Analysis
-
max time kernel
632s -
max time network
538s -
platform
windows11-21h2_x64 -
resource
win11-20231222-en -
resource tags
arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system -
submitted
11/02/2024, 06:04
Static task
static1
Behavioral task
behavioral1
Sample
ssFlingTrs-259a3513.exe
Resource
win11-20231222-en
General
-
Target
ssFlingTrs-259a3513.exe
-
Size
127.0MB
-
MD5
aee680c5216a4154656fc9cf8dd43519
-
SHA1
ee663d19a4bd5fd3b2c62a160940d1e9737d62a6
-
SHA256
02e9cce466341413dcef8b0413cb442bc4f26e9968a100bae8f1fd445109075f
-
SHA512
2fd1efd3c98be484e82b623d8665f49e2dc63be4f0941dd4ab2f5b0236494a203593f31b90b7012476d2de234af2b2427a12cede7ed2c70deee8789b309338f7
-
SSDEEP
196608:bSgJKyOcIUx9G9OJxA68F3SgJKyOcIUx9G9OJxA68F:bSeKyPIUxM90xq9SeKyPIUxM90xq
Malware Config
Signatures
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
description pid Process procid_target PID 4588 created 2964 4588 explorer.exe 23 -
Executes dropped EXE 2 IoCs
pid Process 3424 UniversalInstaller.exe 3892 UniversalInstaller.exe -
Loads dropped DLL 4 IoCs
pid Process 3424 UniversalInstaller.exe 3424 UniversalInstaller.exe 3892 UniversalInstaller.exe 3892 UniversalInstaller.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 3892 set thread context of 3156 3892 UniversalInstaller.exe 81 -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133521052149202144" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4286256601-2211319207-2237621277-1000\{CA531C89-8DBC-4BC3-8BF8-51242A7F90A6} chrome.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3400 vlc.exe -
Suspicious behavior: EnumeratesProcesses 17 IoCs
pid Process 4012 ssFlingTrs-259a3513.exe 4012 ssFlingTrs-259a3513.exe 3424 UniversalInstaller.exe 3892 UniversalInstaller.exe 3892 UniversalInstaller.exe 3156 cmd.exe 3156 cmd.exe 4588 explorer.exe 4588 explorer.exe 3360 dialer.exe 3360 dialer.exe 3360 dialer.exe 3360 dialer.exe 4708 chrome.exe 4708 chrome.exe 3212 chrome.exe 3212 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3400 vlc.exe -
Suspicious behavior: MapViewOfSection 2 IoCs
pid Process 3892 UniversalInstaller.exe 3156 cmd.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe -
Suspicious use of FindShellTrayWindow 36 IoCs
pid Process 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 3400 vlc.exe 3400 vlc.exe 3400 vlc.exe 3400 vlc.exe 3400 vlc.exe 3400 vlc.exe 3400 vlc.exe 3400 vlc.exe 3400 vlc.exe -
Suspicious use of SendNotifyMessage 20 IoCs
pid Process 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 3400 vlc.exe 3400 vlc.exe 3400 vlc.exe 3400 vlc.exe 3400 vlc.exe 3400 vlc.exe 3400 vlc.exe 3400 vlc.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 3424 UniversalInstaller.exe 3424 UniversalInstaller.exe 3892 UniversalInstaller.exe 3892 UniversalInstaller.exe 3400 vlc.