Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-1703_x64 -
resource
win10-20220718-en -
resource tags
-
submitted
01-08-2022 10:27
General
-
Target
http://www.fsoft.it/FSPViewer/dwn-files/FSPViewer-2.1.0-Setup.exe
Score
10/10
Malware Config
Extracted
Path
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IGM9JUSQ\f[1].txt
Family
ryuk
Ransom Note
{"sodar_query_id":"76rnYtPCAfOI9fgPmom2yAo","injector_basename":"sodar2","bg_hash_basename":"sJnbOeR1u3NfD4ifTr6IY70aHZRfr3yKQi-A2m-oHT4","bg_binary":"IFyL8X1RMvuuuKbiVMjlNw5dDWDyxeghWH12AOBjoJ+dIgX7nY7zoOqEQyM9O0S6VpSJp+JNkNaR6XKUkI7EQ0Pr6Kad519SUTMfe9gbqiAzSlI5Jcdt+nItODVzMyW77a6QhQeoQLCgV7EBpP2GwdsdmSmPyE/rei4R3wyLaovk0YwiPpXX2GI9D0U7/a6mE0fDsgXOtkWozF4WDsfcox9/3bpW66XRDdzBxS3caLRB7DIBSze70Onh7zZxAkSkCnRbvwIdGRaZefUZBc9tGkOkYg8GQxOia9elVbpzPgTyAxZxPTXOPSQGrPIv5/QHPE0LUq/0ZRyuke7j0GNjE/NNbMxodwgKRHYYzYUNzfTeD3fVwvn8ySdB3e7MRnqxp4diqgCXm86yc6/PoDbw6rEItzOBwhS/cSw/sod8gXwnz36L+G3atWd5Nb+66r/94zj9ZGxjwPwLuus65F4L4VsPF26t9MD/pqYcBlaGf3D4R/EiyPSA5hALw55+FzCJGubfRkZCOTHhygXh4gnM/vZ0yYvZsHNnFbLKDHtRczqFZkMPZWDFvJSTLVa5X7bFFzonW74qige7Ix/Gy65Vmx7cApSJYkjkhlkt6hF/8Ci0N0X/S6nBGKbc3g83HL9A9ZeHgPysCY77DruPpIs2U1FJRkaae1V2HR5VQkZGy81e3kNv6KtW5W91FO5Nks7UJFpDpYqMMpNwW6iVfh/o0uXJBaBs7gLhJ0trkY8nwoo8mUVQbiIAwCYu9nIECKoFaEIesk3+AzT2ceEQDJ9cB1zEgukd+VtIXTbUIPGuK4dLdS+12fg8YtbNXNEVsEFpMrHPsyiHQW5U8E/N3ZwsNAB1jLQDYGNGHKNx45hjHKl50oyKSq6u4xBeJogL+jY1viSz+Gub8g1R+UeLcG33zRINzxLKHzCg8op4hS9MI+is03zavX5eoIfQ3SjTwZ2aLLqAMArMCb0sUu9QgX1e61GMmzHVasNmTCLzwmCIDB/VSjOntbZgZu5Muluj7tb2nIX/RWy9BM+OQ37eWlkmd1q864Dxk8mZkBpUrT1Pnn8FazPSu4zRIbb4g+Ci3UatoqYsgVQfvIQqRnyR0k0Xc7PH+631kSU75SMGT2IRU9vy7SfG1UowUjFmycKDo7EhppcTXncoqlnyY2wf8K9Fr7PvfONvw6gqqwifZSboDDU1UjczxV21wrvXkcEkrSETWggArYkMTrT2mHE29y8JzIPc7MG+72rCz1R/EufrroP5PwSlBpnZiRcESG3PDPD/3n1g2zl4MPAH4whB0KxmnU0WwWQLlJRmzQw3OlsxlIrZWrDyiAe5GQ3yl4umaJQk32vaDNY/iRHpqk+2QeRNuvDM37GWHEnTxf40faWSc6cdyNyYije9zYRKZ3cZfPEZ0lfG1wmjuH6KPxaNHxicWqkP6pBpDRUMVLJVIdrum203b7Q4pbNmqn7bdf849OgnpnbIzctIaupembxO0CMiuBCHR5f/jtmEyJCEJbGLr2k2B4wf2ABv8saMZeDxHEpVDnFr3yvscV9iwpSB/qCFMlsJsob7o3oamIUE0lysUsaRlKoEkrr5ngvewFMI1SI4mdUoVb6I12drg5YJn6fGwpf5lA7fovt6K+FNtsNJEXM8vIWLiS+FwKNuEyk0/As2CHk096maSxvIur6QHCHrUunfX32KUf8ZQsqRUwQ8NN4C0/5TF9l0xM3V+iPErtwnLCoqkMaJIsVDHKA1DOJme0GSTfdEZTW7QStsY1txviPymn01SkQiKScA6IRYSVrgGsB78yNEN6DqtwZtke+m9hx6HJd+g6idSikWCWITL5bHV4Rwbzb4vvu4go7D8suRFzdX+8nZnLq6AtM8LhaYiTLSDUur7+ZgIFtpoqr3hAWHbbikqxf2j1n637PegbaW0I2M4da9K3qp3iZ9+3V78/V/f/kcNkzLOgVatrr/jUZts1z7lvnfvnBfxHAhie0WRzSG6rEzlNLP7BGSkVNp4eYkU0irxVnlJcb8dNthSXlWrbkyy2e9hI4mCnvvCoHXkj51AYbgAdO6lEeFMzuiLZ5qtpdiFPHVOIOfMhsDWBZrsn44Tm2ndggIamyvMWb2we2dgipJ0lHDZeBC9omwd79P6RDYWlpd/QlxnWAKdx4wcJ4YU5VrWuRJSw0ncie0MugA/AdGvwe6jMheCK5M2+6WyIxTn7AzjxzaXLtdNqSY/sbXFwThF5yG/3OEL1qv4V8gNC9UBPr3nIRdXbNne/JlwBCjp6iFHOC03JcgN7X+nZ9xjXQsW7BHkrkcS/Hkg3Zm22JZJFRjyPem3EoEC1TWBcRA3jFfooQIjTsXgyEodgqNKLMBGp0lIZ3l9HZawSUZbSRyisiLbQRpyRyAXhN7kIMzePg3a9mwCp2vnNyWEOC8ATSuxtVGr6DDTnLwO6+b5i8Fk5tkMC5+fyoye8z2OC9ESTAeTCg+t8zleujmvt0wk0zxNJov8astDBgDiM5gOf4zowEx0QWfY9qwafC6NVA6DJ5bJFHic6UMDZOQRwXPzxNSKQ24wvYU8oC0TgHj1SZABEZfYYIMy3CY5w/P6d1NVcDZZu1lYk1eWrGxv5sStnRCQKsXY8JMl0BXxn6N5JwkZ3+kXXVzWqxLKzRxmygbpiWeAgzqORpwfx0CF9JKVHEH2R2iuJ9kM4DczKDnFvxeJQjvL2+fHe2q+JoWmxCAiZiAvLmCHPavMUcLVO+X34Sl3veIl4npymCiWXV1rEMtyF5mlDkeezMKU0eBH0/Is5Ub4/ym7YOC1pqtNJINkO6NOICOJ3VWA6iXJtSmVQpkzqNuWYSLS17hgQfwWFuwCqiJmPq531ZRni8hptF2Or+W1YXu2agU6OFqKf1C3fFwih2mhWynR4NvaHRdOL6aP7MT4tjUOc84/OzVG7C+qLhTbf8bulIKyg4zeaCHQl4l/EaUzqvvp7WlQDG90hHp/ZcGJ5OtWgjYUE79Ly/di1RiphjTnYJ/GaeYMu47KuWSgbsLRALIK82frJptgqOdpZT9VyA0SZj+mQqZJe7iIa7/nvaUczMN91VTDFKQa0RxDtbW2/wuJebaTYqzRZBV77b72hlnQ+pC8ub91jwdFbKygrQ+AQK/CMavHgvWPpuUZ6k9upFcxJ2wq/VHJrN6+R3Lp+JDBdOfMcKA6AW9s3a+B+ScBrMuHSSzq8iWlCwTlgzpD14I/lWtZec/S1wbf26tK0kIMTjiKdJeTCcuCd5T3N6n894Iwg2+K7dDvPH572Q7AT1w1e0G8Xh+1HRBvEQOWp3C7R0iqP9fmSfpy8BwSGwuf+WMw6IijWYe/huXfr6Pt7cgy0cb9022L6Fsc4ltzUMSLLgHB5Ks424nPT7x55eI4K9wYtmWE6zje/92Y2Yh3IUeL5SAg5ELje+tfsa6b+xDL8BAOgdXuJ9oROchX8/0hh+42fywQXyDIHFATQ9YHkjRZRW7kDQc1p+NcM3q0n9YeWrehw0pzb3L+HecJDHDGw6wDtltcPRTQlOAdZxmsA/0mXTtK+DqJY3RWN8lo/v5wIBAI3lJ9Ay15OvIoUjTrrd5tgBlhp2wFbAHzOTheTVMpj4HO7cuW72/vd7HgugJ8bfRV4aFoxwtTYEU7guDyn09oAzz9oyfma22+9GCg6kw+ESJm68BlW0LUG/5zq5DQNqm/laZV9XhoGAlyhKGNTDmbEFypkbn5VWkyVOSc0F+S6qBNWyA/VrNTLqzlATSL+1O8NxBw+Q7VBQgygXRFc2aVYYq5KDFF6fqdflStEjCYfKtmTSEhcWNYCPmpRQXtFAvkrCPpbUpnUCUTQm7YpnDh+Te2lKLMm9DQ1lmo3fmYJVIOWucmCTsnJO7orwkwzfRLk/9aa7AzZkeYTLjsWsxkqX7vrIG/y5c7Ihpy2CjLRS1dW2jvE7UPS/XV7Htmh9HnYLJ3bu76q0jFyXFWoymEyEASthpq7gabKO9ftz6BEZlAyBeM2FiSyE97QHnOnIKLOWrvu9dLLmEmkci9iktpm0E0yLG5QH7oa2lBWi59yq7yty8lW8anef80l3kzhUwV/XCRLinvh6SnekL2URwvItLBo4anTf4xceYc/EMl6KdvrugO4dXnFl5D4mKrbrF3sFDrLtcugMTUSFTocObyG+GN8D3dgCuRDftQAaltneRITJFQo01uut6u4sAnqU3dmEmGgSyfpb9ZROJrYAv7BSYNvqhVVGTq6xDVRzu64hLZWHxKJv1fCdDl3uKxML4Ou/lv/R2kx5rNIj9k0ly64zWsKhP2L90rGJNvcanu5lGQzjai3j5xBGzcuNN49ENIidmqWpQa1/qCPkGHRt32mGi+5auJthITQ1wIZrS4T9VcMitvBACGEZ4G0vImuDYHStbEsixpic0QBsZHjQ+tFheE/ZuAMKk+gmFuDSUPzXgxbmsZJBDcAAyXV+YgLfZxFwjc9LWAWI9qpfuaztBUVPKHabzYz2X/3tr25Cak5MWzqt5rpbCkloKtsN868Rlpvjs2N2XgaBBghoW97FXuAyGT7NPqcHCwraTAto010UCekI4wglbcrQouyHPnl/j9Kcdips4IvIuY+KQ9W//0ONdMiYGHFmI6O/TBv2x5xawDrqyYwOcotvVn3Wd6GOpLuVLFsJ1fRLqBxTTCwAG076dxfHArDRzRt/q+5mKD6Zr9RE5eM30cs51bIM5xpRXY8pNCn60YY16Qf+oKGNRUGl0a9S6lkYCRgsP7Bn02lLGZznh3DZmYasji0XzKYnGdhxyPAB2uIT9EfCuzj9Ihs47h51MKSsTTqlkay814eN/p9Y6adyEgeM48b5GVN0zNsxHLSFEaSb2QzOQBbdkK8BCeoa7/iAfqdlTf9GP3dzDaNGiPRM4p2Af2VoQMMsfA8TxpzyT9qCuYeXn3ruVCf+n/ibxTrbXx7AF7bpiDLet/HhRaPNUEGijQiozJ9HDMNoh9tXCK0EBgiq00Ta8alB+PBTZ8PM8PEWYS6666jjIYTD2q1OIqR8/IbK7rtBTB8p+/3VYTV187RgFIeAtXhlmbmSKYGZp8/KB4FSfvU9Qlz345S8SUxXS3KF0eRIuU6Rb8/ocmPm/cwo62L14o0tgmd2U9anOFKIVEMXaAEnPyJQ6FhtVqY4hWq8cvYZ8CAkbQPFbUMaBr6djg1K3CisIwpytHIW7ULbh9DsLWV/c5VeZjsMDXxatXvwmzsM2pcluSOrAB8IHHhdrwGDBkxZkAC4dbYBhg+FH5A5paYKBGeLIPdpCFDSCQY5lufGCS2/Q0YR924oFEMmSHHGP8wsyuPfM/7WRqS6IdmvZEkAO1H4/p/we53wlv/amQcOo1HOcIL9N9p2uLckp/8pFEflJ2iWhaS45Eho0CQx/wxbbSL7uQuLPxi+S+DcuDhdDQ6m1U4TXFXUDqTnV14a+gHhc214uxdwSBqLkUmqqhca6hsXey8nIUw770AcJqdY4wjSoWtQGgqdWghIMo9IWvcShUM8Xjk3z1GOcnfaI1wfsCDq55v7goj4wk0eWBNDMYN2aCUtM6H+Nc1+dLY+uy0BV8JyVI6DJWBpERs9AD2vPfPaXBZPHE6j3up8SGbJ1ckWQKk1kit8J2xtsPwgIhe2t66ezFcWnbViiI1qCDvksuVEQGV+lyvNFE4MEaFrTU6K6dqmQ5FHqQ2+NuSVpMw/JFexcY8U9XzAaBaYLoi1S8vn5go1aedLquDzboqoJEcBPbWmdAxFm2gpKnkZQNcM0NNl1l85vQmv7KdflgrTTQehbCAvlB9w1pAKBuxZkSldKQfEfTVirW7eS7FG1RMirYDMimv1QJG/q6vnPnMYFUKLmg8RSsMZHF6JqTgs9VieHUhKZP3ToLCEVm+gUSDDTiEJMTqdvw0jY9WO2mKCm/tXyvTI9d5Tc4ibfFyaQap3mE7mMfA+DYvxfML+g/EmdJTxwGxlyuGfySOsy4gAUx13zyvk8VabDCLaA3lD+yQQZyL/MqQNaL+zYSl34+dj55GS/tmvL/Up0oOCfd4kF9j01YcYn/38ZhCyFWfdYKovKNoG51LQem/JBkpUGb5TzzMeHRhwy6Ur2+DRyMPfme8UrxXZB5Q2ZWHRzy/LsXrVsEryyFICj/iH27djAiYgcDOAp/ZB0WJG2rUSFF2V/WutLJj1jfzvDuhgSYBwrJErY5biT/mFLEClOm8E6/n81GymIzsh3BZNo3chfcJ8l55gu5KUFCaWQst0iHll80Uy0lT5RPM9JNu1BPK4AqyTuGOMauNXYWS7MrY3mGEe/+mAafmholjJnXwfypSQCo64FUlHj/uE3EFiYmJMBEmL7FQJ8S84seXm2md8M56NTScMOEMoKghArSpKx2owxl+MjEYI0YwdwWeGGCzMLAKuspQR1Wdl+9SCB2KyKrUDTPfVftx7pXnE8pGi5vxOogRc7JAfG4F6/cg8GGHCQnagJf6MA5/iWtci6mjS/c4sDAu9bQIMFKyBtPsznLJ+qNlsgRd638Bw+WOJuK7x8KpEVdV5/Rh5MYdGscQju9owvferfwUJ6v9cWuyvtRSavo7ofi+vmGY8WwgMiPtICMFEnxSzCeqvR1YbwYJy8bstYlK2PuU4eGaut8M4y4I0/oP2ULFJUucCw1gP2TpqMwNlPfc2+9i96cKUF3pOmEj4gCVghGJUsUSGpx9R/UPXiITw5Bfl/QrsaApBq66W6F3myhI3LsxRwIYtpZx+dziBYfPY1IPd369l7AnyNqDC89WsMNpkps1q2cYvQk7WL6YBU6mszFEw8+ofD9aml0LJbHaI8mY1SOKouO5NCBaTSfFJiL4PYZcu8V06/JUH7YRlUTr4t2C0IYYDOdXRs+2ccN8OlOuUvfbHfzfpSLj1Xkf8Q0PYshwesh5e1VCb9BBYNBD8yYgC3oAznTLMnsAYUqoTx2Aq8SuH8LjEt7ZQjYH1y/5cWgCsfcCCFBaZS2VigKlFgHHh/SV5Tid4zJ96ILm3h7kH90ElxwS0BrDXDZ9ttNzkgP3nnBQDkqG5CN0O8vPlNEDF4G1DLRHkp9C7ohun0qnhwDXCAGJZbai+Pda6jeVMSS23yfC0rFQEBm4GNwOQMwW2YLOPxB6Q281hBeMLt2+vsxEdV7RBKTzT9+IAQUdJhi7JH4wVikrbpgwujjxkEboAzYKtHDbd8Uzaj32SWMnKQf/bOqnujqY6nbKP+Kv6FP0yWU+vQcoc3fyIlTWeUvUsk0IXSgtrx5Y/21bLCeYEEQ+qtV0iLBjaJo5WAFmQu/6lbXIp4ZmJQkftM6PSPFVA3UdzrfYTvp1NyrqhcOcJrHZUxjFAOfffYsV5KlVqwpTS/bA81ouvRS0SahlhAem2IhiIDf+rcBcPwkDjaLU4JMD8LTu6Sy/D17n++GytJz8CAAWCfAz0e8oNxoB+JgxYCdth+YC2FeYufai5Wmn9iQ+2tvGct18d2g1tKH+BnTvJOaeEHDBJ88FhUDjtuVnt3lHDp/bKIzNhtv3WGVDzP5PhVOFlPe5k3kWrNIlpxlf+9uN3CNQ2+bcEsaSWO1Oj4aXyanP2JjwErt8izB8mTIF2uzIef5PMyCFenFEXR4/d/brgZS0em8jRJkbv+hV7gg3jZOq3F5NwpbMFkKOoff6H9ySbOveHwi7NhAcQXD+SDspwZaIAgh357axBpmZiIJFZ3hB2RCsGzfnsZOKyu4GoRXUf2EfvLmVAGzJ9E88mO3+9FEjOSWNz88qYaJTnrlkrYAFxqJItz+oZQQNk37n+V6E0obmY8qUWqDuTbTMowr5FfMWCglFOrleqCgKDf5nEcx76DwJtrQWyOghBHo8Uo/14kISjNljAVX1ydVVJRZOJmSLseEy9W0Ib4PUyt/7ulOBZ4mOzuV2uPwO37WIjNo3QhltYM9GGaUtWOggSvxQXzBdf8Tv//1P1XnfmTNFupqV6cSyzjn4O+sbppa1wbl40DN1UafpiV0q2AtzkWbcRhKhrSlo5ttCUevqDftmAL5mJNmGGAcKjQ05pQj+JKmRonirjOSYrr3QfkPZrC7GrG9mkON9VpOHpAa/Et/2tTNPyo8EOL3+cVNWBRMGf0WbWkZSbNVqfPYVgluhdfS8RB3oF/Z4N+/IDmPatxZqn/C/5YHN8JhyGmggqV9j3TwQYc5+PLSMoPT+dvMAhfPDxyqpgShY4bXKgH0Kvx/l3q73RxhhSUMeb+fxnkOffiP1ZzWVXXiRWCZJYjVnIfuOHFtpYiWD3edEpm1Lkc1/YdkX47KDM9GJX+/kzvyy25pW0GOvl4OAUvL9yURRbo0nDs129tQ/bshsxUOj2tMrchX1wIU6uG0asKRytfdDtQMsflXKArg5vnSnQXYWBAAFObL8MsXP2R7eOIXRMlAGMt7bDsoKEH/RjrUGtYPZOFV0hs17JWCnHo6BT6EdKqv2LUu3wzI0qVlnxJjL36qiC7b6162iDtwL2FPrNY8iacjgT1oaIW5sTSV1f0410fWp+VgXkMaermy57iiBFLzJ+H5M8YL5NDBrMTyjmWMX2nKC+BmRXDgYVAxZuBCKFTYxM/l8a9mJR6zFn99XKbj4z1RDESotQ+EwR8dMXE2ZHu0fUHStzOOoY9vX8KgwGcvhtKtavLgwQGwfevCvKPXwsnmpg/DG8t0L68/2kwFo3gAdLM+tyoJ/oxkDLoqRe+wn+MeeBfooNcuHcRD7wiUGcyeALwN5QBsdbvoF63BC9+aMwYybT0f5hKSUrGwmb8JlMA4Oerj0f0Ltx/KFmqDz4sGGwM7WdihZXkmRh/enBGmtqQpQxecH1xPqx3obPs+gNpA2XLCqIwTMWQI9d/f5cFXJ5c78bgZyN4+Im+7Iv0s0ypUiUOk7HH8b8RNUzWgsDOfhcwj+MBq5hbgyJhdaOth1KnsosxK7GbCbhZWI+wT3H0q90qGhARKn7NOcSVwIhBwrtGEbn5dyuH1bmAwkNFlJk+guJgcw7NYm+JPCznOK50d2j9B/FjyLOfEcMb7CppXFbBDpSlSfyRc43+jfu+TSPpZ8RP0+boQR3xi4NyfA3qBVBTIqX0dwnWPjqYxgPGzSLnjnZFU0NdVBvFby5kOHvMVGaKGhHLBJipmcSnXgDDNEtwX/MJ4ouQAPDpKfz/0UKO92OqAx+buhA+EFBvm0QAe40E/E3BJ9CMf1Y1abZC5mckubtkURnYi0hEwCztPb6+T8hCcdKIxWhONWZiZUIgVamTpKhCPcJ+dltqOmx72tjE/RNn07CGAiUP2ELt+eaZutZYq0/5yFYZN4vla8m3uuJAgeaSIU4o89rLcVWWboTMFkRzAll+ffsOCyMPV3/iqOULbw/WcNOghRVQYx9ibUXNsfLD5b3+Q7YXl9vlB0nADgrdmcdk5pcZ34H45lAwbCez66hXn644pKR5F595GXJzVHMQkQFX1BLG91bhJgFfNRVQseOZq6CmVDQ51FXRlHWJ7R7NBFb8jxqcdNGowfi+2NHrmlRlyCtR6mojsQGf3abbmWsZDO//0HGW85zVExTnwqLP/lr00+ijlbBUap3n5Hr7pVLwLjKE+DPnodvk+cHpeTT8S/j3x69ngJhBBtQFG8z5H9w4ztWK/BY1NRACizfhqAqrXueGjyti74/rmxM63JyR2icIMul63muV0sCACi4k5SHvLnua2kkYpmtnAI7vpPXNytPMLVcDRG9klnnTll9iCvak6548G1zpKX0L0jxnZEh3c9OF0LQFCWzf0vfqjsR/jLrabc0L7ww8sr1s+cVDonojcTMif3hE1OlDYbkS3t1iwZHZCl7SFnHjJBYuekhG3yWHD9QBlBljOT8SPHivbPjMI8bxYmcbwnLCecOvRu3Wx2F6U3a58ZvvhMPbh4616wbfIRGbAw45GTx9ejIRC081CuQ6ABFRw9V4KfBX2cQPtAACTYNPuKLeyZgCwvpEykea87W6v0F03bW3SgkPrTYA5PZparZlSDE1lCEoNjGwO367SVUWgYCRzcp6q2/wp6sxvhocAj7c6VBmH3214kQGwuTtP7mYJ9Pu/5yR6D1cLzx6M8skAC0EFvLjJnUfxAh1yflUy1YrfkDRvDAZSW8iHrUZZC6MjrXo58HIqGlTx/jt5vexEOojjAzHsWBvtdY41Cx+zxwEfsd4l0tpD7X17amLLAcq5APvzsQV23Pp0F7PMf4CF2G0iZGPKgex8eAs8UGsmb/D6vbuaI1w19GworC1LDKx/3aFuVnNBaeyRu3G0Dg36lPcIVpsjx9+3/QDEw3CD0i6NSmDjPoYfXeDuLFvMlGDSHjsNstSTqqS64+y9G+aJWgzmREbQTTtv5CSvtZWBQ3hunSOulg9NkRxg2WbHCMFWI6tNDIcSaIJvppbTXDUhrcLEYyQMfVOEiUgr0u1kULTJDxcB1+Q+byjpejItJPvkMlCMjqvtmk1a78c6t7r/XLi9Hfui5fydkuahT5wR9B14+ndKfyrpvKsKActj1NRdyfaz9VvncqL6pPwJwuSXHguRyTuLvDVUKzvJO5CMpq65Yq3pveM/9IIt0u2tL/KAFtk3RFdvhvozDWQjwyw87+X36bBdEKqcqokfppMwdEXvZLCFVsBgnti/OuqD5rGql4DfQZM6+fgprMSOPxFQUvJnwIOogGCTrqVIm+SInOVD8vG70w7AjoR7EXpg7UFhpTbNQSFH8+sRto56BU3Se2N+81OQWko90OR4cZMSQnFjIpdyd6smEF7NpQq/ux706vpjaK81H091ezWeguULLPM1JzkCsFi3oX2KULDJvzcYxamBrPpdLUeeq5vSIwKdHWHkkD88ri0hSfsxmJyYkFJf7bJYBo169h5Y5bg+iVgKAxUWow7FFd5GWGq1McBzZYBeRoqRLMFfzEBfsS2B4ZI2jRSNZVwoZ/v84gkr3vaULv6ZFrUzHnc/6oniYOUK5Xeiv12axVBPT+GLT4FSne4kkN1MSW/JYEFns0C2+TQwdnKPuciczYAnDdfwVuGT/+9cwkQFLqRwUkvTAAknqy+KUgkXIshRqU51IM5Xzgqmv9Q4xaW0MK8uVEgPqpShIrI+DLBgdqoKO0MwlfIrs5Qut0LVdhLUiJz7VwRqWQ0HSadvj5gQ2OMU+EQSKvgML8oJhnvQQ3R4+MvjzhEukIcG89KInMulrQkcKALGEyZ8cB5Tqc5ZWc2ohmbKmr493/1aZ0CEV9fmpqPXTVjWwho4LDKQc9LO9Q0Cq4iBsQ7LQ1tlgq97Z8LPx48WO3vxqVZimTYOfA4GidRIMzwz604kTxvDJhGw2/baOF5hEiUTY1Zuzsky3Fp629xsxpeqduHX4yeFJpgd+ssPZG91sBZSzlXzazIKF3U98nOZNYN7OuBFM0nW4PgpRM21y/CD1FpttaLm8mCAGeCF/fHbEMo0T7whCz5RFZob9r504UMfO4UHdMjURsEywCcuv255JP8CWr6VBcjD9g3mrlSnrgBDzdX3UllOq2SV3rceOvr0QwVF5O2Dq24kKAlXaNlBRztVP/xAgRcl8ry/JfkF3EI9XAFwQKFuHgGweuo/k78YPXX6gGrXlcu3T4eFpvmJJ6Vfv/88djGyAG39MQdgJnPu5TlnAIHncl1p3K7speHE0ZcRTy51oUmZ58NLRKFKmA2PnXKg5eFh4giwcs7adIpJsvwTNwjZj7oko00IkszmYjoobB84rg6C7+5gnOpW4EmGSOAfs80wRtwCSoquL+tofHiRuLEmO7egbx76HV8mqrAfIzTyVxitxZHR1I843T2/b8KCM1Yu9jHm4rT6ABHF4ZGSr7TfwqQTnSRDdpXDmhevmEMEp83elE6gkpE/IZPN688lbXVm7o23R+mF9i5KXxoeaiGjtq21tdhHK5EknyDFF4JtRYpifQf2jbevUQVjxZLcFYkOX8XoBHM0Fc2TUNixci5nUvwBhe8rciuyuHGRa5Ps3Y1VqWsDlxXMtdovAZTccgsVeHb7U/L5S1caAryMI1LSRNK677p7wUeBTfkUJ4M3wpOfPH8xMBo4IBkJ3a6+yVRyL5RX6m+4/+521QWFFmiqHiRGnoJeeb0hONGPsbdRa+1xjT9iBNu1cy7jXfOPJDFPIjB3c0ZB8HGfk6nliY7EzPGWnomHUqoC0D1HhJJLmwV6Nteza8BBaDmGoh8sqC+BXg5US5l9MvV+Vjdt71+hLjGgBQTisyqFKDswOZxyZBO5R97pIgCTHPqc7a1QvZVwZ9bmfX5e6dtk4Rs+smstEJ13czfH6+iQv+v6KafhvfOIst8GkE4IBbw4oGFTqEIETiVvpa5gxnyiJ/Zp+32iN/WN+3CGrYEWW9sMVO6fw+/CIrPQTL76Cj9viNdcXXTohsKttssgPxjyZlW3KFCH8jXhImSUFBmZUcg48CITCsKaEDylV8ZV/mjQBkzOsbzMG6O4BiDBpiJRMuuynSanue716+B3LaT18ES2R61zV2q9Psv3xzaD6eZhk9ciOxGTHGqrbP+frEVDmkMIQU8Gx8jyRpNqyHQNy8FoHNFl0jsA4CjzAnroURel8auWHejIMHtAYptuTt64KYXxNr6qXu/P4lc7drcdgZEtCl7PSst/Yc7POqinsnRQgf7W7nI2dafYpLol+XEVw8J7FtulSG/iRYyWFDCV5pBW/qjBpGSwz3aTeYhKvzGnN+/P/xupSpth3o9OjXrkaHp876kZOR+WH/Qd2fPYVUrXr/NzS+5Ov5prOiNOu6MEE4W7t1H6hWZmZsmpo/LGy8ORMXDuUpkpGgAfUAgQo2/sWZuwrTmNRapHSasNueIPwDq1PLpxEyfflHFLrArjpsTmmCjwFie1+lPoTYYmq2nTiVKqeQgs/UNWHXpu01U8TapNg38qxMSw7c8udHkyLpZFmoIXlJYQsn+26eOjDR3KYm8j7DL2GXumkPR2RJz5Ms77swvs7e+C1IzIXNLMka3JsmJvIGhdgD2G8WYzkHG1mdDWqGuCrBmLkEmTsNyf9SU/ShkqMSITcu4LKjfX6etrQnJMa+gn38XL8g1PkfGnz2ABA8DlXL3ydNoNUb091kuBKuE9KumQ8CRTJMMU9j9+2GdhWsCCwOMb5FayEFOjqPFJEZIHo9HfOZsIldHglB/L63uLHnnqOk9VTWKqicy/ruXgEF7tIpz+n29OD7Iv9fTShcVM5WysdF9sxEtOzIlJbU0fLQ8SJPYZEoLF58gpUKcvYsXmd3b9F79ahmpgpJeocOSnRR9M3VEZ/z5Dx9O/grOXIFYnIXgtU7371ib3+Jt7owfgBclSrDbdLQKa40+koPZEfjyiRzHBvZtYdDp4xhV921HPIq0zvJXLXQpfLk63u9eBv3SGfac/IvNAxeCZw5yej+ioyuSlVkHEmrYswv20DakJf2nbVJCERFv52bJpypjxPInpc5bRMGLkFEJDrdbyOQp5d08w02lVo+0Y96719OXR96G7SrZshurpCP3acin5yo9BMe7ZT9hcGDgYwqDbEB0OTt9GyQ2rW1Z52eVUU47sqkhCyWw4lGnGqwMBNkUOgRdZLYFpitstZRGDTSa+R1qBcTMMOPr3NjJ6qvfgwezwMAjwPlW8kkLK3IuFZLixTMgHww2+SLu8s4SfoVaoSf5TlgK1htFINl7HMH01jPLaifjPF3I+cmhUoqtQYJFDO0YX4VIsAnX383cOb2nkyY3wE8tPI6yzjVDShx6vlvbThZOMhd34YkPpHdkaovx6hKtklieIjNEsA=","rc_enable":"y","bg_snapshot_delay_ms":"500","is_gen_204":"0"}
Signatures
-
Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
-
Downloads MZ/PE file
-
Executes dropped EXE 5 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 13 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 3 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 24 IoCs
-
Suspicious behavior: MapViewOfSection 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of FindShellTrayWindow 40 IoCs
-
Suspicious use of SendNotifyMessage 27 IoCs
-
Suspicious use of SetWindowsHookEx 9 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.fsoft.it/FSPViewer/dwn-files/FSPViewer-2.1.0-Setup.exe1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe4da84f50,0x7ffe4da84f60,0x7ffe4da84f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1720 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1668 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4188 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4604 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4592 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4732 /prefetch:82⤵
-
C:\Users\Admin\Downloads\FSPViewer-2.1.0-Setup.exe"C:\Users\Admin\Downloads\FSPViewer-2.1.0-Setup.