Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1047s -
max time network
1029s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
04/01/2023, 21:52
General
-
Target
launcherfull-shiginima-v4400.exe
-
Size
5.4MB
-
MD5
c3db052da531710367faf5e011475715
-
SHA1
46f599e4e1ece582006739debe0a522925a9cd13
-
SHA256
7c6220b046553f9c95b8098ff83bfc6b7828093650becbc1b44e3d7819d7efd1
-
SHA512
67bfb67b36dab91e37b1ada7fbd688dc39cf19c337e3938d1f7e4f47173b7dc9d0b93dc035d6511ce65b8fe44384bb9cffa9953e97c6fffadb29fd561eec7feb
-
SSDEEP
98304:qpTJ89MMbcZsgsDlilods/txVGHTJKsTnEFnAzvDfBzXEYNsJ5Ono:aTm9MMbcFililB0HdRTnEFnAzlEQsJ5H
Score
10/10
Malware Config
Signatures
-
Suspicious use of NtCreateUserProcessOtherParentProcess 6 IoCs
-
Downloads MZ/PE file
-
Executes dropped EXE 53 IoCs
-
Registers COM server for autorun 1 TTPs 64 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 64 IoCs
-
Modifies file permissions 1 TTPs 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 48 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Installs/modifies Browser Helper Object 2 TTPs 12 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory 8 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 40 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 51 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 56 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 52 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of SetWindowsHookEx 25 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\launcherfull-shiginima-v4400.exe"C:\Users\Admin\AppData\Local\Temp\launcherfull-shiginima-v4400.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -classpath "C:\Users\Admin\AppData\Local\Temp\launcherfull-shiginima-v4400.exe" net.mc.main.Main2⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffca9c94f50,0x7ffca9c94f60,0x7ffca9c94f702⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1688 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1992 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2328 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2996 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4516 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4652 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4664 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5032 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5156 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5224 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5800 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5728 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5892 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5740 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\JavaSetup8u351.exe"C:\Users\Admin\Downloads\JavaSetup8u351.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\jds240857359.tmp\JavaSetup8u351.exe"C:\Users\Admin\AppData\Local\Temp\jds240857359.tmp\JavaSetup8u351.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\LZMA_EXE"C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\au.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\msi.tmp"4⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\LZMA_EXE"C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\jre1.8.0_351full.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\msi.tmp"4⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\javaw.exe-Djdk.disableLastUsageTracking -cp "C:\Program Files (x86)\Java\jre1.8.0_351\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus4⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\javaw.exe-Djdk.disableLastUsageTracking -cp "C:\Program Files (x86)\Java\jre1.8.0_351\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 304⤵
- Executes dropped EXE
