Analysis
-
max time kernel
1811s -
max time network
1752s -
platform
windows10-2004_x64 -
resource
win10v2004-20220310-en -
submitted
22/03/2022, 19:16
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://lucky-cougar-41.loca.lt/
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
https://lucky-cougar-41.loca.lt/
Resource
win10-20220223-en
Behavioral task
behavioral3
Sample
https://lucky-cougar-41.loca.lt/
Resource
win10v2004-20220310-en
General
-
Target
https://lucky-cougar-41.loca.lt/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections svchost.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 4616 chrome.exe 4616 chrome.exe 1064 chrome.exe 1064 chrome.exe 1572 chrome.exe 1572 chrome.exe 4844 chrome.exe 4844 chrome.exe 856 chrome.exe 856 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe 1064 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1064 wrote to memory of 1424 1064 chrome.exe 83 PID 1064 wrote to memory of 1424 1064 chrome.exe 83 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 2360 1064 chrome.exe 104 PID 1064 wrote to memory of 4616 1064 chrome.exe 105 PID 1064 wrote to memory of 4616 1064 chrome.exe 105 PID 1064 wrote to memory of 648 1064 chrome.exe 109 PID 1064 wrote to memory of 648 1064 chrome.exe 109 PID 1064 wrote to memory of 648 1064 chrome.exe 109 PID 1064 wrote to memory of 648 1064 chrome.exe 109 PID 1064 wrote to memory of 648 1064 chrome.exe 109 PID 1064 wrote to memory of 648 1064 chrome.exe 109 PID 1064 wrote to memory of 648 1064 chrome.exe 109 PID 1064 wrote to memory of 648 1064 chrome.exe 109 PID 1064 wrote to memory of 648 1064 chrome.exe 109 PID 1064 wrote to memory of 648 1064 chrome.exe 109 PID 1064 wrote to memory of 648 1064 chrome.exe 109 PID 1064 wrote to memory of 648 1064 chrome.exe 109 PID 1064 wrote to memory of 648 1064 chrome.exe 109 PID 1064 wrote to memory of 648 1064 chrome.exe 109 PID 1064 wrote to memory of 648 1064 chrome.exe 109 PID 1064 wrote to memory of 648 1064 chrome.exe 109 PID 1064 wrote to memory of 648 1064 chrome.exe 109 PID 1064 wrote to memory of 648 1064 chrome.exe 109 PID 1064 wrote to memory of 648 1064 chrome.exe 109 PID 1064 wrote to memory of 648 1064 chrome.exe 109
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://lucky-cougar-41.loca.lt/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1064 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2e0a4f50,0x7fff2e0a4f60,0x7fff2e0a4f702⤵PID:1424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1704 /prefetch:22⤵PID:2360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1996 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2416 /prefetch:82⤵PID:648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:12⤵PID:2556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:12⤵PID:2340
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4048 /prefetch:82⤵PID:2876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1572
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5048 /prefetch:82⤵PID:3116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5208 /prefetch:82⤵PID:540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4464 /prefetch:82⤵PID:4040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4360 /prefetch:82⤵PID:4036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4420 /prefetch:82⤵PID:4072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5056 /prefetch:82⤵PID:1168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4064 /prefetch:82⤵PID:1944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4448 /prefetch:82⤵PID:1276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:12⤵PID:1372