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4012 wrote to memory of 3424 4012 ssFlingTrs-259a3513.exe 79 PID 4012 wrote to memory of 3424 4012 ssFlingTrs-259a3513.exe 79 PID 4012 wrote to memory of 3424 4012 ssFlingTrs-259a3513.exe 79 PID 3424 wrote to memory of 3892 3424 UniversalInstaller.exe 80 PID 3424 wrote to memory of 3892 3424 UniversalInstaller.exe 80 PID 3424 wrote to memory of 3892 3424 UniversalInstaller.exe 80 PID 3892 wrote to memory of 3156 3892 UniversalInstaller.exe 81 PID 3892 wrote to memory of 3156 3892 UniversalInstaller.exe 81 PID 3892 wrote to memory of 3156 3892 UniversalInstaller.exe 81 PID 3892 wrote to memory of 3156 3892 UniversalInstaller.exe 81 PID 3156 wrote to memory of 4588 3156 cmd.exe 83 PID 3156 wrote to memory of 4588 3156 cmd.exe 83 PID 3156 wrote to memory of 4588 3156 cmd.exe 83 PID 3156 wrote to memory of 4588 3156 cmd.exe 83 PID 4588 wrote to memory of 3360 4588 explorer.exe 87 PID 4588 wrote to memory of 3360 4588 explorer.exe 87 PID 4588 wrote to memory of 3360 4588 explorer.exe 87 PID 4588 wrote to memory of 3360 4588 explorer.exe 87 PID 4588 wrote to memory of 3360 4588 explorer.exe 87 PID 4708 wrote to memory of 2188 4708 chrome.exe 91 PID 4708 wrote to memory of 2188 4708 chrome.exe 91 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 656 4708 chrome.exe 93 PID 4708 wrote to memory of 2220 4708 chrome.exe 97 PID 4708 wrote to memory of 2220 4708 chrome.exe 97 PID 4708 wrote to memory of 4876 4708 chrome.exe 96 PID 4708 wrote to memory of 4876 4708 chrome.exe 96 PID 4708 wrote to memory of 4876 4708 chrome.exe 96
Processes
-
C:\Windows\system32\sihost.exesihost.exe1⤵PID:2964
-
C:\Windows\SysWOW64\dialer.exe"C:\Windows\system32\dialer.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3360
-
-
C:\Users\Admin\AppData\Local\Temp\ssFlingTrs-259a3513.exe"C:\Users\Admin\AppData\Local\Temp\ssFlingTrs-259a3513.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4012 -
C:\Users\Admin\AppData\Local\Temp\httpService_v3_x64\UniversalInstaller.exeC:\Users\Admin\AppData\Local\Temp\httpService_v3_x64\UniversalInstaller.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3424 -
C:\Users\Admin\AppData\Roaming\httpService_v3_x64\UniversalInstaller.exe"C:\Users\Admin\AppData\Roaming\httpService_v3_x64\UniversalInstaller.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3892 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:3156 -
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe5⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4588
-
-
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3740
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4708 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffc29c9758,0x7fffc29c9768,0x7fffc29c97782⤵PID:2188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:22⤵PID:656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:12⤵PID:2500
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:12⤵PID:2236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:82⤵PID:4876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:82⤵PID:2220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4552 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:12⤵PID:428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:82⤵PID:1856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:82⤵PID:1160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4972 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:82⤵PID:1096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2676 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4724 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:12⤵PID:2960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3320 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:12⤵PID:1700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5712 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:82⤵PID:576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:82⤵
