Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
11-08-2023 13:45
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
systembc
ar.undata.cc:5320
ar1.undata.cc:5320
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
Processes:
4.exepid Process 2656 4.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
4.exedescription pid Process procid_target PID 2656 set thread context of 852 2656 4.exe 103 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133362351100987756" chrome.exe -
Modifies registry class 1 IoCs
Processes:
taskmgr.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings taskmgr.exe -
Runs regedit.exe 1 IoCs
Processes:
regedit.exepid Process 4536 regedit.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
chrome.exe4.execmd.exetaskmgr.exepid Process 4056 chrome.exe 4056 chrome.exe 2656 4.exe 2656 4.exe 2656 4.exe 2656 4.exe 852 cmd.exe 852 cmd.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
Processes:
regedit.exetaskmgr.exepid Process 4536 regedit.exe 2916 taskmgr.exe -
Suspicious behavior: MapViewOfSection 2 IoCs
Processes:
4.execmd.exepid Process 2656 4.exe 852 cmd.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exepid Process 4056 chrome.exe 4056 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid Process Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe Token: SeShutdownPrivilege 4056 chrome.exe Token: SeCreatePagefilePrivilege 4056 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
chrome.exetaskmgr.exepid Process 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
chrome.exetaskmgr.exepid Process 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 4056 chrome.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe 2916 taskmgr.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid Process procid_target PID 4056 wrote to memory of 3304 4056 chrome.exe 81 PID 4056 wrote to memory of 3304 4056 chrome.exe 81 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4416 4056 chrome.exe 83 PID 4056 wrote to memory of 4512 4056 chrome.exe 84 PID 4056 wrote to memory of 4512 4056 chrome.exe 84 PID 4056 wrote to memory of 972 4056 chrome.exe 85 PID 4056 wrote to memory of 972 4056 chrome.exe 85 PID 4056 wrote to memory of 972 4056 chrome.exe 85 PID 4056 wrote to memory of 972 4056 chrome.exe 85 PID 4056 wrote to memory of 972 4056 chrome.exe 85 PID 4056 wrote to memory of 972 4056 chrome.exe 85 PID 4056 wrote to memory of 972 4056 chrome.exe 85 PID 4056 wrote to memory of 972 4056 chrome.exe 85 PID 4056 wrote to memory of 972 4056 chrome.exe 85 PID 4056 wrote to memory of 972 4056 chrome.exe 85 PID 4056 wrote to memory of 972 4056 chrome.exe 85 PID 4056 wrote to memory of 972 4056 chrome.exe 85 PID 4056 wrote to memory of 972 4056 chrome.exe 85 PID 4056 wrote to memory of 972 4056 chrome.exe 85 PID 4056 wrote to memory of 972 4056 chrome.exe 85 PID 4056 wrote to memory of 972 4056 chrome.exe 85 PID 4056 wrote to memory of 972 4056 chrome.exe 85 PID 4056 wrote to memory of 972 4056 chrome.exe 85 PID 4056 wrote to memory of 972 4056 chrome.exe 85 PID 4056 wrote to memory of 972 4056 chrome.exe 85 PID 4056 wrote to memory of 972 4056 chrome.exe 85 PID 4056 wrote to memory of 972 4056 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://193.178.210.59/4.exe1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4056 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff858db9758,0x7ff858db9768,0x7ff858db97782⤵PID:3304
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1888,i,8184730413071646342,9769251203477809700,131072 /prefetch:22⤵PID:4416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1888,i,8184730413071646342,9769251203477809700,131072 /prefetch:82⤵PID:4512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1888,i,8184730413071646342,9769251203477809700,131072 /prefetch:82⤵PID:972
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1888,i,8184730413071646342,9769251203477809700,131072 /prefetch:12⤵PID:1012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1888,i,8184730413071646342,9769251203477809700,131072 /prefetch:12⤵PID:2176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1888,i,8184730413071646342,9769251203477809700,131072 /prefetch:82⤵PID:2824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5404 --field-trial-handle=1888,i,8184730413071646342,9769251203477809700,131072 /prefetch:82⤵PID:2308