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:12⤵PID:4004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4172 /prefetch:82⤵PID:2736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:82⤵PID:3336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:82⤵PID:1996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4448 /prefetch:82⤵PID:3248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4392 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=664 /prefetch:82⤵PID:4556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4680 /prefetch:82⤵PID:3504
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:82⤵PID:1508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1060 /prefetch:82⤵PID:5024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5332 /prefetch:82⤵PID:4836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4680 /prefetch:82⤵PID:1016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2388 /prefetch:82⤵PID:3168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4412 /prefetch:82⤵PID:4312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1680,12208858377826216006,16184601871157031093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4936 /prefetch:82⤵PID:1452
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s BITS1⤵
- Modifies data under HKEY_USERS
PID:4984
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4892
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s BITS1⤵PID:808
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s BITS1⤵PID:4488
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s BITS1⤵PID:1104
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s BITS1⤵PID:3472
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s BITS1⤵PID:3664
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s BITS1⤵PID:2044
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD51951bfd31ac7398bad69936bd0f71a6f
SHA14a96d017891ed56906d37e7ea9c68ed9b4c77431
SHA256570300280d7d28c35a0c33772414f5be165aa650ffe7497e8c9e319509eb2463
SHA51204e8ac8c966ca6bfb33f7527f3e0640d4b0a9d4b0a16a8990728835f069b83112bd26fef20052fbd43d02ab09a0050d7be5454ef7561873b01c3d018120abcda
-
Filesize
8KB
MD5616d45ec9d5ca2c9522dfa3b23add5b0
SHA1a7f151ce0a091b224dc1d00de2210f838d683254
SHA2563d8ca239f15e6dd1f8aca038c26868101f7c10fcd6c85bc6080c0db83cab8c20
SHA512c8abb07b5cc5354e99bda5b75e0684624aa7bc72a011c61021ae5970a8ce8abed06aa64a2060af3370215a9335310548e5581dcc734aeeb7fcdb5ae35680081e
-
Filesize
8KB
MD55a4bbbafa584cc6868d44014086adfe8
SHA127389b5c5a2e39d9bbd8297029243bf2afb42d81
SHA256c7dd5862854ca2625e11ab28191f3ff0a0b098e812112df415b7f698b626d714
SHA512342d7fb724aa24ac588e8d53b61b366b5e6edb55c9cb21966871a69368aa97b22a1d40f0520d44d059e911ba00b5fc5daeaebc1695a080fe3b502ed20d058d24
-
Filesize
8KB
MD52e3e994ace6b5d522d2939913bf7a408
SHA19c0515199db830383a0341b603a6193abc0f0dc7
SHA2561595e96ab3bd228c5b6196370cb6caa70fe5502a5d525b18dc3aaaf023b11058
SHA51205a07478e16d2121825aa937ab4281d69b4a62d5c0e3127c8548a20ae005f64fc23d209297a741054e337234b73e9d9d7b8ac8f3eee85e5268a0edbe6dd0bfa6
-
Filesize
8KB
MD5e72f20c7947e11cf2e7da6d37f8689f2
SHA1e92d278f6c2218332dad8f2ffcd4004203246952
SHA256ca3ad23874163ed1f16dad2093c976f77ff452bf9463c20afa4e76ab3267aa1d
SHA512c3b3554365ab4d4433e64a8b471457f88ae7886ac108421a8d41e722e82fdb07c911e87cb66f1581c60bc457cde1705311164bb995ab04f96353a25784294400
-
Filesize
1.2MB
MD5ce727a9270ffef37909be15314df42fb
SHA196fc258dfede2006eec8b49aa0d14aba667c8779
SHA256bedd5fac9037356a8cd45b271e8fd4ed0de8da2e4af72b37b2ac0b321c197493