- Modifies registry class
PID:3724
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6088 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:12⤵PID:4964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:82⤵PID:3232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5496 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:12⤵PID:3868
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5196 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:12⤵PID:3620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5356 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:12⤵PID:1524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5380 --field-trial-handle=1844,i,3183165804378228816,2863013478254646809,131072 /prefetch:12⤵PID:2212
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4064
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004C41⤵PID:5108
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SubmitUpdate.m4a"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3400
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
176B
MD5793e03affcc93ff81e1f2fe95f6940a6
SHA17c1caff97ce100dc4c9ee273b84de8849f45f763
SHA25621ac5899180d43efb12e4d4da4b42cd6ea4e6f864a228dcc019a72e4c049b176
SHA512aaace08877da1ee11506263e0d574671712090b9b5102cfc4d2c74580dc0ac31a6e625ec55bfdb8000df45792b8aeab84a01c5cbe7de19d6e71cd9df8e648769
-
Filesize
1024KB
MD5b2bcb93f2e3b1d9da241623286519694
SHA1d4b79109d0625e1fa08f382dfc853168f680d262
SHA2567d6fb9792be792ba96e51063264220e5fbbbf42374b0600f217a5807d2e53324
SHA512b991e5a995d47d191a303b3e3e2c0dc6f9c13326e86634c53890d8561f253f73ea08b6a5390c84f68651ad2414994c72080655361acc796862f52b85fbb6ade3
-
Filesize
149KB
MD5d22908892e63cea6f06318934796a795
SHA1b6751b8126140e6214898c14b18c784be2441d0b
SHA2569b20ff8068970aeb31f5b3a255a3f74c271c8c1542afc2d5edfa2ff523354f26
SHA512d1dad74b24269e8a4bda9d2dc764cdc55a460498537cd0ae68480ed21326537795cc34453e39b0864332cd7265a3571bcba67159e4830dcfdd5f133051751213
-
Filesize
255KB
MD52fd7cd780e3f0efe3a88207eeb266663
SHA1a72c61f63c1bc8ccd2850884e0bf1e21845ceae8
SHA256b37ad9c2cf69227b48d7d83a0ca043f9417b278e171943ed1159bbf4a28c0582
SHA512beb2a5cc579d0719b377e5ea8107985a41efa2b16412584e9d9b6620d3d91bbbd13e2d7f2b9a6a9b173e51082f60b7521e9ab5a5d73eb1549cf32fc600ac4528
-
Filesize
422KB
MD541dbd79dbad0a05ed4ba13fe3f405dc4
SHA1b6fe6125a56ad24cbaf413e03bac244cdef94676
SHA256fa64e7e2f5c0b8543f5baab82a9608776fb9b459df53fd8f4c7fa0ee7760b2cf
SHA5123b1428fa7a5478c1750af3517a23c188f90b9471af9f2c92175a2e6c8f56fcb4988f6c4baab4245824932f0828b9a36f2661c8062013b5e02122b8f0248efcc9
-
Filesize
684KB
MD53f9ac4ebc2ea885bd22f0a0996cb3f8d
SHA1bb825861820b52660acb93e7ef731fb382d6bf08
SHA25623ab3a1a00ee43b48ea4bcb1ea61ab54da41f61139a0f899ca87c88929136972
SHA5125631c3b39b4fca771a950baf9c2bfd35c9dd39fb429b10fd12e29cff3dcddd06a5ee69796668a878920167920ec9cced2aa99260444b422c85770f29b7a664c2
-
Filesize
289KB
MD584c974586dc6a361e61175676b50d8e6