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5232 --field-trial-handle=1888,i,8184730413071646342,9769251203477809700,131072 /prefetch:82⤵PID:3752
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 --field-trial-handle=1888,i,8184730413071646342,9769251203477809700,131072 /prefetch:82⤵PID:5072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 --field-trial-handle=1888,i,8184730413071646342,9769251203477809700,131072 /prefetch:82⤵PID:1856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3944 --field-trial-handle=1888,i,8184730413071646342,9769251203477809700,131072 /prefetch:82⤵PID:2072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4952 --field-trial-handle=1888,i,8184730413071646342,9769251203477809700,131072 /prefetch:82⤵PID:2592
-
-
C:\Users\Admin\Downloads\4.exe"C:\Users\Admin\Downloads\4.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:2656 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\SysWOW64\cmd.exe"3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:852 -
C:\Windows\SysWOW64\explorer.exe"C:\Windows\SysWOW64\explorer.exe"4⤵PID:4424
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3504 --field-trial-handle=1888,i,8184730413071646342,9769251203477809700,131072 /prefetch:22⤵PID:2156
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2180
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3608
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2916
-
C:\Windows\regedit.exe"C:\Windows\regedit.exe"1⤵
- Runs regedit.exe
- Suspicious behavior: GetForegroundWindowSpam
PID:4536
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
824B
MD5922a455822a4d650ce21c271c339059e
SHA128414696bf7e65dfef123a235f639297055adddb
SHA256fe96bef60aac758556108d9317f7c22589affc965f2c83d0c2b834b90c0caeaa
SHA512d9408cff6a8e94045f2b7873ef53c0c866cc931b450242ae809f1910cec37f3b13936a94c7ffc492f93daa9c70849993fe4c3e572642c0c8e8567206da5730dd
-
Filesize
6KB
MD5b866d4e2506ff3b3b177e8f5a92909a5
SHA17fbd9ed2a1e1db375ebf864ea7f7828810e82393
SHA2566f0c2cedee71f135f88823c77b6b05be7e698bad16d6adfdcab82fc04940c7ff
SHA512e116531c4c5ed9aac8d963b69573ae57191ec93e78793aa950cd2214e87ddd24cf32b92ab449ab7f50c59878e0640c3e208613650285ba22a41c1532171b32a9
-
Filesize
87KB
MD5e94f2f5c61dc06802d6a0e243796ca4f
SHA13dcb9199a2797cd348116e9baafc780627517493
SHA2565d954aa28df99e39287e2838d6b3c79577e034e4b129fdfec52ebf7d6ab56ee6
SHA512f547cd215beb7549f6e83be5a2035e905633991a3cff384906b3dfb76a2f7d6516f0c09846686948732aae2c23b7b6ff5566210d4e48fdcff6179c16b9ace12d
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
438KB
MD53110953349eb29dc8e9d2b40140e984a
SHA1336cb6587275b0bc2e4080f2f1ac07228938e011
SHA256b6615ec441da0395fa055436c3ad4bf300b4a6838c368036ba4e2eec29ccb9df
SHA512bda921c7a73b789e4521aa8b57da4a98d90c3162d3d27e2b12aca1dd37918a743fa1f3c540d111285fc2e71cf2a4be233ad20bc99bb98456082951fd39149412
-
Filesize
2.4MB
MD5380283c71f4facf94116f8ae139d7e17
SHA1280ea11bb3df92795df28bf5dad4a9142ae656a8
SHA256db367f44a77eb1a40bdbf7e0b5211bbfac82c75f1ba128bc833c276529631af1
SHA512db5c1aa6164a96a950bd493e50b601fb100f1e8720abc014eb05e8e687d6b1de0100dbce3f6fb2bef86b8473eb4f4aa520f0f642f93efe8bc5f6dc1f80a67a64
-
Filesize
2.4MB
MD5380283c71f4facf94116f8ae139d7e17
SHA1280ea11bb3df92795df28bf5dad4a9142ae656a8
SHA256db367f44a77eb1a40bdbf7e0b5211bbfac82c75f1ba128bc833c276529631af1
SHA512db5c1aa6164a96a950bd493e50b601fb100f1e8720abc014eb05e8e687d6b1de0100dbce3f6fb2bef86b8473eb4f4aa520f0f642f93efe8bc5f6dc1f80a67a64
-
Filesize
2.4MB
MD5380283c71f4facf94116f8ae139d7e17
SHA1280ea11bb3df92795df28bf5dad4a9142ae656a8
SHA256db367f44a77eb1a40bdbf7e0b5211bbfac82c75f1ba128bc833c276529631af1
SHA512db5c1aa6164a96a950bd493e50b601fb100f1e8720abc014eb05e8e687d6b1de0100dbce3f6fb2bef86b8473eb4f4aa520f0f642f93efe8bc5f6dc1f80a67a64
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e