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5896 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5872 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5348 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5432 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5984 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3164 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3456 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5216 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5208 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6712 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6848 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7324 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6544 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6420 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7320 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7616 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7512 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6740 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7864 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8004 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6704 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6816 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2884 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4020 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7812 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8084 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=8116 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8364 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=244 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4996 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8036 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7536 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8124 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8228 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1660,8664341175420448961,6988044120871038529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7912 /prefetch:82⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding C79595EE88B13FB3A01EA8AADD457ABC2⤵
- Loads dropped DLL
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\installer.exe"C:\Program Files (x86)\Java\jre1.8.0_351\installer.exe" /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_351\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F32180351F0}2⤵
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
-
C:\ProgramData\Oracle\Java\installcache\240900781.tmp\bspatch.exe"bspatch.exe" baseimagefam8 newimage diff3⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_351\lib/plugin.pack" "C:\Program Files (x86)\Java\jre1.8.0_351\lib/plugin.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_351\lib/javaws.pack" "C:\Program Files (x86)\Java\jre1.8.0_351\lib/javaws.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_351\lib/deploy.pack" "C:\Program Files (x86)\Java\jre1.8.0_351\lib/deploy.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_351\lib/rt.pack" "C:\Program Files (x86)\Java\jre1.8.0_351\lib/rt.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_351\lib/jsse.pack" "C:\Program Files (x86)\Java\jre1.8.0_351\lib/jsse.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_351\lib/charsets.pack" "C:\Program Files (x86)\Java\jre1.8.0_351\lib/charsets.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_351\lib/ext/localedata.pack" "C:\Program Files (x86)\Java\jre1.8.0_351\lib/ext/localedata.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\javaw.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking3⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\ssvagent.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\ssvagent.exe" -doHKCUSSVSetup3⤵
- Executes dropped EXE
- Registers COM server for autorun
- Loads dropped DLL
- Modifies registry class
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\javaws.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\javaws.exe" -wait -fix -permissions -silent3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\jp2launcher.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_351" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzUxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzUxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzM1MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8zNTFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzM1MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzUxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\javaws.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\javaws.exe" -wait -fix -shortcut -silent3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\jp2launcher.