SHA1f718baec2d077833d6ef0f5f6ce9a7ecc8015b45
SHA256c52593e6d0b848ebbc4298ed116687345c3dab9f3e82b45287f6d56fe6e18671
SHA512cc1895b6e5380e7c8e70012e5b482a38b095df34978e6036eae919a3343657f7fb250215746dd99d7a9a3ff0e5ab0cf5b86ef2740e39620952d0d4eac651c014
-
Filesize
231KB
MD52f5cff3759c26c69ba77d2053ec7564b
SHA1bef0c8a73a2b989d701671ad0ebd0feceaebdcec
SHA256f604f921b911355b62ec049ee1de4c7a1ad58ebb1e330501ada6e9a5dd1a4646
SHA512191543eda20f9abfaebf36fb83973483b13206a8dd5e55cdb9b7905738501f67c5ee98ff3201fd76a4a92e2b7cbb4aa639a777fd0f4742be49d596719693e599
-
Filesize
1KB
MD528cbf8a0ae8524f0d49da415c945075d
SHA1acd57c7c2a3849d919f29154740883414e77fe84
SHA256d7e69fbec5d698661b4a8d19f1458a5fc551931dbaff5ad2cc7c5ba84d56d8b4
SHA5120ec67c8b37c420f0b1acd1332a3d9d4b47c514e9261a9fe3f0c829333e068fcd94f9cb03884f15d445207b7485faae7c470720b7543616cbf487739b1bef14fc
-
Filesize
1008B
MD51d75750943721749f170213320d1582c
SHA12ba27f208f3630bcac00a3a914a82365499fe62e
SHA2564a7e9e48c994661bf2e2ef2d8f5bfa5f25a098d70d12e0deaa9f3b28afe25f40
SHA512b7663f0f224db00005098fbbfac7fced4b53eee0d36cea8f0f8d06969634332049337169438ba370791bf59d0b90193e17657875734d25920f79e01cbae90a16
-
Filesize
1KB
MD58d2222b6c17af4aee5282d86e654e98c
SHA19d3fbd17a46cb98fcd08d858f602c10746328c02
SHA25654823f1509eb3c94ddd9f7ef6fbc1723be31078aaaae786ef5d7d3dbff4628ef
SHA512c2b299cf2ea0d36a5246f111c617bf4f297d91423b6d245b9af06cd8c84fb5dcc4613f5a8eba6a5a70ca32e01c23f87d7e1608d90c180cddc88478d907145297
-
Filesize
264KB
MD5294c28415d0c37ccdca0005f74634b6e
SHA15a0381da20621be3ffb74917f8c30ae867e13967
SHA2566f01b64aaf2b84ad12f04d675f23ccbf8d2cde51bd014b73210256aad1e26a53
SHA512268bb1e66acc8c9759bf5939328f1f53ddc0d1e24b8261f72fcf994926f849f69f9236937a89c4a3520588e2fb3c54009c7af1cfcebcbcdd28188c9b98f25947
-
Filesize
5KB
MD5c52e9cb124b015b08eb16aeeaab1550c
SHA1d519719bfd9006ed58661ff18545f3275e8a4c58
SHA25694603665d7b8ce409e5248a185f6346bdcfb0288f57dfb160977140b39ffca62
SHA512970e9a626ea9fc0050a17bf0d076a310d806d383231d02b43ee5fb925417e50367c82f082ea4b89813e93d94a789894fc73b5be1f7f148586e207c58477d0798
-
Filesize
5KB
MD52b60f3cff3b1f616561c6af4bd1b5e6b
SHA1cf7f84382260ca0f005df72a62bd97f0fe3663cb
SHA256d27d3ffdcc0e2aba99861029550cd92ea1ec5cf7bc5057fe0cabdd9d0a7509ef
SHA512087f01a7245aee99c61a13a55edf6542258bac38cf2a359c9728d65dde46430d65f27408e506568ced43606897d01df6b80d1470baf8c7cc8408b3e829812a60
-
Filesize
1KB
MD56760d997e40e12bf33bb3103e3a90a4c
SHA1efd99e5cb117fe6d1b005e06223dd759a7f54015
SHA2566973107629961c43e14f8d4b701249c502d4bfe7aaf7b281fc8c6cfaeeaf3674
SHA512b9704fbe98009bba33c5a2a609a4e30e0c8e732afdddaa2cfbdfbaea12664c7b9e8dd6b9c1b10f1d3e379a5253a1fe9e3f3bf7573038f77b7fe23d4bf106cfb4
-
Filesize
1KB
MD51585292bae402e754b4c6327df0991e2
SHA161df08b8d376eb5836659ae6a7b05e42ca2f20ee
SHA2569cd60ab5a88bd00cc9560fca72f4bb234513efe49cae69035901adecff00335b
SHA5129c508dc1ed12cd456ae2232b4cab052cb8f9ba07b3c8e862d42f08a9eb468bdef2c2006227bec736b2198678a6dc4e4b3d5ba874fcacac7e0128841933b9cb9d
-
Filesize
371B
MD54d9f98fcb7752e3d4c7da1428561029c
SHA126cd5a5d53e7346b294f30d55cdb9618b72f88b6
SHA2562127024623badff937e68b3110dc04a99557978c1096c0bf74edd61e6d404dae
SHA5129d62b3600223cd844709def3ddfdb9cc51a1de2c2df5a1f68813d28f22bbe1ae400f0ec2169661704ba98412c50e96138ec6e601c10d292407093bef13642a2e