SHA512cd9210f3621cc20794f2d3f54b17c4b97d2411c7537f8345bb7c8b7ba5eddb750275415f77e6129daf7aa4807b63eb06ff9391b62f95f56108d152e7085a20ac
-
Filesize
1.2MB
MD5ec15827e4a670bf881b7de5704f6c590
SHA15c8c5bd42faa710807e11739c0309e9c18050737
SHA25654f4c5b0b96888ee1b400e23013b4651245edb11ef7baa10e92f9e93e88a03f1
SHA512cb532704a30f319f056eeec02a823507d708d143321a6820f697a67edffb3baafd1127973bcfb03d1c0ed66c9a5ccb04875b3198f33986722ad4b3e9a029692f
-
Filesize
1.2MB
MD59b00ff34b15f46d8fcf7c9d9697edc25
SHA1d1d1a6ce27427478931ff8c54ebbec8fbb365479
SHA2569a8c8adc3ea6bc3ca1220e557bcb741c81540adfd1db32a4dea41cd0887aff24
SHA512a2ace0f12c9f9be41bf9317101c09109a7b98f782d28e7cb11ea6cc1a1c4651df8b53050da46f588d2f2e89fdba8a073626b06081ffcb63fa8845fd8a3c21fb6
-
Filesize
1.2MB
MD50a602c62169518393ec8e0df8658ecdb
SHA146e3cec1d32fb6919ed5cb4440ab75da1461eb13
SHA25690e9daf558931577b4bec8ba6632af3ba9d11e15a134f46cb8d5eb3832f619d1
SHA5128aabaea5cd119da2647c43e8c825b17682dca297a3fb013cbe51e46a39e4f9e42d7c142a66135ffd559c1a44d56bdb3816056b7e4b64cc5ccce4b1497381ebfe
-
Filesize
1.2MB
MD5e373bbce26310c92e3995132a3241d7c
SHA11686462007181579b744e7fab619f5dd8a91b85f
SHA256989db0a273c8314cdd89b0516d983fc2f559dee62de5f0dc94b65b7732f6c5ac
SHA5125676f51ba575f00aa3b20967d80179adbd38f546a48d47e28e6574045e93212aa58576f67b5e144284bb4c2b6820c93d41d0e6f5ea5105255367ec0e9d8b7a9c
-
Filesize
1.2MB
MD57214948a2950ff2083b205a8006399b1
SHA1383fccf4f58ff12ae82621271da3620cc02baffa
SHA256c07508951faac3b5f1958291aca9aaff3c31d786912d830a5fa2bcb7866c78fe
SHA5125c951ab441a9fe442cd08b7aab93a81f0928565c44ac5585cfff6bc54cbebbf9180478cd45a861f20a0e8c41e91a356798841676f160b5e8879fd3878057fc30
-
Filesize
1.2MB
MD52735a2120d7a82a6a64bfad28a0afb60
SHA1ced5b42386f0661de1ded0f142e8d7cf30786855
SHA25646029a0dfcaef20ef8297a9f4d8142b084d9ef76759283dbcb715e582305625f
SHA512396f33c79eeb776f38cd080fd3f6b7b47f1228ccf8b40060feb1bdae87fdb310ef362e6ee30835757848d1dc708d25601d78ea6dc54ddd4b9fc3cc87b5ac85a8
-
Filesize
1.2MB
MD5beebf61354924d9ec6e9073d7eea36e9
SHA15cde183f27d8f9637d0cb7e2ae8e2f4d9ee49759
SHA25673f5d54fafb95c6e4c7a97c51dd0eedd1f3d6b25740620c5d4163b1d01d447e8
SHA512253e28451764ef64efb4512c483757ec9816f62933b754b635241a43dee78613d92256cb3d7bc271c4821666217b952ed4b619125b71acb882e44a062a9dcbff
-
Filesize
16KB
MD5d20bd9e96e02bc836371b17607b06748
SHA10748bef3cf918d2c0836d772c3a3ed6a91e98f26
SHA2560b83b190953dac1ac4663f5cd786bc728b59cc5791290a7373a4d7ee2f5cac6c
SHA5127edb56d1bade40d5f69cab08f3dd0a858258d0c835b2a83058b7347191a9a27518721d27b75efe2d87a22fb4caee87676235f02dd9ae0db6de262289f21f5640
-
Filesize
16KB
MD5a08d922db207703303e6cf74c690e97c
SHA1548cc427dc2581615fe89706ae8059c2cac86cf5
SHA2567321c4308e6678a18c6c888760c9b991a9a24a16effc37dcb6584a782e7a9716
SHA51233bdc10d4044d2f4e82c15c72c12b43ea0320da66e5c5b0ddbdd4233e8a7a878502c49e26999293f308d2e05359906a316a5b42b1ea1f063a912ace9435223cf
-
Filesize
16KB
MD5679ac78d2cd25bcbd736cc7970dd2d13
SHA14dfe7fef59940e09b0ef14556e0d800218ce0f0e
SHA256a202a554ce2fbaba50643cf9da84438bd474642a772c8bed8673ea52b66a0048
SHA5120a66f6e23e4c343c5373fd18ec483e4de8f73d8fb67fc9e0eb52f6252f5e4c982e0de30542a75fe706e08980eae69bd7ffca4ad01bc2910a22626a6729a7c34f
-
Filesize
16KB
MD51c98407a226db64dac26bffdbcaf0106
SHA198091557ddca761574a6f3420f73be38415b709c
SHA2568e5a1b0448b23cbe148474ed9b2fb6115c7e0231d8b744292f6243ca198d134f
SHA512c7448948eacfa948c6089f843137c8a41e6e3908274c682ffa345891cb2354aaa77b116d30f3c0d58f1638509df3c326d36dc9d47f786d3dfc03d124a4883d8e
-
C:\Users\Admin\AppData\Local\Temp\chrome_BITS_1064_1152499724\0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
Filesize6.4MB