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_351" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzUxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzUxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzM1MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8zNTFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzM1MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzUxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding AAE6BC63BC7B72D46898455A55042DC1 E Global\MSI00002⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 78262B8C89332CC0748C6707E4063F812⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 015E449ECDF7D5470E2D5B9FAD01C372 E Global\MSI00002⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 5E9A32EB16121B63B8B50E10656E64742⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 04EC712448C101C7E0D82299190B588F E Global\MSI00002⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4e8 0x4bc1⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"1⤵
-
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4684_477371207\ChromeRecovery.exe"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4684_477371207\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={1b7dc4f9-e71a-41b1-8311-08937b4f9c75} --system2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_launcherfull-shiginima-v4400-pc.zip\launcherfull-shiginima-v4400.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_launcherfull-shiginima-v4400-pc.zip\launcherfull-shiginima-v4400.exe"1⤵
-
C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -classpath "C:\Users\Admin\AppData\Local\Temp\Temp1_launcherfull-shiginima-v4400-pc.zip\launcherfull-shiginima-v4400.exe" net.mc.main.Main2⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\launcherfull-shiginima-v4400-pc\" -ad -an -ai#7zMap23841:124:7zEvent110501⤵
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\launcherfull-shiginima-v4400-pc\launcherfull-shiginima-v4400.exe"C:\Users\Admin\Downloads\launcherfull-shiginima-v4400-pc\launcherfull-shiginima-v4400.exe"1⤵
- Executes dropped EXE
-
C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -classpath "C:\Users\Admin\Downloads\launcherfull-shiginima-v4400-pc\launcherfull-shiginima-v4400.exe" net.mc.main.Main2⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\launcherfull-shiginima-v4400-pc\launcherfull-shiginima-v4400.exe"C:\Users\Admin\Downloads\launcherfull-shiginima-v4400-pc\launcherfull-shiginima-v4400.exe"1⤵
- Executes dropped EXE
-
C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -classpath "C:\Users\Admin\Downloads\launcherfull-shiginima-v4400-pc\launcherfull-shiginima-v4400.exe" net.mc.main.Main2⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\JavaSetup8u351.exe"C:\Users\Admin\Downloads\JavaSetup8u351.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\jds241411718.tmp\JavaSetup8u351.exe"C:\Users\Admin\AppData\Local\Temp\jds241411718.tmp\JavaSetup8u351.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\LZMA_EXE"C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\au.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\msi.tmp"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\LZMA_EXE"C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\jre1.8.0_351full.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\msi.tmp"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\javaw.exe-Djdk.disableLastUsageTracking -cp "C:\Program Files (x86)\Java\jre1.8.0_351\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus3⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\javaw.exe-Djdk.disableLastUsageTracking -cp "C:\Program Files (x86)\Java\jre1.8.0_351\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 303⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
-
C:\Windows\Installer\MSIAFCE.tmp"C:\Windows\Installer\MSIAFCE.tmp" INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_351\\" ProductCode={26A24AE4-039D-4CA4-87B4-2F32180351F0} /s BASEIMAGECHECKSUMSHA256=2⤵
- Executes dropped EXE
- Registers COM server for autorun
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Java\jre1.8.0_66\bin\wsdetect.dll"3⤵
-
C:\Windows\system32\regsvr32.exe/s "C:\Program Files\Java\jre1.8.0_66\bin\wsdetect.dll"4⤵
-
-
-
