Resubmissions
15/02/2023, 01:58
230215-cd5xgahb3t 1015/02/2023, 01:39
230215-b23atahe29 1015/02/2023, 01:34
230215-bzerqshd86 10Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
15/02/2023, 01:34
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 5 IoCs
pid Process 996 fuck (1).exe 4216 fuackme100.exe 5016 hey.exe 1092 haeds.exe 1896 payload24.exe -
Program crash 2 IoCs
pid pid_target Process procid_target 676 1896 WerFault.exe 158 4148 1896 WerFault.exe 158 -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\loser.exe:Zone.Identifier chrome.exe -
Suspicious behavior: EnumeratesProcesses 36 IoCs
pid Process 5096 chrome.exe 5096 chrome.exe 5112 chrome.exe 5112 chrome.exe 1812 chrome.exe 1812 chrome.exe 1552 chrome.exe 1552 chrome.exe 4236 chrome.exe 4236 chrome.exe 2704 chrome.exe 2704 chrome.exe 2680 chrome.exe 2680 chrome.exe 1584 chrome.exe 1584 chrome.exe 3284 chrome.exe 3284 chrome.exe 1032 chrome.exe 1032 chrome.exe 3204 chrome.exe 3204 chrome.exe 1272 chrome.exe 1272 chrome.exe 4128 chrome.exe 4128 chrome.exe 5088 chrome.exe 5088 chrome.exe 4040 chrome.exe 4040 chrome.exe 4772 chrome.exe 4772 chrome.exe 4772 chrome.exe 4772 chrome.exe 4424 chrome.exe 4424 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 5112 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 5112 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5112 wrote to memory of 644 5112 chrome.exe 81 PID 5112 wrote to memory of 644 5112 chrome.exe 81 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 1612 5112 chrome.exe 84 PID 5112 wrote to memory of 5096 5112 chrome.exe 85 PID 5112 wrote to memory of 5096 5112 chrome.exe 85 PID 5112 wrote to memory of 1124 5112 chrome.exe 86 PID 5112 wrote to memory of 1124 5112 chrome.exe 86 PID 5112 wrote to memory of 1124 5112 chrome.exe 86 PID 5112 wrote to memory of 1124 5112 chrome.exe 86 PID 5112 wrote to memory of 1124 5112 chrome.exe 86 PID 5112 wrote to memory of 1124 5112 chrome.exe 86 PID 5112 wrote to memory of 1124 5112 chrome.exe 86 PID 5112 wrote to memory of 1124 5112 chrome.exe 86 PID 5112 wrote to memory of 1124 5112 chrome.exe 86 PID 5112 wrote to memory of 1124 5112 chrome.exe 86 PID 5112 wrote to memory of 1124 5112 chrome.exe 86 PID 5112 wrote to memory of 1124 5112 chrome.exe 86 PID 5112 wrote to memory of 1124 5112 chrome.exe 86 PID 5112 wrote to memory of 1124 5112 chrome.exe 86 PID 5112 wrote to memory of 1124 5112 chrome.exe 86 PID 5112 wrote to memory of 1124 5112 chrome.exe 86 PID 5112 wrote to memory of 1124 5112 chrome.exe 86 PID 5112 wrote to memory of 1124 5112 chrome.exe 86 PID 5112 wrote to memory of 1124 5112 chrome.exe 86 PID 5112 wrote to memory of 1124 5112 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" http://ttwweatterarartgea.ga1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5112 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8cd294f50,0x7ff8cd294f60,0x7ff8cd294f702⤵PID:644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1676 /prefetch:22⤵PID:1612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2012 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2440 /prefetch:82⤵PID:1124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:12⤵PID:3368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:12⤵PID:1544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4292 /prefetch:82⤵PID:2248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5000 /prefetch:82⤵PID:4424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5020 /prefetch:82⤵PID:2148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5160 /prefetch:82⤵PID:2252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5508 /prefetch:82⤵PID:2224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4612 /prefetch:82⤵PID:2552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4528 /prefetch:82⤵PID:2020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:2660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵PID:4188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵PID:4720
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵PID:5048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1588 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4520 /prefetch:82⤵PID:4104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3692 /prefetch:82⤵PID:2820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5448 /prefetch:82⤵PID:3280
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5516 /prefetch:82⤵PID:4152
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2960 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1584
-
-
C:\Users\Admin\Downloads\fuck (1).exe"C:\Users\Admin\Downloads\fuck (1).exe"2⤵
- Executes dropped EXE
PID:996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5852 /prefetch:82⤵PID:2948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5244 /prefetch:82⤵PID:3856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5936 /prefetch:82⤵PID:4508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5588 /prefetch:82⤵PID:2552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 /prefetch:82⤵PID:3088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1032
-
-
C:\Users\Admin\Downloads\fuackme100.exe"C:\Users\Admin\Downloads\fuackme100.exe"2⤵
- Executes dropped EXE
PID:4216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5852 /prefetch:82⤵PID:4720