MD5b92bbcfd3c31f799c5863d78154db555
SHA186b1b058e1e7d2f1f35e830db446b59e15670e5e
SHA2566f6bc93dcd62dc251850d2ff458fda96083ceb7fbe8eeb11248b8485ef2aea23
SHA51238be0c179619c045a321d1fa2c67dda8419a33075a87f548feed9a858f5ba19b5b980c53d4a3bb5b745c7ce566b53773785aa1f7677e37dd5793ccae76e83787
-
Filesize
111KB
MD5d7d63288830d5930f435d6841de6de5a
SHA1a2afc39ac8fd17fa88030ba8b48d9d8ee93c24d5
SHA256c64c9c1008f3ba5f6e18b3ca524bc98dcd8acfae0a2720a8f1f3ef0f8d643d05
SHA512d4d85fd16a291474f99a6fa9cc76d5432f5865fa0d76e4185ff5ab775045122cdab771e88da8fc317a059ab901373644b2e7251d31c4fa2c389d9b7584351e20
-
Filesize
9KB
MD5867bf8c831d8385cc3ffa006bc864a22
SHA1c0eaed582e36c741c9d904b89ef29954d2852042
SHA256b4ddbdce4f8d5c080328aa34c19cb533f2eedec580b5d97dc14f74935e4756b7
SHA512359a39916d9cfa6c24ac0c5b152945297a84106bf03aacf69e0439ddc70118adc5ae4a5e26efe9e111c3f26381a7418d9e49a117cd6fd00aedf0a410b9dd8218
-
Filesize
3KB
MD55e2ec48715685943e1d278ead69f5ec9
SHA1a96964084338ebcd2a0375f81777dea88ed2d8d0
SHA25670497f45af368f6d591eb9b93a097b7b56821b0770ee00f04b2f5901487a0421
SHA5126deaf5fd5456d0493cf8731a97e664bad1e7b00ffc73c099fc0df346e9468d450453d3baf10b18e4061a81b7d1f87cac12425ba7b18160a61c8d0318dc1d0122
-
C:\Users\Admin\AppData\Local\Temp\chrome_BITS_1064_2053125997\jflookgnkcckhobaglndicnbbgbonegd_2787_all_acgnvv6n3hacb3n4e4czianutfka.crx3
Filesize26KB
MD5fe78c6753cc2bdb3613881d5f32e2b62
SHA1aad2684de63a8a923163082ddfe8d5dd02e94ed2
SHA256a9316b83adecfbb08b86a942afa6a9dd27ac46decf77d0301482e99166d139c0
SHA512613dae6d1a5ce2e77d342f5c450ddffa74e60bd57feac5c49c1fddd622dea351771f64c152030916a5ff1f0125bfd3a49e3a04f998af6330cd283099a6060da5
-
Filesize
5KB
MD50bf5369cda2102f7a1f1fec9ae6f69ff
SHA11a6b9c07dd6cf2aa5d969499ddff8a0dfc15e86c
SHA256fd515ec0dc30d25a09641b8b83729234bc50f4511e35ce17d24fd996252eaace
SHA51239c131142cecb88eedf7f74bac4dfbc50c1de88f3ffd10d1cca79b154a95c59d6f09c78580367e39dbc648fa0a87a74a4e9a336d691f68388e43b7e2efd40f71
-
C:\Users\Admin\AppData\Local\Temp\chrome_BITS_1064_282721150\obedbbhbpmojnkanicioggnmelmoomoc_20220222.432047118_all_ENUS500000_hbwjwk7bommr565nn72etjdnwe.crx3
Filesize5.1MB
MD5a75cd4f42d1c9dbdaf22b31e06c0fe44
SHA1dfea9712224315d809cf432b1d84128dfa11ada5
SHA256191e8d0245ef4a9e9fac8966c175ae9b3943d70cfe949de9e33d3c6a19b7c840
SHA512d7b54e94a2a42697a7b25fb287fae12d7342acde89a482dd00c37edbe5234f2c8f899732dd519a0fdff15c1f04cb21bbd618e78df4102e61878aad22a8826449
-
C:\Users\Admin\AppData\Local\Temp\chrome_BITS_1064_290821534\khaoiebndkojlmppeemjhbpbandiljpe_48_win_ccfl2wvh5b5bfuztfguafrvlpm.crx3
Filesize5KB
MD5e8fae5f775b15f88fd410e6c9b23c0c4
SHA1149151e2ad212b1a529ca40c5e5510adbd8bba84
SHA2565f1c8af8a15da419e629cc50d85e7326cda080bd1f7df8ac38a16b98e0a2739b
SHA5126d9999f4a2fe6101cb08c1be0299e73c5de7cba756caa4e628d18f80fd8e3243442af6bebdc96bd4c8ce32e24c54f81bc573a12368d8c6b8d826467f58b9baa0
-
Filesize
384KB
MD55a576555382cdbd3070937971e3052a2
SHA1644a9ef25ecf72f65d4cdd8fc68a6c48ca839350
SHA256478aa915e78878e332a0b4bb4d2a6fb67ff1c7f7b62fe906f47095ba5ae112d0
SHA512265881bd1e9e58069fb0c205897d1e9682cfd05d38d8ea5029adf84ff36664f4d91abffc6d5cedf4fc3c817c1da22323225da91c1dd3abe90e96da6fb89bb141
-
C:\Users\Admin\AppData\Local\Temp\chrome_BITS_1064_922796438\jamhcnnkihinmdlkakkaopbjbbcngflc_102.0.4958.0_all_n3hnsh7yej72ofx72klbtx3d3i.crx3
Filesize799KB
MD5938e336351fcebcc655faee85feb3c56
SHA1166b7479bd80f791985168dfb57e10bb79d8d3cf
SHA25610bf5d922ee95e12076f19e1039aa992fc96fdf31c2e4a13d0f198c731473024
SHA512aa22c382f01350ee3fa744ad6c6bdd26d857e10d1b3f74eb6f5850608004437d8ef1652d83f93074d9b98f131e7fd5be2055c3225f86323f82c1d8d3a18aa0ac