-
Filesize
1KB
MD5fae6d80f44184f42a7d633d40f4d8289
SHA1e10219d1ffee8eeab7daae1569df92db70e76b9b
SHA2566a33dcdec4375793a43117b2ad1c7bd9aae4e0fa2a35bc9c5e84241897700c37
SHA5120c1b4b544b102f68dd0b01e63b72d9bae2a7fe142185dde29f4baafeaadbd3361d43e884e406fd63ada03979eebcff9e82a3c18bf27c0edac982028a130e1d2c
-
Filesize
6KB
MD5cb264731ff71c2c41787079c8505b6d0
SHA1d7cb08802476b2f29fb94d0526da1a5398528362
SHA256404f550e809a2d8c3730808ffe4fdef35432af1e396e659ee1bf1e25fa8fdcbf
SHA512a7e720707b046054eddc1cd9e91b71816bc72283877ff5783203d640620e6bc5a9150c4b0b11042261aceda88b6ebace87d0790ef8b231a0e1ac9e0c22c3635e
-
Filesize
7KB
MD58b195e72bf435acca8ba575c1c18b7ea
SHA1d2962cdaefd68ae876a54295288878ec151f68db
SHA256eb3d0fb9937bb3b6b651379b21cfc2fffcbb353b3dbb5016965534c185476ce8
SHA5126d4f7bc163e65bccc5fc4ea3d63a0fb478b84c0ba6a59000434a956058ff6c1ca6c6e6fec0f5fded1e73ea754442bb15ee81f040d41c578adc9cbae82c4ec4cf
-
Filesize
6KB
MD554245d0766f1c2ccff0500321038155b
SHA155e4a5ee79355ac88f2e2aa2211c61cc84133988
SHA2569a5a1ce83a11f2f09e51d703f22ff62f3f399fcb524ac899c5db48bd805a9bb5
SHA512d5826f1dc2ba78b1f7ed66935c71f477d8cdf95b82eb8fa684c6c17cbd05754029fa2b320358d993648674800cc94c6456d8f18dc87de64f254f2e68024e4c8f
-
Filesize
7KB
MD531209ab26e38e4c32dd65fa41464036a
SHA1f7a256ef0af5d66424d533d1d2b7755f2af4d2d3
SHA2567d8813c9b1adae5f72293ac154829d44a09ed5d527df85d85cfeb52c072a0eaa
SHA512969742289911cabf7c68214afd8a72fe86b9d78bbd430e1b7c305596cf487ab72797287d3b8723d9498bed4a45ed9514b2786829b583d2ac6fda9ab9773ccb12
-
Filesize
6KB
MD5a969809b49d854e4810073581cc36bc3
SHA1b9855c2944249ec67fc9ebf48b4be001cefe48eb
SHA25689382e170f6b659cab693f53a94706242e3afd3ca647b3b0b31e507dfc731121
SHA51221d5e35fe58815d1504f8ea7a3327d6ae960ffd270af34474099eb51daa0f6df954d1f47bb69d16b21b3f37bf5f4970ecd45c4c14236caa84e3014be5a7a8e0f
-
Filesize
7KB
MD5f509668fea0cbb92f4c280b6510c6396
SHA11c4495c75788d5db2ce8c97c35088ae8b02b8407
SHA2569e8ed239e4875bbeba6d55ef11e8e4bddc710ad2c8933ab5980d81679dc7a5a4
SHA512db2b2d20b6bb040c8da88e26baa4f5230e9cd4e3b5e1518d25e7f5e08901978a4fabbc8ac98f4a104f84262c517dedfa2d3290796086aaa71ad50512a9101340
-
Filesize
15KB
MD51a11d2e679398a46130a8e69938589c1
SHA180f74a4b94301a301e3d94a491e306c4b5799aa6
SHA256ed9e88f3eb0ed15af38a286cbd3243fff2a009c41af5909e6ba05f4e6ac7f154
SHA512e418424ee9a1753d90c89bfbbd91577de6ebc0ecf838a76d07452f26874e53804abed9d2ded6ee520379d7dcb8e997b616353b821478447af074a36bc98548c9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize56B
MD5ae1bccd6831ebfe5ad03b482ee266e4f
SHA101f4179f48f1af383b275d7ee338dd160b6f558a
SHA2561b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5c1dff.TMP
Filesize120B
MD5346bb56d30bc0868db96a27e9ec2d935
SHA171a56985cff5bafd96e416dd000edc72e7cbc614
SHA25658788d628866c95e6f121cfdba45cf7f5a1dce5d7020b2d4c30f027a72971fdf
SHA512c638f5f9d305dae6cdf3728f5d800784b7469b6bf93d2abb878392cd56d1e647617b086b32c0cb16831e5a88255c5f077e4fdcc0de90e8a6e88feffc2f4ed070
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cf9bb2e0-8191-422a-9612-7b6e76900367.tmp
Filesize6KB
MD57d71e0830b9b4db21de9696955b9d9f5
SHA18d64f61b3d5f476182e87b54c676d5da2bdd3cf1
SHA25618b10712a42512579e505f6d22f774a7754663be37a2856ea65b11d2d94a0602