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe"C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -u auto-update3⤵
- Executes dropped EXE
-
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 76CE40363064A1CD1E0EAD93F3E351C92⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 9646A5F40CE7EDF694ED6EC1551555E12⤵
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\installer.exe"C:\Program Files (x86)\Java\jre1.8.0_351\installer.exe" /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_351\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F32180351F0}2⤵
- Executes dropped EXE
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
-
C:\ProgramData\Oracle\Java\installcache\241442812.tmp\bspatch.exe"bspatch.exe" baseimagefam8 newimage diff3⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_351\lib/plugin.pack" "C:\Program Files (x86)\Java\jre1.8.0_351\lib/plugin.jar"3⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_351\lib/javaws.pack" "C:\Program Files (x86)\Java\jre1.8.0_351\lib/javaws.jar"3⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_351\lib/deploy.pack" "C:\Program Files (x86)\Java\jre1.8.0_351\lib/deploy.jar"3⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_351\lib/rt.pack" "C:\Program Files (x86)\Java\jre1.8.0_351\lib/rt.jar"3⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_351\lib/jsse.pack" "C:\Program Files (x86)\Java\jre1.8.0_351\lib/jsse.jar"3⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_351\lib/charsets.pack" "C:\Program Files (x86)\Java\jre1.8.0_351\lib/charsets.jar"3⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_351\lib/ext/localedata.pack" "C:\Program Files (x86)\Java\jre1.8.0_351\lib/ext/localedata.jar"3⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\javaw.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking3⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\ssvagent.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\ssvagent.exe" -doHKCUSSVSetup3⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\javaws.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\javaws.exe" -wait -fix -permissions -silent3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\jp2launcher.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_351" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzUxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzUxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzM1MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8zNTFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzM1MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzUxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\javaws.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\javaws.exe" -wait -fix -shortcut -silent3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\jp2launcher.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_351" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzUxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzUxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzM1MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8zNTFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzM1MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzUxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 2A82AC6E92A31FA8BFE3632DB77AFC32 E Global\MSI00002⤵
-
-
C:\Windows\Installer\MSI255E.tmp"C:\Windows\Installer\MSI255E.tmp" ProductCode={26A24AE4-039D-4CA4-87B4-2F86418066F0} /s2⤵
- Executes dropped EXE
- Registers COM server for autorun
- Checks computer location settings
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\SysWOW64\regsvr32.exe" /s "C:\Program Files (x86)\Java\jre1.8.0_351\bin\wsdetect.dll"3⤵
-
-
C:\Program Files\Java\jre1.8.0_66\bin\javaws.exe"C:\Program Files\Java\jre1.8.0_66\bin\javaws.exe" -wait -fix -shortcut -silent3⤵
-