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\is-N8OT0.tmp\FSPViewer-2.1.0-Setup.tmp"C:\Users\Admin\AppData\Local\Temp\is-N8OT0.tmp\FSPViewer-2.1.0-Setup.tmp" /SL5="$40050,2980761,56832,C:\Users\Admin\Downloads\FSPViewer-2.1.0-Setup.exe"3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4664 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5312 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5392 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5016 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5468 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4220 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4232 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4956 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3632 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4404 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2388 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5472 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4760 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,17417910914292961983,10774889113074083151,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3276 /prefetch:82⤵
-
C:\Program Files\FSPViewer\FSPViewer64.exe"C:\Program Files\FSPViewer\FSPViewer64.exe"1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4488.0.2030330552\581842996" -parentBuildID 20200403170909 -prefsHandle 1504 -prefMapHandle 1496 -prefsLen 1 -prefMapSize 220115 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4488 "\\.\pipe\gecko-crash-server-pipe.4488" 1584 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4488.3.1482501193\950818912" -childID 1 -isForBrowser -prefsHandle 2272 -prefMapHandle 2268 -prefsLen 122 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4488 "\\.\pipe\gecko-crash-server-pipe.4488" 2284 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4488.13.1825543183\965502161" -childID 2 -isForBrowser -prefsHandle 3376 -prefMapHandle 3372 -prefsLen 6904 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4488 "\\.\pipe\gecko-crash-server-pipe.4488" 3388 tab3⤵
-
C:\Program Files\FSPViewer\FSPViewer64.exe"C:\Program Files\FSPViewer\FSPViewer64.exe"1⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"1⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4484_1565750430\ChromeRecovery.exe"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4484_1565750430\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={71b22a8c-c02f-452c-b035-2e1ca8cf87b6} --system2⤵
- Executes dropped EXE
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\FSPViewer\FSPViewer64.exeFilesize
5.5MB
MD5c04d8a5037951d5c1e3ba380149b3ccd
SHA125cea1a988db7cf9e58481cd97924dd6ffe66c8d
SHA256b96264a6fade0757cb2ee30a95485fdcbd39d22d963ea881709df859a8d9deeb
SHA51264492928188ab09c0d5606fc21c30cb2d9f6e0fea9ec026250a2471551b7a971b844769390abbafd49a37d45889cbb3f8e4e7a40001271f4d782c28b15b57897
-
C:\Program Files\FSPViewer\FSPViewer64.exeFilesize
5.5MB
MD5c04d8a5037951d5c1e3ba380149b3ccd
SHA125cea1a988db7cf9e58481cd97924dd6ffe66c8d
SHA256b96264a6fade0757cb2ee30a95485fdcbd39d22d963ea881709df859a8d9deeb
SHA51264492928188ab09c0d5606fc21c30cb2d9f6e0fea9ec026250a2471551b7a971b844769390abbafd49a37d45889cbb3f8e4e7a40001271f4d782c28b15b57897
-
C:\Program Files\FSPViewer\FSPViewer64.exeFilesize
5.5MB
MD5c04d8a5037951d5c1e3ba380149b3ccd
SHA125cea1a988db7cf9e58481cd97924dd6ffe66c8d
SHA256b96264a6fade0757cb2ee30a95485fdcbd39d22d963ea881709df859a8d9deeb
SHA51264492928188ab09c0d5606fc21c30cb2d9f6e0fea9ec026250a2471551b7a971b844769390abbafd49a37d45889cbb3f8e4e7a40001271f4d782c28b15b57897
-
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4484_1565750430\ChromeRecovery.exeFilesize
253KB
MD549ac3c96d270702a27b4895e4ce1f42a
SHA155b90405f1e1b72143c64113e8bc65608dd3fd76
SHA25682aa3fd6a25cda9e16689cfadea175091be010cecae537e517f392e0bef5ba0f
SHA512b62f6501cb4c992d42d9097e356805c88ac4ac5a46ead4a8eee9f8cbae197b2305da8aab5b4a61891fe73951588025f2d642c32524b360687993f98c913138a0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved\1.3.36.141\Recovery.crx3Filesize
141KB
MD5ea1c1ffd3ea54d1fb117bfdbb3569c60
SHA110958b0f690ae8f5240e1528b1ccffff28a33272
SHA2567c3a6a7d16ac44c3200f572a764bce7d8fa84b9572dd028b15c59bdccbc0a77d
SHA5126c30728cac9eac53f0b27b7dbe2222da83225c3b63617d6b271a6cfedf18e8f0a8dffa1053e1cbc4c5e16625f4bbc0d03aa306a946c9d72faa4ceb779f8ffcaf
-
C:\Users\Admin\AppData\Local\Temp\is-N8OT0.tmp\FSPViewer-2.1.0-Setup.tmpFilesize
695KB
MD5215cd926309db1144718e0525a8f7634
SHA117800551d1aea8ee39cf209dfa689ba8ca002f4a
SHA2563f4cb97095d436f96149c8893af8269a375f9e5379aaed7b012b76634c30e330
SHA5125be828a4ccbea048fa5734dbc484344632afa69bac8f6b8b5797d171e5cef8db0eddd4af561cbfb3c90bf9e1aeca78c78ada0667c2605e9effa7a63ebc65a353
-
C:\Users\Admin\AppData\Local\Temp\is-N8OT0.tmp\FSPViewer-2.1.0-Setup.tmpFilesize
695KB
MD5215cd926309db1144718e0525a8f7634
SHA117800551d1aea8ee39cf209dfa689ba8ca002f4a
SHA2563f4cb97095d436f96149c8893af8269a375f9e5379aaed7b012b76634c30e330
SHA5125be828a4ccbea048fa5734dbc484344632afa69bac8f6b8b5797d171e5cef8db0eddd4af561cbfb3c90bf9e1aeca78c78ada0667c2605e9effa7a63ebc65a353
-
C:\Users\Admin\Downloads\FSPViewer-2.1.0-Setup.exeFilesize
3.1MB
MD5b6c9cfc580079ca089d662b42a2fa083
SHA1c509b0859e061faa6cf1299e738d1fba9772435f
SHA2562585f43a14cb9aa300f44d43d0abeecedf055690ee7d38f6f1f5e2d2d137d1aa
SHA512f9e502b38de536cb3750a47e5355a0b8c3371c99b541632bd45d3d59adb32b675ac834d69afaa0751236ccad6b4af19817099771d53d57806f7503ab39776292
-
C:\Users\Admin\Downloads\FSPViewer-2.1.0-Setup.exeFilesize
3.1MB
MD5b6c9cfc580079ca089d662b42a2fa083
SHA1c509b0859e061faa6cf1299e738d1fba9772435f
SHA2562585f43a14cb9aa300f44d43d0abeecedf055690ee7d38f6f1f5e2d2d137d1aa
SHA512f9e502b38de536cb3750a47e5355a0b8c3371c99b541632bd45d3d59adb32b675ac834d69afaa0751236ccad6b4af19817099771d53d57806f7503ab39776292
-
\??\pipe\crashpad_2104_RWNQSKOSSQGTWVNEMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/2288-243-0x0000000000000000-mapping.dmp
-
memory/3092-153-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-168-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/3092-128-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-129-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-130-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-131-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-132-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-133-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-134-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-135-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-136-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-137-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-138-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-139-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-140-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-141-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-142-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-143-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-144-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-145-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-146-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-147-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-149-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-148-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-151-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-152-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-150-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-125-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-154-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-155-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/3092-157-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-158-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-159-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-126-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-118-0x0000000000000000-mapping.dmp
-
memory/3092-120-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-121-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-122-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-123-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-124-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3092-236-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/3092-218-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/3720-183-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-173-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-184-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-186-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-176-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-177-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-178-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-179-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-180-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-175-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-181-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-182-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-162-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-172-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-174-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-185-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-187-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-188-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-169-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-167-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-166-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-165-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-164-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-160-0x0000000000000000-mapping.dmp
-
memory/3720-163-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB
-
memory/3720-171-0x00000000774A0000-0x000000007762E000-memory.dmpFilesize
1.6MB