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5884 /prefetch:82⤵PID:1400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5912 /prefetch:82⤵PID:1728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3592 /prefetch:82⤵PID:4332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4376 /prefetch:82⤵PID:4340
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2372 /prefetch:82⤵PID:3704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2764 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4368 /prefetch:82⤵PID:400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3736 /prefetch:82⤵PID:5032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5484 /prefetch:82⤵PID:3912
-
-
C:\Users\Admin\Downloads\hey.exe"C:\Users\Admin\Downloads\hey.exe"2⤵
- Executes dropped EXE
PID:5016
-
-
C:\Users\Admin\Downloads\haeds.exe"C:\Users\Admin\Downloads\haeds.exe"2⤵
- Executes dropped EXE
PID:1092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4976 /prefetch:82⤵PID:5040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2588 /prefetch:82⤵PID:2092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4128
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5900 /prefetch:82⤵PID:1928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5136 /prefetch:82⤵PID:4444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5500 /prefetch:82⤵PID:3360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2552 /prefetch:82⤵PID:4340
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4472 /prefetch:82⤵PID:384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1588 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6116 /prefetch:82⤵PID:2520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4592 /prefetch:82⤵PID:440
-
-
C:\Users\Admin\Downloads\payload24.exe"C:\Users\Admin\Downloads\payload24.exe"2⤵
- Executes dropped EXE
PID:1896 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 2603⤵
- Program crash
PID:676
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 2803⤵
- Program crash
PID:4148
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5568 /prefetch:82⤵PID:1884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2620 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2428 /prefetch:82⤵PID:4124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4336 /prefetch:82⤵PID:3628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5456 /prefetch:82⤵PID:764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5464 /prefetch:82⤵PID:4560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1612,10786230159144214081,5820595144313886857,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2584 /prefetch:82⤵PID:3856
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1716
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1896 -ip 18961⤵PID:396
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1896 -ip 18961⤵PID:4484
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
202KB
MD525b41ff52fc5b2ea9924fee5b003df41
SHA115a45fda555d96a437afd4ad2caad1b13a96170b
SHA2567ed8a3b31875670520dd7b5d6811720bfda8beef34da53a42a6d1788185ce85f
SHA512f84a13c79bf156f960c37538337438512a20d2a78a7176ef8f7a13971d9a986e44db35a9ccb0a212520bd8690e8bd45b9c52f84458a656ce5b0dd68330814829
-
Filesize
202KB
MD525b41ff52fc5b2ea9924fee5b003df41
SHA115a45fda555d96a437afd4ad2caad1b13a96170b
SHA2567ed8a3b31875670520dd7b5d6811720bfda8beef34da53a42a6d1788185ce85f
SHA512f84a13c79bf156f960c37538337438512a20d2a78a7176ef8f7a13971d9a986e44db35a9ccb0a212520bd8690e8bd45b9c52f84458a656ce5b0dd68330814829
-
Filesize
202KB
MD55d51a0529768f0c86b3fe99d8326b845
SHA1eb8bebd854feac7382cfbd92210da317401d2ec0
SHA256fe7266a61f0f01bb5df4ad7bbd4fe1893b51790f6fd5e051796aec6c226be0d0
SHA5127ba4de15d67b73016264bbee04e699d2be3f8d76097dab6576b67e0b2d25d57d0c2422f1f5a98d48d06c44e3556c2df8ccba79388d655ffd901b34394b454d19
-
Filesize
202KB
MD55d51a0529768f0c86b3fe99d8326b845
SHA1eb8bebd854feac7382cfbd92210da317401d2ec0
SHA256fe7266a61f0f01bb5df4ad7bbd4fe1893b51790f6fd5e051796aec6c226be0d0
SHA5127ba4de15d67b73016264bbee04e699d2be3f8d76097dab6576b67e0b2d25d57d0c2422f1f5a98d48d06c44e3556c2df8ccba79388d655ffd901b34394b454d19
-
Filesize
199KB
MD50f216e0a1230d3191a7dcf850ad97a07
SHA179e4843b7afb3428e662d2e3fe1768a692b494cd
SHA256742c9cd92357f84181104075fe6db25a277d8464c13521fd62def965097f5841
SHA512e04476523f3cca59f96ae4c4aec8c435364c2c09549447710c33dbd3b91b7bb035e999e7c5cf77d263883204e01389ea46c8b4c1492b2f99b5a39770e7b44355
-
Filesize
199KB
MD50f216e0a1230d3191a7dcf850ad97a07
SHA179e4843b7afb3428e662d2e3fe1768a692b494cd
SHA256742c9cd92357f84181104075fe6db25a277d8464c13521fd62def965097f5841
SHA512e04476523f3cca59f96ae4c4aec8c435364c2c09549447710c33dbd3b91b7bb035e999e7c5cf77d263883204e01389ea46c8b4c1492b2f99b5a39770e7b44355
-
Filesize
202KB
MD502fc64fb8266e9c2f30c30f967fc7eef
SHA1f117930cbcc9bd62dbb9e5c6b85dc16063d8b5ea
SHA25687f3c831220c2abf082347e0e5f9023750d244bcd04c5e0435911c76e9e93d4a
SHA512910464d4a364025e358d1b8128a687608d10f559803243571b88c5df825dbd3a7bc050739134236c258d0b106859ed7e95039fc28336e39299b52c485359849d
-
Filesize
202KB
MD502fc64fb8266e9c2f30c30f967fc7eef
SHA1f117930cbcc9bd62dbb9e5c6b85dc16063d8b5ea
SHA25687f3c831220c2abf082347e0e5f9023750d244bcd04c5e0435911c76e9e93d4a
SHA512910464d4a364025e358d1b8128a687608d10f559803243571b88c5df825dbd3a7bc050739134236c258d0b106859ed7e95039fc28336e39299b52c485359849d