SHA5124cd4059ba051a071a7ffcb82d367e6e33498e3f242469cd4deaaee836fbf72856c89005a133ed3414f29fba1d2247ae4414bbccbe320ec3b62b699a66e570155
-
Filesize
239KB
MD549fd013ea60cb8e76a4236850b10aeb0
SHA1d42927dff7e875270b970d39e74f7c6bb1751c26
SHA25649d08f9e24575d1fbdec9f1e7c0b5691402a34c967295b77bd85bd9a55bd8eb2
SHA5125ec7473b8748dada89c3877c8fd526176f6ce1cf03c7d0a80b38fb2d28a15478ed64f29abb7f05ef5693bd5ba46231ff0422a4f694de6d5c7e79ca606c255bec
-
Filesize
239KB
MD5df59829342c69dd79288fe5e2e1ba867
SHA1d96991d23ddc986fc672306258b1c5effc555260
SHA256d0dd6f31db9cde2898a5e864d1a531290fdb5d57232a605e16f2991c93bcf288
SHA5129bcc95242a9f5d8c4a4694f9579814f106e2cffb57ba5b1be23a5ab962a77f35cb740076f3e6571feb1d0dcf03e0bca05d1212a7d39936412e42b625072ed62e
-
Filesize
92KB
MD58ab88000edddf999fac4b5d3433f7b68
SHA1240db399ad5bb2776490e143dde2fcb4c9bae963
SHA25672c1bec78e11d983ae7003c8039ed4473d0b233c69e140b520a9aad55d0a6c8f
SHA512a6e3c85789d4b3c8eea0b2d0bc3d5cb18bd6cca7a57f26ec155b48da7e1633b13bb42bb2ff388665c87d1aca40153db2809d296012fef08eca6a2b0e24ee05de
-
Filesize
88KB
MD5a94e5956f897d5fd4c60c44ef9069e57
SHA155c22d5055cd39de828cc35e61d1d05690364b60
SHA2569ffc773f341c6192779ac7fce6e212d31f128693a00c813f95e9211b8af3defd
SHA512d138a11c9d1546f74484829add329d2d2668953bcbf8ad9ca4e0bc1bc6fa9e8d2060d35a750cc16620add7d24f0e30a4fde7edcfda0cea2b4b65aca62bd2a0fd
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
1.1MB
MD5db78fce00c8fe6dadcfafe86e8282f2f
SHA1342f5f988c0cf71af3397caadfd73fd44e08b344
SHA25677e471460d3ccf0ef2997af25db620e5a3c8c416b32b9005f78c4f316fa7c0ff
SHA512fa5a62e5d586a10c15cf7d9cffe5bb4341273e4ea00bd3ea7522143ab558d350b1fac8db4d3e701fa2244279db9b6fc37025ff6a863d9820a24a1c8882ce97f0
-
Filesize
1.6MB
MD55447785dd51a058ca7b1cc13f6b17f1c
SHA1f016d1d4ded05bd505eb323538935ddd90e4d262
SHA25616a243d1ea580dbdbafc8e586b6678ee0fa8166121ec6c554ce72ce6ba0affee
SHA51213d05742623dac38c022f0e72444bbd1055e8f0dfce40ce69957acdd5299b62b391d1216b6cef0eec0b8e9305639e84feecdd579f562879f8dd936b21c5a6723
-
Filesize
2.4MB
MD59fb4770ced09aae3b437c1c6eb6d7334
SHA1fe54b31b0db8665aa5b22bed147e8295afc88a03
SHA256a05b592a971fe5011554013bcfe9a4aaf9cfc633bdd1fe3a8197f213d557b8d3
SHA512140fee6daf23fe8b7e441b3b4de83554af804f00ecedc421907a385ac79a63164bd9f28b4be061c2ea2262755d85e14d3a8e7dc910547837b664d78d93667256
-
Filesize
1.5MB
MD57d2f87123e63950159fb2c724e55bdab
SHA1360f304a6311080e1fead8591cb4659a8d135f2d
SHA256b3483bb771948ed8d3f76faaa3606c8ef72e3d2d355eaa652877e21e0651aa9a
SHA5126cb8d27ebcfdf9e472c0a6fff86e6f4ec604b8f0f21c197ba6d5b76b703296c10c8d7c4fb6b082c7e77f5c35d364bcffd76ae54137e2c8944c1ea7bb9e2e5f08
-
Filesize
43KB
MD5dc072d759bdef5a39c9cd6dfe7a08788
SHA129d4d8a68dd9ecac44fd07fba65b81fa030850e5
SHA2560702a88636bca9a7a2968543d678cc895fa60ef588f8dea2e0f5709e26d1ee95
SHA512a45578027fec2ade849bda5b74447cf5d69ee37bcc245b7cfbb74043651e0ab0729bbb40469431b4d3d7f51017a2d248f4cc40ac5a62456fb9f70d8a3b8ca5c9
-
Filesize
906KB
MD5a7663aab7134c1d33bc44e13a7c89fce
SHA1998c81b1ff7ba0aa5d912616b15de73f13ddf590
SHA2564b53a6fa886aa340b54457a5d4e0349d5d5fe1ce796306031325ecf3427a7d00
SHA51277272a6d4a09b1699789e20064174825d987ea42c7492700a8affcc478ab1cdcf6ecc616ee2b221cdf90c3bf8cc697912b034e2ec9409823f6489cbb61194f9c