C:\Program Files\Java\jre1.8.0_66\bin\jp2launcher.exe"C:\Program Files\Java\jre1.8.0_66\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_66" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNjZcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF82NlxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF82NlxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF82NlxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNjZcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzY2XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNjZcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe"C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -u auto-update3⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\Downloads\JavaSetup8u351.exe"C:\Users\Admin\Downloads\JavaSetup8u351.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\jds241436375.tmp\JavaSetup8u351.exe"C:\Users\Admin\AppData\Local\Temp\jds241436375.tmp\JavaSetup8u351.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\launcherfull-shiginima-v4400-pc\launcherfull-shiginima-v4400.exe"C:\Users\Admin\Downloads\launcherfull-shiginima-v4400-pc\launcherfull-shiginima-v4400.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Java\jre1.8.0_351\bin\javaw.exe"C:\Program Files (x86)\Java\jre1.8.0_351\bin\javaw.exe" -classpath "C:\Users\Admin\Downloads\launcherfull-shiginima-v4400-pc\launcherfull-shiginima-v4400.exe" net.mc.main.Main2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\launcherfull-shiginima-v4400-pc\hs_err_pid4516.log1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
471B
MD5da5a9f149955d936a31dc5e456666aac
SHA1195238d41c1e13448f349f43bb295ef2d55cb47a
SHA25679ac574c7c45144bb35b59ff79c78dc59b66592715dea01b389e3620db663224
SHA51260d7d1f5405470ba1e6b80066af2e78240acbea8db58b5a03660874605178aebaa9ce342ca97f17798109e7411e82466db5af064e39eaddc05410f2abe672f77
-
Filesize
727B
MD566e1eb29b2f919f05bd2efc618283db3
SHA1cb053a306df8124f0f31b8c3086167bb39c94ed6
SHA256da47f89fd9cd628fcab810fcdf2276755052b73321921d39dfcd54fc4f530073
SHA5121a92e004a84a6469072b3eeaf0856ac08ed7310a6324af21c01764c25349539ac8e6217747146457c61ee4a40eaae1a3eee5840e169001e8d73699066928fabc
-
Filesize
727B
MD510f9e7a218b1f1d5293c057ff60cebae
SHA1a80129e6d42d9befa85437561184f926d23b251b
SHA256d37be43311d5cde9f041a6a4bcbe8806c94dcab41dc4f89ea931c9ecfee7d42d
SHA5128484fa48bd2c521e05833032a5d90701bf1e9ef9a3bc8a91e46e37665e1a607c384e2bb40f1db46cae018f13967658c9848c2f0b09b244032072f47b1c87fefb
-
Filesize
430B
MD5c72d60d72203897aad19a6fe6bdb2068
SHA11def5217c5eaa3ee1f00de13c800669f1c6ee110
SHA256ba5564ab9049c002acecdcb49d5a355bf04b84377204bbf1b2999a98aaaa6b28
SHA5121cd8a5a5912a11a3f80655e17513e84992a1908d647b988ad7dd6fa4d29c84739e4b6f092bd476a8ae7997ed54c4ff405919f9e4bae5039110bb3a160ca321f2
-
Filesize
404B
MD53b653386b3e25cb377b9c50f4bec8b74
SHA1e5a45692fe01928a75322c29758e14fda257ba0b
SHA2562bdac800ce59e58ef24f535023a614959e83dddc824817ddcaf8dceef1117ab3
SHA512e2cdf530d7d337634896c2aafcda942a2dd504887a9720a83d09e99c38f7f3f1d7059ce8ee409e016ddef30731af64fc1a92b0d5e003190c31190c74f9be82b8
-
Filesize
442B
MD5a36b0d710adf6d0e6eb58c11fc3fa473
SHA167e7d9eff873ea460342dd814a0f4590d1b03799
SHA256379772ff23b1d886aa3c9ef127e5db2451488175074259a6c867b407f614380c
SHA512330294a5da59839cd86aec00d0c892317229ad7b78bceb06a3b5c69b6295e6584812935c328090bc9dc6cc0e44124b0b2c1b0182f24685ca28804490815d2931
-
Filesize
142KB
MD53842c46f2fbc7522ef625f1833530804
SHA13615c072ad5bdadba5e5e22e75eefaf7def92312
SHA25617cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7
SHA5129adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e
-
Filesize
142KB
MD53842c46f2fbc7522ef625f1833530804
SHA13615c072ad5bdadba5e5e22e75eefaf7def92312
SHA25617cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7
SHA5129adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e
-
Filesize
142KB
MD53842c46f2fbc7522ef625f1833530804
SHA13615c072ad5bdadba5e5e22e75eefaf7def92312
SHA25617cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7
SHA5129adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e
-
Filesize
845KB
MD58eb92668c434cd93215b9981a9683fc4
SHA15b087204c1c7e1b985b11b7fcbfcb70e323ff79d
SHA256bb3234ffa8ab178f621475a9415b46f29571dbb24fd75ddc590f4be6d6369779
SHA5129e4cccf3ce7bc34c220528b5d206f35fc0a1355531511fbb414af01f09c19e579ff8e027b8125049dfd417ad284661832759ec2f0fb260371e471db02203f058
-
Filesize
70.0MB
MD52a16688489648f78ee304dce7734d0dd
SHA1aa4c78aa153215068c52bdaeb0f88a5702f7cca6
SHA2565fa5ae20eb7d3055f5f70c7bbd89361e299a3573f2bfc09de5f4f9b8f6ba7bc2
SHA512bb6dbe10a70bc6a84884d71c18b7b3ef333b55eb5aa0c558f5bfc9f6c1cdbf939e1a198903469cb3104051e04ae2418f0b7fdbe4dfb35de5843593a5dac7441f
-
Filesize
