 chrome.exe 45 PID 3592 wrote to memory of 3756 3592 chrome.exe 45 PID 3592 wrote to memory of 3756 3592 chrome.exe 45 PID 3592 wrote to memory of 3756 3592 chrome.exe 45 PID 3592 wrote to memory of 3756 3592 chrome.exe 45 PID 3592 wrote to memory of 3756 3592 chrome.exe 45 PID 3592 wrote to memory of 3756 3592 chrome.exe 45 PID 3592 wrote to memory of 3756 3592 chrome.exe 45 PID 3592 wrote to memory of 3756 3592 chrome.exe 45 PID 3592 wrote to memory of 3756 3592 chrome.exe 45 PID 3592 wrote to memory of 3756 3592 chrome.exe 45 PID 3592 wrote to memory of 3756 3592 chrome.exe 45 PID 3592 wrote to memory of 3756 3592 chrome.exe 45 PID 3592 wrote to memory of 3756 3592 chrome.exe 45 PID 3592 wrote to memory of 3756 3592 chrome.exe 45 PID 3592 wrote to memory of 3756 3592 chrome.exe 45
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.dropbox.com/l/scl/AACtpUiQTixzQIRngXdTqzZ5ommdP0xkRRU1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3592 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9ed2f4f50,0x7ff9ed2f4f60,0x7ff9ed2f4f702⤵PID:3600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1672 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2120
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1600 /prefetch:22⤵PID:2472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 /prefetch:82⤵PID:3756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2908 /prefetch:12⤵PID:3688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:12⤵PID:3700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4180 /prefetch:82⤵PID:1884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:12⤵PID:520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5232 /prefetch:82⤵PID:1556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵PID:1604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5332 /prefetch:82⤵PID:2336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵PID:2688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5300 /prefetch:82⤵PID:3960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5088 /prefetch:82⤵PID:2908
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5864 /prefetch:82⤵PID:1108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5900 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5888 /prefetch:82⤵PID:1672
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6036 /prefetch:82⤵PID:1256
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5652 /prefetch:82⤵PID:208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5732 /prefetch:82⤵PID:316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:12⤵PID:2776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:12⤵PID:3540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4228 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 /prefetch:82⤵PID:1556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:2376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2576 /prefetch:12⤵PID:3192
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5624 /prefetch:82⤵PID:3884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2156 /prefetch:82⤵PID:3052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5552 /prefetch:82⤵PID:3580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5884 /prefetch:82⤵PID:3976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4452 /prefetch:82⤵PID:1308
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:2484
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4360 /prefetch:82⤵PID:1144
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:12⤵PID:3928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4956 /prefetch:82⤵PID:3056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4216 /prefetch:82⤵PID:1604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5772 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵PID:3844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:12⤵PID:3480
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:12⤵PID:3968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:3028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:12⤵PID:1036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5456 /prefetch:82⤵PID:3996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:12⤵PID:3992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1560,14179805103386601673,8052828103218713407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6084 /prefetch:82⤵PID:2740
-