1016KB
MD5b4db0cceb5714378be3ccd4535d3aa4c
SHA17611e868ba040b0936ff56e0c9b6929042d7a49a
SHA2569687cc0d7d5a60d7e9669d775b2e7255f9f578e3cb7086a3e2c114175f3a87bc
SHA512f69232951f638247f87403cd3a861c84c084bfa8adb501a4ffa1984c3d2e6a963193d49744e0c59b21a8cf683dddb09f567ce088dabca9f1b163fe1b3cb0324f
-
Filesize
70.4MB
MD546769c6677f963cc4dc772f31350d20b
SHA142bc2fe2b629d1f7ad729db2c5bac9009291c961
SHA2561eb15f60ea7bb0c7b4e5cc7e75fd5e7c0441ad689c90ebc96ab3008a29be2ba7
SHA512436e0d7f8b281b21228262a848ea712542cee4ce98138bfb57a34c6157eea144dd7430b981b6255c0a301a1787aaee171144fea572e41e934d815ff9706adb07
-
Filesize
1.9MB
MD5f39998ce3424007f4e5772d547a69fbc
SHA1071f69e3f29f4d30006358a249c12cda7ac9b636
SHA256cb9818a058f448dabe8b045ac3ef06ef4973fa3e4996cc035f779672a0397715
SHA5125b7fb094159170dbc2144678799c6b273b2eb62deef143036b63f7472c41e1a9a9ae991ed8c4b4df411e641cd387e3e3d125d497098d636213cc8915d8d2e853
-
Filesize
1.9MB
MD5f39998ce3424007f4e5772d547a69fbc
SHA1071f69e3f29f4d30006358a249c12cda7ac9b636
SHA256cb9818a058f448dabe8b045ac3ef06ef4973fa3e4996cc035f779672a0397715
SHA5125b7fb094159170dbc2144678799c6b273b2eb62deef143036b63f7472c41e1a9a9ae991ed8c4b4df411e641cd387e3e3d125d497098d636213cc8915d8d2e853
-
Filesize
267KB
MD52fa56a125c7a74bc96ec9a359f3845af
SHA1f9e629339dbd2e2fd610513be874fcabcef3fcf4
SHA2566ef7cdaa6716498ee365397013bf3d74be07dc9b949f92c17ded33113a1bb125
SHA512f755311c818514590c556e1838e2dc11d7b27b2b292842bee21bb12b6758fe146746d4928d0e32cf5f27bce1373f2f66fb9bde47e0c60a5add36662b45fae1b3
-
Filesize
304KB
MD5b1e4dee0051a68a362fefcdbb3982b2a
SHA1371f2b6ac98a3cbdfdfc9e8f6b5cfba516616ee9
SHA256a4ac7b45876e463bc71135a5c551cce97f3b91087fcf72b39a70f12cebe3c27f
SHA5127f1b7ff28fa7a87abe77b265e19a180cbca24a309e69987b5db08884307fd822ee4a941406c49275269b846c1d8302fa7f625941f5085c0c850cf53137fe5bdf
-
Filesize
2.2MB
MD582bc7b7e2716e6a631952daa1be4037e
SHA183ba6ede5983dd59b8e77439fd84e7b8085ee487
SHA2563fa3ff57f229e3db478be90f6ce92a39f5043caffac116247b3430eb36f40b96
SHA51235559edcf9dc2cb4740a1537bec5249ecfe306f7036f736b578fd07b6236ae3453b0a6e4d801e82506fa2ae770d7c80219af056e2313c3484b4474e1320885a4
-
Filesize
2.2MB
MD582bc7b7e2716e6a631952daa1be4037e
SHA183ba6ede5983dd59b8e77439fd84e7b8085ee487
SHA2563fa3ff57f229e3db478be90f6ce92a39f5043caffac116247b3430eb36f40b96
SHA51235559edcf9dc2cb4740a1537bec5249ecfe306f7036f736b578fd07b6236ae3453b0a6e4d801e82506fa2ae770d7c80219af056e2313c3484b4474e1320885a4
-
Filesize
601KB
MD5bbed445fd227324054eab65b74115170
SHA1b84c37d0fa489624cd7b2c50a6ea8ec9d130eb4a
SHA2565d523cf6795d8ef9503a781e4cfe24a432e3ea15f145264a28b41b8eaba0f1d8
SHA5124ecb71be9c688c08c1a4099efec117698379f06392bdb87a6a6ad05180872973a8323822bf5bebbc56b382daeee6048328cc71c252ba41ac358d739946afcf05
-
Filesize
601KB
MD5bbed445fd227324054eab65b74115170
SHA1b84c37d0fa489624cd7b2c50a6ea8ec9d130eb4a
SHA2565d523cf6795d8ef9503a781e4cfe24a432e3ea15f145264a28b41b8eaba0f1d8
SHA5124ecb71be9c688c08c1a4099efec117698379f06392bdb87a6a6ad05180872973a8323822bf5bebbc56b382daeee6048328cc71c252ba41ac358d739946afcf05
-
Filesize
601KB
MD5bbed445fd227324054eab65b74115170
SHA1b84c37d0fa489624cd7b2c50a6ea8ec9d130eb4a
SHA2565d523cf6795d8ef9503a781e4cfe24a432e3ea15f145264a28b41b8eaba0f1d8
SHA5124ecb71be9c688c08c1a4099efec117698379f06392bdb87a6a6ad05180872973a8323822bf5bebbc56b382daeee6048328cc71c252ba41ac358d739946afcf05
-
Filesize
601KB
MD5bbed445fd227324054eab65b74115170
SHA1b84c37d0fa489624cd7b2c50a6ea8ec9d130eb4a
SHA2565d523cf6795d8ef9503a781e4cfe24a432e3ea15f145264a28b41b8eaba0f1d8
SHA5124ecb71be9c688c08c1a4099efec117698379f06392bdb87a6a6ad05180872973a8323822bf5bebbc56b382daeee6048328cc71c252ba41ac358d739946afcf05
-
Filesize
16.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
64KB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
64KB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
16.0MB
-
Filesize
16.0MB
-
Filesize
16.0MB
-
Filesize
16.0MB
-
Filesize
16.0MB
-
Filesize
16.0MB
-
Filesize
16.0MB
-
Filesize
16.0MB
-
Filesize
16.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
16.0MB
-
Filesize
16.0MB
-
Filesize
16.0MB
-
Filesize
16.0MB
-
Filesize
16.0MB
-
Filesize
16.0MB
-
Filesize
16.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
32.0MB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB